Arm logo

Principal Engineer - SoC Offensive Security

Arm
Full-time
Remote friendly (Austin, Texas, United States)
Worldwide
$241,100 - $326,100 USD yearly
Level - Senior

Role Summary

The Security Research and Response team at Arm seeks a skilled SoC Security Principal Engineer to carry out comprehensive offensive security evaluations. This role involves identifying vulnerabilities in Arm’s next-generation hardware solutions through detailed analysis and engagement with cross-functional teams.

Experience Level

We are looking for a candidate with substantial experience in security research and evaluation, particularly within silicon architecture and implementation. This position demands a proven track record of working on complex security issues and a proactive approach to problem-solving.

Responsibilities

  • Conduct adversarial security analysis on SoC and chiplet architectures during both pre and post-silicon phases.
  • Engage at critical points in the development process to assess specifications and implementations for security vulnerabilities.
  • Facilitate design reviews, workshops, and hackathons aimed at generating innovative threat scenarios.
  • Demonstrate effects of identified vulnerabilities through Proof-of-Concepts (PoCs).
  • Explore multi-layered attack strategies that extend beyond standard threat models.
  • Collaborate with internal teams to enhance adversarial analysis efforts.
  • Guide improvements in future threat modeling and security architecture strategies.
  • Develop methodologies for systematic offensive security practices across various programs.

Requirements

  • In-depth knowledge of computer architecture, particularly relating to security challenges in SoC design.
  • Experience in adversarial security research, including creating exploits and attending Capture The Flag (CTF) challenges.
  • Familiarity with security aspects of RTL (Verilog/SystemVerilog) or pre-silicon verification.
  • Hands-on experience with firmware security evaluation.
  • Understanding of security specifications like Caliptra and DICE.
  • Strong problem-solving skills and creativity in security methodology.
  • Excellent communication skills for articulating risks and recommendations to design teams.
  • Ability to manage complex investigations across multiple projects simultaneously.

Education Requirements

A degree in computer engineering, computer science, or a related field is preferred. Advanced degrees or relevant certifications (like CISSP, CEH, etc.) would be advantageous.