Senior Embedded Security Engineer (Cybersecurity)

About the role

We are looking for a Senior Embedded Security Engineer to lead the design and implementation of secure boot, trusted execution environments and runtime isolation for automotive and industrial platforms. The role combines deep embedded‑Linux expertise with strong cryptographic and hardware‑security knowledge.

Key responsibilities

• Design and implement Secure Boot, Chain of Trust and Measured Boot solutions.
• Define and maintain Root of Trust (RoT) and Platform RoT.
• Develop and integrate Trusted Execution Environment (TEE) and work with Secure Partition Manager (SPM) and secure OS components.
• Support Automotive PKI, V2X security, and Secure Credential Management System (SCMS).
• Implement key management, provisioning and secure key injection processes.
• Design runtime isolation using hypervisors (Xen, Jailhouse, ACRN) and VM separation.
• Implement application sandboxing, containerization and maintain SELinux/SEAndroid policies.
• Deploy Integrity Measurement Architecture (IMA) and ensure process/thread isolation with MPU, MMU and SMMU.

Required profile

• Degree in Computer Science, Electrical Engineering, Embedded Electronics or related field.
• 3+ years of experience in embedded systems, Embedded Linux and low‑level software development.
• Strong background in embedded cybersecurity, cryptography (PKI, TLS, key management) and hardware‑based security mechanisms.
• Hands‑on experience with ARM architecture and TrustZone.
• Proficiency with hypervisor and virtualization concepts.
• Familiarity with Linux security frameworks such as SELinux, IMA and netfilter.

Required skills

• Embedded Linux
• C / C++ programming
• Bootloader development
• Secure Boot, Chain of Trust, Measured Boot
• Root of Trust (RoT) management
• Trusted Execution Environment (TEE)
• Secure Partition Manager (SPM)
• Automotive PKI, V2X security, SCMS
• Key management and secure key injection
• Hypervisors (Xen, Jailhouse, ACRN)
• VM isolation and virtualization security
• Application sandboxing and containerization
• SELinux / SEAndroid policy development
• Integrity Measurement Architecture (IMA)
• MPU, MMU, SMMU memory protection
• ARM TrustZone
• Cryptography fundamentals (PKI, TLS)