Platform Security Engineering - OpenBMC

Job Overview

We're looking for a Platform Security Engineer to join our founding team for OpenBMC-based management firmware. You will design, build, and secure firmware for x86 and Arm platforms, focusing on production and manageability features.

Responsibilities

Production and Manageability

• Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm platforms using Yocto/OpenEmbedded
• Develop the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS
• Implement BMC-to-BIOS/host communications, eSPI/LPC, thermal/fan/power management (PMBus)
• Work on hardware/firmware boundary: I2C/I3C, SPI, PCIe, SMBus, device trees, U-Boot, Linux

Security and Hardening

• Own the BMC security posture: secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, attack-surface reduction
• Lead threat modeling and secure design reviews; run coordinated vulnerability disclosure with vendors and the upstream community
• Build verification tooling: static analysis, fuzzing, firmware extraction, CI gating

Requirements

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security
• Strong technical cross-functional leadership skills
• Hands-on OpenBMC/BMC firmware experience on x86 and/or Arm
• Strong C/C++ and Python skills, deep Linux user-space/kernel fundamentals, and Yocto/OpenEmbedded proficiency
• A security mindset applied to firmware
• Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP

Nice to Have

• Hardware roots of trust and attestation: Caliptra, OCP S.A.F.E., TPM/HRoT, SPDM
• Memory-safe systems code in Rust or Zig
• Firmware vulnerability research, reverse-engineering, or fuzzing
• Previous work with AI/ML infrastructure security

Logistics

• Annual salary: $405,000 - $405,000 USD
• Location: San Francisco, CA | New York City, NY | Seattle, WA
• Hybrid policy: 25% office time
• Visa sponsorship: Available