Cyber Security Engineer

eInfochips (An Arrow Company):

eInfochips, an Arrow company (A $27.9 B, NASDAQ listed (ARW); Ranked #154 on the Fortune List), is a leading global provider of product engineering and semiconductor design services. 25+ years of proven track record, with a team of over 2500+ engineers, the team has been instrumental in developing over 500+ products and 40M deployments in 140 countries. Company's service offerings include Silicon Engineering, Embedded Engineering, Hardware Engineering & Digital Engineering services. eInfochips services 7 of the top 10 semiconductor companies and is recognized by NASSCOM, Zinnov and Gartner as a leading Semiconductor service provider.

Job Description:

Experience:

5–12 years of relevant experience in system security, embedded systems, and vulnerability assessments.

Key Skills:

Firmware Analysis Tools:

• Expertise in using firmware analysis tools such as
  Ghidra
  ,
  Binwalk
  , and
  Radare2
  for static and dynamic analysis of firmware images.

Embedded Linux Platforms:

• In-depth knowledge of
  embedded Linux
  ,
  Yocto
  , and
  OpenWRT
  platforms for secure firmware and OS testing.

Secure Boot & Firmware Update Mechanisms:

• Proficiency in testing
  secure boot
  processes and
  firmware update
  mechanisms, ensuring integrity and authenticity.

OS Hardening & Security Configurations:

• Strong understanding of
  OS hardening techniques
  and security configurations to mitigate threats and enhance system integrity.

Vulnerability Assessment & CVE Analysis:

• Extensive experience with
  vulnerability assessment frameworks
  and
  CVE analysis
  , identifying and addressing security vulnerabilities in embedded systems.

Debugging & Emulation Tools:

• Proficient in using
  debugging tools
  and
  emulators
  such as
  QEMU
  to analyze embedded system behavior.

SBOM & Secure Update Protocols:

• Familiarity with
  SBOM (Software Bill of Materials)
  , patch management, and
  secure update
  to ensure safe software deployments.
• Firmware Reverse Engineering:
• Expertise in performing
  reverse engineering
  of firmware images to detect vulnerabilities and potential exploits.
• Penetration Testing Frameworks:
• Experience using
  penetration testing frameworks
  like
  Metasploit
  , using distributions like
  Kali Linux
  , and custom tools for system vulnerability testing.
• Custom Test Case Development:
• Ability to
  develop and execute custom test cases
  to simulate real-world attack scenarios and identify potential risks in embedded systems.
• Leadership & Mentoring:
• Strong leadership skills with a proven track record of
  mentoring junior engineers
  and guiding teams in advanced security testing methodologies.
• Technical Writing & Reporting:
• Excellent
  technical writing skills
  , including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.
• Proactive Security Risk Mitigation:
• Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

Responsibilities:

• System-level Vulnerability Assessment and Penetration Testing (VAPT)
  for firmware, operating systems, and embedded software, ensuring thorough security evaluations.

Test Plan Development & Execution:

• Develop and implement comprehensive
  test plans
  for
  secure update
  and
  patch validation
  , ensuring security fixes are applied correctly and without introducing new risks.

Firmware Static & Dynamic Analysis:

• Conduct detailed static and dynamic analysis of
  firmware images
  using tools like
  Ghidra
  ,
  Binwalk
  , and
  Radare2
  to identify potential vulnerabilities.

Secure Boot & Root of Trust Validation:

• Validate
  secure boot
  implementations and
  hardware root of trust
  to ensure system integrity and protection from malicious code injection.

OS Hardening & Access Control Testing:

• Test
  OS hardening configurations
  and
  secure access control mechanisms
  to strengthen system defenses against unauthorized access and exploitation.

Vulnerability Identification & Classification:

• Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as
  CVSS
  for risk assessment and remediation prioritization.

Collaboration with Compliance & Engineering:

• Work closely with compliance and engineering teams to
  prioritize remediation
  efforts, ensuring that vulnerabilities are addressed effectively.

Custom Attack Simulations:

• Develop and execute
  custom test cases
  to simulate
  real-world attack scenarios
  and evaluate the system's resilience against cyber threats.

Rollback & Patch Management Testing:

• Oversee testing of
  rollback
  and
  patch management
  procedures, ensuring that system updates do not compromise security or functionality.

Mentoring & Knowledge Sharing:

• Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.

CVE Monitoring & Testing Updates:

• Monitor relevant
  CVE feeds
  , integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.

Reporting & Risk Assessments:

• Provide detailed
  technical reports
  and
  risk assessments
  to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.

Regulatory Compliance:

• Ensure that all testing activities align with industry
  standards
  , including
  RED 18031
  compliance, and adhere to relevant regulatory frameworks.

Secure Lab Environment Maintenance:

• Maintain a
  secure lab environment
  for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

Qualifications & Certifications:

Education:

• Bachelor's or Master's degree in
  Cybersecurity
  ,
  Embedded Systems
  ,
  Computer Engineering
  , or a related field.

Certifications (Preferred):

• OSCP
  (Offensive Security Certified Professional)
• OSCE
  (Offensive Security Certified Expert)

Why Join Us?

Opportunity to work on cutting-edge technologies.

Lead a high-performing team in a fast-paced, dynamic environment.

Location:
Ahmedabad/Pune

Interested candidates can share resume on