Description
About the Role :
The Secure Bootloader Engineer will be responsible for the end-to-end design, implementation, and validation of secure bootloaders that enable trusted firmware execution and authenticated over-the-air (OTA) updates. The role demands deep expertise in embedded systems, cryptographic protocols, and secure firmware development within safety-critical or high-reliability environments such as automotive, IoT, or industrial control systems.
Key Responsibilities
Bootloader Architecture & Development :
-
Design and develop secure bootloader architectures supporting multi-core microcontrollers and SoCs.
-
Implement secure boot mechanisms, ensuring trusted device initialization and firmware integrity verification.
-
Manage memory layout and partitioning for bootloader and application coexistence, including flash and RAM mapping.
-
Develop and maintain firmware update mechanisms, including secure flashing and rollback protection.
Security & Cryptography
-
Integrate cryptographic algorithms (RSA, ECC, AES, SHA) for firmware authentication and encryption.
-
Implement PKI-based secure firmware signing and verification workflows.
-
Collaborate with hardware teams to integrate Hardware Security Modules (HSMs) for key management and secure key storage.
-
Develop secure communication channels during firmware download and OTA updates.
-
Conduct security threat modeling and ensure bootloader compliance with cybersecurity standards (ISO 21434, NIST, etc.).
Testing, Validation & Debugging
-
Perform low-level debugging and root-cause analysis for startup and boot-time issues.
-
Execute and automate secure bootloader test cases, including UDS-based (Unified Diagnostic Services) validation.
-
Develop and execute diagnostic services (DIDs) for secure bootloader functionalities.
-
Collaborate with QA teams for regression, stress, and fault-injection testing.
-
Support system-level validation of secure OTA updates and firmware lifecycle management.
Compliance, Quality & Configuration Management
-
Ensure compliance with MISRA C/C++ coding standards and follow secure coding practices.
-
Conduct code reviews, perform errata analysis, and maintain detailed technical documentation.
-
Manage version control and configuration using SVN/Git.
-
Maintain traceability of requirements and design artifacts using IBM DOORS or equivalent ALM tools.
-
Participate in certification and audit readiness activities related to firmware security.
Technical Skills & Requirements
Core Expertise :
-
Proficiency in embedded C/C++ programming for low-level system software.
-
Hands-on experience with secure bootloader design on ARM Cortex-M/R/A, Infineon Tricore, NXP, or Renesas platforms.
-
Strong understanding of embedded hardware interfaces (UART, SPI, I2C, CAN, Ethernet).
-
Experience with cryptographic libraries (mbedTLS, WolfSSL, OpenSSL).
-
Knowledge of real-time operating systems (RTOS) such as FreeRTOS, QNX, or AUTOSAR OS.
Security & Standards
-
Understanding of firmware signing, certificate chains, and public key infrastructures.
-
Experience with security certifications (ISO 26262, ISO 21434, FIPS, or Common Criteria) preferred.
-
Familiarity with OTA update frameworks and secure firmware distribution pipelines.
Tools & Environment
-
Proficiency in debugging using JTAG/SWD and tools like Lauterbach, Trace32, or Segger J-Link.
-
Experience with version control (Git/SVN), build systems (CMake/Make), and CI/CD pipelines.
-
Working knowledge of requirement management and traceability tools (IBM DOORS, Polarion, or Jama).
-
Familiarity with static code analysis and code quality tools (Polyspace, PC-lint, Coverity).
Preferred Qualifications
-
Bachelors or Masters degree in Computer Science or a related field.
-
Prior experience in automotive ECUs, IoT security firmware, or industrial embedded platforms.
-
Exposure to coexistence management (WLAN, BLE) and their integration in secure boot contexts.
-
Experience in secure firmware lifecycle management, key provisioning, and trusted platform modules (TPMs).
(ref:hirist.tech)