Staff Engineer, Platform Security Systems Software

Tenstorrent is leading the industry on cutting-edge AI technology, revolutionizing performance expectations, ease of use, and cost efficiency. With AI redefining the computing paradigm, solutions must evolve to unify innovations in software models, compilers, platforms, networking, and semiconductors. Our diverse team of technologists have developed a high performance RISC-V CPU from scratch, and share a passion for AI and a deep desire to build the best AI platform possible. We value collaboration, curiosity, and a commitment to solving hard problems. We are growing our team and looking for contributors of all seniorities.

As a Staff Platform Security Software Engineer, you'll focus on developing and securing the lowest software layers that protect and power our AI/ML and general compute devices. Working closely with the hardware architecture team, you'll enable a hardware-backed Root of Trust to provide security features via ROM, firmware, and software code development. You'll also design and build the security infrastructure that supports the device across its entire lifecycle from provisioning through customer deployment.

This role is remote, based out of the United States.

We welcome candidates at various experience levels for this role. During the interview process, candidates will be assessed for the appropriate level, and offers will align with that level, which may differ from the one in this posting.

Who You Are

• Experienced platform security engineer with 8+ years delivering production security software, including 4+ years focused on embedded systems, silicon devices, and firmware development. You've lived where memory is measured in kilobytes and every clock cycle is precious.
• Strong coding skills in C, C++, or Rust plus Go or Python. You understand when to reach for bare-metal control and when higher-level abstractions actually solve the problem faster.
• Deep expertise in secure boot, code-signing, and firmware update mechanisms, including hands-on experience with Hardware Security Modules and manufacturing provisioning workflows.
• Proven experience developing and testing bootloaders like U-Boot or Coreboot. You know these systems at the instruction level and can debug boot failures armed with nothing but a JTAG probe and coffee.
• Working knowledge of cryptographic primitives, public key infrastructure, device attestation, and secure computing architectures. Experience with OpenTitan is particularly valued.
• Skilled in RTOS development and integration using platforms like TockOS, Zephyr, or similar real-time systems. You architect for deterministic behavior where "eventually consistent" simply isn't in the vocabulary.
• Experience conducting security assessments and risk analysis for firmware and embedded systems. You find the vulnerabilities before the creative folks on the internet do.
• Excellent communication skills for translating complex hardware security concepts to cross-functional teams. You're the Rosetta Stone between silicon engineers and software architects.
• RISC-V architecture knowledge is a significant plus, especially experience with TEE standardization, side-channel mitigation, and performance-optimized security implementations.
• Working knowledge of TEE and confidential computing solutions in embedded contexts. Experience with boot ROM development and silicon device bring-up makes you even more valuable.

What We Need

• Develop and test ROM, bootloader, and run-time firmware for enabling secure boot on security processors and Root-of-Trust devices. This is the code that executes before the rest of the world wakes up.
• Design and implement code-signing, key management, and software release processes that produce secured artifacts across diverse device configurations. You'll architect the entire trust chain from factory floor to field deployment.
• Develop and integrate real-time operating systems like TockOS or Zephyr to provide cryptographic, lifecycle, and security-sensitive system services while maintaining the deterministic timing that real-time demands.
• Create and maintain security documentation including detailed firmware architecture diagrams, security hardening guides, and embedded threat models. These become both reference material and survival guides for teams navigating embedded security.
• Design and develop on-device attestation mechanisms and integrate with external certificate authorities. Build the protocols that let devices prove their identity without revealing secrets that make cryptographers nervous.
• Provide guidance to development teams on secure coding practices, with emphasis on embedded-specific pitfalls. Buffer overflows in 32KB environments are an entirely different beast.
• Work with the hardware security team to shape next-generation secure silicon that software can effectively leverage. Hardware capabilities without usable software interfaces are just expensive sand.
• Collaborate with the broader RISC-V industry on standardized approaches for Trusted Execution Environments and confidential computing extensions. Help shape the open-source security standards that define the architecture.
• Partner with third-party security experts to audit and validate firmware, RTOS integrations, and embedded system designs. External scrutiny makes everything stronger.

What You Will Learn

• Gain deep expertise in platform security for RISC-V systems across embedded, real-time, and high-performance computing environments. Understand how security principles morph across wildly different resource constraints.
• Master hardware/software co-design for security at the intersection of silicon, firmware, and operating systems. See the entire stack and understand the tradeoffs at each layer in a way few engineers ever achieve.
• Contribute to and influence the open-source RISC-V security ecosystem by engaging with working groups and building reference implementations. Your work will shape how the industry thinks about open-architecture security.
• Develop expertise in AI accelerator security and protecting ML workloads. Understand threat models unique to AI hardware in this emerging field where multiple disciplines collide.
• Build technical leadership skills by mentoring teams, defining security methodologies, and establishing cross-functional practices. Learn to multiply organizational effectiveness beyond individual contributions.

Compensation for all engineers at Tenstorrent ranges from $100k - $500k including base and variable compensation targets. Experience, skills, education, background and location all impact the actual offer made.

Tenstorrent offers a highly competitive compensation package and benefits, and we are an equal opportunity employer.

This offer of employment is contingent upon the applicant being eligible to access U.S. export-controlled technology.  Due to U.S. export laws, including those codified in the U.S. Export Administration Regulations (EAR), the Company is required to ensure compliance with these laws when transferring technology to nationals of certain countries (such as EAR Country Groups D:1, E1, and E2).   These requirements apply to persons located in the U.S. and all countries outside the U.S.  As the position offered will have direct and/or indirect access to information, systems, or technologies subject to these laws, the offer may be contingent upon your citizenship/permanent residency status or ability to obtain prior license approval from the U.S. Commerce Department or applicable federal agency.  If employment is not possible due to U.S. export laws, any offer of employment will be rescinded.