We are looking for a Platform Security Architect to support the design and improvement of security mechanisms across platform firmware and embedded Linux environments. This is a hands‑on technical role spanning both embedded systems (e.g., Yocto‑based platforms) and data center systems (e.g., BMC and platform firmware). The work includes securing boot chains, firmware update mechanisms, and Linux‑based management environments, including embedded controllers and server management subsystems. You will work closely with firmware and platform engineering teams to help integrate security controls across BIOS, BMC, and device firmware, and collaborate with internal security evaluation teams to support validation and continuous improvement of these controls. The role involves working across low‑level firmware, embedded Linux, and system hardening, with opportunities to contribute at both design and implementation levels.
Responsibilities
- Firmware Security: Evaluate and support integration of security mechanisms across BIOS, BMC, and device firmware, including secure boot, firmware verification, update flows, rollback protection, and debug controls.
- Embedded Linux & BMC Security: Contribute to improving the security of Linux‑based management environments through system hardening, service isolation, access control, and secure configuration.
- System Hardening: Identify potential attack surfaces and configuration gaps, and help apply and validate hardening measures and secure defaults.
- Security Validation & CI Integration: Collaborate with internal security evaluation and engineering teams to support testing, develop validation tools/scripts, and integrate security checks into CI workflows.
- Threat Analysis: Support threat modeling and analysis of firmware and management plane components to identify attack paths and improvement areas.
Qualifications
- Hands‑on experience with embedded Linux systems, including building and customizing platforms using Yocto/OpenEmbedded.
- Hands‑on experience implementing and validating Linux hardening controls, including service/interface hardening, privilege management, and reduction of system attack surface.
- Experience contributing to the implementation or integration of security controls in firmware or embedded environments.
- Strong understanding of low‑level firmware and boot flows, including BIOS/UEFI, bootloaders, and platform firmware components.
- Experience with secure boot chains and firmware trust models, including firmware verification and UEFI‑based systems.
- Experience working with firmware update mechanisms, including signing, verification, and rollback protection.
- Familiarity with Arm architecture and boot processes, including early boot stages and firmware‑hardware interaction.
- Familiarity with platform interconnects such as PCIe, and associated security considerations in device and data‑center environments.
- Experience developing automation, validation tools, or scripts, including integration into CI workflows.
- Proficiency in C/C++ for systems or embedded development, with the ability to work with low‑level components when needed.
- Understanding of Linux security fundamentals, including authentication, authorization, and system‑level protections.
- Familiarity with file system and data protection mechanisms, including encryption approaches such as eCryptfs or similar.
- Ability to analyze and reason about firmware and system‑level attack surfaces.
Nice to Have
- Experience with BMC platforms or ecosystems such as OpenBMC.
- Experience with Linux security features (e.g., SELinux, AppArmor, capabilities).
- Experience with firmware analysis, fuzzing, or security testing techniques.
- Familiarity with container security in embedded or management environments.
- Familiarity with hardware roots of trust (e.g., TPM, DICE).
- Familiarity with networking and network security concepts, particularly in management or data‑center environments.
Equal Opportunities
Arm is an equal‑opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Salary
Salary Range: £126,200 - £170,800 per year
