Senior Security Detection and Response Engineer
San Francisco, CA

Job Description

As a senior member of the Security Detection and Response team, you will have a substantial impact on the security of millions of Meraki users all around the world. We are looking for people who are passionate about detection infrastructure and incident response, with substantial experience in monitoring a highly distributed cloud environment and implementing flexible lightweight IR processes suitable for our rapidly growing organization.

At Meraki, you will have the opportunity to be a part of a tight-knit engineering organization working with smart, helpful engineers, particularly within our site reliability and security teams. You will have significant influence over the tools that we use to monitor and audit our system and where we choose to deploy them. You will be responsible for coordinating the response to security incidents. You will be able to drive change across the entire stack, from the UI and backend all the way through to the device firmware. You will support other security teams in driving business-friendly security and process improvements. Finally, by developing our capabilities to promptly detect and respond to threats, you will have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every single day.

We are passionate about building real products that our customers love. We believe in fostering a positive culture by hiring, coaching, and empowering smart, helpful, humble people. With the support of management, we constantly look within for ways to improve organizationally. Finally, we maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe-including an awesome office overlooking the Bay Bridge, stocked full of food and drinks.

Key responsibilities:

* Serve on a rotation of security incident commanders, interface with heads of every major product team to ensure a quick mobilization for high-severity incidents
* Build our detection stack, including: Security Incident and Event Monitoring (SIEM), File Integrity Monitoring (FIM), Vulnerability Scanners, Network and Host Intrusion Detection (IDS)
* Leverage and extend existing monitoring and tooling to ensure we quickly detect anomalous behavior in our infrastructure
* Vulnerability management and threat intelligence
* Augment our infrastructure with audit trails to ensure that we can understand the impact of security incidents
* Perform forensics when security incidents occur
* Work with other engineers to proactively add monitoring to new features and services

You are an ideal candidate if you:

* Have experience working on incident response teams
* Have a calm methodical approach to investigating potential threats under pressure
* Have 5+ years of experience in web, database, information and/or infrastructure security
* Have some scripting or security tools development knowledge
* Know and love learning about the latest security tools, infrastructure, and industry best practices
* Familiarity with search/analytics platforms such as ELK, SQL, Splunk
* Enjoy working across and being a resource for other engineers
* Are excited to champion security as a first-class concern

Bonus points for:

* Encyclopedic knowledge of detection tools, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty
* Know and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
* Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures
* Proven ability to ship in a dynamic environment

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.