Security Architect, Hardware

Location(s) Available: Austin, TX

About The Team

Join Cloudflare’s Security Team in Bangalore. We seek motivated students in Cybersecurity, Computer Science, or Information Systems for a cross-functional role. This position offers hands-on experience across multiple security domains, including GRC, IAM, Appsec, and Sec Arch, to help build a safer internet.

About the role/What You’ll Do

• Provide input on security requirements for new infrastructure and engineering initiatives.
• Assist with documentation and maintenance of the corporate security architecture blueprints
• Your focus will be on hardware security ,secure boot processes, side-channel attack mitigation, BIOS level security requirements  and cryptographic isolation within devices, etc.
• Partner with hardware and firmware teams to provide security guidance for the  design and implementation of security features such as Hardware Root of Trust (RoT), Secure Boot (e.g., UEFI configuration), and hardware-based cryptographic accelerators.
• Define advanced memory protection strategies.
• Collaborate with the Security Detections and Monitoring team to develop telemetry and alerts for detecting unauthorized hardware changes, firmware tampering, or suspicious BIOS/UEFI configuration modifications.
• Define and enforce secure configuration standards for BIOS/UEFI settings, Trusted Platform Modules (TPM), and physical port management (e.g., USB, JTAG, UART) to prevent unauthorized access.
• Coordinate 3rd party hardware and firmware penetration tests, review technical findings, and translate complex vulnerabilities into actionable security requirements for engineering teams.
• Design secure solutions for complex infrastructure problems, such as implementing Zero Trust principles at the hardware level and securing high-performance computing or edge-device integrations.
• Perform regular audits of hardware and firmware environments to identify "configuration drift" where systems have deviated from established security baselines or approved firmware versions.
• Evaluate vendor updates, microcode patches, and vulnerability data (CVEs) to make prioritized risk-based recommendations for patching critical hardware flaws.
• Act as the security liaison between infrastructure, firmware, and other engineering teams to embed "secure-by-design" principles into the early stages of the hardware procurement and development lifecycle.
• Conduct detailed threat modeling sessions specifically focused on physical attack vectors, side-channel attacks, and supply chain integrity risks.
• Provide deep technical expertise during hardware-related security incidents, assisting with forensic analysis of compromised firmware or physical tampering detected by monitoring systems.
• Develop hardware-specific security policies and reference architectures that comply with international standards such as NIST SP 800-193 (Platform Firmware Resiliency).