Job Title: Linux Security Developer Key Responsibilities: Develop, integrate, and maintain security features across the Linux kernel, user space, and system services. Implement Linux Security Modules (LSM) such as SELinux , AppArmor , or Smack , and define appropriate security policies. Work on secure boot mechanisms including UEFI Secure Boot , Measured Boot , and TPM-based attestation . Implement kernel hardening measures (e.g., KASLR, stack canaries, lockdown mode, seccomp filters). Support filesystem-level security mechanisms such as dm-crypt , LUKS , and fscrypt for data-at-rest protection. Integrate and validate secure key storage , TPM 2.0 , and hardware-backed encryption APIs. Contribute to vulnerability triage , CVEs , and proactive mitigation strategies in both kernel and user-space components. Perform security audits , threat modeling, and implement mitigations for discovered flaws or theoretical attack surfaces. Implement secure IPC mechanisms , sandboxing (e.g., with namespaces, cgroups, or seccomp), and user-space confinement . Support and validate secure OTA (Over-The-Air) update infrastructure with rollback protection and cryptographic signature validation. Collaborate with platform, firmware, application, and QA teams to ensure comprehensive security coverage across the system. Expertise: 8+ years of experience in Linux security development , preferably in embedded, consumer electronics, or enterprise systems. In-depth knowledge of Linux kernel internals , especially around process management, memory isolation, and syscall interfaces. Strong programming skills in C , shell scripting , and optionally Python or Rust . Experience with: Security frameworks : LSMs, Audit subsystem Cryptography : OpenSSL, GnuPG, keyring, PKCS#11, dm-verity Trusted Platform Modules (TPM) and UEFI/BIOS security features Sandboxing & container security : Namespaces, seccomp, cgroups, capabilities Proficiency in tools like: auditd, AppArmor utilities, selinux-utils strace, lsof, chkrootkit, tripwire, clamAV Understanding of CVE management , secure coding practices , code fuzzing , and static analysis tools. Familiarity with security standards like NIST , CIS benchmarks , or ISO 27001 is a plus. Hands-on experience with Yocto , Debian , or Ubuntu security features.
