Senior Application Security Engineer

Cisco Systems, Inc. San Francisco , CA 94118

Posted 2 months ago

(Please apply directly at: https://grnh.se/a3edc42d1)

Senior Application Security Engineer

San Francisco or Remote

At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most meaningful to them: their students, patients, customers, and businesses. We're making networking easier, faster, and smarter with technology that simply works.

As a senior member of the Application Security team, you will have a substantial impact on the security of millions of Cisco Meraki users all around the world. We are looking for people who are as passionate about finding and helping teams identify fixes for vulnerabilities as they are about building full stack security tools to help prevent such issues.

Key responsibilities:

  • Partner with the greater security team as well as our product and infrastructure teams to build scalable and user-friendly security tooling, such as:

  • CI/CD integrated static analysis

  • Fuzzing frameworks

  • Offensive security testing infrastructure in AWS

  • Build seamless integrations between our tools, Meraki's development stack, and the broader Cisco security infrastructure

  • Discover and triage vulnerabilities via code audits, fuzzing, and static analysis

  • Work with and support other engineering teams to fix vulnerabilities found internally and by researchers through our bug bounty program

You are an ideal candidate if you:

  • Have 5+ years of full stack development experience in Ruby or Python

  • Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF

  • Have experience in web, database, information and/or infrastructure security

  • Know and love learning about the latest security tools, infrastructure, and industry best practices

  • Have experience developing in a hybrid environment utilizing AWS or other cloud providers

  • Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices

  • Are excited to champion security as a first-class concern

Bonus points for:

  • Penetration testing or security architecture experience

  • Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures

  • Proven ability to ship in a dynamic environment

About Meraki

At Meraki we are driven by the desire to make managing sophisticated networks simple. Our firmware combined with a web-based dashboard allows customers to manage enterprise scale networks using a simple point and click interface. We are passionate about building real products that our customers love. We believe in fostering a positive culture by hiring, coaching, and empowering smart, helpful, humble people. With the support of management, we constantly look within for ways to improve organizationally. Finally, we maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe-including an awesome office overlooking the Bay Bridge, stocked full of food and drinks.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

At Cisco Meraki, we don't just accept difference - it's one of our key values. Everybody In means we listen to each other's opinions. Everybody is accepted and valued here, and we are a team that works as one towards our goals. We recognize that diverse teams make the strongest teams, and we encourage people from all backgrounds to apply.

(Please apply directly at: https://grnh.se/a3edc42d1)


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Application Security Engineer

Reddit

Posted 2 months ago

VIEW JOBS 2/13/2020 12:00:00 AM 2020-05-13T00:00 "The front page of the internet," Reddit brings over 430 million people together each month through their common interests, inviting them to share, vote, comment, and create across thousands of communities. Come for the cats, stay for the empathy. The Reddit Security team is rapidly developing, and this is an opportunity to get in and have an outsized impact on a highly skilled and motivated team. We look for humble experts with a relentlessly resourceful and entrepreneurial, "can do" view of security. We want to deliver facts and not FUD to the business to enable Reddit to manage risk more effectively. Culture is important to us and a learning and developing mentality is vital regardless of the work assigned. If you like breaking software, finding root cause and connecting with teams so it can be fixed at scale, we need you. The ideal candidate will work tirelessly to uncover security issues before the bad guys do and will work with developers to shift security to the left in the SDLC. This role is responsible for assessing and assuring the integrity of Reddit's applications for millions of users. We partner with product and engineering throughout the software development life-cycle to ensure applications are designed and built securely. If you evangelize security and love to train developers to build better, more secure software, this position is for you. Primary Job Responsibilities: * Develop application security and product best practices to standardize security practices * Provide security guidelines for the organization to protect critical assets and data * Drive the software security certification process * Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements * Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines * Serve as subject matter expert for static and dynamic analysis security tools * Interpret security tools and penetration testing results and describe issues and fixes to developers * Provide vulnerability remediation guidance and mentoring to product development software engineers * Develop a product fuzzing system to find security defects and where they reside in source code * Develop company wide security projects to discover security defects in source code, dependencies, and/or other artifacts * Build metrics to track security defects and automate collection of security information to derive metrics * Enable automation of product security testing and find innovative ways to scale the security team * Evaluation of new technologies, tools, and/or development techniques that impact security Qualifications: * Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms * Experience with Cloud and virtualized technology in environments such as AWS or GCP * Candidates must be able to explain vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques * Deep understanding of HTTP and SSL/TLS protocols, and Web applications * Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM * Familiarity with dynamic and static analysis tools * Deep understanding of continuous integration / continuous deployment processes and tools * Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts * Ability to automate tasks using a scripting language (Python, Ruby, etc) * Ability to program in Python, experience with Go, Scala, Lua, C, and/or C++ a plus * Familiarity with common reconnaissance, exploitation, and post exploitation frameworks Qualities: * Humble expert with a sense of urgency * Skilled at taking complex topics and making them simple * 5+ years of experience in application security or related fields * Transparent judgment and stands behind their decisions, right or wrong * Team focus with an ability to work in a matrixed organization Reddit San Francisco CA

Senior Application Security Engineer

Cisco Systems, Inc.