Security Engineer 4
Role details
Job location
Tech stack
Job description
- Perform design reviews in accordance with security certification requirements (e.g., SESIP, GlobalPlatform).
- Perform code reviews and structured vulnerability analysis in accordance with security certification requirements.
- Provide guidance and mentoring to colleagues by reviewing their analysis results and offering coaching rooted in certification scheme expectations.
- Translate vulnerability analysis findings into clear and actionable input for the security testing team, aligning results with applicable scheme thresholds and evaluation metrics.
- Perform embedded testing on devices under evaluation e.g. firmware reversing, MITM, interface probing, etc.
- Lead the technical aspects of evaluation projects by coordinating with the project manager to ensure compliance, technical rigor, and timely delivery.
Requirements
-
Minimum of 4 years of experience in the security evaluation domain, specifically:
-
Proven proficiency in at least two of the following: C, C++, Assembly.
-
Experience with secure embedded systems, such as Smart Cards, Secure Elements, System-on-Chips (SoCs), Trusted Execution Environments, smart light, remote control, ECUs, etc.
-
Experience doing projects for Security Certification. Experience in SESIP/PSA experience is good to have.
-
Good understanding of low-level computer architecture, security concepts, embedded system architecture, OS internals, Trusted Execution Environments.
-
Good understanding of practical cryptography algorithms and protocols.
-
Excellent interpersonal and communication skills; thrives in team environments with diverse stakeholders (technical teams, evaluators, and customers).
-
Willingness to occasionally travel to clients or certification bodies in Europe, North America, or Asia.