Anthropic is building safe and beneficial AI systems and is establishing a founding team to develop OpenBMC-based firmware for its server fleet. The Platform Security Engineer will lead firmware design, build, and hardening efforts, ensuring high security standards across x86 and ARM platforms while collaborating with hardware and firmware teams.
Platform Security Engineer, OpenBMC at Anthropic
Hybrid - San Francisco, CA, USA
More jobs at AnthropicSalary
USD 405,000 - 405,000
Requirements
Skills
- Strong technical cross-functional leadership skills, direction setting
- Hands‑on OpenBMC/BMC firmware experience on x86 and/or Arm, from bring‑up through production with hands‑on D‑Bus/sdbusplus
- Strong C/C++ and Python, deep Linux user-space/kernel fundamentals, and Yocto/OpenEmbedded proficiency
- A security mindset applied to firmware, not bolted on afterward
- Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP
- Working knowledge of out-of-band and in-band management, the relevant DMTF specs, and the device interfaces they run over
- Strong debugging and a track record of shipping reliable, well-tested code
- Clear communication across internal teams and external vendors
- Ability to work effectively across hardware and software boundaries
- Knowledge of NIST firmware security guidelines and hardware security frameworks, specifically SP 800-193 and 800-147/155
Responsibilities
- Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm (including GPU) platforms, from bring‑up through production, using Yocto/OpenEmbedded
- Build the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS: sensors, telemetry, inventory, logging, RAS
- Implement BMC‑to‑BIOS/host communications, eSPI/LPC, thermal/fan/power management (PMBus)
- Work the hardware/firmware boundary: I2C/I3C, SPI, PCIe, SMBus, device trees, U‑Boot, Linux
- Own the BMC security posture: secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, attack‑surface reduction
- Lead threat modeling and secure design reviews; run coordinated vulnerability disclosure with vendors and the upstream community
- Build verification tooling: static analysis, fuzzing, firmware extraction, CI gating
Technologies
OpenBMCYocto/OpenEmbeddedDMTF/OCP standardsMCTPPLDMSPDMRedfishRDEIPMI/KCSBMC‑to‑BIOS/host communicationseSPI/LPCthermal/fan/power management (PMBus)I2C/I3CSPIPCIeSMBusdevice treesU‑BootLinuxC/C++Pythonstatic analysisfuzzingfirmware extractionCI gatingRustZig
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.