Job Description

We are looking for a Platform Security Architect to help shape the security architecture of next-generation data center platforms. This role focuses on how security is integrated into systems above the silicon, spanning firmware, boot chains, management planes, and platform lifecycle controls.

You will collaborate closely with hardware and firmware teams to help ensure the platform has a coherent and resilient security architecture from board to rack scale. The role requires strong experience in firmware security architecture, applied cryptography, and system-level threat modelling.

Responsibilities

• Platform Security Architecture: Design the security architecture for board and rack platforms, including: Extension of root of trust beyond the SoC, Secure and measured boot chains, Firmware signing and verification architecture, Device identity and provisioning models, Debug and lifecycle security mechanisms.
• Platform Threat Modeling: Create and maintain the end-to-end platform threat model covering: Firmware and boot chains, Management plane components (BMC, controllers) Rack-level attack paths.
• Cryptographic Foundations: Design and help evolve the cryptographic foundations of the platform, including: Firmware signing hierarchy, Key ownership and trust anchors, Certificate and device identity models, Key rotation and revocation strategies.
• Firmware Security Requirements: Work closely with firmware teams to define and assess security mechanisms for BIOS, BMC, and device firmware.

Required Skills and Experience

• Experience designing firmware or platform security architectures
• Deep understanding of secure boot chains and firmware trust models
• Experience designing firmware signing systems and key hierarchies
• Experience designing secure firmware update mechanisms for platform firmware such as BIOS, BMC, or device firmware, including rollback protection and recovery flows
• Experience with security architectures for platform management firmware (e.g., BMC or similar controllers)
• Experience designing platform trust architectures using hardware roots of trust (e.g., TPM, DICE, secure elements)
• Solid understanding of applied cryptography in systems (signing, certificates, key hierarchies)
• Working knowledge of Linux security fundamentals

Nice To Have Skills and Experience

• Experience with BMC platforms or ecosystems such as OpenBMC
• Experience working with PCIe or other device firmware ecosystems
• Familiarity with secure manufacturing and provisioning flows, including device identity injection or key provisioning
• Experience reviewing or designing firmware security testing or validation strategies

Please note that a relocation package (including visa sponsorship support) is available for this role, for candidates who require it.

Relocation & Accommodations

• Accommodations at Arm: If you need an adjustment or an accommodation during the recruitment process, please email accommodations@arm.com. All accommodation requests will be treated with confidentiality and disclosed only as necessary to provide the accommodation.
• Hybrid Working at Arm: Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. Details of what this means for each role will be shared upon application.
• Equal Opportunities at Arm: Arm is an equal opportunity employer and does not discriminate on various bases. We are a diverse organization of dedicated and innovative individuals.