Offensve Security Engineer (Remote)

Application window is expected to close on 10/10/2024. 

At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most meaningful to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and intelligent with technology that simply works.

The modern world runs on the internet, and the internet cannot exist without its underlying infrastructure. Meraki makes setting up, running, and maintaining that infrastructure easier than it has ever been before. Meraki enables connectivity everywhere from neighborhood cafes to education institutions to global hospitality groups operating thousands of sites.

We are passionate about building real products that our customers love and trust. As a member of Offensive Security, you will be a key member of a team that identifies, and helps fix vulnerabilities in our products, services, and enterprise to improve software quality within the Trust Assurance group. Together, we make a significant impact in securing millions of Meraki users around the globe.

At Meraki, teams work on an exciting array of groundbreaking technologies from artificial intelligence & machine learning to desktop agents, to container orchestration in the cloud and within IoT device firmware. We believe in encouraging a positive culture by hiring, mentoring, and empowering smart, effective, low ego people and providing equal opportunities for all employees to thrive. With the support of management, we constantly look within for ways to improve organizationally. We are confident you will love it here!

As an Offensive Security Engineer, you will:

• Have dedicated time before each project to derive test cases from threat models, security testing guides, and vulnerability research
• Collaborate with project teams to capture key information such as feature capabilities and technology stacks that aid in tailoring threat scenarios contextually
• Be responsible for managing project operations ranging from presenting timely updates of achievements, identified risks, report writing of findings, and report readouts to project teams
• Expand on existing threat models and security testing methodologies to include emerging threat tactics and procedures
• Partner with Trust Assurance teams to improve lifecycle assurance patterns and practices as a key feedback loop function that reduces risk of incident events

You are an ideal candidate if you:

• Are self motivated with strong aim to innovate in penetration testing, red teaming, and vulnerability assessments
• Are excited to build automated testing proof of concepts, operations, and systems to streamline project phases
• Have a bachelor’s degree in Computer Science, Information Security, or 5+ years of related work experience
• Have 2+ yrs of proven experience in hardware security, embedded device penetration testing, or electrical engineering
• Demonstrated understanding of common standards and guides such as:
• OWASP Web Security Testing Guide (WSTG)
• OWASP Mobile Application Security Testing Guide (MASTG)
• OWASP IoT Security Testing Guide (ISTG)
• Penetration Testing Execution Standard (PTES)
• Strong communication skills, particularly written communication

Bonus points for:

• Have experience performing source code-enabled security assessments and adjacency analysis in C/C++, Golang, Rust, and Ruby.
• Have an understanding of hardware attacks such as electromagnetic fault injection (EMFI)
• Certifications such as OSCP, OSWE, GPEN, CEH
• Confident with secure development lifecycle practices such as security requirements, architecture review, threat modeling, code review, SAST, DAST etc.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone. 

#LI-Remote