Systems Engineer
Back to search resultsOn-Site role
Job Description:
- Embedded Systems Security Engineer.
- Onsite in Foster City, CA | 5 days in office.
- We are looking for an Embedded Systems Security Engineer to implement security solution to harden our next-generation embedded Linux platform.
- In this role, you will bridge the gap between low-level hardware security, kernel hardening, and secure user-space application containment.
- You will not only design cryptographic defense mechanisms but will also automate security pipelines in CI/CD and partner directly with manufacturing teams to ensure devices are provisioned securely and reliably at scale without production risks.
Roles & Responsibilities:
- Platform Hardening & Architecture: Design and implement the Hardware Root of Trust and Secure Boot architecture from the first-stage bootloader through the Linux kernel.
- Storage & Integrity Management: Implement dm-verity for cryptographically verified read-only root filesystems and secure data encryption at rest.
- Trusted Execution Environments: Develop, integrate, and maintain a TEE (e.g., OP-TEE) and author Secure/Trusted Applications (TAs).
- Application Sandboxing: Enforce strict user-space isolation and sandboxing strategies using SELinux, AppArmor, cgroups, namespaces, and seccomp filters to protect core systems from untrusted applications.
- DevSecOps Automation: Build automated cryptographic signing pipelines within CI/CD infrastructure (e.g., GitLab CI, GitHub Actions) to securely sign bootloaders, kernels, and OTA payloads using HSMs or secure key vaults.
- Production Provisioning Support: Collaborate with manufacturing teams to write robust scripts and tools for burning permanent hardware configuration fuses (eFuses / OTP memory) securely, designing end-of-line (EOL) test software to validate security features before shipping.
- System Resilience: Architect multi-slot boot recovery layouts (e.g., A/B partitioning) to guarantee fail-safe resilience against failed OTA updates or corrupted boots.
Qualifications:
- Education: Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical discipline (or equivalent practical experience).
- Core Experience: 6+ years of professional experience in Embedded Linux development, board bring-up, and Board Support Package (BSP) customization.
- Security Focus: 3+ years of dedicated, hands-on experience deploying device-level security features into physical production hardware.
- Low-Level Systems: Expert knowledge of bootloader configurations (e.g., U-Boot Verified Boot, Barebox) and customizing the Linux kernel storage/security subsystem (dm-crypt, dm-verity).
- Hardware Security Architecture: Deep understanding of modern processor security architectures, specifically ARM TrustZone (ARMv7-A / ARMv8-A, Exception Levels EL1–EL3).
- Sandboxing & Access Controls: Proven track record implementing SELinux/AppArmor policies and utilizing standard Linux containment tools (cgroups, namespaces).
- Build Automation: Proficiency with embedded Linux build automated frameworks like the Yocto Project (BitBake recipe design) or Buildroot.
- Programming: Advanced proficiency in C and strong scripting skills in Python or Bash.
Preferred Qualifications:
- Cryptography Expertise: Strong foundational knowledge of symmetric/asymmetric cryptography, hashing algorithms (SHA-256/384), public key infrastructure (PKI), and handling physical Hardware Security Modules (HSMs).
- Manufacturing Scale: Prior experience working with Contract Manufacturers (CMs) or internal factory lines to deploy secure key-injection and fuse-burning protocols.
- Advanced Sandboxing: Experience with embedded container runtimes (e.g., LXC, crun) or lightweight sandboxing frameworks tailored for resource-constrained architectures.
- Anti-Rollback Protection: Experience designing secure versioning and hardware-enforced anti-rollback strategies for OTA updates.
About us:
At our organization, we take our mission and values to heart! We are on a mission to offer more and better jobs all over the world! Our goal is to care for you while you care for our clients and get you paid the highest pay possible. All our associates working with us are expected to embrace our RACE values: R - Results Matter, A- Approachable, C - Care, and E - Emergency i.e. work with a sense of urgency.
For more relevant job opportunities please visit our website: Denken Solutions Careers