Product Security Engineer
Meraki Engineers breathe life into our cloud-managed networking devices, which range from enterprise-grade switches and routers to wireless access points and security cameras. We are driven by the desire to make managing sophisticated networks simple. Our firmware combined with a web-based dashboard allows customers to manage enterprise-scale networks using a simple point and click interface. With this one of a kind solution, customers can monitor, reconfigure, and update any Meraki node, or thousands of nodes, anywhere on their network from anywhere in the world. It also allows Meraki to rapidly detect, diagnose, and correct problems in the customer’s network, sometimes even before they know there is a problem.
We are passionate about building real products that our customers love. As a member of our firmware security team, you will have a substantial impact on the security of millions of Meraki users all around the world. Our device firmware is built on Linux and open-source software. We work individually and in small teams to release several new products each year.
We believe in encouraging a positive culture by hiring, coaching, and empowering smart, helpful, humble people. We maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe—including an awesome office overlooking the Bay Bridge and stocked full of food and drinks.
As a product security engineer you will:
- Build critical security features spanning our entire product portfolio ranging from secure storage, resilient device on-boarding, and embedded Linux security solutions
- Collaborate with product engineering teams to design, review, and develop solutions that provide customers with trustworthy products
- Collaborate with hardware engineers on trusted computing security features such as secure boot, cryptographic accelerators, and tamper protection features
- Contribute to technical guidelines and IoT security standards
- Monitor and triage incoming product security issues from our public bug bounty program
- Perform security architecture reviews of new products and features
- Influence security-by-design concepts for new and mature products
You are an ideal fit for this role if you have:
- Proven knowledge of Linux and embedded systems security with a thirst for knowledge
- Have 3+ years professional experience programming in C or C++
- Have experienced knowledge of embedded systems development concepts, including cross-platform development and build tools (GNU toolchain, OpenWrt, buildroot, Yocto), bootloaders (U-Boot, coreboot, UEFI), kernel configuration, device drivers, device trees
- Are comfortable using source-level debuggers, hardware/JTAG debuggers, network protocol analyzers, or logic analyzers to diagnose problems at all layers of the system
- Ability to explain sophisticated security problems and provide expert advice on secure design
- Strong communication skills, particularly written communication
Bonus points for:
- Experience with fuzzing, penetration testing, or static analysis
- Experience with cryptography, Secure Boot, or Trusted Platform Modules (TPM)
- Know common bus protocols like PCI, I2C, SPI, and LPC
- Have experience reading schematics, and data sheets
- Networking knowledge, especially TLS security architecture and wireless communication security practices
- Experience with reverse engineering/disassemblers such as Ghidra, radare2, and IDA Pro
Meraki is headquartered in the Mission Bay area of San Francisco, with beautiful views of the Oracle Ballpark and the Bay beyond. There are also locations in San Jose, Chicago, and Austin. All locations offer a generous benefits package.
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.
At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.