Overview: The Embedded Security Engineer will be the primary architect for our high-power energy conversion systems. In a landscape where energy infrastructure is a primary target for sophisticated cyber-attacks, your mission is to ensure that our Linux-based controllers are resilient, tamper-proof, and compliant with global industrial security standards.
Root of Trust & Boot Integrity:
Design and implement a multi-stage Secure Boot process using hardware features (e.g., ARM TrustZone, NXP HAB, or TPM 2.0). Ensure firmware authenticity from power-on to user-space application execution.
Kernel & OS Hardening:
Use the Yocto Project to create a minimal-attack-surface Linux distribution. Implement Mandatory Access Control (MAC) using SELinux or AppArmor and perform kernel-level hardening (e.g., disabling unused syscalls, KASLR).
Vulnerability Lifecycle Management:
Establish a continuous monitoring pipeline for CVEs. You will lead the "Triage-to-Patch" process, deciding when a vulnerability requires an emergency OTA (Over-the-Air) update versus a scheduled maintenance release.
Cryptographic Orchestration:
Manage device identity and authentication using PKI (Public Key Infrastructure). Implement mutual TLS (mTLS) for all controller-to-cloud communications and secure local storage of sensitive grid-management keys.
Industrial Compliance:
Lead the technical implementation of security controls required for IEC 62443-4-2 and NERC CIP compliance, ensuring our products can be deployed in the most sensitive utility environments.
Qualifications:
7+ years in Embedded Software with at least 4 years focused exclusively on Security. Expertise in Yocto meta-security layers and automated security scanning tools (e.g., MantaRay, Checkmarx). Deep understanding of cryptographic protocols (TLS 1.3, AES-GCM, Elliptic Curve) and hardware security modules (HSM).
For applications and inquiries, contact:
[email protected]
Apply Now
Apply Now