System Security Architect

Cambridge
8 months ago
Applications closed

Related Jobs

View all jobs

Enterprise Security Architect

Information Security Consultant

Cloud Solutions Architect (Azure)

Senior Offensive Security Engineers

Smart Systems & Cyber Security Technician

Smart Systems & Cyber Security Technician

Job Description:

We are seeking a seasoned System Security Architect with a strong background in hardware and low-level firmware security to join our Product Security team. In this design review-focused role, you’ll use your deep expertise—not to build from scratch, but to analyze, evaluate, and harden security architectures spanning from silicon to firmware layers.

You'll collaborate with multi-functional teams to evaluate critical features like Root of Trust, secure boot flows, key management, and trusted firmware execution, ensuring every layer of the stack meets or exceeds industry security standards. If you thrive at the intersection of architecture, system software, and silicon—and love diving into the details of firmware and hardware security mechanisms—this is the role for you.

Responsibilities:

System Security Assessment (Hardware + Firmware):

Lead architecture-level security assessments and risk analyses across SoC and low-level firmware components.

Conduct in-depth threat modeling of boot flows, firmware, memory protection mechanisms, and secure execution environments.

Detailed attack-modelling and review security features across firmware interfaces.

Firmware Security Review:

Evaluate firmware-level implementation of security critical features.

Collaborate with firmware and SoC teams to ensure secure firmware architecture, including the handling of secrets, keys, and hardware-backed security features.

Technical Leadership & Collaboration:

Guide engineering teams in applying standard methodologies in security during architecture, design, and verification phases.

Communicate security design decisions clearly to technical and non-technical stakeholders.

Required Skills and Experience :

A track record securing system architectures at the intersection of hardware and firmware.

Deep experience in areas such as secure boot, key provisioning, firmware mitigations, and hardware-enforced isolation.

Understanding of threat models including firmware exploitation, privilege-escalation, code injection, and side-channel attacks.

Solid grasp of Arm TrustZone, secure world monitor designs, memory and IO protection mechanisms, and SoC-level isolation techniques.

Experience identifying low-level security flaws and recommending hardware or firmware-level fixes.

Ability to lead technical discussions across architecture, firmware, software, and validation teams.

“Nice To Have” Skills and Experience :

Familiarity with RTL design, UVM/SystemVerilog, or hardware verification flows.

Experience with trusted execution environments (TEEs) and secure monitor implementation.

Understanding of secure firmware update mechanisms (rollback protection, anti-cloning).

Prior work with TPMs, Secure Elements, or other hardware security modules.

Contributions to security standards or academic research in system security, firmware security, embedded cryptography, side channel attacks.

In Return:

Arm is committed to global talent acquisition, offering an attractive relocation package. With offices worldwide, Arm is a diverse organization of dedicated, creative, and hardworking engineers. By enabling a dynamic, inclusive, meritocratic, and open workplace where everyone can grow and succeed, we encourage our people to share their outstanding contributions to Arm's success in the global marketplace.

 

 

#LI-PD1

 

Accommodations at Arm

At Arm, we want our people to Do Great Things. If you need support or an accommodation to Be Your Brilliant Self during the recruitment process, please email . To note, by sending us the requested information, you consent to its use by Arm to arrange for appropriate accommodations. All accommodation requests will be treated with confidentiality, and information concerning these requests will only be disclosed as necessary to provide the accommodation. Although this is not an exhaustive list, examples of support include breaks between interviews, having documents read aloud or office accessibility. Please email us about anything we can do to accommodate you during the recruitment process.

Hybrid Working at Arm

Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. We believe in bringing people together face to face to enable us to work at pace, whilst recognizing the value of flexibility. Within that framework, we empower groups/teams to determine their own hybrid working patterns, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you.

Equal Opportunities at Arm

Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

Jobs Careers

Cyber Security Jobs for Career Switchers in Their 30s, 40s & 50s (UK Reality Check)

If you’re thinking about switching into cyber security in your 30s, 40s or 50s, you’re in good company. Across the UK, organisations of all sizes are hiring people from diverse backgrounds to protect systems, data & customers. But with hype around “hackers” & quick-win courses, it’s hard to separate reality from fiction. This guide gives you a UK reality check: which roles genuinely exist, what employers actually want, how training really works, what to expect on salary & progression & whether age matters. Whether you come from finance, project management, operations, law, HR or customer service, there is a credible route into cyber security if you approach it strategically.

Jobs

How to Write a Cyber Security Job Ad That Attracts the Right People

Cyber security is now a board-level priority for organisations across the UK. From financial services and healthcare to critical infrastructure, SaaS platforms and the public sector, demand for skilled cyber security professionals continues to grow. Yet despite this demand, many employers struggle to attract the right candidates. Cyber security job adverts often generate large volumes of applications, but few are a genuine match. Meanwhile, experienced security engineers, analysts and architects quietly ignore adverts that feel vague, unrealistic or disconnected from real security work. In most cases, the problem is not a lack of talent — it is the quality of the job advert. Cyber security professionals are trained to assess risk, spot weaknesses and question assumptions. A poorly written job ad signals organisational immaturity and weak security culture. A well-written one signals seriousness, competence and trust. This guide explains how to write a cyber security job ad that attracts the right people, improves applicant quality and positions your organisation as a credible security employer.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.