Linux Security Developer

Job Title: Linux Security Developer

Key Responsibilities:

• Develop, integrate, and maintain

  security features

  across the Linux kernel, user space, and system services.
• Implement

  Linux Security Modules (LSM)

  such as

  SELinux

  ,

  AppArmor

  , or

  Smack

  , and define appropriate security policies.
• Work on secure boot mechanisms including

  UEFI Secure Boot

  ,

  Measured Boot

  , and

  TPM-based attestation

  .
• Implement

  kernel hardening

  measures (e.g., KASLR, stack canaries, lockdown mode, seccomp filters).
• Support filesystem-level security mechanisms such as

  dm-crypt

  ,

  LUKS

  , and

  fscrypt

  for data-at-rest protection.
• Integrate and validate

  secure key storage

  ,

  TPM 2.0

  , and

  hardware-backed encryption

  APIs.
• Contribute to

  vulnerability triage

  ,

  CVEs

  , and proactive mitigation strategies in both kernel and user-space components.
• Perform

  security audits

  , threat modeling, and implement mitigations for discovered flaws or theoretical attack surfaces.
• Implement

  secure IPC mechanisms

  ,

  sandboxing

  (e.g., with namespaces, cgroups, or seccomp), and

  user-space confinement

  .
• Support and validate

  secure OTA (Over-The-Air) update

  infrastructure with rollback protection and cryptographic signature validation.
• Collaborate with platform, firmware, application, and QA teams to ensure comprehensive security coverage across the system.

Expertise:

• 8+ years of experience in

  Linux security development

  , preferably in embedded, consumer electronics, or enterprise systems.
• In-depth knowledge of

  Linux kernel internals

  , especially around process management, memory isolation, and syscall interfaces.
• Strong programming skills in

  C

  ,

  shell scripting

  , and optionally

  Python

  or

  Rust

  .
• Experience with:

• Security frameworks

  : LSMs, Audit subsystem

• Cryptography

  : OpenSSL, GnuPG, keyring, PKCS#11, dm-verity

• Trusted Platform Modules (TPM)

  and

  UEFI/BIOS security features

• Sandboxing & container security

  : Namespaces, seccomp, cgroups, capabilities
• Proficiency in tools like:
• auditd, AppArmor utilities, selinux-utils
• strace, lsof, chkrootkit, tripwire, clamAV
• Understanding of

  CVE management

  ,

  secure coding practices

  ,

  code fuzzing

  , and

  static analysis

  tools.
• Familiarity with

  security standards

  like

  NIST

  ,

  CIS benchmarks

  , or

  ISO 27001

  is a plus.
• Hands-on experience with

  Yocto

  ,

  Debian

  , or

  Ubuntu

  security features.