Jobs · Engineering · Vermont

Firmware Security Engineer

OnLogic · South Burlington, VT · 2 wk ago
On-siteEngineering$100k–$120k/yrFull-time

About the role

As a Firmware Security Engineer at OnLogic, you will be a vital part of a team dedicated to developing and protecting cutting-edge industrial computing products. You will lead vulnerability management and firmware/software coding tasks for various UEFI/BIOS, BMC, and microcontroller (MCU) applications across our product line, including motherboards and expansion cards. Additionally, you will collaborate with external partners performing BIOS customization for our motherboards.

Responsibilities

  • Collaborating with the security team to identify and mitigate firmware vulnerabilities.
  • Executing firmware development tasks focused on vulnerability mitigation.
  • Partnering with the firmware development team to define precise BIOS specifications.
  • Collaborating with external parties throughout the vulnerability management lifecycle.
  • Validating the function of firmware and BIOS on hardware prototypes.
  • Actively participating in the continuous improvement of the company's hardware and firmware development processes.
  • Driving comprehensive vulnerability lifecycle management.
  • Supporting product security initiatives and managing customer communications regarding related issues.

Requirements

  • Bachelor's degree or higher in Computer Science, Cybersecurity, Software Engineering, or Electrical Engineering.
  • 5+ years of firmware security management experience, preferably in the industrial PC industry working with BIOS/UEFIs.
  • Proven expertise in embedded systems security, with a strong focus on threat modeling, risk assessment, and security implementation.
  • Strong command of UEFI security standards (e.g., TPM 2.0, Secure Updates , Capsule updates, Secure/Trusted/Measured Boot, Intel BIOS/Boot Guard, Intel PTT, Intel TXT).
  • Experience collaborating in a leadership capacity across multiple engineering disciplines, such as mechanical, electrical, firmware, and security.
  • Hands-on experience in embedded firmware debugging using JTAG-based debuggers and logic analyzers.
  • Deep understanding of the vulnerability lifecycle, including scanning, CVE management, and risk mitigation strategies.
  • Ability to collaborate with teammates on the Cybersecurity, Component Engineering, and other engineering teams to implement secure and compliant development processes.
  • Capability to contribute to the Firmware Security Development Lifecycle by supporting its development at various stages, including design, threat analysis, implementation, validation, vulnerability testing, certification, and audit.
  • Strong background in software development, including proficiency in Python.
  • Experience with version control systems (such as Git) and standard software development processes.
  • Solid understanding of PC hardware architectures, BIOS, and Linux operating systems.
  • Extensive experience with microcontrollers, including their core architecture and operation.
  • Familiarity with common security standards and certifications (e.g., Common Criteria, MITRE, FIPS, ISO 27001:2022, IEC 62443).

Similar jobs

Firmware Engineer

Springs Window FashionsMiddleton, WI· 1 wk ago
Engineeringapply on careers-springswindowfashions.icims.com

Firmware Engineer

ASSA ABLOY GroupLake Forest, CA· 1 wk ago
Engineering$82k–$129k/yrapply on assaabloy.jobs2web.com