Jobs · Engineering · North Carolina

Firmware Security Engineer

OnLogic · Cary, NC · 2 wk ago
On-siteEngineering$100k–$120k/yrFull-time

About the role

As a Firmware Security Engineer at OnLogic, you will be a vital part of a team dedicated to developing and protecting cutting-edge industrial computing products. You will lead vulnerability management and firmware/software coding tasks for various UEFI/BIOS, BMC, and microcontroller (MCU) applications across our product line, including motherboards and expansion cards. Additionally, you will collaborate with external partners performing BIOS customization for our motherboards.

Responsibilities

  • Collaborate with the security team to identify and mitigate firmware vulnerabilities.
  • Execute firmware development tasks focused on vulnerability mitigation.
  • Parenthesize with the firmware development team to define precise BIOS specifications.
  • Collaborate with external parties throughout the vulnerability management lifecycle.
  • Validate the function of firmware and BIOS on hardware prototypes.
  • Actively participate in the continuous improvement of the company's hardware and firmware development processes.
  • Drive comprehensive vulnerability lifecycle management.
  • Support product security initiatives and manage customer communications regarding related issues.

Requirements

  • Bachelor's degree or higher in Computer Science, Cybersecurity, Software Engineering, or Electrical Engineering.
  • 5+ years of firmware security management experience, preferably in the industrial PC industry working with BIOS/UEFIs.
  • Proven expertise in embedded systems security, with a strong focus on threat modeling, risk assessment, and security implementation.
  • Strong command of UEFI security standards (e.g., TPM 2.0, Secure Updates , Capsule updates, Secure/Trusted/Measured Boot, Intel BIOS/Boot Guard, Intel PTT, Intel TXT).
  • Experience collaborating in a leadership capacity across multiple engineering disciplines, such as mechanical, electrical, firmware, and security.
  • Hands-on experience in embedded firmware debugging using JTAG-based debuggers and logic analyzers.
  • Deep understanding of the vulnerability lifecycle, including scanning, CVE management, and risk mitigation strategies.
  • Ability to collaborate with teammates on the Cybersecurity, Component Engineering, and other engineering teams to implement secure and compliant development processes.
  • Capability to contribute to the Firmware Security Development Lifecycle by supporting its development at various stages, including design, threat analysis, implementation, validation, vulnerability testing, certification, and audit.
  • Strong background in software development, including proficiency in Python.
  • Experience with version control systems (such as Git) and standard software development processes.
  • Solid understanding of PC hardware architectures, BIOS, and Linux operating systems.
  • Extensive experience with microcontrollers, including their core architecture and operation.
  • Familiarity with common security standards and certifications (e.g., Common Criteria, MITRE, FIPS, ISO 27001:2022, IEC 62443).

Similar jobs

Firmware Engineer

ASSA ABLOY GroupLake Forest, CA· 1 wk ago
Engineering$82k–$129k/yrapply on assaabloy.jobs2web.com