Tech Lead Hardware Security Evaluations

Do you want to oversee the technical quality of evaluation projects in our lab?

This security lab is an ambitious organization that focuses on testing built-in security for leading international customers in various sectors, including the automotive industry, IoT, medical sector, semiconductors, payments, mobile telephony and smart meters. They offer exciting projects and a collaborative work environment and are looking for motivated people who want to play their role in a growing company.

What would my job include?

You are part of a team that evaluates the security of products with built-in smart card technologies. Your main tasks include identifying threats and vulnerabilities by analyzing product specifications, code, or hardware and developing security testing tools. The findings are compiled into reports, along with recommendations to address any issues.

The organization considers sharing knowledge to be essential for innovation and employee development. Time is set aside for personal growth and weekly events are organized to share knowledge. In addition to evaluation activities, the organization also carries out other projects, such as consultancy, research, tool development and training. In order to maintain an advanced laboratory, a continuous internal research and development process is necessary. The knowledge gained from projects is documented in a database that is shared across the organization.

Responsibilities

• Lead and conduct vulnerability analysis and penetration tests on secure hardware products (e.g. secure ICs, secure subsystems in SoCs) in accordance with certification schemes such as Common Criteria (PP0084, PP0117) and EMVCo.
• Design, plan, and document test strategies and test plans that are tailored to the specific requirements of the schedule.
• Perform and supervise error injection (FI) and side-channel analysis (SCA) tests, and analyze collected traces to identify vulnerabilities.
• Conduct in-depth hardware design reviews, including schematics, layout, and countermeasure analysis, to assess resistance to physical and online attacks.
• Analyze and reverse engineer boot loaders, embedded software, and firmware using Assembly, C/C++, and scripting tools.
• Review and evaluate RTL code (e.g., Verilog, VHDL) to identify potential weaknesses at the architectural and implementation levels.
• Document findings in technical reports and certification documents in a clear, structured, and evidence-based manner, suitable for submission to certification authorities and scheme owners.
• Provide technical leadership to review teams by assigning tasks, reviewing technical deliverables, and ensuring they meet certification expectations and project timelines.
• Act as a subject-matter expert for hardware-based evaluations, engaging with customers and certification authorities to explain findings and defend evaluation results.
• Act as subject matter expert for hardware-based evaluations, engaging with customers and certification authorities to explain findings and defend evaluation results.

What skills do I need?

• A completed academic degree (BSc/MSc) in Electrical Engineering, Embedded Systems, or Computer Engineering.
• At least 5 years of technical, hands-on experience into hardware security evaluations, including:

• • Security assessments on Smart Cards, Secure ICs, and Secure Sub-Systems in SoC (PP0117).
  • Leading and performing fault injection and side-channel analysis, including attack potential rating and threshold testing as per JIL or EMVCo requirements.
  • Deep familiarity with Common Criteria, JIL hardware attack methods, or EMVCo Security Evaluation Process.
  • Evaluating experience bootloaders, embedded code, and proprietary protocols.

• Expert-level skills in:

• Embedded programming: Assembly, C, C++
• Hardware design review: PCB schematics, layout files, protection mechanisms
• RTL code analysis: Verilog, VHDL
• Working with hardware security lab equipment: oscilloscopes, lasers, EM probes, FI tooling

• Strong technical documentation and reporting skills; able to translate complex technical findings into certification-ready reports.
• Comfortable working with multidisciplinary teams (hardware, software, crypto, compliance) and interfacing with both technical and scheme-level stakeholders.
• Willing to travel occasionally to customer locations or certification authority meetings across Europe, North America, or Asia