Jobs · Engineering · Texas

Firmware Security Systems Architect

Jabil · Austin, TX · 1 wk ago
HybridEngineeringFull-time

About the role

Firmware Security System Architects at Jabil establish and drive the security strategy for firmware across Jabil's Cloud, Compute, and Networking product lines. This role combines forward-looking security architecture with the operational establishment of compliance processes, ensuring Jabil designs meet evolving regulatory requirements in North America, the EU, and emerging markets.

Responsibilities

  • Demonstrate a level of expertise in security that matches or exceeds the expertise of customers
  • Define and champion firmware security architecture standards across Jabil’s product portfolio
  • Access current and emerging regulatory and compliance requirements translating them into actionable engineering processes
  • Evaluate security posture of designs during product development and drive remediation
  • Serve as internal authority on firmware security and security processes
  • Monitor the technical direction of designs during product development
  • Mentor others in the organization to build team members design capability
  • Advise customers, product planning, and business development on security architecture tradeoffs including cost, schedule, and compliance impact
  • Establish and maintain Jabil’s firmware security compliance roadmap, covering:
    • North America: NIST SP 800-193 (PFR), NIST CSF, FIPS 140-3, and relevant Executive Orders on cybersecurity
    • EU: Cyber Resilience Act, RED delegated acts, and ETSI EN 303 645
  • Define and operationalize security processes across the firmware development lifecycle, including:
    • Secure development lifecycle (SDLC) practices, tools, and gates
    • Vulnerability disclosure and incident response procedures
    • Supply chain security and firmware signing workflows
    • Security audit and assessment cadences
    • Evaluate and improve security tooling (static analysis, fuzzing, binary analysis, vulnerability scanning) for firmware teams
    • Collaborate with fellow system architects in the electrical, thermal, BIOS, Validation, RAS, and OS domains
    • Communicate security requirements and architectural decisions to Jabil development teams through documentation, training, and design reviews
    • Lead and contribute to firmware design reviews and technical committees to proactively identify, assess, and mitigate security vulnerabilities during the architecture and design phases
    • Stay current on vendor technology capabilities in spaces such as CPUs (PFR, PSP, TrustZone), GPUs, Storage, Memory, FPGAs, MCUs, etc...
    • Stay current on threat landscape, vulnerability disclosures, and evolving standards from organizations such as NIST, DMTF (SPDM/PLDM Security), TCG (DICE, TPM), OCP Security, and MITRE
    • Represent Jabil in industry security working groups and standards bodies as needed
    • Deep dive into new open-ended areas by leveraging previous engineering experiences
    • Contribute to the improvement of our architecture methods and processes
    • Train, mentor, and coach new engineers

    Qualifications & Knowledge Requirements

    • Capability to research emerging regulations and translate compliance requirements into falsifiable engineering requirements and s criteria is required
    • Familiarity with the EU CRA and its implications for product security, including vulnerability handling and reporting obligations is required
    • Familiarity with Intel, AMD, Nvidia, or ARM CPU/GPU security features (ex. Intel PFR, AMD PSP, ARM TrustZone) is required
    • Understanding of supply chain security concerns for firmware is required: signed updates, provenance tracking, SBOM
    • Specifically, an understanding of the security capabilities of the processor High-level familiarity and understanding of BMC code architecture is preferred
    • Knowledge of OpenBMC is strongly preferred
    • Knowledge of AMI (American Megatrends) MegaRAC is beneficial
    • High-level understanding of source control, CI/CD pipelines, and how to integrate security gates (SAST, secrets scanning, and signing) into automated workflows is required
    • Experience working with industry standards for IPMI, Redfish, MCTP, PLDM, SMBUS, i2c, i3c, SPI, is preferred
    • Extensive experience with Linux is required
    • Deep expertise with Secure Boot, SPDM, Platform Root of Trust, DICE, and NIST SP 800-193 standards as well as cryptographic algorithms and protocols (PKI, Certificates, AES, HMAC, ECC) is strongly preferred
    • Experience with vulnerability management processes, CVE handling, and coordinated disclosure is required
    • Proven experience in addressing and remediating security issues within sustaining firmware programs, ensuring continued compliance and risk mitigation across deployed systems is required
    • Working knowledge of industry-standard security and code analysis tools, including Coverity, Black Duck, and Eclypsium, is considered a strong advantage
    • Fluent in reading block diagrams and familiarity with system design preferred
    • Fluency in server management (provisioning, deployment, management, service) is preferred

    Education & Experience Requirements

    • Bachelor's Degree in Computer Engineering, Computer Science, or Electrical Engineering required
    • 15+ years’ experience in firmware design and engineering
    • Relevant certifications (CISSP, CSSLP, or equivalent) are a plus but not required

Similar jobs