Security Consulting Engineer

  • Location:
    Herndon, Virginia, US
  • Additional Location(s)
    Chicago, IL
  • Area of Interest
    Professional Services
  • Job Type
  • Technology Interest
    Internet of Everything, Networking, Security, Service Provider
  • Job Id

What You’ll Do

Cisco is at the forefront of securing today's emerging technologies. You’ll be part of a highly skilled team hunting for critical security vulnerabilities in third party connected devices that will shape our future. Your primary objective will be identifying, exploiting and documenting vulnerabilities in embedded systems and their associated remote services. Targets will include components from connected vehicles, medical devices, and industrial control systems.

You’ll also:

  • Develop threat models
  • Review design / architecture documents
  •  Identify and interface with hardware attack vectors. (UART, JTAG, SWD, NVRAM, Flash, USB Peripherals, SD Cards, etc.)
  • Configure cross-compiler toolchains for obscure targets
  • Reverse engineer communications protocols
  • Develop process-specific fuzz testing environments
  • Reverse engineer firmware targeting ARM & PPC processors
  • Bus message analysis, instrumentation, and fault injection (e.g. SPI, I2C, USB, CAN, LIN)
  • Instrument and test communications channels (e.g. Wi-Fi, Bluetooth, 3G, 4G)
  • Jailbreak devices (get root)
  • Write reports which clearly document vulnerabilities and provide context at various levels of detail

Who You’ll Work With

You’ll be working with a seasoned group of security consultants each with an average of more than 10 years of experience in offensive security roles. Our team represents a broad skill set including expertise in hardware & software reverse engineering, electrical engineering, cryptography, fault injection, side-channel analysis, hardware glitching and RF communications.

Who You Are

You’re naturally curious about how devices work and how they can be compromised or subverted. You’re a professional who collaborates with colleagues to deliver excellent results. You can communicate and present complex topics to customers clearly. You have a working knowledge of fundamental electronics concepts including passive components and transistors.  

Minimum qualifications:

  • Bachelor’s degree in Computer Science, Computer Engineering, or Electrical Engineering
  • Fluency in C, C++, ARM assembly, x86 assembly and Python
  • 5 years of professional experience penetration testing
  • 3 years experience reverse engineering software with IDA Pro
  • 3 years experience working with embedded systems
  • Extensive knowledge of common threats and vulnerabilities affecting devices
  • Experience identifying and exploiting security bugs
  • Exceptional English communication skills, both oral and written

Desired skills (any of the following are a plus but not required):

  • CEH, OSCP or OSCE certifications
  • Experience working with ARM TrustZone
  • Technical experience with any of the following connectivity technologies
    • Bluetooth
    • Bluetooth Low Energy
    • 3G or 4G Cellular

We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren’t afraid to change the way the world works, lives, plays and learns.

We are thought leaders, tech geeks, pop culture aficionados, and we even have a few purple haired rock stars. We celebrate the creativity and diversity that fuels our innovation. We are dreamers and we are doers.

We Are Cisco.