Firmware Engineer - Security

Firmware Engineer - Security at Vertiv Corporation Firmware Engineer - Security at Vertiv Corporation in Westerville, Ohio Posted in about 19 hours ago.

Job Description:

Job Description Vertiv's Thermal business unit is seeking an Embedded Product Security Engineer to help protect the security and integrity of our embedded thermal firmware platforms and exposed system interfaces across mission-critical infrastructure products. This role is responsible for investigating, analyzing, and resolving security vulnerabilities, supporting regulatory and standards compliance, and partnering with firmware and platform engineering teams to embed security-by-design practices throughout the product lifecycle. The successful candidate will play a key role in ensuring Vertiv products meet evolving cybersecurity expectations while maintaining reliability and performance in critical customer environments.

Responsibilities:

Investigate reported and internally discovered firmware vulnerabilities across embedded and gateway platforms. Perform security analysis of embedded firmware packages, update mechanisms, and exposed interfaces (network, diagnostic, field service). Support secure boot, firmware signing, and update validation implementations in collaboration with firmware engineering teams. Conduct threat modeling and risk assessments for embedded platforms and interface exposure. Drive vulnerability response workflows, including root cause analysis, remediation tracking, and verification. Ensure alignment with product cybersecurity standards and regulations, including

IEC 62443, ISO

27001, NIS2, and CRA-related obligations. Review and maintain SBOMs and supplier security documentation to support compliance and supply-chain security requirements. Partner with QA and firmware teams on security testing, validation, and release readiness. Contribute to internal security requirements, checklists, and conformance matrices for embedded platforms. Required Experience Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, or a related technical field. 3+ years of experience resolving security issues in embedded firmware 3+ years of experience with Linux-based secure firmware development and testing 3+ years of experience using the C/C++ programming language Working knowledge of embedded security concepts, including secure boot, firmware signing, cryptography, and secure update mechanisms. Familiarity with networked embedded systems and common protocols (e.g., TCP/IP, TLS, diagnostics interfaces). Ability to collaborate effectively with cross-functional engineering, quality, and compliance teams. Preferred Experience Experience with product cybersecurity standards such as

IEC 62443, ISO/SAE

21434, or similar industrial/OT security frameworks. Familiarity with SBOM formats and tooling (e.g., Cyclone

DX, SPDX

). Experience supporting security compliance or regulatory readiness for embedded products. Background in firmware development using C/C++ or reviewing embedded firmware code for security considerations. Understanding of secure device lifecycle concepts, including manufacturing security, provisioning, and field updates.