Platform Security Architect

• Platform Security Architecture: Design security architecture for board and rack platforms including root of trust extension, secure boot chains, firmware signing verification, device identity provisioning, and debug/lifecycle security mechanisms
• Platform Threat Modeling: Create and maintain end-to-end threat models covering firmware, boot chains, management plane components (BMC, controllers), and rack-level attack paths
• Cryptographic Foundations: Design and evolve platform cryptographic foundations including firmware signing hierarchy, key ownership, trust anchors, certificate and device identity models, and key rotation/revocation strategies
• Firmware Security Requirements: Work with firmware teams to define and assess security mechanisms for BIOS, BMC, and device firmware

• Experience designing firmware or platform security architectures
• Deep understanding of secure boot chains and firmware trust models
• Experience designing firmware signing systems and key hierarchies
• Experience designing secure firmware update mechanisms for platform firmware (BIOS, BMC, device firmware) including rollback protection and recovery flows
• Experience with security architectures for platform management firmware (BMC or similar controllers)
• Experience designing platform trust architectures using hardware roots of trust (TPM, DICE, secure elements)
• Solid understanding of applied cryptography in systems (signing, certificates, key hierarchies)
• Working knowledge of Linux security fundamentals
• Nice to have: BMC platforms or OpenBMC, PCIe or device firmware ecosystems, secure manufacturing and provisioning flows, firmware security testing/validation strategies

Relocation package available including visa sponsorship support for candidates who require it.