Embedded Systems Security Engineer

Artech LLC

Foster City, CA

JOB DETAILS
SALARY
$80–$97.80 Per Hour
SKILLS
ARM (Advanced RISC Machine), BSP, Booting, Computer Engineering, Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Contract Manufacturing, Cryptography, Cryptography Algorithms, Electrical Engineering, Embedded Linux, Embedded Systems, Executive Level (EL) 1, File Systems, Hardware Architecture, Hardware Configuration Management, Information/Data Security (InfoSec), Injections, Kernel Programming, Linux Kernel, Linux Kernel Security, Manufacturing, Memory Hardware, Microprocessor Architecture, Physical Security, Production Support, Public Key Infrastructure (PKI), SHA (Secure Hash Algorithm), Scripting (Scripting Languages), Security Architecture, Security Software, Software Validation, System Architecture, Systems Engineering, Testing, Verity, Writing Skills
LOCATION
Foster City, CA
POSTED
18 days ago

Introduction

We are looking for a professional to implement security solutions to harden our next-generation embedded Linux platform. In this role, you will bridge the gap between low-level hardware security, kernel hardening, and secure user-space application containment. You will not only design cryptographic defense mechanisms but will also automate security pipelines in CI/CD and partner directly with manufacturing teams to ensure devices are provisioned securely and reliably at scale without production risks.

Required Skills & Qualifications

  • Education: Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical discipline (or equivalent practical experience).
  • Core Experience: 6 years of professional experience in Embedded Linux development, board bring-up, and Board Support Package (BSP) customization.
  • Security Focus: 3 years of dedicated, hands-on experience deploying device-level security features into physical production hardware.
  • Low-Level Systems: Expert knowledge of bootloader configurations (e.g., U-Boot Verified Boot, Barebox) and customizing the Linux kernel storage/security subsystem (dm-crypt, dm-verity).
  • Hardware Security Architecture: Deep understanding of modern processor security architectures, specifically ARM TrustZone (ARMv7-A / ARMv8-A, Exception Levels EL1–EL3).
  • Applicants must be able to work directly for Artech on W2

Preferred Skills & Qualifications

  • Cryptography Expertise: Strong foundational knowledge of symmetric/asymmetric cryptography, hashing algorithms (SHA-256/384), public key infrastructure (PKI), and handling physical Hardware Security Modules (HSMs).
  • Manufacturing Scale: Prior experience working with Contract Manufacturers (CMs) or internal factory lines to deploy secure key-injection and fuse-burning protocols.
  • Advanced Sandboxing: Experience with embedded container runtimes (e.g., LXC, crun) or lightweight sandboxing frameworks tailored for resource-constrained architectures.

Day-to-Day Responsibilities

  • Platform Hardening & Architecture: Design and implement the Hardware Root of Trust and Secure Boot architecture from the first-stage bootloader through the Linux kernel.
  • Storage & Integrity Management: Implement dm-verity for cryptographically verified read-only root filesystems and secure data encryption at rest.
  • Trusted Execution Environments: Develop, integrate, and maintain a TEE (e.g., OP-TEE) and author Secure/Trusted Applications (TAs).
  • Application Sandboxing: Enforce strict user-space isolation and sandboxing strategies using SELinux, AppArmor, cgroups, namespaces, and seccomp filters to protect core systems from untrusted applications.
  • DevSecOps Automation: Build automated cryptographic signing pipelines within CI/CD infrastructure (e.g., GitLab CI, GitHub Actions) to securely sign bootloaders, kernels, and OTA payloads using HSMs or secure key vaults.
  • Production Provisioning Support: Collaborate with manufacturing teams to write robust scripts and tools for burning permanent hardware configuration fuses (eFuses / OTP memory) securely, designing end-of-line (EOL) test software to validate security features before shipping.
  • System Resilience: Architect multi-slot boot recovery layouts (e.g., A/B partitioning) to guarantee fail-safe resilience against failed OTA updates or corrupted boots.

For immediate consideration please click APPLY to begin the screening process with Alex.

About the Company

A

Artech LLC