Firmware Security System Architects at Jabil establish and drive the security strategy for firmware across Jabil's Cloud, Compute, and Networking product lines. This role combines forward-looking security architecture with the operational establishment of compliance processes, ensuring Jabil designs meet evolving regulatory requirements in North America, the EU, and emerging markets.

As a Firmware Security System Architect, you will be expected to

• Demonstrate a level of expertise in security that matches or exceeds the expertise of customers
• Define and champion firmware security architecture standards across Jabil’s product portfolio
• Access current and emerging regulatory and compliance requirements translating them into actionable engineering processes
• Evaluate security posture of designs during product development and drive remediation
• Serve as internal authority on firmware security and security processes
• Monitor the technical direction of designs during product development
• Mentor others in the organization to build team members design capability

IN YOUR ROLE YOU WILL

• Advise customers, product planning, and business development on security architecture tradeoffs including cost, schedule, and compliance impact
• Establish and maintain Jabil’s firmware security compliance roadmap, covering:
  • North America: NIST SP 800-193 (PFR), NIST CSF, FIPS 140-3, and relevant Executive Orders on cybersecurity
  • EU: Cyber Resilience Act, RED delegated acts, and ETSI EN 303 645
  • Leverage, strategy and risk planning
• Define and operationalize security processes across the firmware development lifecycle, including:
  • Secure development lifecycle (SDLC) practices, tools, and gates
  • Vulnerability disclosure and incident response procedures
  • Supply chain security and firmware signing workflows
  • Security audit and assessment cadences
• Evaluate and improve security tooling (static analysis, fuzzing, binary analysis, vulnerability scanning) for firmware teams
• Collaborate with fellow system architects in the electrical, thermal, BIOS, Validation, RAS, and OS domains
• Communicate security requirements and architectural decisions to Jabil development teams through documentation, training, and design reviews
• Lead and contribute to firmware design reviews and technical committees to proactively identify, assess, and mitigate security vulnerabilities during the architecture and design phases

• Stay current on vendor technology capabilities in spaces such as CPUs (PFR, PSP, TrustZone), GPUs, Storage, Memory, FPGAs, MCUs, etc…
• Stay current on threat landscape, vulnerability disclosures, and evolving standards from organizations such as NIST, DMTF (SPDM/PLDM Security), TCG (DICE, TPM), OCP Security, and MITRE
• Represent Jabil in industry security working groups and standards bodies as needed
• Deep dive into new open-ended areas by leveraging previous engineering experiences.
• Contribute to the improvement of our architecture methods and processes.
• Train, mentor, and coach new engineers

JOB QUALIFICATIONS & KNOWLEDGE REQUIREMENTS

TECHNICAL KNOWLEDGE & SKILLS

• Capability to research emerging regulations and translate compliance requirements into falsifiable engineering requirements and test criteria is required
• Working knowledge of the EU CRA and its implications for product security, including vulnerability handling and reporting obligations is required
• Familiarity with Intel, AMD, Nvidia, or ARM CPU/GPU security features (ex. Intel PFR, AMD PSP, ARM TrustZone) is required
• Understanding of supply chain security concerns for firmware is required: signed updates, provenance tracking, SBOM
• Familiarity with Aspeed BMC products is preferred. Specifically, an understanding of the security capabilities of the processor
• High-level familiarity and understanding of BMC code architecture is preferred Knowledge of OpenBMC is strongly preferred.
• Knowledge of AMI (American Megatrends) MegaRAC is beneficial
• High-level understanding of source control, CI/CD pipelines, and how to integrate security gates (SAST, secrets scanning, and signing) into automated workflows is required
• Experience working with industry standards for IPMI, Redfish, MCTP, PLDM, SMBUS, i2c, i3c, SPI, is preferred
• Extensive experience with Linux is required
• Deep expertise  with Secure Boot, SPDM, Platform Root of Trust, DICE, and NIST SP 800-193 standards as well as cryptographic algorithms and protocols (PKI, Certificates, AES, HMAC, ECC) is strongly preferred.
• Experience with vulnerability management processes, CVE handling, and coordinated disclosure is required
• Proven experience in addressing and remediating security issues within sustaining firmware programs, ensuring continued compliance and risk mitigation across deployed systems is required
• Working knowledge of industry-standard security and code analysis tools, including Coverity, Black Duck, and Eclypsium, is considered a strong advantage
• Fluent in reading block diagrams and familiarity with system design preferred
• Fluency in server management (provisioning, deployment, management, service) is preferred

NON-TECHNICAL KNOWLEDGE & SKILLS

• Influence engineering teams and leadership to prioritize security investments with clear risk articulation
• Effectively communicate with excellent understanding of English.
• Work as part of a global team
• Assess a project and articulate risk in terms of business impact, regulatory exposure, and remediation effort
• Mentor less experienced engineers in secure development practices and build a security-aware culture

Lead cross-functional security initiatives involving firmware, hardware, and validation teams Develop and maintain relationships with customers’ security teams to align on requirements 

EDUCATION & EXPERIENCE REQUIREMENTS

• Bachelor's Degree in Computer Engineering, Computer Science, or Electrical Engineering required
• 15+ years’ experience in firmware design and engineering
• Relevant certifications (CISSP, CSSLP, or equivalent) are a plus but not required

BE AWARE OF FRAUD: When applying for a job at Jabil you will be contacted via correspondence through our official job portal with a jabil.com e-mail address; direct phone call from a member of the Jabil team; or direct e-mail with a jabil.com e-mail address. Jabil does not request payments for interviews or at any other point during the hiring process. Jabil will not ask for your personal identifying information such as a social security number, birth certificate, financial institution, driver’s license number or passport information over the phone or via e-mail. If you believe you are a victim of identity theft, contact the Federal Bureau of Investigations internet crime hotline (www.ic3.gov), the Federal Trade Commission identity theft hotline (www.identitytheft.gov) and/or your local police department. Any scam job listings should be reported to whatever website it was posted in.

Jabil, including its subsidiaries, is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, national origin, sex, age, disability, genetic information, veteran status, or any other characteristic protected by law.

Accommodation Statement

If you are a qualified individual with a disability, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Jabil.com/Careers site as a result of your disability. You can request a reasonable accommodation by sending an e-mail to Always_Accessible@Jabil.com or calling 727-803-7988 with the nature of your request and contact information. Please do not direct any other general employment related questions to this e-mail or phone number. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to.