Security Firmware & Compliance Engineer

Role Overview

We are seeking a highly skilled Security Firmware & Compliance Engineer to bridge the gap between low-level hardware security and global certification standards. You will be responsible for developing secure drivers and firmware, while leading the end-to-end certification process (such as TPM, FIPS, and CC) for our next-generation security ICs. This role requires a blend of technical firmware expertise and a deep understanding of international security frameworks.

Key Responsibilities

• Security Development: Design and implement OS drivers and firmware in accordance with industry-standard specifications (e.g., TPM 2.0).

• Certification Leadership: Spearhead the compliance verification process for IC products, ensuring alignment with Common Criteria (CC), NIST FIPS 140-3, and TPM standards.

• Compliance Testing: Organize and execute comprehensive compliance testing. Coordinate with external accredited laboratories and certification bodies to analyze test data and drive corrective actions.

• Documentation Management: Author and maintain critical regulatory artifacts, including certification application packages, detailed test reports, and technical security target (ST) documents.

• Regulatory Intelligence: Represent the company in industry associations and regulatory bodies. Evaluate emerging security standards and propose strategic roadmaps to ensure product readiness.

• Cross-functional Support: Act as a subject matter expert (SME) during the New Product Introduction (NPI) phase, providing hardware security requirements and technical guidance to R&D teams.

Requirements

• Education: Bachelor’s or Master’s degree in Cryptography, Computer Science, Information Security, or a related engineering field.

• Firmware Expertise: Proven experience in Firmware and OS Driver development (C/C++).

• Security Knowledge: In-depth understanding of cryptographic primitives and protocols (e.g., RSA, ECC, TLS, PQC).

• Hardware Security: Familiarity with the architecture, security requirements, and validation methodologies for Secure Elements (SE) and Hardware Security Modules (HSM).

• Soft Skills: Strong analytical problem-solving skills with the ability to communicate complex technical compliance requirements to diverse stakeholders.

Preferred Qualifications

• Compliance Track Record: Direct experience in the certification lifecycle of Secure IC products and a mastery of compliance documentation management.

• Experience with ISO 26262 (Functional Safety) is highly desirable.

• Industry Tools: Proficiency with security evaluation tools and side-channel analysis methodologies.