Accord Tecnologies.Inc
New York, NY
Post Resume to
View Contact Details &
Apply for Job
Job Description :
Title: Embedded Linux Security Engineer (Kernel/Bootloader / Ramdisk)
Location: Atlanta, GA
Position type: C2C
Job Title
Embedded Linux Security Developersss (Kernel / Bootloader / Ramdisk)
Experience
8 Years in Embedded Linux Development
Domain
Embedded Linux / Security / Kernel CVE Remediation / Firmware Hardening
Platform
Xilinx Zynq SoC (ARM-based)
Location
Atlanta, GA
Openings
2 Positions
ROLE
We are seeking a highly skilled Embedded Linux Security Engineer with deep expertise in kernel-level CVE remediation, U-Boot bootloader hardening, and Buildroot-based firmware development. This role is critical to ensuring the security and resilience of our Xilinx Zynq-based hardware platform running Linux kernels, U-Boot bootloaders, and Buildroot-generated ramdisk images.
The ideal candidate will be responsible for identifying, analyzing, triaging, and patching security vulnerabilities (CVE-based) across the entire embedded software stack - from the Linux kernel and bootloader through to user-space applications, libraries, and services. This is a hands-on, technically demanding role requiring expertise in kernel patching, cross-compilation toolchains, secure boot mechanisms, and embedded system hardening.
KEY RESPONSIBILITIES
1. Vulnerability Assessment & CVE Remediation
  • Identify, analyze, and triage CVEs impacting the Xilinx Linux kernel, ramdisk packages, U-Boot, and embedded software stack using NVD, AMD/Xilinx Security Bulletins, and OSS tooling.
  • Apply kernel patches, backport security fixes from upstream LTS kernels (e.g., 5.x LTS, Xilinx downstream), or implement mitigation workarounds.
  • Patch vulnerabilities in U-Boot, kernel modules, device drivers, and user-space packages (BusyBox, OpenSSL, etc.) - primarily focused on version upgrades and CVE-specific patches.
  • Maintain detailed documentation of vulnerabilities, root cause analysis, mitigation steps, patch sources, and validation results.
  • Track and report CVE remediation progress to stakeholders and external auditors.
2. Buildroot-Based Embedded Linux System Maintenance
  • Configure, customize, and maintain the Buildroot build environment used to compile U-Boot, Linux kernel, and ramdisk/root filesystem images.
  • Ensure secure configuration of Buildroot-generated packages, system services, and network daemons.
  • Optimize build configurations for minimal attack surface and reduced package footprint.
  • Manage cross-compilation toolchains, package dependencies, and library versions.
3. Secure Boot & Firmware Hardening
  • Implement and validate secure boot mechanisms on Zynq platforms using Xilinx PetaLinux / Vitis toolchain.
  • Harden the Linux OS, kernel configuration (kconfig), and boot chain against common attack vectors.
  • Implement kernel module signing and enforce boot chain integrity.
REQUIRED SKILLS & EXPERIENCE
Core Technical Skills
  • Strong hands-on experience with Linux kernel patching, including CVE remediation, patch backporting, and diff/patch workflows.
  • Deep knowledge of Buildroot build systems - package configuration, filesystem generation, and toolchain management.
  • Expertise in U-Boot bootloader configuration, customization, secure boot implementation, and boot chain hardening.
  • Proficiency in Embedded Linux development for ARM platforms, specifically Xilinx Zynq or similar SoCs.
  • Familiarity with Xilinx-specific kernel and bootloader repositories; experience with PetaLinux or Vitis toolchain is a strong plus.
  • Solid understanding of cross-compilation toolchains (gcc-arm, Buildroot toolchain, Yocto SDK).
  • Kernel debugging skills using JTAG, GDB, kernel logs, and tracing tools.
  • Knowledge of the target Linux kernel version family (Xilinx downstream / LTS 5.x or later).
Security & Vulnerability Management Skills
  • Proven experience in CVE analysis, CVSS scoring, vulnerability triage, and remediation prioritization.
  • Familiarity with vulnerability databases and tools: NVD, AMD/Xilinx Security Bulletins, Trivy, or similar.
  • Knowledge of secure boot mechanisms and kernel module signing.
  • Experience hardening embedded Linux OS configurations.
Programming & Scripting Skills
  • Proficiency in C for kernel module development, patching, low-level debugging, and userspace-kernel interaction.
  • Shell scripting (Bash) for build automation and patch workflows.
Tools & Technologies
  • Version control: Git, GitHub workflows, patch management.
  • Build systems: Buildroot, Make, CMake, Yocto (familiarity).
  • Debugging & analysis: GDB, JTAG debuggers, strace, valgrind.
  • Documentation & tracking: Confluence, JIRA.
  • Security tooling: NVD, CodeSonar, CodeSentry
PREFERRED QUALIFICATIONS
  • Bachelor's or Master's degree in Computer Science, Electrical Engineering, Cybersecurity, or a related field.
  • 5+ years of professional experience in Embedded Linux development with a security focus.
  • Hands-on experience with Xilinx PetaLinux or Vitis tools on Zynq-7000 or Zynq UltraScale+ platforms.
  • Experience with Yocto Project as an alternative embedded Linux build system.
  • Proficiency in C for kernel module development, patching, low-level debugging, and userspace-kernel interaction.
             

Similar Jobs you may be interested in ..