Security Analyst Software
This famous security lab is an ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile and smart metering industry. She is one of the world’s most advanced players in the field of side channel attacks and embedded technology evaluation
The company has engaging projects, an open office environment, and they are looking for self-motivated individuals who would like to embrace the opportunity to drive security forward in the headoffice in Delft, The Netherlands
What is my role?
- The organization evaluates the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.
- In addition to evaluation work they carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the knowledge database to ensure it is preserved and shared within the organization.
- Work is mainly done at the office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communication with our customers is in English.
What skills do I need.
- You are a pleasant co-worker who likes to collaborate, learn and share your knowledge with a remote team of security specialists.
- You are a self-motivated and creative problem solver who enjoys the struggle of figuring things out yourself but also knows when to ask for help.
- You are excited at the prospect of problem solving with your colleagues and clients, and are ready to tackle complicated problems our clients struggle to solve.
- You enjoy digging deep into the technical details of both hardware and software of devices and understanding complex systems fast.
- You are capable of completing security evaluations unassisted.
- You have an excellent command of the English language, verbal and written.
- You have successfully completed a Bachelor or master’s in computer science, Computer Engineering, or Electrical Engineering.
- You have at least 2-4 years of work experience.
- You are flexible and enjoy travelling to customers within North America, or Europe/Asia every now and then. One week, a month, or more travel to client sites depending on client needs.*
- You are authorized to work in the United States.
Do you get excited over a firmware image? Or how about the full source of a TEE OS? Do you have experience with IDA Pro or radare2 ~, and ARM/MIPS? Even more reason to come aboard!
You have at least 2 years work experience in:
- Experience in finding vulnerabilities in source code or binaries through manual review and/or reverse engineering
- Experience in fuzzing for vulnerabilities
- Experience using symbolic execution to find vulnerabilities
- Knowledge of embedded system architecture, OS internals, Trusted Execution Environments
- Knowledge of cryptographic algorithms and protocols, whitebox crypto, x509 certificates
- Hands-on experience with Firmware security: made things do what they’re notsupposed to do whether in a college or home/hobbyist setting.
- Programming languages: C, C++, JavaCard, Assembly
- Experience in customer-facing roles and leading teams
- Able to work independently and orchestrate work in small teams
- Nice to have
- Experience in pre-silicon [Hardware] security
- Development background & understanding of client’s software development process and needs
- Experience in security applicable to payment systems
We are interested in speaking with you even if you don’t meet all the criteria detailed above.