Job Description
We are looking for a Senior Firmware Security Engineer to design, implement, and harden security features for the on-board firmware of our class satellite and robots platform. The target firmware is written in C/C++ and runs on ARM-based micro-controllers / SoCs under either a real-time operating system (FreeRTOS, Zephyr, RTEMS) or an embedded Linux stack. While the platform is a spaceborne system, its firmware-security concerns closely resemble those of a high-assurance embedded device: immutable root of trust, secure update, tamper resistance, and fault-tolerant cryptography. You will work closely with flight-software, hardware, and mission-operations teams to ensure that every firmware image flown on-orbit is trustworthy throughout its full life-cycle.
What You'll D
o1. Secure Firmware Architectur
-
eDefine and implement the end-to-end firmware security architecture for the satellite/robots OBC/ADCS/payload controllers, including Secure Boot chain, Root-of-Trust, Trusted Execution Environment (Arm TrustZone / OP-TEE), secure key storage, and anti-rollback mechanisms
-
.Collaborate with hardware engineers to leverage ARM SoC security IP (TrustZone, cryptographic accelerators, OTP/eFuse, PUF where available)
.2. Secure Boot & Trusted Updat
-
eImplement a multi-stage verified boot flow (BL1 → BL2 → kernel/RTOS → app), with image signing, authenticated configuration, and rollback protection using monotonic counters
-
.Design and implement secure OTA / uplink firmware update pipelines resilient to interrupted uplinks, partial images, and radiation-induced bit flips; provide A/B or golden-image fallback
.3. Cryptography on Constrained Target
-
sIntegrate and tune lightweight cryptographic libraries (mbedTLS, wolfSSL, tinycrypt) for ARM Cortex-M / Cortex-A class targets with tight RAM/flash budgets
-
.Manage symmetric/asymmetric key lifecycles (AES-GCM, ECDSA/Ed25519, SHA-2/3, HKDF); evaluate post-quantum migration options for long-lived missions
.4. Threat Modeling & Secure Design Review
-
sLead threat modeling (STRIDE / attack-tree) for the on-board compute, bus interfaces (I²C, SPI, UART, CAN, SpaceWire), and debug surfaces (JTAG/SWD)
-
.Produce and maintain a Security Engineering Process (SEP) covering requirements, reviews, verification, and incident response for flight firmware
.5. System Hardenin
-
gHarden RTOS/Linux configurations: MPU/MMU-backed isolation, stack canaries, ASLR (where feasible), safe memory allocators, SELinux/AppArmor on Linux-based payloads
-
.Disable/lock debug ports, secure fuses, and define tamper-response behavior
.
What We're Looking
-
ForBachelor's or Master's degree in Computer Science, Electrical / Electronic Engineering, Cryptography, or a related technical fie
-
ld.5+ years of hands-on embedded / firmware development in C and C++, with at least 2 years focused on embedded securi
-
ty.Strong working knowledge of ARM architecture (Cortex-M and/or Cortex-A), including boot flow, memory map, exception model, MPU/MMU, and TrustZone concep
-
ts.Practical experience with at least one RTOS (FreeRTOS, Zephyr, RTEMS, VxWorks) and/or embedded Linux (Yocto/Buildroot, kernel configuration, BS
-
P).Demonstrated experience implementing secure boot, signed firmware update/OTA, secure key storage, and secure inter-component communicati
-
on.Solid grasp of applied cryptography: symmetric/asymmetric algorithms, key management, authenticated encryption, hashing, entropy sourc
-
es.Proficiency with low-level debug tools (JTAG/SWD, logic analyzers, oscilloscopes, serial consoles) and static/dynamic analysis tooli
ng.
Nice to
-
HavePrior flight-software or satellite / CubeSat experience (OBC, ADCS, EPS, or payload firmwa
-
re).Familiarity with space-domain standards: CCSDS (TC/TM/AOS), SDLS, ECSS-E-ST-40 / ECSS-Q ST-80, NASA NPR 715
-
0.2.Experience with radiation-tolerant design practices: EDAC/ECC memory, SEU/SEL mitigation, watchdog strategies, software-level
-
TMR.Secure development on space-grade or automotive-grade toolchains; MISRA-C/C++ awaren
-
ess.Security certifications: CISSP, OSCP, CEH, SANS GIAC (GPEN, GXPN, GR
-
ID).Experience with ground-segment integration, flat-sat test benches, and HIL simulat
ion.