About the Role:
We are seeking a highly skilled DevSecOps Engineer with experience in embedded hardware systems. The ideal candidate will play a pivotal role in integrating security practices into the development and operations of embedded hardware systems, ensuring the design, implementation, and deployment processes follow the best practices in terms of security, performance, and reliability.
As a DevSecOps Engineer, you will work closely with software, hardware, and security teams to automate security controls, continuously assess vulnerabilities, and create a seamless environment for embedded system development.
Key Responsibilities:
Security & Compliance
• Strong knowledge of security best practices in hardware and embedded systems.
• Experience with firmware security, secure boot, and TPM (Trusted Platform Module).
• Proficiency in threat modelling and risk assessment for hardware-based environments.
• Understanding of Zero Trust Architecture (ZTA) and network segmentation for IoT and embedded systems.
• Experience with secure coding practices for low-level programming (C/C++, Rust).
• Knowledge of security frameworks such as NIST, ISO 27001, CIS Benchmarks, and OWASP Firmware Security.
• Experience with HSM (Hardware Security Modules), cryptographic libraries (OpenSSL, BoringSSL), and secure key management.
2. Infrastructure & Automation
• Strong experience with Infrastructure as Code (IaC) tools like Terraform, Ansible, and CloudFormation.
• Hands-on experience with CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, ArgoCD) for firmware and embedded software releases.
• Knowledge of automated security testing tools (e.g., SAST, DAST, fuzzing tools for firmware).
• Experience with container security (Docker security, Kubernetes security best practices).
• Proficiency in log management & SIEM (Splunk, ELK Stack, Graylog).
3. Hardware & Embedded Systems Security
• Understanding of hardware attack vectors (e.g., side-channel attacks, JTAG debugging vulnerabilities, bootloader exploits).
• Experience with reverse engineering hardware and firmware analysis using tools like Ghidra, IDA Pro, or Radare2.
• Knowledge of secure firmware development (e.g., Yocto, Buildroot, UEFI security).
• Familiarity with embedded OS security (e.g., Linux, RTOS, QNX, FreeRTOS).
• Hands-on experience with chipset security (ARM TrustZone, Intel SGX, AMD SEV).
4. Networking & Cloud Security
• Strong understanding of network protocols (TCP/IP, MQTT, CoAP) and their security implications for embedded devices.
• Experience with VPNs, TLS, and IPSec for securing hardware communications.
• Knowledge of cloud security for IoT platforms (AWS IoT, Azure IoT Hub, Google IoT Core).
• Familiarity with IoT security frameworks (e.g., ETSI EN 303 645, IoT Security Foundation).
5. Monitoring, Incident Response & Forensics
• Experience with SIEM tools for real-time threat detection in hardware environments.
• Knowledge of endpoint detection and response (EDR) solutions for embedded devices.
• Familiarity with memory forensics and firmware anomaly detection.
• Experience conducting post-mortem security analysis after breaches in IoT/hardware products.
6. Programming & Scripting
• Proficiency in scripting for automation and security hardening (Python, Bash, PowerShell).
• Strong knowledge of C/C++ and Rust for firmware security audits and patching vulnerabilities.
• Experience with kernel debugging tools (GDB, LLDB) and debugging secure boot issues.
7. Compliance & Regulatory Knowledge
• Familiarity with hardware security standards (e.g., FIPS 140-2/140-3, Common Criteria, TCG standards).
• Experience with GDPR, HIPAA, and CCPA compliance for data security in embedded systems.
Understanding of safety-critical certifications (e.g., ISO 26262 for automotive, IEC 62443 for industrial IoT).