Senior Security Consultant, Embedded Systems

IOActive

$120K — $150K *
Consumer Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in embedded device security or relevant field
  • Proficiency in C, Java, or similar programming languages
  • Experience with firmware reverse engineering and source code review
  • Knowledge of ARM architectures and embedded operating systems
  • Strong skills in vulnerability assessment and penetration testing
  • Excellent communication skills for technical and non-technical audiences
  • Ability to work independently and meet tight deadlines

Responsibilities

  • Investigate logical attack scenarios through code review analyses
  • Develop advanced attacks utilizing cutting-edge methods
  • Create tools to support security evaluation projects
  • Communicate vulnerabilities to diverse client teams
  • Research new attack vectors and develop exploitation techniques
  • Contribute to evangelism efforts through publications and presentations
  • Assist in business development through project scoping

Benefits

  • Opportunity to work with a global leader in embedded security
  • Engagement in high-stakes security evaluations across multiple industries
  • Collaborative work environment with diverse and multidisciplinary teams
  • Ongoing learning and development in a fast-paced field
  • Flexible work arrangements to accommodate project deadlines
Full Job Description
The Embedded Device Security Consultant is responsible for performing high end security evaluations and research focusing on embedded devices, including automobiles, payment devices, mobile phones, medical devices, etc. The consultant will work with other team members to deliver high quality results to IOActive's clients around the world.

The consultant is expected to maintain a high level of expertise regarding known threats and technical advances in embedded security and should be particularly experienced in areas such as C, Java, assembly languages, Open Platform, and EMV standards, and cryptography.

Job Responsibilities

The Embedded Device Security Consultant will undertake security evaluation tasks and duties in order to meet customer requirements and project deadlines. The tasks may include:
  • Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
  • Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
  • Create tools to assist in project goals
  • Communicate complex vulnerabilities to both technical and non-technical client staff
  • Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
  • Evangelize IOActive Labs through blogs, white papers, presentations, etc.
  • Support business development efforts through the scoping of engagements

Job Requirements

Technical Skills
  • Ability to connect and use JTAG/Onchip Debuggers
  • Soldering skills to remove flash chips and solder on test leads
  • Reverse Engineering, specifically Firmware
  • Knowledge of ARM and other embedded microprocessors
  • Knowledge of Linux and other embedded OSs
  • Proficient in at least one mainstream programming language (Java, .NET or C/C++)
  • Hardware/embedded system hacking
  • Development experience in software on embedded products
  • Reverse engineering and source code review experience
  • Vulnerability assessment and penetration testing experience
  • Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage, etc.
  • Knowledge of cryptography is desirable
  • Ability to work independently under deadline
  • Rigorous attention to detail and strong analytic skills
  • Excellent command of written and spoken English
  • Comfortable working as part of a multi-national and multi-disciplinary team
  • Logical and structured approach to projects
  • Five years or more of relevant work experience in high-paced, enterprise environment

Security Skills
  • Reverse engineering and source code review experience
  • Vulnerability assessment and penetration testing experience
  • Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage, etc.
  • Knowledge of cryptography is desirable

Soft Skills
  • Ability to work independently under deadline
  • Rigorous attention to detail and strong analytic skills
  • Excellent command of written and spoken English
  • Comfortable working as part of a multi-national and multi-disciplinary team
  • Logical and structured approach to projects

Additional Experience
  • Five years or more of relevant work experience in high-paced, enterprise environment

Similar Jobs

More Jobs at IOActive

More Consumer Technology Jobs

Find similar Senior Security Consultant, Embedded Systems jobs: