Hardware / Low Level Security Engineer

About The Role

We are seeking a Hardware / Low Level Security Engineer to harden the foundational layers of the systems that run the fastest AI inference on earth. You will work close to the metal — across the Linux kernel, firmware, secure boot, and hardware roots of trust — to identify weaknesses, build defenses, and partner with platform and infrastructure teams to ship low-level security improvements. The right candidate brings deep systems expertise, a security mindset shaped by hands-on hardening and exploitation, and a passion for protecting unique compute architectures at scale.

Responsibilities

• Partner with platform, infrastructure, and hardware teams to embed security controls from physical hardware through runtime.
• Design and implement security hardening across the Linux kernel, bootloader, firmware, and host OS layers of Cerebras compute platforms.
• Drive secure boot, measured boot, and attestation strategies across our infrastructure, from the wafer-scale system to supporting host nodes.
• Conduct deep security reviews of kernel modules, drivers, and low-level system components — identifying and remediating memory safety, privilege escalation, and isolation issues.
• Develop kernel-level monitoring and telemetry (e.g., eBPF) to enable detection of low-level attacker behavior.
• Stay ahead of emerging kernel CVEs, supply chain risks, and hardware-level threats — driving response and remediation across the fleet.
• Document low-level security posture, threat models, and remediation playbooks in clear, accessible language.

Skills and Qualifications

• Background in Mechanical and/or Electrical Engineering with career focus in Cybersecurity.
• Deep familiarity with the Linux kernel — including kernel modules, syscall interface, namespaces, cgroups, eBPF, and LSM.
• Hands-on experience with firmware, UEFI, secure boot, TPM, and platform integrity tooling.
• Strong proficiency in C and a modern systems language (Rust, Go, or similar), with the ability to read and write production kernel code.
• Familiarity with hardware-level isolation primitives (e.g., IOMMU, SR-IOV, confidential computing); exposure to non-standard compute architectures a plus.
• Strong written communication skills, with the ability to make low-level security concepts accessible to non-experts.