Platform Security Engineering - OpenBMC

Anthropic•Seattle, WA

11d•Hybrid

About The Position

Anthropic is establishing a foundational team to manage the OpenBMC-based firmware across its server infrastructure. This role involves developing production firmware and manageability features, from initial board bring-up to full production, while simultaneously enhancing the firmware's security against advanced threats. Security is a critical aspect of all deliverables, requiring adherence to high security standards and close collaboration with firmware security and hardware engineers on secure boot, signing, and attestation processes.

Requirements

8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security).
Strong technical cross-functional leadership skills and direction-setting ability.
Hands-on OpenBMC/BMC firmware experience on x86 and/or Arm, from bring-up through production with hands-on D-Bus/sdbusplus.
Strong C/C++ and Python skills.
Deep Linux user-space/kernel fundamentals.
Proficiency in Yocto/OpenEmbedded.
A security mindset applied to firmware, not as an afterthought.
Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP.
Working knowledge of out-of-band and in-band management, relevant DMTF specs, and the device interfaces they run over.
Strong debugging skills and a track record of shipping reliable, well-tested code.
Clear communication skills across internal teams and external vendors.
Ability to work effectively across hardware and software boundaries.
Knowledge of NIST firmware security guidelines and hardware security frameworks, specifically SP 800-193 and 800-147/155.

Nice To Haves

Hardware roots of trust and attestation: Caliptra, OCP S.A.F.E., TPM/HRoT, SPDM.
Memory-safe systems code in Rust or Zig.
Firmware vulnerability research, reverse-engineering, or fuzzing.
Previous work with AI/ML infrastructure security.

Responsibilities

Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm (including GPU) platforms, from bring-up through production, using Yocto/OpenEmbedded.
Build the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS, including sensors, telemetry, inventory, logging, and RAS.
Implement BMC-to-BIOS/host communications, eSPI/LPC, and thermal/fan/power management (PMBus).
Work at the hardware/firmware boundary, including I2C/I3C, SPI, PCIe, SMBus, device trees, U-Boot, and Linux.
Own the BMC security posture, encompassing secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, and attack-surface reduction.
Lead threat modeling and secure design reviews, and manage coordinated vulnerability disclosure with vendors and the upstream community.
Build verification tooling, including static analysis, fuzzing, firmware extraction, and CI gating.