Jobs · Information Technology · California

Embedded Systems Security Engineer

HireArt · Foster City, CA · 1 wk ago
On-siteInformation TechnologyFull-time

About the role

The Embedded Systems Security Engineer will develop and implement security solutions that harden the next generation of the company’s embedded Linux platform. Responsibilities include designing and deploying security features, automating security workflows, and collaborating with manufacturing teams.

Responsibilities

  • Design and implement hardware root of trust and secure boot architectures from the first-stage bootloader through the Linux kernel.
  • Implement cryptographically verified storage solutions, including dm-verity for read-only root filesystems and encryption for data at rest.
  • Develop and maintain Trusted Execution Environment (TEE) solutions, such as OP-TEE, and author Trusted Applications (TAs).
  • Implement user-space isolation and sandboxing using technologies like SELinux, AppArmor, cgroups, namespaces, and seccomp.
  • Build automated cryptographic signing pipelines within CI/CD environments to securely sign bootloaders, kernels, and over-the-air (OTA) update payloads using hardware security modules (HSMs) or secure key vaults.
  • Partner with manufacturing teams to develop secure provisioning tools, including eFuse/OTP programming and end-of-line validation software.
  • Design resilient boot and recovery architectures, including A/B partitioning strategies, to ensure reliable system recovery from failed updates or corrupted boots.

Requirements

  • A bachelor's degree in computer science, computer engineering, electrical engineering, or a related technical discipline, or equivalent practical experience
  • 6+ years of experience in embedded Linux development, board bring-up, and Board Support Package (BSP) customization
  • 3+ years of hands-on experience implementing device-level security features in production embedded systems
  • Expert knowledge of bootloaders such as U-Boot Verified Boot, or Barebox, and Linux security technologies including dm-crypt and dm-verity
  • Deep understanding of ARM TrustZone security architecture (ARMv7-A/ARMv8-A) and processor privilege levels
  • Experience developing and maintaining SELinux or AppArmor policies, along with Linux containment technologies including cgroups, namespaces, and seccomp
  • Advanced programming skills in C and strong scripting experience with Python or Bash

Preferred Qualifications

  • Strong understanding of cryptographic algorithms, public key infrastructure (PKI), and Hardware Security Modules (HSMs)
  • Experience working with contract manufacturers or internal production teams to implement secure key injection and hardware provisioning processes
  • Experience with embedded container runtimes such as LXC, crun, or similar lightweight sandboxing technologies
  • Experience designing secure OTA update strategies, including hardware-enforced anti-rollback protection and version management

Benefits

  • Pre-tax commuter benefits
  • Employer (HireArt) subsidized healthcare benefits (eligibility begins on the first of the month following 60 days of service)
  • Flexible Spending Account for healthcare-related costs
  • HireArt covers all costs for short- and long-term disability and life insurance
  • 401k package

Commitment

This is a full-time, ongoing contract position staffed via HireArt. It will be onsite and available to candidates who are local to the Foster City, CA area.

Similar jobs

System Security Engineer

Cymertek CorporationChantilly, VA· 12 mo ago
Information Technologyapply on cymertek.catsone.com

System Security Engineer

Cymertek CorporationAurora, Colorado, United States· 12 mo ago
Information Technologyapply on cymertek.catsone.com

System Security Engineer

Cymertek CorporationTysons Corner, VA· 12 mo ago
Information Technologyapply on cymertek.catsone.com

System Security Engineer

Cymertek CorporationAnnapolis Junction, MD· 12 mo ago
Information Technologyapply on cymertek.catsone.com