Cloud Security Engineer
San Francisco, CA

Job Description

As a senior engineer on the Dashboard Security team, you will have a substantial impact on the security of Cisco Meraki's Dashboard-our web application and cloud infrastructure-and the millions of Dashboard-powered Meraki products that our customers entrust their most sensitive infrastructure to. We are looking for people from all across the security spectrum to bolster our security posture.

At Cisco Meraki, you can play a key role in securely designing key services running on Dashboard. You can deploy and implement new security tools, libraries, and frameworks as well as find, triage, and fix vulnerabilities. You can improve our monitoring and auditing and assist in responding to security incidents. You can be a strong advocate for security and push for process improvements, while balancing these changes with business needs.

As a part of a tight-knit engineering organization that prioritizes security, you have the ability to consult with other teams and affect change across the entire stack, from the UI and backend continuing to the device firmware. Finally, by acting as a guardian to our customers' networks and deployments, you can have a direct, immediate, and significant impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every single day.

At Meraki, we are passionate about building real products that our customers love. We believe in fostering a positive culture by hiring, coaching, and empowering smart, helpful, humble people. With the support of management, we constantly look within for ways to improve organizationally. Finally, we maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe-including an awesome office overlooking the Bay Bridge, stocked full of free food and drinks.

Example projects for a Senior Security Engineer:

* Discover and triage vulnerabilities via code audits, fuzzing, and static analysis
* Work with and support other engineering teams to fix vulnerabilities found internally and by researchers through our bug bounty program
* Design and deploy secure systems to handle application secrets such as encryption keys
* Research and deploy intrusion-detection systems
* Identify critical services that require audit trails and logging and deploy systems that use logging data to detect anomalous behavior
* Help architect our services to reduce the impact of a security incident
* Perform auditing and forensics in response to security incidents

You are an ideal candidate if you:

* Have 3+ years of experience in web, database, information and/or infrastructure security
* Know and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
* Have a passion for one or more of the following: architecting systems for security; deploying security-focused libraries and tools; finding and triaging security exploits in our code; monitoring and forensics; and participating in security incident response
* Enjoy working across and being a resource for other teams
* Are excited to champion security as a first-class concern

Bonus points for:

* A BS/MS/Ph.D in Computer Science, Computer Engineering, Information Security, Security Engineering, or a STEM field
* Fluency in Linux and at least one of the following programming languages: Ruby, Scala, C/C++, Java, Python
* Deep knowledge in key security concepts such as authentication, authorization, public/private key encryption, role-based access control, and security by design
* Demonstrated ability to ship production-quality software in a dynamic environment
* Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.