Overview
Join to apply for the Senior Product Security Engineer role at Arm.
Are you passionate about building secure systems from the ground up? We’re looking for an experienced and motivated Product Security Engineer to help shape the security posture of our SoC and embedded firmware solutions. In this role, you’ll evaluate system security architectures, review firmware code, contribute to ROM assessments, and perform hands-on threat modeling and lightweight testing. This is a fantastic opportunity for someone who loves solving complex security challenges, collaborates across domains, and wants to make a meaningful impact in real-world products.
Responsibilities
* Review firmware and SoC architecture for security risks and threat models.
* Evaluate critical security features like secure boot, rollback protection, memory isolation, and TEE.
* Perform C/C++ security code reviews to spot implementation-level flaws.
* Conduct targeted hands-on tests to validate security concerns when needed.
* Collaborate with cross-functional teams to embed security into the development lifecycle.
* Help shape secure firmware architectures for key handling, update flows, and hardware-backed protections.
* Communicate risks and solutions clearly to both technical and non-technical audiences.
Required Skills and Experience
* Proven experience securing hardware-firmware interfaces or embedded systems.
* Strong hands-on expertise in C/C++ security code reviews.
* Background in secure boot, key provisioning, firmware hardening, and trusted computing.
* Solid understanding of firmware attack surfaces: fault injection, code injection, privilege escalation.
* Familiarity with isolation technologies such as Arm TrustZone, secure monitor, or memory protection.
* Ability to run and interpret quick tests to verify security assumptions.
* Experience with advanced attack surfaces like side-channel or fault attacks.
* Excellent collaboration, communication, and documentation skills.
Nice To Have
* Familiarity with hardware design flows (e.g., RTL, UVM/SystemVerilog).
* Exposure to TPMs, Secure Elements, or hardware-backed crypto modules.
* Background in academic research or industry work in embedded security, firmware, or cryptographic implementation.
* Experience discovering or analyzing security vulnerabilities in products, ideally with public CVEs or equivalent internal findings.
* Hands-on experience evaluating or testing products against certification schemes such as SESIP, PSA Certified, or Common Criteria.
What We Offer
You will contribute to Arm’s core interconnect and control subsystems, ensuring strategic alignment and technical validation across markets. While the initial focus is on infrastructure, you will collaborate across lines of business and customers to ensure foundational technologies are robust and reusable across Arm’s product portfolio.
Our 10x mindset guides how we engineer, collaborate, and grow. Learn more at: https://careers.arm.com/en/10x-mindset
Equal Opportunities
Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
#J-18808-Ljbffr