Senior Vulnerability Management Engineer (Remote)

At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most meaningful to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and smarter with technology that simply works!

As a member of the Security Operations team, you will have a significant impact on the security of millions of Cisco Meraki users all around the world. We are looking for people who are passionate about security and eager to learn the ropes of vulnerability management (reporting, triaging and mitigation).

Key responsibilities:

• Perform vulnerability management engineering tasks, including review of vulnerability scanning reports, assessment severity, triaging vulnerabilities and shepherding Jira tickets through to remediation/mitigation.
• Experience with Vulnerability Management, Information Security Domains and Vulnerability Detection/Response from process to tools (e.g. Qualys, JFrog Xray, Wiz | Secure Everything You Build and Run in the Cloud, JupiterOne)
• Identify gaps in the vulnerability management end-to-end workflow and lead process optimization efforts to improve the program.
• Work closely with and provide mentorship to cross-functional engineering teams in mitigating and remediating vulnerabilities.
• Quickly identify automation bugs and report them, prioritizing issues based on risk/vitality. Troubleshoot identified bugs to the best of your ability and partner with the development team to resolve.
• Investigate vulnerability and exploit alerts, understand how our environment may be impacted, and calculate severity scores using attack complexity.
• Help maintain scanning tools by performing regular inventory maintenance and hygiene tasks.
• Review CVEs identified as deviations and make risk exceptions when appropriate.
• Guide engineering teams on security best practices and patch management industry standards.

You are an ideal candidate if you:

• Have 5+ years of vulnerability management experience, triaging and remediating tickets from a variety of scanning tools
• Are familiar with common Security vulnerabilities (OWASP Top 10, CWE Top 25)
• Have experience building out and/or improving vulnerability management programs, growing the scope of programs, and contributing to automated solutions for those programs.
• Have experience with compliance programs (PCI-DSS, FedRAMP, SOC1/2, Etc.) and Security Framework/Standards (NIST SP800, CSF, etc.)
• Have experience with network security concepts
• Have experience working in a containerized environment
• Are a self-starter and have the ability to take initiative
• Have experience using Jira and other Atlassian software
• Can successfully drive the mitigation of security issues with other teams
• Have familiarity with software development languages (i.e. Python, Ruby, etc)
• Have strong project management and organizational skills with attention to detail
• Know and love learning about the latest security tools, infrastructure, and industry best practices
• Are familiar with risk management concepts and can confidently identify and accept risks within vulnerability management programs

Bonus points for:

• Experience writing automation scripts in Python
• Experience working in an agile environment
• Proven track record to ship in a dynamic environment
• Have experience developing in a hybrid environment utilizing AWS or other cloud providers

Life at Cisco Meraki

We are passionate about building real products that our customers love. We are confident you will love it here.

As a Cisco Meraki Employee you can expect:

• An encouraging and lively environment and a team that values your contributions. The Backend Group is called the Exploding Whales. Interested to learn why? Just message us.
• A lot of opportunities for professional and personal growth via employee-led groups. Check out one of our groups — Women of Meraki on Twitter and Instagram.
• Actionable and candid feedback on a regular basis following Radical Candor.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone!

#LI-Remote