Job Description:
Are you passionate about building secure systems from the ground up? We're seeking an experienced and motivated Product Security Engineer to enhance the security of our SoC and embedded firmware solutions. In this role, you will evaluate system security architectures, review firmware code, contribute to ROM assessments, and perform hands-on threat modeling and lightweight testing.
This opportunity is ideal for someone who enjoys solving complex security challenges, collaborating across domains, and making a tangible impact on real-world products. If you are detail-oriented and committed to empowering others in security practices, we would love to hear from you!
Responsibilities:
* Review firmware and SoC architecture for security risks and threats.
* Evaluate security features such as secure boot, rollback protection, memory isolation, and TEE.
* Perform C/C++ security code reviews to identify implementation flaws.
* Conduct targeted tests to validate security concerns.
* Collaborate with cross-functional teams to integrate security into the development process.
* Help design secure firmware architectures for key management, update processes, and hardware protections.
* Communicate risks and solutions effectively to technical and non-technical stakeholders.
Required Skills and Experience:
* Experience securing hardware-firmware interfaces or embedded systems.
* Hands-on expertise in C/C++ security code reviews.
* Knowledge of secure boot, key provisioning, firmware hardening, and trusted computing.
* Understanding of firmware attack surfaces such as fault and code injection, privilege escalation.
* Familiarity with isolation technologies like Arm TrustZone.
* Ability to perform and interpret security tests.
* Experience with advanced attack vectors like side-channel and fault attacks.
* Strong collaboration, communication, and documentation skills.
Nice To Have:
* Knowledge of hardware design flows (RTL, UVM/SystemVerilog).
* Experience with TPMs, Secure Elements, or cryptographic modules.
* Background in embedded security research or industry.
* Experience in vulnerability discovery and analysis, including CVEs.
* Familiarity with certification schemes like SESIP, PSA Certified, or Common Criteria.
#LI-JG1
Additional Information:
At Arm, we support diversity and inclusion. If you require accommodations during the recruitment process, please email accommodations@arm.com. Your requests will be handled confidentially. Examples include interview adjustments, document reading support, or office accessibility.
Our hybrid work model aims to balance high performance with personal wellbeing. Details will be shared upon application. We are committed to providing a flexible work environment tailored to team needs, within local legal and regulatory frameworks.
Arm is an equal opportunity employer. We value diversity and do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
#J-18808-Ljbffr