Platform Security Engineering - OpenBMC

Details

Anthropic is standing up a founding team to own the OpenBMC-based management firmware running across its server fleet. You would be one of the first engineers on it, working on production firmware and manageability features (board bring-up through production) as well as hardening that firmware against sophisticated adversaries. Security is a first-class constraint: you'll write firmware to a high security bar and partner closely with firmware security and hardware engineers on secure boot, signing, and attestation.

Responsibilities

• Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm (including GPU) platforms, from bring-up through production, using Yocto/OpenEmbedded
• Build the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS: sensors, telemetry, inventory, logging, RAS
• Implement BMC-to-BIOS/host communications, eSPI/LPC, thermal/fan/power management (PMBus)
• Work the hardware/firmware boundary: I2C/I3C, SPI, PCIe, SMBus, device trees, U-Boot, Linux
• Own the BMC security posture: secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, attack-surface reduction
• Lead threat modeling and secure design reviews; run coordinated vulnerability disclosure with vendors and the upstream community
• Build verification tooling: static analysis, fuzzing, firmware extraction, CI gating

Requirements

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)
• Hands-on OpenBMC/BMC firmware experience on x86 and/or Arm, from bring-up through production with hands-on D-Bus/sdbusplus
• Strong C/C++ and Python skills, deep Linux user-space/kernel fundamentals, and Yocto/OpenEmbedded proficiency
• A security mindset applied to firmware, not bolted on afterward
• Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP
• Working knowledge of out-of-band and in-band management, the relevant DMTF specs, and the device interfaces they run over
• Strong debugging and a track record of shipping reliable, well-tested code
• Clear communication across internal teams and external vendors; ability to work effectively across hardware and software boundaries
• Knowledge of NIST firmware security guidelines and hardware security frameworks, specifically SP 800-193 and 800-147/155

Strong candidates may also have

• Hardware roots of trust and attestation: Caliptra, OCP S.A.F.E., TPM/HRoT, SPDM
• Memory-safe systems code in Rust or Zig
• Firmware vulnerability research, reverse-engineering, or fuzzing
• Previous work with AI/ML infrastructure security

Logistics

• Minimum education: Bachelor’s degree or equivalent combination of education/training/experience
• Location-based hybrid policy: currently expect all staff to be in one of our offices at least 25% of the time
• Visa sponsorship: Anthropic states they sponsor visas and retain an immigration lawyer to assist with sponsorship where feasible

Compensation

• Annual Salary: $405,000 - $405,000 USD

How to apply

Applications are received on a rolling basis. Deadline: None.