Security Evaluator - Embedded Code Reviewer

Barcelona
Permanente
Tiempo completo

Hace 17 días

Company DescriptionSGS Brightsight is part of SGS - the world's leading testing, inspection and certification company. At SGS Brightsight, we support companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.Job DescriptionSGS Brightsight in Barcelona is looking for Senior and Junior Source Code Reviewers. The candidate will join a multidisciplinary team to execute security evaluations on state-of-the-art products. We are looking for people with a fascination for IT security. You will join a multidisciplinary team to execute security evaluations on state-of-the-art products such as, trusted execution environment, hypervisor, real time operating systems, artificial intelligence, secure elements, network devices, key managers, hardware security modules etc.Responsibilities:

Conduct thorough code and design reviews of high-assurance embedded software searching for potential vulnerabilities that could be exploited using logic (e.g. fuzzing, stack overflows etc.) and physical means (side-channel, fault injection etc.)
Create a vulnerability analysis based on your code review findings and the state-of-the-art security techniques
Design a test plan and supervise or conduct it using our high-tech lab equipment
Design and implement new attack methods

QualificationsMust:

You have a Bachelor's or Master's degree in a technical field of study (computer science, telecommunications, electronics, physics, mathematics)
You have knowledge/experience in code review/development for assembler, C and Java
You have knowledge/experience in applied cryptography (AES, DES, RSA, ECC etc.)
You can work independently and collaboratively in a team environment
You have strong analytical and problem-solving skills with a keen attention to detail
You have English language skills

Desirable:

Knowledge in payment protocols such as EMVCo, MasterCard, Visa, AMEX etc.
Knowledge/experience in Smartcards, HSM, ARM, cryptography, TEE, hypervisors etc.
Knowledge of side-channel and fault injection concepts and techniques
Experience in security bug finding and exploitation
Familiarity with industry-specific standards and regulations for embedded systems, such as MISRA C
Knowledge of software testing methodologies, tools and frameworks used in the embedded domain (e.g. Common Criteria, SESIP, PSA, etc.)
Solid understanding of embedded systems development principles and practices

Additional InformationSGS Brightsight provides a very good training program, from the basics to expert level We offer a supportive work environment that fosters professional growth and development We offer a competitive salary package based on the candidate.At SGS Brightsight you will:

Be part of a multicultural team with highly motivated colleagues from all over the world
Work for the recognized global leader in security evaluations
Work with all major developers on their latest innovations
Enjoy an informal and intellectually challenging work environment

SGS

Solicitar