The Secure Bootloader Engineer will be responsible for the end-to-end design, implementation, and validation of secure bootloaders that enable trusted firmware execution and authenticated over-the-air (OTA) updates. The role demands deep expertise in embedded systems, cryptographic protocols, and secure firmware development within safety-critical or high-reliability environments such as automotive, IoT, or industrial control systems.

Key Responsibilities :

Bootloader Architecture & Development :

- Design and develop secure bootloader architectures supporting multi-core microcontrollers and SoCs.

- Implement secure boot mechanisms, ensuring trusted device initialization and firmware integrity verification.

- Manage memory layout and partitioning for bootloader and application coexistence, including flash and RAM mapping.

- Develop and maintain firmware update mechanisms, including secure flashing and rollback protection.

Security & Cryptography :

- Integrate cryptographic algorithms (RSA, ECC, AES, SHA) for firmware authentication and encryption.

- Implement PKI-based secure firmware signing and verification workflows.

- Collaborate with hardware teams to integrate Hardware Security Modules (HSMs) for key management and secure key storage.

- Develop secure communication channels during firmware download and OTA updates.

- Conduct security threat modeling and ensure bootloader compliance with cybersecurity standards (ISO 21434, NIST, etc.).

Testing, Validation & Debugging :

- Perform low-level debugging and root-cause analysis for startup and boot-time issues.

- Execute and automate secure bootloader test cases, including UDS-based (Unified Diagnostic Services) validation.

- Develop and execute diagnostic services (DIDs) for secure bootloader functionalities.

- Collaborate with QA teams for regression, stress, and fault-injection testing.

- Support system-level validation of secure OTA updates and firmware lifecycle management.

Compliance, Quality & Configuration Management :

- Ensure compliance with MISRA C/C++ coding standards and follow secure coding practices.

- Conduct code reviews, perform errata analysis, and maintain detailed technical documentation.

- Manage version control and configuration using SVN/Git.

- Maintain traceability of requirements and design artifacts using IBM DOORS or equivalent ALM tools.

- Participate in certification and audit readiness activities related to firmware security.

Technical Skills & Requirements :

Core Expertise :

- Proficiency in embedded C/C++ programming for low-level system software.

- Hands-on experience with secure bootloader design on ARM Cortex-M/R/A, Infineon Tricore, NXP, or Renesas platforms.

- Strong understanding of embedded hardware interfaces (UART, SPI, I2C, CAN, Ethernet).

- Experience with cryptographic libraries (mbedTLS, WolfSSL, OpenSSL).

- Knowledge of real-time operating systems (RTOS) such as FreeRTOS, QNX, or AUTOSAR OS.

Security & Standards :

- Understanding of firmware signing, certificate chains, and public key infrastructures.

- Experience with security certifications (ISO 26262, ISO 21434, FIPS, or Common Criteria) preferred.

- Familiarity with OTA update frameworks and secure firmware distribution pipelines.

Tools & Environment :

- Proficiency in debugging using JTAG/SWD and tools like Lauterbach, Trace32, or Segger J-Link.

- Experience with version control (Git/SVN), build systems (CMake/Make), and CI/CD pipelines.

- Working knowledge of requirement management and traceability tools (IBM DOORS, Polarion, or Jama).

- Familiarity with static code analysis and code quality tools (Polyspace, PC-lint, Coverity).

Preferred Qualifications :

- Bachelors or Masters degree in Computer Science or a related field.

- Prior experience in automotive ECUs, IoT security firmware, or industrial embedded platforms.

- Exposure to coexistence management (WLAN, BLE) and their integration in secure boot contexts.

- Experience in secure firmware lifecycle management, key provisioning, and trusted platform modules (TPMs).