Firmware Security System Architects at Jabil establish and drive the security strategy for firmware across Jabil's Cloud, Compute, and Networking product lines. This role combines forward-looking security architecture with the operational establishment of compliance processes, ensuring Jabil designs meet evolving regulatory requirements in North America, the EU, and emerging markets.

As a Firmware Security System Architect, you will be expected to

• Demonstrate a level of expertise in security that matches or exceeds the expertise of customers
• Define and champion firmware security architecture standards across Jabil’s product portfolio
• Access current and emerging regulatory and compliance requirements translating them into actionable engineering processes
• Evaluate security posture of designs during product development and drive remediation
• Serve as internal authority on firmware security and security processes
• Monitor the technical direction of designs during product development
• Mentor others in the organization to build team members design capability

IN YOUR ROLE YOU WILL

• Advise customers, product planning, and business development on security architecture tradeoffs including cost, schedule, and compliance impact
• Establish and maintain Jabil’s firmware security compliance roadmap, covering:
  • North America: NIST SP 800-193 (PFR), NIST CSF, FIPS 140-3, and relevant Executive Orders on cybersecurity
  • EU: Cyber Resilience Act, RED delegated acts, and ETSI EN 303 645
  • Leverage, strategy and risk planning
• Define and operationalize security processes across the firmware development lifecycle, including:
  • Secure development lifecycle (SDLC) practices, tools, and gates
  • Vulnerability disclosure and incident response procedures
  • Supply chain security and firmware signing workflows
  • Security audit and assessment cadences
• Evaluate and improve security tooling (static analysis, fuzzing, binary analysis, vulnerability scanning) for firmware teams
• Collaborate with fellow system architects in the electrical, thermal, BIOS, Validation, RAS, and OS domains
• Communicate security requirements and architectural decisions to Jabil development teams through documentation, training, and design reviews
• Lead and contribute to firmware design reviews and technical committees to proactively identify, assess, and mitigate security vulnerabilities during the architecture and design phases

• Stay current on vendor technology capabilities in spaces such as CPUs (PFR, PSP, TrustZone), GPUs, Storage, Memory, FPGAs, MCUs, etc…
• Stay current on threat landscape, vulnerability disclosures, and evolving standards from organizations such as NIST, DMTF (SPDM/PLDM Security), TCG (DICE, TPM), OCP Security, and MITRE
• Represent Jabil in industry security working groups and standards bodies as needed
• Deep dive into new open-ended areas by leveraging previous engineering experiences.
• Contribute to the improvement of our architecture methods and processes.
• Train, mentor, and coach new engineers

JOB QUALIFICATIONS & KNOWLEDGE REQUIREMENTS

TECHNICAL KNOWLEDGE & SKILLS

• Capability to research emerging regulations and translate compliance requirements into falsifiable engineering requirements and test criteria is required
• Working knowledge of the EU CRA and its implications for product security, including vulnerability handling and reporting obligations is required
• Familiarity with Intel, AMD, Nvidia, or ARM CPU/GPU security features (ex. Intel PFR, AMD PSP, ARM TrustZone) is required
• Understanding of supply chain security concerns for firmware is required: signed updates, provenance tracking, SBOM
• Familiarity with Aspeed BMC products is preferred. Specifically, an understanding of the security capabilities of the processor
• High-level familiarity and understanding of BMC code architecture is preferred Knowledge of OpenBMC is strongly preferred.
• Knowledge of AMI (American Megatrends) MegaRAC is beneficial
• High-level understanding of source control, CI/CD pipelines, and how to integrate security gates (SAST, secrets scanning, and signing) into automated workflows is required
• Experience working with industry standards for IPMI, Redfish, MCTP, PLDM, SMBUS, i2c, i3c, SPI, is preferred
• Extensive experience with Linux is required
• Deep expertise  with Secure Boot, SPDM, Platform Root of Trust, DICE, and NIST SP 800-193 standards as well as cryptographic algorithms and protocols (PKI, Certificates, AES, HMAC, ECC) is strongly preferred.
• Experience with vulnerability management processes, CVE handling, and coordinated disclosure is required
• Proven experience in addressing and remediating security issues within sustaining firmware programs, ensuring continued compliance and risk mitigation across deployed systems is required
• Working knowledge of industry-standard security and code analysis tools, including Coverity, Black Duck, and Eclypsium, is considered a strong advantage
• Fluent in reading block diagrams and familiarity with system design preferred
• Fluency in server management (provisioning, deployment, management, service) is preferred

NON-TECHNICAL KNOWLEDGE & SKILLS

• Influence engineering teams and leadership to prioritize security investments with clear risk articulation
• Effectively communicate with excellent understanding of English.
• Work as part of a global team
• Assess a project and articulate risk in terms of business impact, regulatory exposure, and remediation effort
• Mentor less experienced engineers in secure development practices and build a security-aware culture

Lead cross-functional security initiatives involving firmware, hardware, and validation teams Develop and maintain relationships with customers’ security teams to align on requirements 

EDUCATION & EXPERIENCE REQUIREMENTS

• Bachelor's Degree in Computer Engineering, Computer Science, or Electrical Engineering required
• 15+ years’ experience in firmware design and engineering
• Relevant certifications (CISSP, CSSLP, or equivalent) are a plus but not required