Would you like to oversee the technical quality of evaluation projects at our lab?
This security lab is an ambitious organization focusing on embedded security testing for leading international clients across various industries, including automotive, IoT, medical, semiconductor, payment, mobile, and smart metering. They offer engaging projects and a collaborative office environment, seeking self-motivated individuals looking to establish their roles within a growing company.
What will my role involve?
You will be part of a team that evaluates the security of products incorporating embedded and smart card technologies. Key responsibilities include identifying threats and vulnerabilities by analyzing product specifications, code, or hardware and creating tools for security testing. Findings are compiled into reports, along with recommendations for addressing any issues.
The organization values knowledge sharing as essential for innovation and employee development. Time is allocated for personal growth, and weekly knowledge-sharing events are organized. Besides evaluation work, the organization undertakes other projects such as consultancy, research, tool development, and training. Maintaining a cutting-edge lab necessitates an ongoing internal research and development process. Knowledge gained from projects is documented in a database to be shared across the organization.
Responsibilities
- Lead and execute vulnerability analysis and penetration testing campaigns on secure hardware products (e.g., Secure ICs, Secure Sub-Systems in SoCs) in accordance with certification schemes like Common Criteria (PP0084, PP0117) and EMVCo.
- Design, plan, and document test strategies and test plans aligned with scheme-specific requirements
- Perform and guide fault injection (FI) and side-channel analysis (SCA) testing and analyze collected traces for vulnerability identification.
- Conduct in-depth hardware design reviews, including schematics, layout, and countermeasure analysis, to assess resistance against physical and logical attacks.
- Analyze and reverse-engineer bootloaders, embedded software, and firmware using Assembly, C/C++, and scripting tools.
- Review and assess RTL code (e.g., Verilog, VHDL) to identify potential architectural and implementation-level weaknesses.
- Document findings in technical reports and certification deliverables in a clear, structured, and evidence-driven manner, suitable for submission to certification bodies and scheme owners.
- Technically lead evaluation teams by assigning tasks, reviewing technical deliverables, and ensuring conformance with certification expectations and project timelines.
- Act as a subject-matter expert for hardware-based evaluations, engaging with customers and certification authorities to explain findings and defend evaluation results.
- Provide guidance and mentoring to junior colleagues by reviewing their analysis results and offering coaching rooted in certification scheme expectations.
What skills do I need?
- A completed academic degree (BSc/MSc) in Electrical Engineering, Embedded Systems, or Computer Engineering.
- At least 5 years of technical, hands-on experience in hardware security evaluations, including:
- Security assessments on Smart Cards, Secure ICs, and Secure Sub-Systems in SoC (PP0117).
- Leading and performing fault injection and side-channel analysis, including attack potential rating and threshold testing as per JIL or EMVCo requirements.
- Deep familiarity with Common Criteria, JIL hardware attack methods, or EMVCo Security Evaluation Process.
- Experience in evaluating bootloaders, embedded code, and proprietary protocols.
- Expert-level skills in:
- Embedded programming: Assembly, C, C++
- Hardware design review: PCB schematics, layout files, protection mechanisms
- RTL code analysis: Verilog, VHDL
- Working with hardware security lab equipment: oscilloscopes, lasers, EM probes, FI tooling
- Strong technical documentation and reporting skills; able to translate complex technical findings into certification-ready reports.
- Comfortable working with multidisciplinary teams (hardware, software, crypto, compliance) and interfacing with both technical and scheme-level stakeholders.
- Willing to travel occasionally to customer locations or certification authority meetings across Europe, North America, or Asia