Location: San Jose, CA, United States

Junior Firmware Engineer – Network Security & Filtering

San Jose, California

Linksys (Fortinet)

About the Role

You will work on network security features within our OpenWrt-based firmware, including firewall rules, DNS-based content filtering, and IDS/IPS configuration.

This role is designed for junior engineers who want to learn embedded network security in a structured, mentored environment. Your initial focus will be on understanding existing security components, validating behavior through testing, and making incremental improvements—not designing security architecture independently.

Location Context

This role is based in San Jose, California, our primary firmware engineering hub, enabling close collaboration with platform and wireless teams.

Key Responsibilities

• Configure, test, and tune existing IDS/IPS systems under senior guidance
• Assist with DNS filtering and firewall rule improvements
• Write test cases to validate expected security behavior
• Analyze logs and network traffic to understand detections and outcomes
• Contribute to security specifications and documentation with mentorship
• Use AI tools for log analysis and research with careful validation

• Participate in code reviews and security discussions

Required Qualifications

• B.S. in Computer Science, Computer Engineering, Cybersecurity, or related field (0–2 years experience)
• Proficiency in C and basic scripting (Python or shell)
• Understanding of core networking concepts (TCP/IP, DNS, firewalls)
• Familiarity with Linux environments
• Analytical mindset and attention to detail

• Interest in learning secure development practices

Deep security expertise is not expected at entry. Curiosity, careful thinking, and a willingness to learn are more important than prior security depth.

Nice-to-Have Skills

• Exposure to IDS/IPS tools, firewalls, or content filtering
• Coursework or projects related to network security
• Experience analyzing network traffic

• Participation in open-source projects

Engineering Culture

Our team follows three core development practices that you'll learn during onboarding:

Spec-First Development: Write specifications before coding. For security features, this includes threat models and security assumptions. You'll learn to document your approach with senior engineer guidance.

Test-Driven Development: Write tests alongside code. For security work, this includes creating test cases that validate detection accuracy and simulate attack scenarios.

AI-Augmented Workflow: Use AI tools responsibly. You'll have access to AI coding assistants for log analysis, research, and development—with extra scrutiny for security-critical code.

AI Usage Expectations

We provide AI coding tools (GitHub Copilot, internal assistants) to boost productivity. For security work, extra caution is required:

• You're encouraged to use AI for analyzing logs, researching CVEs, and generating test scenarios
• You must validate thoroughly —if AI suggests a firewall rule, test it in isolation, understand exactly what it does, and verify it doesn't create new vulnerabilities
• Never rely solely on AI for security decisions—all security-critical changes require human review and testing
• Never include sensitive security data, threat intelligence, or proprietary information in external AI prompts

• Understand the implications —subtle bugs in security code can have severe consequences

We'll train you on secure AI usage practices (OWASP/NIST-aligned) during onboarding.