Security Evaluator - Fault injection

Company Description

SGS Brightsight is the largest independent security evaluation lab in the world, with seven accredited labs worldwide.

SGS Brightsight supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.

Job Description

SGS Brightsight in Meyreuil is looking for a Senior Fault Injection Evaluator. The appointed candidate will join a multidisciplinary team to execute penetration tests within security evaluations on state-of-the-art products. Security evaluations include a variety of tests from which the security of products can be assessed. One of the most powerful techniques is known as fault injection. Fault injection attacks aim to modify a device's behavior in order to bypass protections and get access to protected assets. Many types of fault injection attack methods have been developed over recent decades, posing a critical threat for modern secured products. Fault injection security evaluators use a wide range of attack methods to evaluate a product’s security. As part of the team, the appointed candidate will execute fault injection tasks ranging from understanding potential vulnerabilities, following procedures and scheme specifications, scripting, performing attacks and reporting the results. Additionally, you will be responsible for maintaining the quality of the pen-test laboratory together with the rest of the team. This job also requires that you communicate doubts, issues and results to internal entities such as the Lead Evaluator, the Project Manager or the Lab Manager, and other evaluators.

Qualifications

Must:

• You have a Bachelor’s or Master’s degree in a technical field of study (computer science, telecommunications, electronics, physics, mathematics)
• You are familiar with electronic laboratory equipment such as oscilloscopes, function generators, logic analyzers, etc.
• You are familiar with fault injection and sidechannel concepts and techniques
• You are familiar with the most common cryptographic algorithms (DES, AES, RSA, ECDSA)
• You have programming skills, preferably in JavaScript or other similar programming language You have English language skills
• You have attention to detail, are methodical and eager to learn!

Desired:

• Knowledge of payment protocols such as EMVCo, MasterCard, Visa, AMEX...
• Knowledge/experience of smartcards, HSM, ARM, cryptography
• Knowledge/experience in source code review and vulnerability analysis

Additional Information

WHY WORK FOR SGS BRIGHTSIGHT?

SGS Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment