Security Firmware Engineer

Vertiv Thermal business unit is seeking an Embedded Product Security Engineer to help protect the security and integrity of our embedded thermal firmware platforms and exposed system interfaces across mission‑critical infrastructure products.

This role is responsible for investigating, analyzing, and resolving security vulnerabilities, supporting regulatory and standards compliance, and partnering with firmware and platform engineering teams to embed security‑by‑design practices throughout the product lifecycle. The successful candidate will play a key role in ensuring Vertiv products meet evolving cybersecurity expectations while maintaining reliability and performance in critical customer environments.

This role offers the opportunity to:

• Influence product‑level cybersecurity across thermal embedded platforms.
• Work closely with firmware, controls, and platform engineering teams.
• Contribute directly to security‑by‑design practices in mission‑critical systems.

Required Experience

• Bachelor’s degree in Computer Engineering, Computer Science, Electrical Engineering, or a related technical field.
• Experience working with embedded firmware or embedded Linux‑based platforms.
• Working knowledge of embedded security concepts, including secure boot, firmware signing, cryptography, and secure update mechanisms.
• Experience investigating or mitigating software vulnerabilities in embedded or product environments.
• Familiarity with networked embedded systems and common protocols (e.g., TCP/IP, TLS, diagnostics interfaces).
• Ability to collaborate effectively with cross‑functional engineering, quality, and compliance teams.
• Preferred Experience
• Experience with product cybersecurity standards such as IEC 62443, ISO/SAE 21434, or similar industrial/OT security frameworks.
• Familiarity with SBOM formats and tooling (e.g., CycloneDX, SPDX).

Responsibilities

• Investigate reported and internally discovered firmware vulnerabilities across embedded and gateway platforms.
• Perform security analysis of embedded firmware packages, update mechanisms, and exposed interfaces (network, diagnostic, field service).
• Support secure boot, firmware signing, and update validation implementations in collaboration with firmware engineering teams.
• Conduct threat modeling and risk assessments for embedded platforms and interface exposure.
• Drive vulnerability response workflows, including root cause analysis, remediation tracking, and verification.
• Ensure alignment with product cybersecurity standards and regulations, including IEC 62443, ISO 27001, NIS2, and CRA‑related obligations.
• Review and maintain SBOMs and supplier security documentation to support compliance and supply‑chain security requirements.
• Partner with QA and firmware teams on security testing, validation, and release readiness.
• Contribute to internal security requirements, checklists, and conformance matrices for embedded platforms.

Education & Certifications:

Bachelor’s degree or foreign equivalent with strong emphasis on software: Computer Science, Software Engineering, Mechanical Engineering, Electrical Engineering, or Computer Engineering

Requirements

3+ years of experience resolving security issues in embedded firmware

3+ years of experience with Linux-based secure firmware development and testing

3+ years of experience using the C/C++ programming language