Apple seeks Junior UEFI Security Engineer



S3EuroCom seeks firmware security PhD students

Engineer position(s) in firmware analysis
We are looking for a research and software development engineer with experience and interest in software development (python, C…) applied to embedded device firmware analysis. In particular, the project will involve working with Avatar2 and/or Angr. The work will take place at EURECOM and will involve some external collaboration. The candidate is expected to have experience in software development and experience, interest in, or willingness to learn, embedded devices analysis, firmware analysis, reverse engineering. This position is flexible, it may be suitable for a Post doc as well as for a freshly graduated master student. If the collaboration is successful, the position may also be changed to a PhD after one year.




Resolvit seeks CHIPSEC-savvy Pentester

It is still rare enough to see “CHIPSEC” in a job posting, that I still point them out.

Given job posting is a pentest role, this is also a ‘leading indicator’ that pentesters are starting to attack your firmware. 🙂

Penetration Tester – Product
Join Resolvit as a Penetration Tester and be part of a creative, forward-thinking team. Our success at deploying skilled, highly knowledgeable experts has landed us on the Inc. 5000 list of America’s fastest-growing companies four times – and we’re just getting started. As the Penetration Tester, you will configure security test targets such as servers, storage, and networking environments; perform product security assessments; create assessment reports; and work with global product teams to review assessment results.[…]
Experience with multiple of these security assessment tools: AppAudit, Arachni, Burp Suite Pro, CHIPSEC, nmap, Nessus, Protecode SC, and Metasploit



Amazon Hardware Security team seeks senior TPM

The AWS Hardware Infrastructure Security Team is looking for an experienced, Senior Security Program Manager to help ensure the global infrastructure supporting AWS is designed and implemented to the highest possible security standards.
* Minimum of 6 years of experience with two or more of the following categories:
— Data center internals (leaf/spine networking, power/cooling, NTP, DHCP, DNS, IPMI/iLO)
— Hardware security technologies (TPM, TrustZone, Secure Boot, UEFI, HSM, ROM, etc)
* Intermediate knowledge of crypto security (e.g. certificate handling, attestation, TPM/HSM)
* Intermediate knowledge of Windows, Linux, and hypervisor security (especially in cloud)
* Intermediate knowledge of common security protocols (e.g. RDP, TLS, SNMP, SSH, IPMI)



Apple seeks UEFI firmware engineer

Mac Firmware Engineer

The Mac Platform Software team is looking for a firmware engineer to join a new Austin-based team responsible for developing Apple’s UEFI implementation and related technologies for the Mac product line. Mac Platform Software is responsible for bringing up macOS and Windows on all new Mac products, including the development and integration of firmware and systems software for macOS and Windows, the development of platform-level features for the Mac, and the leadership of cross-functional debug and optimization efforts across hardware and software teams. A Mac Firmware Engineer is responsible for the development of Apple’s UEFI implementation and its related technologies. UEFI provides the boot firmware for all Mac systems and plays a critical role in system stability, performance, and battery life. This role also contributes to development of the boot loader and firmware update mechanisms, as well as other related technologies. Primary job responsibilities include firmware feature development supporting new Mac software and hardware features, supporting ongoing efforts to improve the quality of shipped Macs in the field, and assisting the larger Mac Platform organization in cross-functional efforts to design and build new Mac products.
* Experience in firmware/BIOS development
* Experience with boot loaders and firmware/kernel interfaces
* Knowledge of UEFI and the x86 platform and standards, including ACPI, SMM, PnP, PCIe, and JEDEC DDR a plus
* Strong understanding of system power management a plus



Qualcomm seeks bootloader engineer

Embedded Software Engineer – Bootloaders
Qualcomm processors provide integrated solutions for millions of diverse mobile and new emerging platforms across IoT, Automotive and Compute markets. It all starts with the Boot Firmware the first mission critical code to execute on our SoC(System on chip) and prepare the system for operation. We design and develop the software we put in mask boot ROM, along with system boot-loaders. Features we work on include image authentication, multicore setup, the UEFI pre-boot environment, configuration of next-generation DDR memories, ARM CPU and custom Qualcomm DSP/microprocessors, MMU/Cache memory management and advanced driver development for multiple boot/storage devices including eMMC, UFS, NAND, SPI-NOR, QSPI and flashless boot transport interfaces such as PCIe, SDIO, USB. Embedded Bootloader design & development involves architecting solutions to address different use cases and feature requirements in the early bootloader environment before the handoff to the High Level Operating System kernel. Engineer is expected to work with different Qualcomm build infrastructure tools and ARM compiler tool chains to enable different drivers and services for Bootloaders, optimizing them both for boot time, internal memory size constraints and power metrics.
* Design, development and integration of custom and/or open source Bootloaders for QCT mobile platforms.
* ThreadX, Linux, Android, Windows Boot process knowhow
* UEFI (Unified Extensible Firmware Interface) based bootloader and device driver model experience
* coreboot, uboot based bootloader experiences




Intel seeks senior security researcher

[Hmm, I don’t understand Intel org chart, but I’ve never heard of the Advanced Security Research Team, sounds like it is under Security Center of Excellence, which is under Platform Engineering Group (PEG)? Not to be confused with Intel Advanced Threat Research, which went off with the MkAfee split.]

“The Platform Engineering Group (PEG) is responsible for the design, development, and production of system-on-a-chip (SoC) products that go into Intel’s next generation client and mobile platforms. […] Intel Security Center of Excellence’s […] we would like you to join us as a proud member of Intel’s Advanced Security Research Team. Through your deep vulnerability analysis and mitigation development expertise, you will influence the security of a variety of Hardware, Firmware, Software & Systems spanning a range of products including Devices, Cloud, Auto, IOT, AI, VR, Drones, and Networks. Responsibilities include the following: Own emerging threat analysis, gain insights & know-how of evolving attack techniques, predict and extrapolate attack trends ahead of its occurrence, develop robust counter measures and mitigation.[…]

* 5+ years of experience in the field of system security research and excel in exploring software and hardware techniques as a method of attack against targets within the computing systems.
* Experience with spanning security expertise over HW, SW and Firmware domains.
* Knowledge of computer architecture CPU, SoC, chipsets, BIOS, Firmware, Drivers, and others

* Strong network in security community CISSP and/or other security certifications