{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/mandatory-access-controls"},"x-facet":{"type":"skill","slug":"mandatory-access-controls","display":"Mandatory Access Controls","count":3},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_de168cba-02c"},"title":"Principal Software Engineer, Platform Security","description":"<p>We&#39;re looking for a principal-level engineer to serve as a technical leader for platform security across Anduril. This role combines deep expertise in cryptography, systems security, and secure architecture with the ability to drive security strategy across business lines and the platform.</p>\n<p>As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.</p>\n<p>Key Responsibilities:</p>\n<ul>\n<li>Own the technical vision and architecture for platform security across Anduril&#39;s product ecosystem</li>\n<li>Design cryptographic systems, protocols, and key management architectures for autonomous and robotic platforms operating in contested and disconnected environments</li>\n<li>Lead the design of hardware root-of-trust architectures integrating TPMs, TEEs, HSMs, and secure boot across diverse embedded platforms</li>\n<li>Drive the strategy for promoting business-line security implementations into shared, composable platform services</li>\n<li>Serve as the senior technical authority for security architecture reviews across the organization, providing definitive guidance on cryptographic design, protocol security, and system hardening</li>\n<li>Define security patterns, reference architectures, and engineering standards that enable teams across Anduril to build securely and independently</li>\n<li>Mentor and develop senior engineers on the team, raising the bar for security engineering across the organization</li>\n<li>Represent Anduril&#39;s security engineering capabilities to customers, partners, and auditors when deep technical credibility is required</li>\n<li>Evaluate emerging threats, cryptographic standards, and security technologies, driving adoption where they strengthen the platform</li>\n</ul>\n<p>Required Qualifications:</p>\n<ul>\n<li>12+ years of experience in software engineering, with significant depth in systems security and cryptography</li>\n<li>Expert-level knowledge of cryptographic protocol design, including key management architectures, certificate systems, and cryptographic agility</li>\n<li>Deep experience with hardware security: TPM, TEE, HSM, secure boot, and hardware root-of-trust design across multiple platform types</li>\n<li>Proficient in two or more of: C++, Rust, Go</li>\n<li>Experience designing security architectures for embedded, real-time, or robotic systems with constrained environments</li>\n<li>Track record of leading cross-organizational technical initiatives and driving architectural decisions that span multiple teams</li>\n<li>Strong ability to communicate complex security concepts to engineering leadership, product teams, and external stakeholders</li>\n<li>Experience performing and leading threat modeling, security architecture reviews, and cryptographic design reviews</li>\n<li>Eligible to obtain and maintain active U.S. Secret security clearance</li>\n</ul>\n<p>Preferred Qualifications:</p>\n<ul>\n<li>Experience with post-quantum cryptography, distributed key generation (DKG), or threshold cryptographic schemes</li>\n<li>Background in defense, aerospace, or autonomous systems with exposure to FIPS 140, Common Criteria, or NSA CSfC requirements</li>\n<li>Experience designing secure communication protocols for autonomous platforms or mesh networks</li>\n<li>Deep knowledge of Linux kernel security, mandatory access controls (SELinux/AppArmor), and OS hardening at scale</li>\n<li>Experience building and evolving platform security services consumed by dozens of teams</li>\n<li>Familiarity with compliance frameworks (STIGs, NIST 800-53, CMMC) and translating them into engineering controls that don&#39;t compromise developer velocity</li>\n<li>Publications, patents, or recognized contributions in cryptography or systems security</li>\n<li>Experience with Nix build systems and reproducible build pipelines for security-critical software</li>\n</ul>\n<p>US Salary Range: $254,000-$336,000 USD</p>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_de168cba-02c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anduril Industries","sameAs":"https://www.andurilindustries.com/","logo":"https://logos.yubhub.co/andurilindustries.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/andurilindustries/jobs/5087992007","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$254,000-$336,000 USD","x-skills-required":["cryptography","systems security","secure architecture","cryptographic protocol design","key management architectures","certificate systems","cryptographic agility","hardware security","TPM","TEE","HSM","secure boot","hardware root-of-trust design","embedded systems","real-time systems","robotic systems","constrained environments","cross-organizational technical initiatives","architectural decisions","complex security concepts","threat modeling","security architecture reviews","cryptographic design reviews","U.S. Secret security clearance"],"x-skills-preferred":["post-quantum cryptography","distributed key generation","threshold cryptographic schemes","defense","aerospace","autonomous systems","FIPS 140","Common Criteria","NSA CSfC requirements","secure communication protocols","mesh networks","Linux kernel security","mandatory access controls","OS hardening","compliance frameworks","STIGs","NIST 800-53","CMMC","publications","patents","recognized contributions","Nix build systems","reproducible build pipelines"],"datePosted":"2026-04-18T15:49:36.448Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Boston, Massachusetts, United States; Costa Mesa, California, United States; Seattle, Washington, United States; Washington, District of Columbia, United States"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"cryptography, systems security, secure architecture, cryptographic protocol design, key management architectures, certificate systems, cryptographic agility, hardware security, TPM, TEE, HSM, secure boot, hardware root-of-trust design, embedded systems, real-time systems, robotic systems, constrained environments, cross-organizational technical initiatives, architectural decisions, complex security concepts, threat modeling, security architecture reviews, cryptographic design reviews, U.S. Secret security clearance, post-quantum cryptography, distributed key generation, threshold cryptographic schemes, defense, aerospace, autonomous systems, FIPS 140, Common Criteria, NSA CSfC requirements, secure communication protocols, mesh networks, Linux kernel security, mandatory access controls, OS hardening, compliance frameworks, STIGs, NIST 800-53, CMMC, publications, patents, recognized contributions, Nix build systems, reproducible build pipelines","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":254000,"maxValue":336000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_c629a0da-f6c"},"title":"Security Engineer","description":"<p>We&#39;re seeking a Security Engineer at the senior-level or above focused on hardware, embedded systems, and firmware security to own the security posture of Saronic&#39;s vessel hardware platforms from silicon to system.</p>\n<p>You will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.</p>\n<p>Key Responsibilities:</p>\n<ul>\n<li><p>Conduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules</p>\n</li>\n<li><p>Evaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware</p>\n</li>\n<li><p>Evaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls</p>\n</li>\n<li><p>Develop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures</p>\n</li>\n<li><p>Design and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation</p>\n</li>\n<li><p>Design and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet</p>\n</li>\n<li><p>Own the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow</p>\n</li>\n<li><p>Harden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction</p>\n</li>\n<li><p>Secure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols</p>\n</li>\n<li><p>Define security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures</p>\n</li>\n<li><p>Drive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements</p>\n</li>\n<li><p>Produce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows</p>\n</li>\n</ul>\n<p>Required Qualifications:</p>\n<ul>\n<li><p>6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role</p>\n</li>\n<li><p>Deep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments</p>\n</li>\n<li><p>Demonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems</p>\n</li>\n<li><p>Strong experience assessing third-party hardware integrations and evaluating supply chain security risks</p>\n</li>\n<li><p>Deep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks</p>\n</li>\n<li><p>Experience with operational technology security, industrial protocols, or control system security</p>\n</li>\n<li><p>Proficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools</p>\n</li>\n<li><p>Ability to obtain and maintain a security clearance</p>\n</li>\n</ul>\n<p>Preferred Qualifications:</p>\n<ul>\n<li><p>Experience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments</p>\n</li>\n<li><p>Experience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms</p>\n</li>\n<li><p>Experience with RTOS, microcontroller security, or resource-constrained device environments</p>\n</li>\n<li><p>Knowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards</p>\n</li>\n<li><p>Familiarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)</p>\n</li>\n<li><p>Relevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials</p>\n</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_c629a0da-f6c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictechnologies.com/","logo":"https://logos.yubhub.co/saronictechnologies.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/4b15b1b4-3c34-47ad-b964-dbcf0f8a3dc4","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Hardware security","Embedded systems security","Firmware security","Fault injection","Side-channel analysis","Interface evaluation","Bus protocol analysis","Physical security assessments","Secure boot chains","Hardware root of trust","Firmware integrity","Embedded system hardening","Third-party hardware integrations","Supply chain security risks","Provenance validation","Anti-tamper","Attestation controls","Hardware security testing","Tooling","Methodology","Repeatable test procedures","Device identity","Key storage","Measured boot","Remote attestation","Signed updates","Rollback protection","Verified delivery","Cryptographic key lifecycle","Provisioning","Rotation","Revocation","Escrow","Embedded Linux systems","Kernel configuration","Mandatory access controls","Secure IPC","Attack surface reduction","Operational technology protocols","Industrial protocols","Control system security","CAN bus","NMEA","Maritime/industrial communication protocols","Security boundaries","Trust zones","Segmentation strategies","Threat modeling","Actionable engineering requirements","Secure-by-design reference architectures","Hardware and firmware security standards","Testing requirements","Acceptance criteria","Engineering workflows","C","C++","Python","Rust","Hardware security testing tools"],"x-skills-preferred":["Defense","Aerospace","Robotics","Autonomy","Maritime","High-assurance environments","Autonomous systems","Unmanned vehicles","Safety-critical embedded platforms","RTOS","Microcontroller security","Resource-constrained device environments","NMEA protocols","Maritime communication systems","RF/GPS/GNSS security","ICS security standards","Defense or safety-critical compliance frameworks","OSEE","GXPN","GSE","Hardware-focused credentials"],"datePosted":"2026-04-17T12:57:49.070Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Hardware security, Embedded systems security, Firmware security, Fault injection, Side-channel analysis, Interface evaluation, Bus protocol analysis, Physical security assessments, Secure boot chains, Hardware root of trust, Firmware integrity, Embedded system hardening, Third-party hardware integrations, Supply chain security risks, Provenance validation, Anti-tamper, Attestation controls, Hardware security testing, Tooling, Methodology, Repeatable test procedures, Device identity, Key storage, Measured boot, Remote attestation, Signed updates, Rollback protection, Verified delivery, Cryptographic key lifecycle, Provisioning, Rotation, Revocation, Escrow, Embedded Linux systems, Kernel configuration, Mandatory access controls, Secure IPC, Attack surface reduction, Operational technology protocols, Industrial protocols, Control system security, CAN bus, NMEA, Maritime/industrial communication protocols, Security boundaries, Trust zones, Segmentation strategies, Threat modeling, Actionable engineering requirements, Secure-by-design reference architectures, Hardware and firmware security standards, Testing requirements, Acceptance criteria, Engineering workflows, C, C++, Python, Rust, Hardware security testing tools, Defense, Aerospace, Robotics, Autonomy, Maritime, High-assurance environments, Autonomous systems, Unmanned vehicles, Safety-critical embedded platforms, RTOS, Microcontroller security, Resource-constrained device environments, NMEA protocols, Maritime communication systems, RF/GPS/GNSS security, ICS security standards, Defense or safety-critical compliance frameworks, OSEE, GXPN, GSE, Hardware-focused credentials"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_df8265dc-c31"},"title":"System Software Engineer, Consumer Products","description":"<p><strong>System Software Engineer, Consumer Products</strong></p>\n<p><strong>Location</strong></p>\n<p>San Francisco</p>\n<p><strong>Employment Type</strong></p>\n<p>Full time</p>\n<p><strong>Department</strong></p>\n<p>Consumer Products</p>\n<p><strong>Compensation</strong></p>\n<ul>\n<li>$293K – $325K • Offers Equity</li>\n</ul>\n<p>The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.</p>\n<ul>\n<li>Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts</li>\n</ul>\n<ul>\n<li>Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)</li>\n</ul>\n<ul>\n<li>401(k) retirement plan with employer match</li>\n</ul>\n<ul>\n<li>Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)</li>\n</ul>\n<ul>\n<li>Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees</li>\n</ul>\n<ul>\n<li>13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)</li>\n</ul>\n<ul>\n<li>Mental health and wellness support</li>\n</ul>\n<ul>\n<li>Employer-paid basic life and disability coverage</li>\n</ul>\n<ul>\n<li>Annual learning and development stipend to fuel your professional growth</li>\n</ul>\n<ul>\n<li>Daily meals in our offices, and meal delivery credits as eligible</li>\n</ul>\n<ul>\n<li>Relocation support for eligible employees</li>\n</ul>\n<ul>\n<li>Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.</li>\n</ul>\n<p>More details about our benefits are available to candidates during the hiring process.</p>\n<p>This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.</p>\n<p>Location: San Francisco, CA (Hybrid: 4 days onsite/week). Relocation assistance available.</p>\n<p><strong>About the Team:</strong></p>\n<p>We build foundational platform software that enables reliable, secure, and performant products. The team works across system layers and partners closely with adjacent engineering groups to deliver robust capabilities from concept through launch.</p>\n<p><strong>About the Role:</strong></p>\n<p>We’re seeking a Systems Software Engineer to design, implement, and debug core platform components and the pipelines that build and update system images. You’ll work across operating system layers, focusing on performance, security, and deep system debugging to ship production‑grade systems.</p>\n<p><strong>In this role, you will:</strong></p>\n<ul>\n<li>Design, implement, and debug system‑level components and services across kernel and user space.</li>\n</ul>\n<ul>\n<li>Configure and maintain OS platform services (init, services, networking, security policies) and related tooling.</li>\n</ul>\n<ul>\n<li>Build and operate image and update pipelines, ensuring reliability, reproducibility, and rollback safety.</li>\n</ul>\n<ul>\n<li>Instrument and analyze performance using profiling and tracing; optimize CPU, memory, I/O, and power usage.</li>\n</ul>\n<ul>\n<li>Own platform observability and reliability: logging, crash capture, watchdogs, and diagnostics.</li>\n</ul>\n<ul>\n<li>Collaborate with cross‑functional teams to define interfaces and deliver end‑to‑end features.</li>\n</ul>\n<ul>\n<li>Establish strong engineering practices: code review, CI, reproducible builds, and release management.</li>\n</ul>\n<ul>\n<li>Partner with external suppliers to support builds and deployments.</li>\n</ul>\n<p><strong>You might thrive in this role if you:</strong></p>\n<ul>\n<li>Have shipped production systems software on modern operating systems.</li>\n</ul>\n<ul>\n<li>Are proficient in C/C++ and a scripting language, and comfortable with OS internals (concurrency, memory management, filesystems, networking, power management).</li>\n</ul>\n<ul>\n<li>Bring strong systems debugging skills using debuggers, tracers, profilers, and logs across kernel/user‑space boundaries.</li>\n</ul>\n<ul>\n<li>Understand configuration of platform services and interfaces, and can translate requirements into stable, well‑documented APIs.</li>\n</ul>\n<ul>\n<li>Are fluent in user‑space foundations (service management, IPC, networking, packaging, automation).</li>\n</ul>\n<ul>\n<li>Have experience building platform images and designing update mechanisms for reliability and security.</li>\n</ul>\n<p><strong>Preferred Qualifications:</strong></p>\n<ul>\n<li>Exposure to platform security (secure boot, sandboxing, mandatory access controls, attestation).</li>\n</ul>\n<ul>\n<li>Experience with graphics/media, hardware acceleration, or high‑throughput data paths.</li>\n</ul>\n<ul>\n<li>Familiarity with connectivity stacks and network configuration.</li>\n</ul>\n<ul>\n<li>Observability and diagnostics in distributed or resource‑constrained environments.</li>\n</ul>\n<ul>\n<li>Work on open‑source platforms or contributions to systems projects.</li>\n</ul>\n<p><strong>About OpenAI</strong></p>\n<p>OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.</p>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_df8265dc-c31","directApply":true,"hiringOrganization":{"@type":"Organization","name":"OpenAI","sameAs":"https://jobs.ashbyhq.com","logo":"https://logos.yubhub.co/openai.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/openai/20f525b7-f958-4c95-a055-f914ab3adb95","x-work-arrangement":"hybrid","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":"$293K – $325K • Offers Equity","x-skills-required":["C/C++","Scripting language","OS internals","Debuggers","Tracers","Profilers","Logs","Platform services","Networking","Security policies","Image and update pipelines","Reliability","Reproducibility","Rollback safety","Performance analysis","CPU","Memory","I/O","Power usage","Platform observability","Reliability","Logging","Crash capture","Watchdogs","Diagnostics","Code review","CI","Reproducible builds","Release management"],"x-skills-preferred":["Platform security","Secure boot","Sandboxing","Mandatory access controls","Attestation","Graphics/media","Hardware acceleration","High-throughput data paths","Connectivity stacks","Network configuration","Observability and diagnostics","Distributed or resource-constrained environments","Open-source platforms","Contributions to systems projects"],"datePosted":"2026-03-06T18:24:01.788Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"C/C++, Scripting language, OS internals, Debuggers, Tracers, Profilers, Logs, Platform services, Networking, Security policies, Image and update pipelines, Reliability, Reproducibility, Rollback safety, Performance analysis, CPU, Memory, I/O, Power usage, Platform observability, Reliability, Logging, Crash capture, Watchdogs, Diagnostics, Code review, CI, Reproducible builds, Release management, Platform security, Secure boot, Sandboxing, Mandatory access controls, Attestation, Graphics/media, Hardware acceleration, High-throughput data paths, Connectivity stacks, Network configuration, Observability and diagnostics, Distributed or resource-constrained environments, Open-source platforms, Contributions to systems projects","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":293000,"maxValue":325000,"unitText":"YEAR"}}}]}