Senior Engineer - Embedded Product Security

Work Flexibility: Hybrid<p style="text-align:inherit"></p><p style="text-align:inherit"></p><h1><b><span>What you will do:</span></b></h1><ul><li><p><span>Initial Reconnaissance - Understand product’s internal as well as communication mechanism</span></p></li><li><p><span>Threat Modelling - Identification of Actors and Entity Boundary</span></p></li><li><p><span>Protocol Endpoints - Read/Understand Protocol Specification, Gather Sample Protocol Implementations &amp; Protocol Simulators, Testing with the Simulators and ability to write Scripts to Interact with The device</span></p></li><li><p><span>Firmware Vulnerability Analysis - Firmware Extraction and Analysing Firmware, Vulnerability Analysis, Manual Reversing of Binaries, Understand Firmware Update Process</span></p></li><li><p><span>Hardware Vulnerability Analysis - Identify and analyse Hardware Debug ports, Memory extraction and analysis, Malicious data injection</span></p></li><li><p><span>Manage all facets of Vulnerability Assessment and Penetration testing involving embedded devices.</span></p></li><li><p><span>Perform attacks and identify vulnerabilities on interfaces like USB, Ethernet etc.</span></p></li><li><p><span>Expertise/Familiarity with Hardware &amp; Radio Security Testing:- UART, Wi-Fi testing, MQTT testing, Radio testing, JTAG etc.</span></p></li></ul><p></p><h1><b><span>What you need:</span></b></h1><p></p><p><b><span>Required Qualifications:</span></b></p><ul><li><p><span>Bachelor’s in Software/Electronics Engineering or equivalent degree.</span></p></li><li><p><span>2-7 years of hands-on experience in Vulnerability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc.</span></p></li><li><p><span>Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.</span></p></li></ul><p><br /><b><span>Preferred Qualifications:</span></b></p><ul><li><p><span>Understanding of Cloud based environments like Azure and AWS.</span></p></li><li><p><span>At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.</span></p></li><li><p><span>Must be flexible, independent and self-motivated.</span></p></li><li><p><span>Excellent communication and interpersonal skills.</span></p></li><li><p><span>Good to have: Prior work experience in medical devices. </span></p></li></ul><p style="text-align:inherit"></p><p style="text-align:inherit"></p>Travel Percentage: None<p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p><p></p><p></p><p></p><p></p>