Software Engineer - Linux Kernel & Virtualization
Role details
Job location
Tech stack
Job description
We are seeking a Systems Software Engineer with strong expertise in Linux kernel development, secure virtualization, trusted execution, and hardware bring-up across ARM and x86_64 platforms.
In this role, you will architect and implement the secure virtualization layer of a custom Linux-based platform, working at the intersection of kernel internals, hypervisor technologies, and hardware-backed security. You will design features, optimize performance, enforce isolation guarantees, and harden the virtualization stack for mission-critical applications.
Key Responsibilities
Architecture & Design
-
Design virtualization, partitioning, and isolation mechanisms tailored to underlying CPU and SoC capabilities (e.g., ARM Virtualization Extensions, Intel VT-x, IOMMU/SMMU, hardware security modules).
-
Define robust security policies for inter-VM communication, device passthrough, and memory isolation to maintain strong trust boundaries.
Kernel, Hypervisor & VMM Development
-
Implement kernel-level, KVM-level, and VMM-level components supporting secure inter-VM messaging, memory partitioning, vCPU isolation, I/O protection, and device reassignment.
-
Develop security-centric features that deliver low-latency performance in resource-constrained or embedded contexts.
Integration & Ecosystem Alignment
-
Integrate virtualization features into build and CI pipelines, bootloaders (U-Boot, GRUB), and platform initialization sequences.
-
Implement secure VM bootstrapping and maintain alignment with upstream kernel developments for long-term maintainability.
Hardening, Stabilization & Threat Mitigation
-
Harden kernel configurations and hypervisor boundaries against cross-VM exploits, side-channel attacks, and isolation failures.
-
Perform regression testing, vulnerability assessments, and issue triage across multi-architecture builds.
Porting, Prototyping & Evaluation
-
Adapt virtualization stacks across ARM and x86_64 architectures and prototype new microvisor/KVM hybrids for specialized use cases.
-
Evaluate alternative virtualization technologies (e.g., AMD SEV-SNP/VMPL, Intel TDX, TrustZone-based microvisors) and provide data-driven recommendations.
Kernel Maintenance & Optimization
-
Diagnose and debug core Linux subsystems, improve boot performance, reinforce real-time capabilities, and optimize memory usage for embedded platforms.
-
Mentor junior engineers and collaborate with globally distributed teams on kernel and hypervisor development best practices.
Requirements
-
MSc or BSc in Computer Science, Electrical/Computer Engineering, Electronics Engineering, or equivalent practical experience.
-
8+ years of embedded Linux or systems-level development, with significant hands-on experience in Linux kernel programming.
-
Demonstrated experience building or securing virtualization systems using KVM or similar hypervisors in production.
-
Excellent spoken/written English and strong communication skills.
Required Skills
Kernel Internals
-
Strong understanding of device trees, platform initialization, power management frameworks, netfilter/virtio networking, and real-time patches (PREEMPT_RT).
-
Experience tuning filesystems and storage for embedded environments (ext4, F2FS, etc.).
Core Technical Expertise
- Deep understanding of Linux kernel architecture, including virtual machine management (CROSVM/QEMU), hypervisor extensions, trusted execution extensions (ARM TZ, Intel SGX/TDX), memory management (SLAB/SLUB, OOM), scheduling (CFS), and interrupt handling (IRQs/softirqs).
Tools & Languages
-
Advanced proficiency in C for kernel development; familiarity with Rust for safe systems code is a plus.
-
Experience with debugging and tracing tools (KGDB, ftrace, perf) and build ecosystems (Nix, Yocto, or equivalent).
Architecture & Porting
- Skilled in cross-compilation for AArch64 and x86_64, driver development/porting, CROSVM or QEMU-based prototyping, and performance profiling.
Memory Translation Expertise
-
Strong knowledge of ARM stage-1 and stage-2 translations, page table formats, and fault handling.
-
Equivalent expertise on x86 (EPT/NPT, shadow paging, INVPCID, TLB management).
-
Ability to work with hierarchical page tables, superpages, dynamic stage-2 allocations, and hypervisor-guest mapping coherence.
Performance & Security Optimization
-
Experience reducing translation overhead, mitigating TLB thrashing, and implementing efficient paging strategies in multi-VM setups.
-
Understanding of modern security features like encrypted memory (e.g., SEV-SNP), MTE, and attestation mechanisms tied to memory integrity.
Nice-to-Have Skills
-
Exposure to alternative VMMs/hypervisors (Firecracker, crosvm, microvisors).
-
Knowledge of secure boot chains (UEFI, TPM), firmware attestation, and embedded latency benchmarking.
-
Strong analytical skills, excellent documentation habits, and comfort working in distributed multi-vendor environments
-
Experience collaborating with geographically distributed, cross-functional engineering teams.
-
Contributions to open-source kernel, hypervisor, or virtualization projects.
OUR Values & Core Competencies
Act with Integrity
Benefits & conditions
We uphold the highest ethical standards and take full responsibility in every action - whether securing systems, researching vulnerabilities, or collaborating with clients. Trust is the foundation of our impact.
Collaborate with Trust
We bring together diverse perspectives across disciplines and borders, knowing that collective intelligence leads to stronger, more resilient outcomes.
Challenge with Curiosity
We question deeply, explore fearlessly, and pursue knowledge relentlessly to uncover threats, solve root problems, and drive smarter security decisions.
Innovate to Protect
We create with purpose - building secure, scalable, and forward-looking solutions that safeguard people, organizations, and the digital future.
Adapt with Precision
We move with speed and discipline - learning from failure, refining our approach, and staying focused amid complexity and constant change.
Ready to Make an Impact?
