Firmware Security Systems Architect

Jabil•Austin, TX

About The Position

At Jabil (NYSE: JBL), we are proud to be a trusted partner for the world's top brands, offering comprehensive engineering, supply chain, and manufacturing solutions. With 60 years of experience across industries and a vast network of over 100 sites worldwide, Jabil combines global reach with local expertise to deliver both scalable and customized solutions. Our commitment extends beyond business success as we strive to build sustainable processes that minimize environmental impact and foster vibrant and diverse communities around the globe. Firmware Security System Architects at Jabil establish and drive the security strategy for firmware across Jabil's Cloud, Compute, and Networking product lines. This role combines forward-looking security architecture with the operational establishment of compliance processes, ensuring Jabil designs meet evolving regulatory requirements in North America, the EU, and emerging markets. As a Firmware Security System Architect, you will be expected to Demonstrate a level of expertise in security that matches or exceeds the expertise of customers Define and champion firmware security architecture standards across Jabil’s product portfolio Access current and emerging regulatory and compliance requirements translating them into actionable engineering processes Evaluate security posture of designs during product development and drive remediation Serve as internal authority on firmware security and security processes Monitor the technical direction of designs during product development Mentor others in the organization to build team members design capability

Requirements

Capability to research emerging regulations and translate compliance requirements into falsifiable engineering requirements and test criteria is required
Working knowledge of the EU CRA and its implications for product security, including vulnerability handling and reporting obligations is required
Familiarity with Intel, AMD, Nvidia, or ARM CPU/GPU security features (ex. Intel PFR, AMD PSP, ARM TrustZone) is required
Understanding of supply chain security concerns for firmware is required: signed updates, provenance tracking, SBOM
High-level understanding of source control, CI/CD pipelines, and how to integrate security gates (SAST, secrets scanning, and signing) into automated workflows is required
Extensive experience with Linux is required
Experience with vulnerability management processes, CVE handling, and coordinated disclosure is required
Proven experience in addressing and remediating security issues within sustaining firmware programs, ensuring continued compliance and risk mitigation across deployed systems is required
Fluent in reading block diagrams and familiarity with system design preferred
Bachelor's Degree in Computer Engineering, Computer Science, or Electrical Engineering required
15+ years’ experience in firmware design and engineering

Nice To Haves

Familiarity with Aspeed BMC products is preferred. Specifically, an understanding of the security capabilities of the processor
High-level familiarity and understanding of BMC code architecture is preferred
Knowledge of OpenBMC is strongly preferred.
Knowledge of AMI (American Megatrends) MegaRAC is beneficial
Extensive experience with industry standards for IPMI, Redfish, MCTP, PLDM, SMBUS, i2c, i3c, SPI, is preferred
Deep expertise with Secure Boot, SPDM, Platform Root of Trust, DICE, and NIST SP 800-193 standards as well as cryptographic algorithms and protocols (PKI, Certificates, AES, HMAC, ECC) is strongly preferred.
Working knowledge of industry-standard security and code analysis tools, including Coverity, Black Duck, and Eclypsium, is considered a strong advantage
Fluency in server management (provisioning, deployment, management, service) is preferred
Relevant certifications (CISSP, CSSLP, or equivalent) are a plus but not required

Responsibilities

Advise customers, product planning, and business development on security architecture tradeoffs including cost, schedule, and compliance impact
Establish and maintain Jabil’s firmware security compliance roadmap, covering: North America: NIST SP 800-193 (PFR), NIST CSF, FIPS 140-3, and relevant Executive Orders on cybersecurity EU: Cyber Resilience Act, RED delegated acts, and ETSI EN 303 645 Leverage, strategy and risk planning
Define and operationalize security processes across the firmware development lifecycle, including: Secure development lifecycle (SDLC) practices, tools, and gates Vulnerability disclosure and incident response procedures Supply chain security and firmware signing workflows Security audit and assessment cadences
Evaluate and improve security tooling (static analysis, fuzzing, binary analysis, vulnerability scanning) for firmware teams
Collaborate with fellow system architects in the electrical, thermal, BIOS, Validation, RAS, and OS domains
Communicate security requirements and architectural decisions to Jabil development teams through documentation, training, and design reviews
Lead and contribute to firmware design reviews and technical committees to proactively identify, assess, and mitigate security vulnerabilities during the architecture and design phases
Stay current on vendor technology capabilities in spaces such as CPUs (PFR, PSP, TrustZone), GPUs, Storage, Memory, FPGAs, MCUs, etc…
Stay current on threat landscape, vulnerability disclosures, and evolving standards from organizations such as NIST, DMTF (SPDM/PLDM Security), TCG (DICE, TPM), OCP Security, and MITRE
Represent Jabil in industry security working groups and standards bodies as needed
Deep dive into new open-ended areas by leveraging previous engineering experiences.
Contribute to the improvement of our architecture methods and processes.
Train, mentor, and coach new engineers