Description

You own the security hardening and vulnerability lifecycle for embedded Linux systems.

Responsibilities

• Identify, analyze, and triage CVEs impacting the Linux kernel, ramdisk packages, U-Boot, and embedded software stack using NVD and security bulletins.
• Apply kernel patches, backport fixes from upstream LTS kernels, or implement mitigation workarounds across U-Boot, kernel modules, and user-space packages.
• Configure, customize, and maintain the Buildroot environment to compile U-Boot, kernel, and root filesystem images, minimizing attack surface.
• Implement and validate secure boot mechanisms on Zynq platforms and harden the OS, kernel configuration, and boot chain integrity.
• Maintain detailed documentation of vulnerabilities, root cause analysis, and patch validation results for stakeholders.

Required Skills

• 5+ years of professional experience in Embedded Linux development with a security focus.
• Strong hands-on experience with Linux kernel patching, including CVE remediation and patch backporting.
• Deep knowledge of Buildroot build systems, package configuration, and toolchain management.
• Expertise in U-Boot bootloader configuration, customization, and secure boot implementation.
• Proficiency in Embedded Linux development for ARM platforms, specifically Xilinx Zynq or similar SoCs.
• Proficiency in C for kernel module development, low-level debugging, and userspace-kernel interaction.
• Proven experience in CVE analysis, triage, and remediation prioritization using tools like NVD.
• Solid understanding of cross-compilation toolchains (gcc-arm, Buildroot toolchain).
• Familiarity with Git and GitHub workflows for patch management.

Preferred Skills

• Hands-on experience with Xilinx PetaLinux or Vitis tools on Zynq-7000 or Zynq UltraScale+ platforms.
• Experience with Yocto Project as an alternative embedded Linux build system.

Key Skills

Education

Bachelor's or Master's degrees