Security Infrastructure Engineer
2 Years ago • All levels
Cyber Security
Job Description
We are seeking a Security Infrastructure Engineer to evolve the RISC-V ecosystem and build secure-by-design RISC-V based systems. The security team is responsible for defining external and internal interfaces for secure provisioning and trusted computing base (TCB) updates of SOC and platforms. This role involves building security infrastructure services to support secure device provisioning and lifecycle management for the SOC-Integrated Root of Trust (RoT) and managing trusted platform elements. We are looking for individuals at multiple levels, including technical leads, developers, and operators, with experience in this area. The team is committed to open source software and hardware.
Good To Have:
- Experience with software deployment via containers (K8s)
- Experience with RISC-V, OpenTitan, or Caliptra
Must Have:
- Design, develop, deploy security infrastructure services
- Design APIs, protocols, services for asset management
- Develop key generation/management policies
- Interface with manufacturing for provisioning
- Lead SW teams for service components/SDKs
- Operate security infrastructure services
- Full stack development with fault-tolerant systems
- HSM integration and coding
- Experience with remote systems and ATE integration
- Operational experience with HSM, code-signing, access control
- Understand security flows and crypto primitives
- VPN, SSL, secure connection experience
- Proficiency in C/C++/Java or Python
- Technical degree (PhD, Master's, or Bachelor's)
We are working on software, firmware and hardware to evolve the RISC-V ecosystem and build secure-by-design RISC-V based systems.
The security team has the charter to define external and internal interfaces for secure provisioning and trusted computing base (TCB) updates of our SOC and platforms. As part of our work on foundational security and to enable Trusted Execution Environments for RISC-V based platforms, we are building the security infrastructure services necessary to support secure device provisioning and lifecycle management for the SOC-Integrated Root of Trust (RoT), and manage the trusted elements of the platform.
Positions are open for full-time roles at multiple levels in this area, including, for a technical lead capable of designing the overall set of services and developing and deploying the first prototypes, as well as developers and operators who have experience in this area. The team is expected to grow over time to increase development and operational capacity in a scalable manner.
We are big proponents of open source software and open hardware and contribute back improvements to all the great projects we use.
Responsibilities
- Design, develop, and deploy security infrastructure services for key management, manufacturing provisioning, certificate authority, and code signing
- Design and develop APIs, protocols and services for enumeration, configuration and management of platform assets
- Develop policies and procedures associated with key generation/management
- Interface with manufacturing partners to install, troubleshoot and debug security provisioning aspects.
- Interface and lead SW teams to build the components required for hosting the services along with any SDKs required for partners.
- Day-to-day operations of security infrastructure services
Requirements
- Full stack developer with fault-tolerant systems experience and security background
- Hardware security module (HSM) appliance integration and coding for code signing services, secure payload decryption, certificate signing, device ID generation, etc.
- Experience with integrating remote systems with automatic test equipment (ATE)
- Operational experience in deploying and maintaining an HSM, code-signing, access control management, web services deployment, software upgrades, CI/CD flows
- Understanding of security flows, key generation, secure key delivery, access control tokens, key cards, n of m quorums, and other secure processes
- Understanding of crypto primitives such as keys, signatures, certificates, etc.
- VPN, SSL, secure connection experience (programming and configuration)
- Proficiency programming in C/C++/Java or equivalent UI capable language and/or programming in Python or equivalent scripting language
- Experience with software deployment via containers (K8s) a plus
- Experience with RISC-V, OpenTitan, or Caliptra a plus
Education and Experience
- PhD, Master’s Degree or Bachelor’s Degree in technical subject area.
Set alerts for more jobs like Security Infrastructure Engineer
Set alerts for new jobs by rivos
Set alerts for new Cyber Security jobs in United States
Set alerts for new jobs in United States
Set alerts for Cyber Security (Remote) jobs
