Embedded Device Security Consultant

🕒 vor 6 Monaten

🇺🇸 Vereinigte Staaten – Remote

💵 $80.000 - $120.000 / Jahr

⏰ Vollzeit

🟡 Mittelstufe

🟠 Senior

👮‍♂️ IT-Sicherheitsingenieur

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

NCC Group

WebsiteLinkedInAlle Stellen

1001 - 5000 Mitarbeiter

Gegründet 1999

🔒 Cybersecurity

🤝 B2B

Cybersecurity • B2B

NCC Group ist ein global tätiges Cyber-Security-Unternehmen, das Organisationen und Regierungen dabei unterstützt, ihre digitale Resilienz durch umfassende Dienstleistungen zu verbessern. Zu den Fähigkeiten gehören technische Absicherung (Anwendungs-, Hardware-, Netzwerk- und Kryptographietests), digitale Forensik und 24/7 Incident Response, Managed Security Services, Bedrohungsaufklärung, Schwachstellenmanagement sowie Beratung zu Strategie, Risiko und Compliance. NCC Group bietet zudem Dienstleistungen wie Bug-Bounty-Programme, Treuhandservices und Schulungen an, um Cyber-Risiken zu reduzieren und eine sichere digitale Transformation zu unterstützen.

Beschreibung

• Perform high-end security evaluations and research for our clients, focused on a range of embedded devices • Work with other team members to deliver high-quality results to IOActive’s clients throughout the world • Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results • Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products • Create tools to assist in project goals • Communicate complex vulnerabilities to both technical and non-technical client staff • Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques • Evangelize IOActive Labs through blogs, white papers, presentations, etc. • Support business development efforts through the scoping of engagements

🎯 Anforderungen

• 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment • Rapid identification of attack surfaces and entry points using implicit threat modeling techniques • Ability to connect and use JTAG/on-chip Debuggers • Low-level C code review • FreeRTOS, Android, Linux kernel drivers, protocol parsing • Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail • Crypto implementation code reviews, specifically for secure boot and code signing • Java, especially Android app side • ARM 32- and 64-bit assembly • Extensive Git/GitHub experience • Wi-Fi/Bluetooth Reverse engineering, specifically firmware • Hardware/embedded system hacking • Vulnerability assessment and penetration testing • Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage • Ability to work independently under deadline • Rigorous attention to detail and strong analytic skills • Ability to write test plans based upon initial impressions and discussions with the team • Comfortable navigating large codebases with minimal guidance • Excellent command of written and spoken English • Comfortable working as part of a multinational and multidisciplinary team • Logical and structured approach to projects

🏖️ Vorteile

• PTO • Holiday • Medical • Dental • Vision • 401(k) match • Long and Short Term Disability • Life Insurance • Employee Assistance Program (EAP) • Business Travel Insurance