Staff Embedded Software Security Engineer
Enphase Energy is looking for an experienced Sr. Embedded Software Security Engineer. This position is a collaborative role between our CTO and Embedded Software Engineering teams focusing on the security and resiliency of Enphase's energy management systems. The ideal candidate has experience building hardened embedded Linux and RTOS platforms and an excellent understanding of vulnerability management, penetration testing, cryptography, network protocols, secure network design, cyber-attack vectors and mitigation methods. This role will require knowledge of automated build infrastructure for entire platforms that include stability, reliability and regression test suites. A great senior engineer has a strong technical background and excellent hands on development skills.
Architect, design and implement embedded software instrumentation to enable DevOps and SecOps to monitor, detect, and remediate intrusions
Balance limited system resources to provide service guarantees for critical infrastructure code
Architect, design, implement, support, and evaluate security-focused tools and/or services
Build secure Linux and RTOS based embedded operating system platforms
Secure the product with cryptography from the factory floor to hardware verified installation
Monitor sources such as Common Vulnerabilities and Exposures (CVE) database to identify security issues, assess their implications, set priorities and develop mitigation solutions
Define and operationalize long term security maintenance practices such as patch management for our products presumed long field lifetime
Participate in security certification, generating technical documentation, presenting to internal and external customers
Develop precise, testable, embedded platform security software requirements which tightly couple to market and architectural requirements and use cases
Must have a BSc/BEng or equivalent experience in Computer Security, Computer Science, Software Engineering,
Electrical/Electronic Engineering or other related fields.
Must have a minimum of 8 years development experience in an embedded security role
Good understanding of embedded systems architectures (such as ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, embedded network protocols and programming languages (such as SSL, C/C++, Python).
Work experience with platform boot security measures including TPM2.0 and Secure Boot.
Knowledge of methods for cryptographically signing and validating software builds
Good understanding of one or more of the following: reverse engineering, Invasive/semi-invasive attacks, fault injection, hardware Malware, Physically Unclonable Functions (PUFs), physical layer identification/device fingerprinting, tamper resistance.
Advantage but not required
Understanding of one or more of the following is desired: OTP, PKI, SPI/I2C Bus Analyzers, JTAG probing.
Good understanding of one or more security tools (such as IDA Pro, Kali embedded systems tools, Metaspolit and so forth).
Security certifications such as CISSP, CEH, CSSLP.