Senior Product Security Engineer Cisco
San Francisco, CA

Job Description

Senior Product Security Engineer

Meraki Engineers breathe life into our cloud-managed networking devices, which range from enterprise grade switches and routers to wireless access points and security cameras. We are driven by the desire to make managing sophisticated networks simple. Our firmware combined with a web-based dashboard allows customers to manage enterprise scale networks using a simple point and click interface. With this one of a kind solution customers can monitor, reconfigure, and update any Meraki node, or thousands of nodes, anywhere on their network from anywhere in the world. It also allows Meraki to rapidly detect, diagnose, and correct problems in the customer's network, sometimes even before they know there is a problem.

We are passionate about building real products that our customers love. As a member of our firmware security team, you will have a substantial impact on the security of millions of Meraki users all around the world. Our device firmware is built on Linux and open-source software. We work individually and in small teams to release several new products each year.

We believe in fostering a positive culture by hiring, coaching, and empowering smart, helpful, humble people. We maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe-including an awesome office overlooking the Bay Bridge and stocked full of food and drinks.

As a Senior Product Security Engineer you will:

* Perform penetration testing, design and code reviews of our flagship product offerings


* Assess our cryptographic and protocol solutions


* Perform threat modeling and security assessment engagements


* Evaluate application security tools for internal consumption and prototype new automation and tooling to improve our detection and prevention capabilities


* Collaborate with hardware engineers on security features such as secure boot, cryptographic accelerators, and tamper protection features


* Collaborate with software engineers to design, review, and develop solutions that give our customers optimal and secure solutions


* Contribute to the design and rollout of a security training program to foster a culture of software security


* Contribute to technical guidelines and security best practices


* Collaborate with Software Engineers across product teams to continually add security refinements to our firmware design, development, and deployment practices


* Monitor and triage incoming firmware issues from our public bug bounty program


* Evaluate, triage and help develop patches for firmware vulnerabilities



You are an ideal fit for this role if you have:

* 5+ Years of professional experience in Software Engineering, Computer Science, Information Security or related field


* 2+ years of penetration testing or offensive security experience


* Meaningful professional experience testing, reviewing or programming in C or C++ and ability to explain which constructs are unsafe and why


* Attacker mindset and a real passion for breaking all the things


* Solid knowledge of Linux and embedded systems security


* Experience with attack techniques such as fuzzing, Metasploit, etc.


* Deep understanding of a broad spectrum of security vulnerabilities and attack vectors, including exploitation and mitigation


* Ability to explain complex security problems and expert advice on secure design


* Strong communication skills, particularly written communication


* Strong quantitative and analytical skills, proven ability to track and successfully complete complex security projects



Bonus points for:

* Networking knowledge, especially SSL/TLS security architecture and details


* Experience with cryptography fundamentals, Secure Boot, or Trusted Platform Modules (TPM)


* Reverse engineering / decompilation tools such as IdaPro experience


* Experience writing device drivers for any Operating System


* Know common bus protocols like PCI, I2C, SPI, and LPC


* Are comfortable using source-level debuggers, hardware/JTAG debuggers, network protocol analyzers, or logic analyzers to diagnose problems at all layers of the system


* Have experience reading schematics and data sheets



Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.