Principle Security Engineer
Indexed description
You will serve as the technical authority on Platform Root of Trust (RoT), firmware security, and supply chain integrity. In this high-impact role, you will look beyond individual components to orchestrate a comprehensive "Security-by-Design" approach, guiding engineering teams to implement industry-leading standards (NIST, OCP, TCG) and ensuring our platforms are resilient against advanced cyber threats,including future quantum computing risks.
Job Responsibilities
Security Architecture & Strategy
- Architectural Authority: Define the end-to-end secure boot flow and chain of trust hierarchy across BMC, BIOS, RoT, and peripheral devices.
- PQC Migration Strategy: Lead the strategic roadmap for Post-Quantum Cryptography (PQC) migration. Assess the impact of PQC algorithms (e.g., ML-KEM, ML-DSA) on boot time, memory constraints, and hardware accelerators in embedded environments.
- Protocol Governance: Mandate and guide the correct implementation of security protocols, specifically SPDM (Security Protocol and Data Model), MCTP, and PLDM for device attestation and secure communication.
- Threat Modeling: Lead detailed threat modeling sessions for new platforms to identify attack surfaces and prescribe mitigations.
- Vulnerability Management: Act as the lead for Product Security, assessing CVEs affecting OpenBMC/Linux kernel and driving remediation plans.
- Standards Alignment: Ensure product architecture aligns with TCG (Trusted Computing Group), OCP Security, and FIPS 140-3 requirements.
- Security Advocacy: Champion the adoption of memory-safe languages (e.g., Rust) and modern security practices within the firmware development lifecycle.
- Open Source Engagement: Represent the company in OpenBMC Security Working Groups or OCP Security projects; drive upstream contributions for security enhancements.
- Mentorship: Provide expert consultation to Lead and Senior engineers in the BMC and RoT teams, reviewing critical security designs and code implementations.
- Bachelor’s or Master’s degree in Computer Science, Electrical Engineering or related field.
- 10+ years of experience in embedded security, platform security, or firmware architecture.
- Proven track record of designing secure server platforms or embedded devices from concept to certification.
- Cryptographic Expertise: Deep understanding of cryptographic algorithms (ECC, RSA, SHA, AES) and their application in hardware (TPM, HSM, Hardware RoT).
- Protocol Expert: Authoritative knowledge of SPDM (1.0/1.1/1.2), MCTP, Cerberus architectures, and TCG specifications.
- Hardware Security: Strong knowledge of hardware security primitives: Physical Unclonable Functions (PUF), TrustZone, SGX, and side-channel attack mitigations.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search