Senior Security Engineer

Job Description

Key Skills:Firmware Analysis Tools:

- Expertise in using firmware analysis tools such asGhidra,Binwalk, andRadare2for static and dynamic analysis of firmware images.
- Embedded Linux Platforms:
- In-depth knowledge ofembedded Linux,Yocto, andOpenWRTplatforms for secure firmware and OS testing.

Secure Boot Firmware Update Mechanisms:

- Proficiency in testingsecure bootprocesses andfirmware updatemechanisms, ensuring integrity and authenticity.
- OS Hardening Security Configurations:
- Strong understanding ofOS hardening techniquesand security configurations to mitigate threats and enhance system integrity.
- Vulnerability Assessment CVE Analysis:
- Extensive experience withvulnerability assessment frameworksandCVE analysis, identifying and addressing security vulnerabilities in embedded systems.
- Debugging Emulation Tools:
- Proficient in usingdebugging toolsandemulatorssuch asQEMUto analyze embedded system behavior.
- SBOM Secure Update Protocols:
- Familiarity withSBOM (Software Bill of Materials), patch management, andsecure update protocolsto ensure safe software deployments.

Firmware Reverse Engineering:

- Expertise in performingreverse engineeringof firmware images to detect vulnerabilities and potential exploits.
- Penetration Testing Frameworks:
- Experience usingpenetration testing frameworkslikeMetasploit,Kali Linux, and custom tools for system vulnerability testing.
- Custom Test Case Development:
- Ability todevelop and execute custom test casesto simulate real-world attack scenarios and identify potential risks in embedded systems.
- Leadership Mentoring:
- Strong leadership skills with a proven track record ofmentoring junior engineersand guiding teams in advanced security testing methodologies.
- Technical Writing Reporting:
- Excellenttechnical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.
- Proactive Security Risk Mitigation:
- Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.
- Responsibilities:Leadership in Security Testing:
- Leadsystem-level Vulnerability Assessment and Penetration Testing (VAPT)for firmware, operating systems, and embedded software, ensuring thorough security evaluations.
- Test Plan Development Execution:
- Develop and implement comprehensivetest plansforsecure updateandpatch validation, ensuring security fixes are applied correctly and without introducing new risks.
- Firmware Static Dynamic Analysis:
- Conduct detailed static and dynamic analysis offirmware imagesusing tools likeGhidra,Binwalk, andRadare2to identify potential vulnerabilities.
- Secure Boot Root of Trust Validation:
- Validatesecure bootimplementations andhardware root of trustto ensure system integrity and protection from malicious code injection.
- OS Hardening Access Control Testing:
- TestOS hardening configurationsandsecure access control mechanismsto strengthen system defenses against unauthorized access and exploitation.
- Vulnerability Identification Classification:
- Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such asCVSSfor risk assessment and remediation prioritization.
- Collaboration with Compliance Engineering:
- Work closely with compliance and engineering teams toprioritize remediationefforts, ensuring that vulnerabilities are addressed effectively.
- Custom Attack Simulations:
- Develop and executecustom test casesto simulatereal-world attack scenariosand evaluate the systems resilience against cyber threats.
- Rollback Patch Management Testing:
- Oversee testing ofrollbackandpatch managementprocedures, ensuring that system updates do not compromise security or functionality.
- Mentoring Knowledge Sharing:
- Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.
- CVE Monitoring Testing Updates:
- Monitor relevantCVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.
- Reporting Risk Assessments:
- Provide detailedtechnical reportsandrisk assessmentsto stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.
- Regulatory Compliance:
- Ensure that all testing activities align with industrystandards, includingRED 18031compliance, and adhere to relevant regulatory frameworks.
- Secure Lab Environment Maintenance:
- Maintain asecure lab environmentfor all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.
- Qualifications Certifications:
- Education:
- Bachelors or Master s degree inCybersecurity,Embedded Systems,Computer Engineering, or a related field.
- Certifications (Preferred):
- OSCP(Offensive Security Certified Professional)
- OSCE(Offensive Security Certified Expert)
- GXPN(GIAC Exploit Researcher and Advanced Penetration Tester)
- Equivalent certifications inethical hacking,penetration testing, orembedded system securityare also highly valued.