Embedded source code reviewer

Company Description

SGS Brightsight is the largest independent security evaluation lab in the world, with seven accredited labs worldwide.

SGS Brightsight supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.

Job Description

We are looking for people with a fascination for IT security. You will join a multidisciplinary team to execute security evaluations on state-of-the-art products such as, Trusted Execution Environment, Hypervisor, Real Time Operating Systems, Artificial intelligence, Secure elements, network devices, key managers, Hardware Security Modules...

What will you do?

• Conducting thorough code and design reviews of high-assurance embedded software searching for potential vulnerabilities that could be exploited using logic (e.g. fuzzing, stack overflows...) and physical means (side channel, fault injection...).
• Creating a vulnerability analysis based on your code review findings and the cyber security state of the art.
• Designing a test plan and supervising or conducting it using our high-tech lab equipment.
• Design and implement new attack methods

Qualifications

Must

• Bachelor's or master's degree in a technical field of study (Computer science, Telecommunications, electronics, physics, mathematics).
• Knowledge/experience in code review/development for assembler, C and java
• Knowledge/experience in applied cryptography (AES, DES, RSA, ECC...)
• Ability to work independently and collaboratively in a team environment.
• Strong analytical and problem-solving skills with a keen attention to detail.
• English language skills required.

Desired

• Knowledge in payment protocols such as EMVCo, MasterCard, Visa, AMEX...
• Knowledge/experience in Smartcards, HSM, ARM, cryptography, TEE, Hypervisors...
• Knowledge of Side-Channel and fault injection concepts and techniques.
• Experience in security bug finding and exploitation.
• Familiarity with industry-specific standards and regulations for embedded systems, such as MISRA C.
• Knowledge of software testing methodologies, tools, and frameworks used in the embedded domain (e.g., Common Criteria, SESIP, PSA...).
• Solid understanding of embedded systems development principles and practices.

Additional Information

WHY WORK FOR SGS BRIGHTSIGHT?

SGS Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment