Platform Security Engineering - OpenBMC

About the role

Anthropic is standing up a founding team to own the OpenBMC-based management firmware running across its server fleet. You would be one of the first engineers on it. That means production firmware and manageability features (board bring-up through production) on one side, and hardening that firmware against sophisticated adversaries on the other.

Security is a first-class constraint in everything you ship: you'll write firmware to a high security bar and partner closely with our firmware security and hardware engineers on secure boot, signing, and attestation.

What You'll Do

Production and manageability:

• Design, build, and ship OpenBMC firmware and manageability features for x86 and Arm (including GPU) platforms, from bring-up through production, using Yocto/OpenEmbedded
• Build the management stack on DMTF/OCP standards (MCTP, PLDM, SPDM, Redfish, RDE) and IPMI/KCS: sensors, telemetry, inventory, logging, RAS
• Implement BMC-to-BIOS/host communications, eSPI/LPC, thermal/fan/power management (PMBus)
• Work the hardware/firmware boundary: I2C/I3C, SPI, PCIe, SMBus, device trees, U-Boot, Linux

Security and hardening:

• Own the BMC security posture: secure and measured boot, root of trust, attestation (SPDM), authenticated update (PLDM FW Update), rollback protection, attack-surface reduction
• Lead threat modeling and secure design reviews; run coordinated vulnerability disclosure with vendors and the upstream community
• Build verification tooling: static analysis, fuzzing, firmware extraction, CI gating

Who You Are 

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)
• Strong technical cross-functional leadership skills, direction setting
• Hands-on OpenBMC/BMC firmware experience on x86 and/or Arm, from bring-up through production with hands-on D-Bus/sdbusplus
• Strong C/C++ and Python, deep Linux user-space/kernel fundamentals, and Yocto/OpenEmbedded proficiency
• A security mindset applied to firmware, not bolted on afterward
• Upstream contributions to OpenBMC, U-Boot, DMTF, or OCP
• Working knowledge of out-of-band and in-band management, the relevant DMTF specs, and the device interfaces they run over
• Strong debugging and a track record of shipping reliable, well-tested code.
• Clear communication across internal teams and external vendors
• Ability to work effectively across hardware and software boundaries
• Knowledge of NIST firmware security guidelines and hardware security frameworks, specifically SP 800-193 and 800-147/155

Strong candidates may also have

• Hardware roots of trust and attestation: Caliptra, OCP S.A.F.E., TPM/HRoT, SPDM
• Memory-safe systems code in Rust or Zig
• Firmware vulnerability research, reverse-engineering, or fuzzing
• Previous work with AI/ML infrastructure security

Deadline to apply: None. Applications will be received on a rolling basis.