4 Kernel Hardening Jobs

Job Title: Linux Security Developer Key Responsibilities: Develop, integrate, and maintain security features across the Linux kernel, user space, and system services. Implement Linux Security Modules (LSM) such as SELinux , AppArmor , or Smack , and define appropriate security policies. Work on secure boot mechanisms including UEFI Secure Boot , Measured Boot , and TPM-based attestation . Implement kernel hardening measures (e.g., KASLR, stack canaries, lockdown mode, seccomp filters). Support filesystem-level security mechanisms such as dm-crypt , LUKS , and fscrypt for data-at-rest protection. Integrate and validate secure key storage , TPM 2.0 , and hardware-backed encryption APIs. Contribute to vulnerability triage , CVEs , and proactive mitigation strategies in both kernel and user-space components. Perform security audits , threat modeling, and implement mitigations for discovered flaws or theoretical attack surfaces. Implement secure IPC mechanisms , sandboxing (e.g., with namespaces, cgroups, or seccomp), and user-space confinement . Support and validate secure OTA (Over-The-Air) update infrastructure with rollback protection and cryptographic signature validation. Collaborate with platform, firmware, application, and QA teams to ensure comprehensive security coverage across the system. Expertise: 8+ years of experience in Linux security development , preferably in embedded, consumer electronics, or enterprise systems. In-depth knowledge of Linux kernel internals , especially around process management, memory isolation, and syscall interfaces. Strong programming skills in C , shell scripting , and optionally Python or Rust . Experience with: Security frameworks : LSMs, Audit subsystem Cryptography : OpenSSL, GnuPG, keyring, PKCS#11, dm-verity Trusted Platform Modules (TPM) and UEFI/BIOS security features Sandboxing & container security : Namespaces, seccomp, cgroups, capabilities Proficiency in tools like: auditd, AppArmor utilities, selinux-utils strace, lsof, chkrootkit, tripwire, clamAV Understanding of CVE management , secure coding practices , code fuzzing , and static analysis tools. Familiarity with security standards like NIST , CIS benchmarks , or ISO 27001 is a plus. Hands-on experience with Yocto , Debian , or Ubuntu security features.

Key Responsibilities: - Maintain security features across multiple layers of BMWs Linux distribution: from hardware, bootloader, and kernel to end-user applications. - Review changes in existing security policies (SELinux, Linux permissions, systemd configuration, etc.). - Support other teams in implementing secure products. - Contribute to the configuration and source code of BMW OS security features. Required Experience and Skills - Hands-on experience in Linux or/and Android security (e.g., Kernel hardening, Linux permissions, systemd, capabilities, namespaces, Linux RPC). - Knowledge of isolation techniques and containerization mechanisms is a plus. - Thorough understanding of security principles, latest techniques, and operating system features (e.g., secure boot, disk encryption, SELinux, integrity protection, cryptographic protocols). - Background in modern software development in one of the languages C++, Java, Kotlin. Experience with Python as a universal tool. - Experience with Continuous Integration and Delivery tools (e.g., Jenkins, Zuul, Github Actions, or Gitlab CI). - Understanding of basic principles of threat modeling. Practical experience is a plus.

Must-Have Skills Solid Python development experience including object-oriented programming, designing reusable modules, working with testing frameworks like pytest (incl. fixtures), and building command-line tools for automation or system tasks. Hands-on experience working with Linux systems beyond basic usage — such as writing shell scripts, analyzing system logs, configuring services, or troubleshooting runtime issues. Familiarity with CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions). Ability to write clean, testable, and maintainable code. A curiosity-driven mindset and interest in how complex systems work under the hood. Nice to Have (or Eager to Learn) Strong motivation to grow into platform security topics such as secure boot, disk encryption, access control, and sandboxing in Linux/Android environments. Interest in system-level software design — including how operating systems enforce isolation, security boundaries, and platform resilience. Curiosity about attack surface reduction, ethical hacking, or platform hardening — even without prior experience. Keywords Python Developer Clean Code pytest CI/CD (GitLab, Jenkins, GitHub Actions) Linux System Automation Android Platform Development

Basic Requirements and Education - Business fluent English. - University degree in computer science or a comparable field of study, ideally with a security focus. Required Experience and Skills - Hands-on experience in Linux or/and Android security (e.g., Kernel hardening, Linux permissions, systemd, capabilities, namespaces, Linux RPC). - Knowledge of isolation techniques and containerization mechanisms is a plus. - Thorough understanding of security principles, latest techniques, and operating system features (e.g., secure boot, disk encryption, SELinux, integrity protection, cryptographic protocols). - Background in modern software development in one of the languages C++, Java, Kotlin. Experience with Python as a universal tool. - Experience with Continuous Integration and Delivery tools (e.g., Jenkins, Zuul, Github Actions, or Gitlab CI). - Understanding of basic principles of threat modeling. Practical experience is a plus. #### Keywords - Automotive Infotainment - Linux - SELinux - Android - Cyber Security - C++ - CI/CD - Threat modeling