Job Description
Position:
Senior IoT Product Security Engineer: Cyber Security
Job Title: IoT Product Security Engineer
An Embedded Product Security Engineer is responsible for supporting the Product Security team with strong hands-on experience in Embedded Linux Development and practical security implementation knowledge across secure boot, firmware updates, Linux hardening, cryptography, vulnerability remediation, and embedded networking security.
This role involves working closely with Firmware, Linux distribution, BSP, platform, and product engineering teams to design, implement, review, and validate security controls in embedded Linux-based products. It requires a solid understanding of how embedded products are built and secured at the implementation level, beyond performing security testing.
Key Responsibilities:
- Work with engineering teams to design, review, and implement security controls for Embedded Linux-based products.
- Support secure implementation of Linux kernel, device drivers, BSP, bootloader, root filesystem, and firmware components.
- Review and harden product builds created using BusyBox, Buildroot, Yocto Project, U-Boot, and related embedded Linux frameworks.
- Implement or guide secure configuration of Embedded Linux systems, including services, permissions, users, firewall rules, network interfaces, logging, and access controls.
- Support secure boot implementation, including boot chain validation, image signing, firmware integrity checks, key handling, and rollback protection.
- Review and guide implementation of secure firmware update mechanisms, including signed updates, encrypted packages, version control, rollback prevention, and recovery flows.
- Perform threat modeling for embedded products and translate identified risks
into practical security requirements and implementation controls. - Conduct embedded device penetration testing across firmware, network services, system configurations, and exposed interfaces.
- Perform firmware image analysis using tools such as Binwalk and Ghidra to identify insecure implementation patterns, hardcoded secrets, weak cryptography, exposed debug functions, and vulnerable binaries.
- Conduct CVE analysis for Linux kernel, open-source packages, bootloaders, third-party components, and firmware dependencies.
- Work with development teams to analyze vulnerabilities, validate exploitability, define fixes, and verify remediation at code, configuration, and build level.
- Review cryptographic implementation, including key generation, storage, certificate handling, encryption, hashing, signing, and secure communication flows.
- Apply TPM and HSM concepts for secure key storage, device identity, attestation, secure boot, and firmware protection.
- Assess and secure embedded networking components, including TCP/IP, SSH, TLS/SSL, firewall configuration, exposed ports, remote access, and service hardening.
- Perform security testing and validation using tools such as Nmap, Wireshark, Metasploit, OpenVAS, Nessus, OpenSCAP, and Lynis.
- Provide actionable security recommendations and implementation guidance to firmware, BSP, platform, and product engineering teams.
- Support secure development practices for embedded products across design, development, testing, release, and maintenance phases.
Required Skills:
- Strong hands-on experience with Embedded Linux development and security implementation.
- Good understanding of Linux kernel architecture, device drivers, BSP development, BusyBox, Buildroot, Yocto Project, U-Boot, and root filesystem creation.
- Ability to review and guide secure implementation of embedded Linux components, system configurations, boot process, and firmware update flows.
- Experience with secure boot, firmware signing, secure firmware updates, image integrity validation, rollback protection, and key management.
- Hands-on experience in embedded device penetration testing and firmware security assessment.
- Strong understanding of Linux hardening, service hardening, access control, file permissions, logging, firewall rules, and secure configuration.
- Experience with CVE analysis, vulnerability assessment, patch validation, and remediation verification for embedded products.
- Strong knowledge of TCP/IP, SSH, TLS/SSL, firewall configuration, and embedded networking security.
- Working knowledge of cryptography fundamentals, certificates, encryption, hashing, signing, secure key storage, TPM, and HSM concepts.
- Hands-on experience with tools such as OpenSCAP, Lynis, Nmap, Wireshark, Binwalk, Ghidra, Metasploit, OpenVAS, and Nessus.
- Ability to work directly with engineering teams and convert security findings into practical implementation-level fixes.
Good to Have:
- Experience in IoT, industrial, networking, or other embedded product environments.
- Experience working with Yocto or Buildroot security hardening, package selection, secure build configuration, and root filesystem minimization.
- Knowledge of SBOM, software composition analysis, and open-source vulnerability management.
- Exposure to hardware security testing, UART, JTAG, SPI, I2C, flash memory analysis, or debug interface security.
- Familiarity with embedded security standards such as IEC 62443, ETSI EN 303 645, NIST, or OWASP IoT.
Experience:
- 4 to 8 years of experience in Embedded Linux, firmware security, product security, embedded systems security, BSP development, or related areas.
- Candidates with a background in embedded implementation and strong security experience will be preferred.
Location:
IN-GJ-Ahmedabad, India-Ognaj (eInfochips)
Time Type:
Full time
Job Category:
Engineering Services