Senior Security Engineer - IOT

Experience:

6-10 years of relevant experience in system security, embedded systems, and vulnerability assessments.

Key Skills:

Firmware Analysis Tools:

• Expertise in using firmware analysis tools such asGhidra,Binwalk, andRadare2for static and dynamic analysis of firmware images.

Embedded Linux Platforms:

• In-depth knowledge ofembedded Linux,Yocto, andOpenWRTplatforms for secure firmware and OS testing.

Secure Boot Firmware Update Mechanisms:

• Proficiency in testingsecure bootprocesses andfirmware updatemechanisms, ensuring integrity and authenticity.

OS Hardening Security Configurations:

• Strong understanding ofOS hardening techniquesand security configurations to mitigate threats and enhance system integrity.

Vulnerability Assessment CVE Analysis:

• Extensive experience withvulnerability assessment frameworksandCVE analysis, identifying and addressing security vulnerabilities in embedded systems.

Debugging Emulation Tools:

• Proficient in usingdebugging toolsandemulatorssuch asQEMUto analyze embedded system behavior.

SBOM Secure Update Protocols:

• Familiarity withSBOM (Software Bill of Materials), patch management, andsecure update protocolsto ensure safe software deployments.

Firmware Reverse Engineering:

• Expertise in performingreverse engineeringof firmware images to detect vulnerabilities and potential exploits.

Penetration Testing Frameworks:

• Experience usingpenetration testing frameworkslikeMetasploit,Kali Linux, and custom tools for system vulnerability testing.

Custom Test Case Development:

• Ability todevelop and execute custom test casesto simulate real-world attack scenarios and identify potential risks in embedded systems.

Leadership Mentoring:

• Strong leadership skills with a proven track record ofmentoring junior engineersand guiding teams in advanced security testing methodologies.

Technical Writing Reporting:

• Excellenttechnical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.

Proactive Security Risk Mitigation:

• Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

Responsibilities:

Leadership in Security Testing:

• Leadsystem-level Vulnerability Assessment and Penetration Testing (VAPT)for firmware, operating systems, and embedded software, ensuring thorough security evaluations.

Test Plan Development Execution:

• Develop and implement comprehensivetest plansforsecure updateandpatch validation, ensuring security fixes are applied correctly and without introducing new risks.

Firmware Static Dynamic Analysis:

• Conduct detailed static and dynamic analysis offirmware imagesusing tools likeGhidra,Binwalk, andRadare2to identify potential vulnerabilities.

Secure Boot Root of Trust Validation:

• Validatesecure bootimplementations andhardware root of trustto ensure system integrity and protection from malicious code injection.

OS Hardening Access Control Testing:

• TestOS hardening configurationsandsecure access control mechanismsto strengthen system defenses against unauthorized access and exploitation.

Vulnerability Identification Classification:

• Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such asCVSSfor risk assessment and remediation prioritization.

Collaboration with Compliance Engineering:

• Work closely with compliance and engineering teams toprioritize remediationefforts, ensuring that vulnerabilities are addressed effectively.

Custom Attack Simulations:

• Develop and executecustom test casesto simulatereal-world attack scenariosand evaluate the systems resilience against cyber threats.

Rollback Patch Management Testing:

• Oversee testing ofrollbackandpatch managementprocedures, ensuring that system updates do not compromise security or functionality.

Mentoring Knowledge Sharing:

• Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.

CVE Monitoring Testing Updates:

• Monitor relevantCVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.

Reporting Risk Assessments:

• Provide detailedtechnical reportsandrisk assessmentsto stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.

Regulatory Compliance:

• Ensure that all testing activities align with industrystandards, includingRED 18031compliance, and adhere to relevant regulatory frameworks.

Secure Lab Environment Maintenance:

• Maintain asecure lab environmentfor all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

Qualifications Certifications:

Education:

• Bachelors or Master s degree inCybersecurity,Embedded Systems,Computer Engineering, or a related field.

Certifications (Preferred):

• OSCP(Offensive Security Certified Professional)
• OSCE(Offensive Security Certified Expert)
• GXPN(GIAC Exploit Researcher and Advanced Penetration Tester)
• Equivalent certifications inethical hacking,penetration testing, orembedded system securityare also highly valued.
• Industry Standards Familiarity:
• Familiarity with security frameworks such asISO/IEC 62443,RED 18031, andIoT securityframeworks.

Why Join Us :

Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment.

• Competitive salary and benefits package.
• Career growth opportunities in a fast-paced and dynamic industry.
• A strong focus on work-life balance and employee well-being.