Security Analyst Software

This renowned security lab is an ambitious organization that specializes in embedded security tests for leading international customers from the semiconductor, payment, pay TV, mobile and smart metering industries. It is one of the world's most advanced players in side channel attacks and embedded technology evaluation.

The company has exciting projects, an open office environment and is looking for motivated people who want to take the opportunity to advance security at its headquarters in Delft, the Netherlands.

What is my role?

• The organization evaluates the safety of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The key activities of the review process include analyzing threats and weaknesses by disassembling a device's specifications, code, or hardware, and then developing the necessary tools to attack security. The results are included in a report and we provide recommendations for resolving these issues.
• In addition to evaluation activities, we also carry out other projects, including consultancy work, research, tool development and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the knowledge database to ensure that it is preserved and shared within the organization.
• The work is mainly done at the office in Delft. For some parts of a project, it may be necessary to work for the customer. Depending on the type of assignment and your experience, you will have regular contact with the customer's technical contact person during a project. All communication with our customers is in English.

What skills do I need?

• You are a pleasant colleague who enjoys working together, learning and sharing your knowledge with a team of remote security specialists.
• You are a motivated and creative problem solver who likes to figure things out for yourself, but also knows when to ask for help.
• You enjoy solving problems with your colleagues and customers and are willing to tackle complex problems that our customers have difficulty with.
• You like to delve into the technical details of both the hardware and software of devices and to quickly understand complex systems.
• You are able to perform security assessments without assistance.
• You have an excellent command of the English language, both orally and in writing.
• You have successfully completed a bachelor's or master's degree in computer science, computer engineering or electrical engineering.
• You have at least 2-4 years of work experience.

Software focus

You have at least 2 years of work experience in:

• Experience in detecting vulnerabilities in source code or binary files by manual review and/or reverse engineering.
• Experience with detecting vulnerabilities by means of fuzzing.
• Experience using symbolic execution to detect vulnerabilities.
• Knowledge of embedded system architecture, OS internals, Trusted Execution Environments
• Knowledge of cryptographic algorithms and protocols, whitebox crypto, x509 certificates
• You have practical experience with firmware security
• You have experience in a university environment, but also as a hobbyist at home. It's great when you've played with things and made them do things they shouldn't do.
• Pros:
  • Experience with pre-silicon [hardware] security.
  • Development background and insight into the software development process and customer needs.
  • Experience with payment networks.
  • Operating experience.
  • Experience presenting your research at conferences.

Do you get excited about a firmware image? Or from the full source code of a TEE OS? Do you have experience with IDA Pro, radare2 or Ghidra, and ARM/MIPS? Then you have even more reasons to come and work with us!

Even if you don't meet all of the above criteria, we'd love to meet you.