Platform Security Engineering - OpenBMC

About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the role Anthropic is standing up a founding team to own the OpenBMC-based management firmware running across its server fleet. You would be one of the first engineers on it. That means production firmware and manageability features (board bring-up through production) on one side, and hardening that firmware against sophisticated adversaries on the other. Security is a first-class constraint in everything you ship: you'll write firmware to a high security bar and partner closely with our firmware security and hardware engineers on secure boot, signing, and attestation. What You'll Do Production and manageability: Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm (including GPU) platforms, from bring-up through production, using Yocto/OpenEmbedded Build the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS: sensors, telemetry, inventory, logging, RAS Implement BMC-to-BIOS/host communications, eSPI/LPC, thermal/fan/power management (PMBus) Work the hardware/firmware boundary: I2C/I3C, SPI, PCIe, SMBus, device trees, U-Boot, Linux Security and hardening: Own the BMC security posture: secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, attack-surface reduction Lead threat modeling and secure design reviews; run coordinated vulnerability disclosure with vendors and the upstream community Build verification tooling: static analysis, fuzzing, firmware extraction, CI gating Who You Are  8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security) Strong technical cross-functional leadership skills, direction setting Hands-on OpenBMC/BMC firmware experience on x86 and/or Arm, from bring-up through production with hands-on D-Bus/sdbusplus Strong C/C++ and Python, deep Linux user-space/kernel fundamentals, and Yocto/OpenEmbedded proficiency A security mindset applied to firmware, not bolted on afterward Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP Working knowledge of out-of-band and in-band management, the relevant DMTF specs, and the device interfaces they run over Strong debugging and a track record of shipping reliable, well-tested code. Clear communication across internal teams and external vendors Ability to work effectively across hardware and software boundaries Knowledge of NIST firmware security guidelines and hardware security frameworks, specifically SP 800-193 and 800-147/155 Strong candidates may also have Hardware roots of trust and attestation: Caliptra, OCP S.A.F.E., TPM/HRoT, SPDM Memory-safe systems code in Rust or Zig Firmware vulnerability research, reverse-engineering, or fuzzing Previous work with AI/ML infrastructure security Deadline to apply: None. Applications will be received on a rolling basis. The annual compensation range for this role is listed below.  For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. Annual Salary: $405,000 — $405,000 USD Logistics Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience Required field of study:  A field relevant to the role as demonstrated through coursework, training, or professional experience Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship:  We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.  Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit  anthropic.com/careers  directly for confirmed position openings. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and