Embedded Device Security Consultant

🕒 il y a 6 mois

🇺🇸 États-Unis – Télétravail

💵 $80 000 - $120 000 / an

⏰ Temps Plein

🟡 Intermédiaire

🟠 Senior

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

NCC Group

Site WebLinkedInTous les Emplois

1001 - 5000 employés

Fondée en 1999

🔒 Cybersecurity

🤝 B2B

Cybersecurity • B2B

NCC Group est une entreprise mondiale de cybersécurité qui aide les organisations et les gouvernements à améliorer leur résilience numérique grâce à des services de bout en bout. Ses capacités incluent l'assurance technique (tests d'applications, de matériel, de réseau et de cryptographie), la criminalistique numérique et la réponse aux incidents 24/7, des services de sécurité gérés, du renseignement sur les menaces, la gestion des vulnérabilités et le conseil en stratégie, risque et conformité. NCC Group propose également des services tels que des programmes de récompense pour la découverte de bugs, des services de séquestre et des formations pour réduire le risque cyber et soutenir la transformation numérique sécurisée.

Description

• Perform high-end security evaluations and research for our clients, focused on a range of embedded devices • Work with other team members to deliver high-quality results to IOActive’s clients throughout the world • Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results • Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products • Create tools to assist in project goals • Communicate complex vulnerabilities to both technical and non-technical client staff • Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques • Evangelize IOActive Labs through blogs, white papers, presentations, etc. • Support business development efforts through the scoping of engagements

🎯 Exigences

• 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment • Rapid identification of attack surfaces and entry points using implicit threat modeling techniques • Ability to connect and use JTAG/on-chip Debuggers • Low-level C code review • FreeRTOS, Android, Linux kernel drivers, protocol parsing • Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail • Crypto implementation code reviews, specifically for secure boot and code signing • Java, especially Android app side • ARM 32- and 64-bit assembly • Extensive Git/GitHub experience • Wi-Fi/Bluetooth Reverse engineering, specifically firmware • Hardware/embedded system hacking • Vulnerability assessment and penetration testing • Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage • Ability to work independently under deadline • Rigorous attention to detail and strong analytic skills • Ability to write test plans based upon initial impressions and discussions with the team • Comfortable navigating large codebases with minimal guidance • Excellent command of written and spoken English • Comfortable working as part of a multinational and multidisciplinary team • Logical and structured approach to projects

🏖️ Avantages

• PTO • Holiday • Medical • Dental • Vision • 401(k) match • Long and Short Term Disability • Life Insurance • Employee Assistance Program (EAP) • Business Travel Insurance