Embedded Systems Security Engineer

DeWinter BH ·www.dewintergroup.com

Location Foster City, CA, United States
Salary USD 85 - 90 / hour
Type Full time
Level Mid
Source Shazamme
Accepting Candidates
Apply direct

Join Our Team as an Embedded Systems Security Engineer!

Are you passionate about pioneering security solutions for cutting-edge embedded Linux platforms? We are seeking an innovative and experienced Embedded Systems Security Engineer to lead the design and implementation of robust security architectures for next-generation devices. In this pivotal role, you'll bridge the gap between hardware security, kernel hardening, and secure user-space application containment, ensuring our products are resilient, scalable, and secure from the ground up. If you're ready to make a tangible impact on device security at scale, we want to hear from you.

What You Will Do:

  • Design and implement Hardware Root of Trust and Secure Boot architectures from the bootloader to the Linux kernel.
  • Develop cryptographically verified read-only filesystems using dm-verity and implement data encryption at rest.
  • Build and maintain Trusted Execution Environments (TEEs) like OP-TEE, and develop secure applications.
  • Enforce strict user-space isolation using SELinux, AppArmor, cgroups, namespaces, and seccomp filters.
  • Automate cryptographic signing pipelines within CI/CD workflows, utilizing HSMs or secure key vaults.
  • Collaborate with manufacturing to develop secure device provisioning scripts and validation tools.
  • Architect multi-slot boot recovery systems to enhance system resilience against OTA failures and corruption.

Required Skills:

  • Bachelor’s degree in Computer Science, Electrical Engineering, or related field (or equivalent experience).
  • 6+ years of experience in Embedded Linux development, board bring-up, and BSP customization.
  • 3+ years deploying device-level security features into production hardware.
  • Expertise with bootloader configurations (U-Boot, Barebox) and Linux kernel security subsystems (dm-crypt, dm-verity).
  • Deep understanding of ARM TrustZone architecture (ARMv7-A / ARMv8-A).
  • Proven experience with SELinux/AppArmor policies and Linux containment tools (cgroups, namespaces).
  • Proficiency with embedded build systems like Yocto Project or Buildroot.
  • Strong programming skills in C, with scripting expertise in Python or Bash.

Nice to Have Skills:

  • Solid foundation in cryptography, including symmetric/asymmetric algorithms, SHA-256/384, and PKI.
  • Experience working with Contract Manufacturers or factory lines on secure key injection and fuse-burning protocols.
  • Knowledge of embedded container runtimes (LXC, crun) and lightweight sandboxing frameworks.
  • Experience designing anti-rollback protection mechanisms for OTA updates.

Preferred Education and Experience:

  • Bachelor’s degree in a relevant technical discipline.
  • 6+ years of hands-on experience in embedded Linux security and development environments.
  • Prior experience with manufacturing scale deployments and security protocols.

Other Requirements:

  • This is an onsite role based in Foster City, CA. Must be willing to work 5 days in the office.
  • No relocation is provided; local candidates preferred.
  • Ability to work collaboratively with manufacturing and engineering teams.
  • Must be legally authorized to work in the United States.

DeWinter Group and Maris Consulting are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. We post pay scales which are based on our client pay ranges. DeWinter, Maris, and our clients have the right to modify the requirements of the role which can impact the pay ranges posted.

Frequently asked questions

Who is hiring for the Embedded Systems Security Engineer role?
DeWinter BH is hiring for the Embedded Systems Security Engineer position, a Shazamme client. Apply directly on the employer's career site.
Where is the Embedded Systems Security Engineer job located?
The Embedded Systems Security Engineer role with DeWinter BH is based in Foster City, CA, US.
What does the Embedded Systems Security Engineer role pay?
DeWinter BH lists the Embedded Systems Security Engineer role at USD 85–90 per hour.
Is the Embedded Systems Security Engineer role full-time or contract?
This is a full time position at DeWinter BH.
What experience level is the Embedded Systems Security Engineer role?
The Embedded Systems Security Engineer position is aimed at mid-level candidates.
How do I apply for the Embedded Systems Security Engineer role at DeWinter BH?
Apply directly on DeWinter BH's career page via the Apply button on this listing. ZammeJobs links straight through to the employer's ATS — no third-party form, no resume database.
Apply direct