We are looking for a Platform Security Architect to help shape the security architecture of next-generation data center platforms. This role focuses on how security is integrated into systems above the silicon, spanning firmware, boot chains, management planes, and platform lifecycle controls. You will collaborate closely with hardware and firmware teams to help ensure the platform has a coherent and resilient security architecture from board to rack scale.
Responsibilities
* Platform Security Architecture: Design the security architecture for board and rack platforms, extending root of trust beyond the SoC, establishing secure and measured boot chains, firmware signing and verification architecture, device identity and provisioning models, debug and lifecycle security mechanisms.
* Platform Threat Modeling: Create and maintain the end-to-end platform threat model covering firmware and boot chains, management plane components (BMC, controllers), and rack-level attack paths.
* Cryptographic Foundations: Design and evolve the platform’s cryptographic foundations, including firmware signing hierarchy, key ownership and trust anchors, certificate and device identity models, key rotation and revocation strategies.
* Firmware Security Requirements: Work closely with firmware teams to define and assess security mechanisms for BIOS, BMC, and device firmware.
Qualifications
* Experience designing firmware or platform security architectures.
* Deep understanding of secure boot chains and firmware trust models.
* Experience designing firmware signing systems and key hierarchies.
* Experience designing secure firmware update mechanisms for platform firmware (e.g., BIOS, BMC, device firmware) including rollback protection and recovery flows.
* Experience with security architectures for platform management firmware (e.g., BMC or similar controllers).
* Experience designing platform trust architectures using hardware roots of trust (e.g., TPM, DICE, secure elements).
* Solid understanding of applied cryptography in systems (signing, certificates, key hierarchies).
* Working knowledge of Linux security fundamentals.
Nice To Have Skills & Experience
* Experience with BMC platforms or ecosystems such as OpenBMC.
* Experience working with PCIe or other device firmware ecosystems.
* Familiarity with secure manufacturing and provisioning flows, including device identity injection or key provisioning.
* Experience reviewing or designing firmware security testing or validation strategies.
#J-18808-Ljbffr