Meraki Engineers breathe life into our cloud-managed networking devices, which range from enterprise-grade switches and routers to wireless access points and security cameras. We are driven by the desire to make managing sophisticated networks simple. Our firmware combined with a web-based dashboard allows customers to manage enterprise-scale networks using a simple point and click interface. With this one of a kind solution, customers can monitor, reconfigure, and update any Meraki node, or thousands of nodes, anywhere on their network from anywhere in the world. It also allows Meraki to rapidly detect, diagnose, and correct problems in the customer’s network, sometimes even before they know there is a problem.
We are passionate about building real products that our customers love. As a member of our firmware security team, you will have a substantial impact on the security of millions of Meraki users all around the world. Our device firmware is built on Linux and open-source software. We work individually and in small teams to release several new products each year.
We believe in encouraging a positive culture by hiring, coaching, and empowering smart, helpful, humble people. We maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe—including an awesome office overlooking the Bay Bridge and stocked full of food and drinks.
As a Senior Product Security Engineer you will:
- Perform hardware and firmware security assessments of our flagship product offerings
- Assess our cryptographic and protocol solutions
- Evaluate product security tools for internal consumption and prototype new automation tooling to improve our detection capabilities
- Collaborate with hardware engineers on security features such as secure boot, cryptographic accelerators, and tamper protection features
- Collaborate with engineers to design, review, and develop solutions that give our customers optimal and secure solutions
- Contribute to technical guidelines and IoT security best practices
- Collaborate with Software Engineers across product teams to continually add security refinements to our firmware design, development, and deployment practices
- Monitor and triage incoming firmware issues from our public bug bounty program
- Perform firmware reverse engineering and binary analysis
You are an ideal fit for this role if you have:
- 5+ Years of professional experience in Software Engineering, Computer Science, Information Security or related field
- 2+ years of penetration testing or offensive security experience
- Meaningful professional experience in penetration testing targeting hardware, firmware, and connected devices
- Attacker mindset and a real passion for breaking all the things
- Solid knowledge of Linux and embedded systems security
- Experience with attack techniques such as fuzzing, Metasploit, etc.
- Deep understanding of a broad spectrum of security vulnerabilities and attack vectors, including exploitation and mitigation
- Ability to explain sophisticated security problems and expert advice on secure design
- Strong communication skills, particularly written communication
- Strong quantitative and analytical skills, proven ability to supervise and successfully complete complex security projects
- Are comfortable using source-level debuggers, hardware/JTAG debuggers, network protocol analyzers, or logic analyzers to diagnose problems at all layers of the system
Bonus points for:
- Networking knowledge, especially TLS security architecture details
- Experience with cryptography fundamentals, Secure Boot, or Trusted Platform Modules (TPM)
- Experience with reverse engineering/decompilation tools such as radare2 and IDA Pro
- Know common bus protocols like PCI, I2C, SPI, and LPC
- Have experience reading schematics and data sheets
Meraki is headquartered in the Mission Bay area of San Francisco, with beautiful views of the Oracle Ballpark and the Bay beyond. There are also locations in San Jose, Chicago, and Austin. All location offer a generous benefits package.
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.
At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.