Mobile Software Security Evaluator

Brightsight provides evaluation and certification services to companies around the world. Our laboratories and global network provide specialist Cyber Security testing and certification services for digital products, networked systems and online services. We provide a one-stop-shop approach for all Cyber Security certification matters, offering a comprehensive range of services to help manufacturers and suppliers comply with international, national and industry standards.

Job Description

Mobile devices are ubiquitous in everyday life. They provide our modern society with an endless range of applications and advantages. Some of these mobile devices, however, are used to handle sensitive information such as personal, financial or even medical data. Such data needs to be adequately secured and protected.

We are looking for Mobile Software Security Evaluators. We will not only consider skilled individuals with years of experience with software security for mobile devices, but also recent graduates seeking to start a successful professional journey. Above all, we want people who are passionate about software security.

What are you going to do?

• You will be part of a multidisciplinary team of international experts evaluating the security of cutting-edge mobile devices solutions (e.g., mobile payment, content protection and biometric authentication).
• You will thoroughly examine the software-based security implementations of mobile and other connected devices on platforms such as Android, embedded Linux or iOS.
• This includes analysing how a given solution works, performing code reviews and executing practical penetration testing to identify potential vulnerabilities.
• You will work in a state-of-the-art laboratory to instrument code binaries using advanced reverse engineering techniques and investigate the extent to which security protections can be circumvented.
• You will also participate in R&D projects in the context of mobile software-based security by developing and replicating new attacks, increasing the efficiency of the evaluations, etc.

Qualifications

Your hard skills

• Software Security BS degree or higher (MSc, PhD) in Computer Science, or disciplines such as Electronics, Physics or Mathematics, or proven work experience as a software security engineer.
• Good knowledge of mobile platform environments such as Android, embedded Linux or iOS, their security principles, and related coding languages (Java, C, C++, assembly).
• Familiarity with technical concepts behind mobile platform technologies, particularly controller architectures (ARM, x86).
• Familiar with reverse engineering on binaries and applications, including static and dynamic software reverse engineering analysis tools.
• Knowledge of techniques, standards and state-of-the-art capabilities for authentication, cryptography, security vulnerabilities and counter measures is highly desired.
• A willingness to learn in a fast pace changing environment.
• A keen interest in all aspects of security research and development.

Your soft skills

• You can work both individually and together with fellow team members.
• You never give up, but know when you’ve done enough; security analysis of mobile applications requires perseverance and resourcefulness.
• You never get tired of learning new concepts and stay up to date with the latest developments and publications; you are eager to use creativity to do new things every day.
• You enjoy working collaboratively, getting the best out of a team, and bring organisation and accountability to deliver thorough and adequate security evaluations.
• Good writing and communication skills in English are essential, as evaluations are concluded by writing a detailed evaluation report.

Additional Information

SGS Brightsight provides a very good training program, from the basics to expert level. We offer a supportive work environment that fosters professional growth and development. We offer a competitive salary package based on the candidate.

• Be part of a multicultural team with highly motivated colleagues from all over the world.
• Work for the recognized global leader in security evaluations.
• Work with all major developers on their latest innovations.
• Enjoy an informal and intellectually challenging work environment.