Cisco Meraki devices - our security appliances, switches, wireless access points, phones and cameras - are critical network infrastructure for hundreds of thousands of businesses around the world. Whether our products are deployed at a single site by a small firm or at thousands of sites by a Fortune 500 corporation, our customers are critically dependent on the reliability and security of our gear. And so are theircustomers: the millions of people everyday who use networks built with Meraki.
Our Product Security team plays a central role in protecting our customers' networks and sensitive data. Our cloud-based architecture and our end-to-end control of the hardware and software design of our products give us a unique ability to continuously improve our products' security posture.
Example projects for a Senior Product Security Engineer:
Bringing up the secure boot mechanism for a new hardware platform: validating the hardware design, writing bootloader and firmware upgrade code to handle image signatures, and integrating with our build system and existing image signing tools
Probing our existing products with network protocol fuzzers or penetration testing tools to shake out risky bugs, or writing proof-of-concept exploits against those bugs
Upgrading our secure overlay mechanisms to superior encryption or authentication methods
Auditing source code (including code drops from outside vendors) to identify potential vulnerabilities before they can be exploited
Mentoring junior developers on security best practices and common pitfalls, and reviewing design proposals for new features
Assisting with the selection of security technology (both hardware and software) for integration into our products
An ideal candidate for the security team will have:
A passion for computer systems security
3+ years of experience writing production code in embedded Linux environments
An eagerness to learn new technologies and languages, and to cross technical boundaries to solve problems
Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR)
Experience with tools for auditing or reverse engineering computer systems (static analysis tools, protocol fuzzers, etc.)
A strong background in fundamentals of cryptography
Great communication and group presentation skills
A little about us:
We are one, big, techie, employee tribe that changes the world while having fun.