Principal Platform Security Architect -Firmware Operating Systems

  • Cambridge
  • £126200 - £170800 per yearly USD / Year

ARM

Principal Platform Security Architect -Firmware Operating Systems Overview

Company Name ARM
Job Role Principal Platform Security Architect -Firmware Operating Systems
Qualifications Not Specified
Category IT Jobs
Job Type Full Time
Location Cambridge

This role is for a platform security architect focused on firmware and operating systems, with work centered on strengthening security across embedded Linux environments and data-center platform firmware. The position is highly technical and hands-on, spanning both embedded platforms such as Yocto-based systems and server-side environments such as BMC and other platform firmware components. The successful candidate will help improve the security of boot processes, firmware update paths, and Linux-based management environments, while working closely with engineering and security teams to validate and continuously improve protections.

What you will do

  • Review and help enhance security controls across BIOS, BMC, and device firmware, including secure boot, firmware integrity verification, update mechanisms, rollback safeguards, and debug access restrictions.
  • Contribute to hardening Linux-based management environments by improving service isolation, access control, secure configuration, and other system-level protections.
  • Identify exposed attack paths and configuration weaknesses, then help apply and confirm hardening measures and secure defaults.
  • Partner with internal security evaluation and engineering teams to support testing activities, create validation scripts or tools, and embed security checks into CI pipelines.
  • Support threat modeling and attack-path analysis for firmware and management-plane components to uncover risks and improvement opportunities.
  • Work across low-level firmware, embedded Linux, and system hardening tasks, contributing to both design and implementation work.
  • Collaborate with firmware and platform engineering teams to integrate security controls into platform components and support ongoing security improvement.

What the role requires

  • Practical experience with embedded Linux systems, including building and customizing platforms using Yocto or OpenEmbedded.
  • Direct experience applying and validating Linux hardening controls, such as restricting services and interfaces, managing privileges, and reducing the attack surface.
  • Experience contributing to the implementation or integration of security controls in firmware or embedded environments.
  • Strong understanding of firmware and boot architecture, including BIOS/UEFI, bootloaders, and platform firmware components.
  • Experience with secure boot designs and trust models, including firmware verification and UEFI-based systems.
  • Experience working with firmware update processes, including signing, verification, and rollback protection.
  • Familiarity with Arm architecture and boot flows, including early boot stages and how firmware interacts with hardware.
  • Understanding of platform interconnects such as PCIe and the security considerations they create in device and data-center environments.
  • Ability to build automation, validation tools, or scripts, and integrate them into CI workflows.
  • Strong C or C++ programming skills for systems or embedded development, with the ability to work on low-level components when needed.
  • Good knowledge of Linux security fundamentals, including authentication, authorization, and system-level protections.
  • Familiarity with file and data protection techniques, including encryption approaches such as eCryptfs or comparable solutions.
  • Ability to analyze firmware and system-level attack surfaces and reason about where threats may arise.

Desirable experience

  • Experience with BMC platforms or ecosystems such as OpenBMC.
  • Experience with Linux security technologies such as SELinux, AppArmor, and capabilities.
  • Experience with firmware analysis, fuzzing, or other security testing approaches.
  • Familiarity with container security in embedded or management environments.
  • Familiarity with hardware roots of trust such as TPM or DICE.
  • Familiarity with networking and network security concepts, especially in management or data-center settings.

Working style and support

Arm uses a hybrid working approach designed to support both strong performance and personal wellbeing. The company values in-person collaboration while also recognizing the importance of flexibility. Teams are given room to define the hybrid pattern that best fits their work, and the exact arrangement for this role will be shared during the application process. In some locations, flexibility may be limited by legal, regulatory, tax, or other local considerations, and Arm will work with candidates to find the best practical solution.

If you need adjustments or accommodations during recruitment, Arm invites you to contact its accommodations team by email. Examples of support can include extra time between interviews, having documents read aloud, or help with office accessibility. Any accommodation request will be handled confidentially and used only as needed to arrange the support.

Pay and other details

The advertised salary range for this position is £126,200 to £170,800 per year. The role is based in Cambridge, United Kingdom, and is part of Arm’s Product Security category.

Visa and relocation support

Relocation support is available for this position, and that package includes visa sponsorship assistance for candidates who require it.

About Arm

Arm describes itself as an equal opportunity employer committed to respectful treatment, mutual respect, and fair access for applicants and employees. The company says it does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.


Degree Requirement: Not Specified

Visa Sponsorship Promising

To apply for this job please visit careers.arm.com.

admin
the authoradmin