Embedded Linux Security Engineer (Kernel/Bootloader / Ramdisk)

Title: Embedded Linux Security Engineer (Kernel/Bootloader / Ramdisk)

Location: Atlanta, GA

Position type: C2C

Job Title

Embedded Linux Security Developersss (Kernel / Bootloader / Ramdisk)

Experience

8 Years in Embedded Linux Development

Domain

Embedded Linux / Security / Kernel CVE Remediation / Firmware Hardening

Platform

Xilinx Zynq SoC (ARM-based)

Location

Atlanta, GA

Openings

2 Positions

ROLE

We are seeking a highly skilled Embedded Linux Security Engineer with deep expertise in kernel-level CVE remediation, U-Boot bootloader hardening, and Buildroot-based firmware development. This role is critical to ensuring the security and resilience of our Xilinx Zynq-based hardware platform running Linux kernels, U-Boot bootloaders, and Buildroot-generated ramdisk images.

The ideal candidate will be responsible for identifying, analyzing, triaging, and patching security vulnerabilities (CVE-based) across the entire embedded software stack — from the Linux kernel and bootloader through to user-space applications, libraries, and services. This is a hands-on, technically demanding role requiring expertise in kernel patching, cross-compilation toolchains, secure boot mechanisms, and embedded system hardening.

Key Responsibilities

• Vulnerability Assessment & CVE Remediation
• Identify, analyze, and triage CVEs impacting the Xilinx Linux kernel, ramdisk packages, U-Boot, and embedded software stack using NVD, AMD/Xilinx Security Bulletins, and OSS tooling.
• Apply kernel patches, backport security fixes from upstream LTS kernels (e.g., 5.x LTS, Xilinx downstream), or implement mitigation workarounds.
• Patch vulnerabilities in U-Boot, kernel modules, device drivers, and user-space packages (BusyBox, OpenSSL, etc.) — primarily focused on version upgrades and CVE-specific patches.
• Maintain detailed documentation of vulnerabilities, root cause analysis, mitigation steps, patch sources, and validation results.
• Track and report CVE remediation progress to stakeholders and external auditors.
• Buildroot-Based Embedded Linux System Maintenance
• Configure, customize, and maintain the Buildroot build environment used to compile U-Boot, Linux kernel, and ramdisk/root filesystem images.
• Ensure secure configuration of Buildroot-generated packages, system services, and network daemons.
• Optimize build configurations for minimal attack surface and reduced package footprint.
• Manage cross-compilation toolchains, package dependencies, and library versions.
• Secure Boot & Firmware Hardening
• Implement and validate secure boot mechanisms on Zynq platforms using Xilinx PetaLinux / Vitis toolchain.
• Harden the Linux OS, kernel configuration (kconfig), and boot chain against common attack vectors.
• Implement kernel module signing and enforce boot chain integrity.
  
  

Required Skills & Experience

Core Technical Skills

• Strong hands-on experience with Linux kernel patching, including CVE remediation, patch backporting, and diff/patch workflows.
• Deep knowledge of Buildroot build systems — package configuration, filesystem generation, and toolchain management.
• Expertise in U-Boot bootloader configuration, customization, secure boot implementation, and boot chain hardening.
• Proficiency in Embedded Linux development for ARM platforms, specifically Xilinx Zynq or similar SoCs.
• Familiarity with Xilinx-specific kernel and bootloader repositories; experience with PetaLinux or Vitis toolchain is a strong plus.
• Solid understanding of cross-compilation toolchains (gcc-arm, Buildroot toolchain, Yocto SDK).
• Kernel debugging skills using JTAG, GDB, kernel logs, and tracing tools.
• Knowledge of the target Linux kernel version family (Xilinx downstream / LTS 5.x or later).
  
  

Security & Vulnerability Management Skills

• Proven experience in CVE analysis, CVSS scoring, vulnerability triage, and remediation prioritization.
• Familiarity with vulnerability databases and tools: NVD, AMD/Xilinx Security Bulletins, Trivy, or similar.
• Knowledge of secure boot mechanisms and kernel module signing.
• Experience hardening embedded Linux OS configurations.
  
  

Programming & Scripting Skills

• Proficiency in C for kernel module development, patching, low-level debugging, and userspace-kernel interaction.
• Shell scripting (Bash) for build automation and patch workflows.
  
  

Tools & Technologies

• Version control: Git, GitHub workflows, patch management.
• Build systems: Buildroot, Make, CMake, Yocto (familiarity).
• Debugging & analysis: GDB, JTAG debuggers, strace, valgrind.
• Documentation & tracking: Confluence, JIRA.
• Security tooling: NVD, CodeSonar, CodeSentry
  
  

Preferred Qualifications

• Bachelor's or Master's degree in Computer Science, Electrical Engineering, Cybersecurity, or a related field.
• 5 years of professional experience in Embedded Linux development with a security focus.
• Hands-on experience with Xilinx PetaLinux or Vitis tools on Zynq-7000 or Zynq UltraScale platforms.
• Experience with Yocto Project as an alternative embedded Linux build system.
• Proficiency in C for kernel module development, patching, low-level debugging, and userspace-kernel interaction.