Firmware Security Systems Architect
Austin, TX - USA
Job Summary
Firmware Security System Architects at Jabil establish and drive the security strategy for firmware across Jabils Cloud Compute and Networking product lines. This role combines forward-looking security architecture with the operational establishment of compliance processes ensuring Jabil designs meet evolving regulatory requirements in North America the EU and emerging markets.
As a Firmware Security System Architect you will be expected to
- Demonstrate a level of expertise in security that matches or exceeds the expertise of customers
- Define and champion firmware security architecture standards across Jabils product portfolio
- Access current and emerging regulatory and compliance requirements translating them into actionable engineering processes
- Evaluate security posture of designs during product development and drive remediation
- Serve as internal authority on firmware security and security processes
- Monitor the technical direction of designs during product development
- Mentor others in the organization to build team members design capability
IN YOUR ROLE YOU WILL
- Advise customers product planning and business development on security architecture tradeoffs including cost schedule and compliance impact
- Establish and maintain Jabils firmware security compliance roadmap covering:
- North America: NIST SP 800-193 (PFR) NIST CSF FIPS 140-3 and relevant Executive Orders on cybersecurity
- EU: Cyber Resilience Act RED delegated acts and ETSI EN 303 645
- Leverage strategy and risk planning
- Define and operationalize security processes across the firmware development lifecycle including:
- Secure development lifecycle (SDLC) practices tools and gates
- Vulnerability disclosure and incident response procedures
- Supply chain security and firmware signing workflows
- Security audit and assessment cadences
- Evaluate and improve security tooling (static analysis fuzzing binary analysis vulnerability scanning) for firmware teams
- Collaborate with fellow system architects in the electrical thermal BIOS Validation RAS and OS domains
- Communicate security requirements and architectural decisions to Jabil development teams through documentation training and design reviews
- Lead and contribute to firmware design reviews and technical committees to proactively identify assess and mitigate security vulnerabilities during the architecture and design phases
- Stay current on vendor technology capabilities in spaces such as CPUs (PFR PSP TrustZone) GPUs Storage Memory FPGAs MCUs etc
- Stay current on threat landscape vulnerability disclosures and evolving standards from organizations such as NIST DMTF (SPDM/PLDM Security) TCG (DICE TPM) OCP Security and MITRE
- Represent Jabil in industry security working groups and standards bodies as needed
- Deep dive into new open-ended areas by leveraging previous engineering experiences.
- Contribute to the improvement of our architecture methods and processes.
- Train mentor and coach new engineers
JOB QUALIFICATIONS & KNOWLEDGE REQUIREMENTS
TECHNICAL KNOWLEDGE & SKILLS
- Capability to research emerging regulations and translate compliance requirements into falsifiable engineering requirements and test criteria is required
- Working knowledge of the EU CRA and its implications for product security including vulnerability handling and reporting obligations is required
- Familiarity with Intel AMD Nvidia or ARM CPU/GPU security features (ex. Intel PFR AMD PSP ARM TrustZone) is required
- Understanding of supply chain security concerns for firmware is required: signed updates provenance tracking SBOM
- Familiarity with Aspeed BMC products is preferred. Specifically an understanding of the security capabilities of the processor
- High-level familiarity and understanding of BMC code architecture is preferred Knowledge of OpenBMC is strongly preferred.
- Knowledge of AMI (American Megatrends) MegaRAC is beneficial
- High-level understanding of source control CI/CD pipelines and how to integrate security gates (SAST secrets scanning and signing) into automated workflows is required
- Experience working with industry standards for IPMI Redfish MCTP PLDM SMBUS i2c i3c SPI is preferred
- Extensive experience with Linux is required
- Deep expertise with Secure Boot SPDM Platform Root of Trust DICE and NIST SP 800-193 standards as well as cryptographic algorithms and protocols (PKI Certificates AES HMAC ECC) is strongly preferred.
- Experience with vulnerability management processes CVE handling and coordinated disclosure is required
- Proven experience in addressing and remediating security issues within sustaining firmware programs ensuring continued compliance and risk mitigation across deployed systems is required
- Working knowledge of industry-standard security and code analysis tools including Coverity Black Duck and Eclypsium is considered a strong advantage
- Fluent in reading block diagrams and familiarity with system design preferred
- Fluency in server management (provisioning deployment management service) is preferred
NON-TECHNICAL KNOWLEDGE & SKILLS
- Influence engineering teams and leadership to prioritize security investments with clear risk articulation
- Effectively communicate with excellent understanding of English.
- Work as part of a global team
- Assess a project and articulate risk in terms of business impact regulatory exposure and remediation effort
- Mentor less experienced engineers in secure development practices and build a security-aware culture
Lead cross-functional security initiatives involving firmware hardware and validation teams Develop and maintain relationships with customers security teams to align on requirements
EDUCATION & EXPERIENCE REQUIREMENTS
- Bachelors Degree in Computer Engineering Computer Science or Electrical Engineering required
- 15 years experience in firmware design and engineering
- Relevant certifications (CISSP CSSLP or equivalent) are a plus but not required
BE AWARE OF FRAUD: When applying for a job at Jabil you will be contacted via correspondence through our official job portal with a e-mail address; direct phone call from a member of the Jabil team; or direct e-mail with a e-mail address. Jabil does not request payments for interviews or at any other point during the hiring process. Jabil will not ask for your personal identifying information such as a social security number birth certificate financial institution drivers license number or passport information over the phone or via e-mail. If you believe you are a victim of identity theft contact the Federal Bureau of Investigations internet crime hotline () the Federal Trade Commission identity theft hotline () and/or your local police department. Any scam job listings should be reported to whatever website it was posted in.
Jabil including its subsidiaries is an equal opportunity employer and considers qualified applicants for employment without regard to race color religion national origin sex sexual orientation gender identity age disability genetic information veteran status or any other characteristic protected by law.
Accessibility Accommodation
If you are a qualified individual with a disability you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access site as a result of your disability. You can request a reasonable accommodation by sending an e-mail to or calling with the nature of your request and contact information. Please do not direct any other general employment related questions to this e-mail or phone number. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to.#whereyoubelong
#AWorldofPossibilities
Required Experience:
Staff IC
About Company
At Jabil we strive to be the most technologically advanced and trusted manufacturing solutions provider.