Overview: Riscure, as part of Keysight, is hiring a Security Engineer. As part of the mission statement of the company (driving security forward), Riscure believes that knowledge sharing is key to innovation and evolution of employees.
Responsibilities: We evaluate the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include:
Analyzing threats and weaknesses by taking apart device's specifications, code, or hardware. Developing the necessary tools to attack the security. Documenting results in a report, often alongside recommendations to help solve the problems found. In addition to evaluation work, we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the Riscure knowledge database to ensure it is preserved and shared within Riscure. Parts of a project may require working at the customer's premises. Depending on the type of assignment and your level of experience, you will be in regular contact with a customer's technical liaison during a project.
Qualifications: You have successfully completed an academic course in Information Technology or Electrical Engineering. You have at least 4 years of work experience in:
Programming languages: C, C++, JavaCard, Assembly. Smart Cards, Secure elements, or other embedded devices such as System-on-Chips, and associated applicable test methods (Logical, Fault Injection, and Side Channel Analysis). Dealing with the major security evaluation schemes like Common Criteria, SESIP, EMVCo, or Global Platform. Being responsible for the technical quality of evaluation projects. Ideally, you are used to steering a team of analysts during evaluation activities and leading technical projects. Experience with software development or (security) testing for embedded systems is preferred. Knowledge of (EMV) payment products is an advantage, as is experience with security evaluations, attack techniques, and an interest in hacking products. Knowledge and experience with Java Card evaluations, namely:
Java Card Platform Virtual Machine. Java Card Platform Runtime Environment. Java Card Application Programming Interface. Java Card System Protection Profile - Closed Configuration, BSI-CC-PP-0101-V2-2020. Java Card System Protection Profile - Open Configuration, BSI-CC-PP-0099-V2-2020. Supporting project management in coordinating complex evaluation projects under the given timelines and budgets. Being the technical interface to customers, various ITSEFs, and certification schemes. You are flexible and enjoy traveling to customers in Europe, North America, or Asia occasionally.
#J-18808-Ljbffr