Security Analyst Software Delft

Vacatureomschrijving

This famous security lab is an ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile and smart metering industry. She is one of the world’s most advanced players in the field of side channel attacks and embedded technology evaluation

The company has engaging projects, an open office environment, and they are looking for self-motivated individuals who would like to embrace the opportunity to drive security forward in the headoffice in Delft, The Netherlands

• The organization evaluates the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.
• In addition to evaluation work they carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the knowledge database to ensure it is preserved and shared within the organization.
•  Work is mainly done at the office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communication with our customers is in English.

• You are a pleasant co-worker who likes to collaborate, learn and share your knowledge with a remote team of security specialists.
• You are a self-motivated and creative problem solver who enjoys the struggle of figuring things out yourself but also knows when to ask for help. 
• You are excited at the prospect of problem solving with your colleagues and clients, and are ready to tackle complicated problems our clients struggle to solve. 
• You enjoy digging deep into the technical details of both hardware and software of devices and understanding complex systems fast.
• You are capable of completing security evaluations unassisted.
• You have an excellent command of the English language, verbal and written.
• You have successfully completed a Bachelor or master’s in computer science, Computer Engineering, or Electrical Engineering.
• You have at least 2-4 years of work experience.

You have at least 2 years work experience in:

• Experience in finding vulnerabilities in source code or binaries through manual review and/or reverse engineering
• Experience in fuzzing for vulnerabilities
• Experience using symbolic execution to find vulnerabilities
• Knowledge of embedded system architecture, OS internals, Trusted Execution Environments
• Knowledge of cryptographic algorithms and protocols, whitebox crypto, x509 certificates
• You have hands-on experience with Firmware security
• You are experienced in a college setting, home hobbyist setting. It's great when you messed around with things and made them do what they're not supposed to. 
• Nice to have
  • Experience in pre-silicon [Hardware] security
  • Development background & understanding of client’s software development process and needs
  • Experience with payment networks
  • Experience in exploitation
  • Experience in presenting your research at conferences.

Do you get excited over a firmware image? Or how about the full source of a TEE OS? Do you have experience with IDA Pro, radare2 or Ghidra, and ARM/MIPS? Even more reason to come aboard!

We are interested in speaking with you even if you don’t meet all the criteria detailed above.