We are working on software, firmware and hardware to evolve the RISC-V ecosystem and build secure-by-design RISC-V based systems.
The security team has the charter to define external and internal interfaces for secure provisioning and trusted computing base (TCB) updates of our SOC and platforms. As part of our work on foundational security and to enable Trusted Execution Environments for RISC-V based platforms, we are building the security infrastructure services necessary to support secure device provisioning and lifecycle management for the SOC-Integrated Root of Trust (RoT), and manage the trusted elements of the platform.
Positions are open for full-time roles at multiple levels in this area, including, for a technical lead capable of designing the overall set of services and developing and deploying the first prototypes, as well as developers and operators who have experience in this area. The team is expected to grow over time to increase development and operational capacity in a scalable manner.
We are big proponents of open source software and open hardware and contribute back improvements to all the great projects we use.
Responsibilities
- Design, develop, and deploy security infrastructure services for key management, manufacturing provisioning, certificate authority, and code signing
- Design and develop APIs, protocols and services for enumeration, configuration and management of platform assets
- Develop policies and procedures associated with key generation/management
- Interface with manufacturing partners to install, troubleshoot and debug security provisioning aspects.
- Interface and lead SW teams to build the components required for hosting the services along with any SDKs required for partners.
- Day-to-day operations of security infrastructure services
Requirements
- Full stack developer with fault-tolerant systems experience and security background
- Hardware security module (HSM) appliance integration and coding for code signing services, secure payload decryption, certificate signing, device ID generation, etc.
- Experience with integrating remote systems with automatic test equipment (ATE)
- Operational experience in deploying and maintaining an HSM, code-signing, access control management, web services deployment, software upgrades, CI/CD flows
- Understanding of security flows, key generation, secure key delivery, access control tokens, key cards, n of m quorums, and other secure processes
- Understanding of crypto primitives such as keys, signatures, certificates, etc.
- VPN, SSL, secure connection experience (programming and configuration)
- Proficiency programming in C/C++/Java or equivalent UI capable language and/or programming in Python or equivalent scripting language
- Experience with software deployment via containers (K8s) a plus
- Experience with RISC-V, OpenTitan, or Caliptra a plus
Education and Experience
- PhD, Master’s Degree or Bachelor’s Degree in technical subject area.