Senior Firmware Security Engineer
Microsoft
The Azure Silicon Cloud Hardware Infrastructure and Engineering (SCHIE) team is key to delivering operational excellence for Azure. Within SCHIE, the Security Center of Excellence designs and develops security solutions for server and rack infrastructure.
We collaborate closely with Microsoft product teams, industry partners, and researchers to deliver secure, scalable cloud platforms while optimizing total cost of ownership (TCO). Our culture values continuous learning, curiosity, and the courage to navigate ambiguity—embracing experimentation, learning from failure, and fostering collaboration where shared success drives impact.
We are seeking a highly motivated Senior Firmware Security Engineer with a strong background in firmware security to help secure Azure infrastructure across both the existing Azure fleet and upcoming hardware portfolios. In this role, you will collaborate closely with architects and crossfunctional partners to understand security requirements and contribute to the design and development of security features for the hardware and firmware systems that power Azure today.
The ideal candidate is passionate about security and enjoys seeing their code bring hardware features to life—directly contributing to the protection of Azure infrastructure at scale. This role also requires strong technical leadership, including the ability to lead initiatives, guide technical direction, mentor junior engineers, and collaborate effectively as a great team player within a highly crossfunctional environment, spread across multiple Geos.
You should have strong embedded development skills, along with proven debugging and troubleshooting expertise in firmware development. Experience with some or all the following technologies is highly desirable: C programming skills, RTOS expertise, MCTP, SPDM, SoC bring-up, bootloaders, platform initialization, BSP porting, secure boot, Caliptra, TPM, OPTEE, and device drivers such as I2C, I3C, SPI, USB, and UART. Experience in RUST programming and Threat Modelling will be a great value add. Familiarity with AIassisted development practices to improve productivity, code quality, and design efficiency is highly desirable. This is expected to be a hands-on role, where you will also have the opportunity to lead a team of extremely talented engineers to deliver innovation at scale and own delivery of product to Azure datacentres.
Responsibilities
-
Design and develop critical firmware security features for Azure server platforms.
Define and integrate endtoend security feature flows spanning multiple server subsystems, from product concept and architecture through development, validation, and integration with Azure services.
Embed Secure Development Lifecycle (SDL) practices throughout the development process, with a strong testdriven, qualityfirst mindset.
Apply a solid understanding of security primitives, cryptography, threat models, and mitigation strategies to address and close identified vulnerabilities.
Design and implement firmware modules supporting hardware interfaces and protocols such as SPI, I2C, I3C, UART, and related technologies.
Perform systemlevel debugging and troubleshooting to identify and resolve hardware and firmware issues.
Develop and maintain scalable, modular, and maintainable firmware architectures.
Adapt effectively to changing priorities and operate successfully in fastpaced, evolving environments.
Demonstrate strong communication, technical leadership, collaboration, and interpersonal skills.
Navigate ambiguous problem spaces and bring clarity through structured thinking and execution.
Qualifications
Required Qualifications:
Bachelor’s or Master’s degree in Electrical Engineering, Electronics Engineering, Computer Science, or a related field.
10+ years of professional experience in firmware security and embedded firmware development.
Strong experience in lowlevel silicon and firmware development, including handson debugging using both hardware and software debugging tools.
Proven experience with secure boot, secure firmware updates, attestation, SPDM, DICE, threat modeling, secure recovery, and secure debug workflows at scale.
Excellent problemsolving and analytical skills, with the ability to diagnose complex system issues.
Strong written and verbal communication skills.
Experience architecting or implementing industrystandard security protocols, including secure communications, cryptographic algorithms, PKI, and key management technologies.
Ability to analyze and interpret hardware schematics.
Deep understanding of platform server architectures, including BMC, secure boot, IPMI, SPDM, Redfish, TPM, and related security components.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.