System Security Architect

We are seeking a seasoned System Security Architect with a strong background in hardware and low-level firmware security to join our Product Security team. In this design review-focused role, you’ll use your deep expertise—not to build from scratch, but to analyze, evaluate, and harden security architectures spanning from silicon to firmware layers.

You'll collaborate with multi-functional teams to evaluate critical features like Root of Trust, secure boot flows, key management, and trusted firmware execution, ensuring every layer of the stack meets or exceeds industry security standards. If you thrive at the intersection of architecture, system software, and silicon—and love diving into the details of firmware and hardware security mechanisms—this is the role for you.

System Security Assessment (Hardware + Firmware):

• Lead architecture-level security assessments and risk analyses across SoC and low-level firmware components.
• Conduct in-depth threat modeling of boot flows, firmware, memory protection mechanisms, and secure execution environments.
• Detailed attack-modelling and review security features across firmware interfaces.

Firmware Security Review:

• Evaluate firmware-level implementation of security critical features.
• Collaborate with firmware and SoC teams to ensure secure firmware architecture, including the handling of secrets, keys, and hardware-backed security features.

Technical Leadership & Collaboration:

• Guide engineering teams in applying standard methodologies in security during architecture, design, and verification phases.
• Communicate security design decisions clearly to technical and non-technical stakeholders.

• A track record securing system architectures at the intersection of hardware and firmware.
• Deep experience in areas such as secure boot, key provisioning, firmware mitigations, and hardware-enforced isolation.
• Understanding of threat models including firmware exploitation, privilege-escalation, code injection, and side-channel attacks.
• Solid grasp of Arm TrustZone, secure world monitor designs, memory and IO protection mechanisms, and SoC-level isolation techniques.
• Experience identifying low-level security flaws and recommending hardware or firmware-level fixes.
• Ability to lead technical discussions across architecture, firmware, software, and validation teams.

• Familiarity with RTL design, UVM/SystemVerilog, or hardware verification flows.
• Experience with trusted execution environments (TEEs) and secure monitor implementation.
• Understanding of secure firmware update mechanisms (rollback protection, anti-cloning).
• Prior work with TPMs, Secure Elements, or other hardware security modules.
• Contributions to security standards or academic research in system security, firmware security, embedded cryptography, side channel attacks.

Arm is committed to global talent acquisition, offering an attractive relocation package. With offices worldwide, Arm is a diverse organization of dedicated, creative, and hardworking engineers. By enabling a dynamic, inclusive, meritocratic, and open workplace where everyone can grow and succeed, we encourage our people to share their outstanding contributions to Arm's success in the global marketplace.