Overview
Senior Security Consultant, Embedded Systems Jobs in Seattle, Washington, USA at IOActive, Inc.
Title: Senior Security Consultant, Embedded Systems
Company: IOActive, Inc.
Location: Seattle, Washington, USA
Type: Full Time
Category: Security (Cybersecurity, Data Security, Information Security)
The Embedded Device Security Consultant is responsible for performing high end security evaluations and research focusing on embedded devices, including automobiles, payment devices, mobile phones, medical devices, etc. The consultant will work with other team members to deliver high quality results to IOActive‘s clients around the world.
The consultant is expected to maintain a high level of expertise regarding known threats and technical advances in embedded security and should be particularly experienced in areas such as C, Java, assembly languages, Open Platform, and EMV standards, and cryptography.
Job Responsibilities
The Embedded Device Security Consultant will undertake security evaluation tasks and duties in order to meet customer requirements and project deadlines. The tasks may include:
Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
Create tools to assist in project goals
Communicate complex vulnerabilities to both technical and non-technical client staff
Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
Evangelize IOActive Labs through blogs, white papers, presentations, etc.
Support business development efforts through the scoping of engagements
Job Requirements
Technical Skills
Ability to connect and use JTAG/Onchip Debuggers
Soldering skills to remove flash chips and solder on test leads
Reverse Engineering, specifically Firmware
Knowledge of ARM and other embedded microprocessors
Knowledge of Linux and other embedded OSs
Proficient in at least one mainstream programming language (Java, .NET or C/C++)
Hardware/embedded system hacking
Development experience in software on embedded products
Reverse engineering and source code review experience
Vulnerability assessment and penetration testing experience
Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage, etc.
Knowledge of cryptography is desirable
Ability to work independently under deadline
Rigorous attention to detail and strong analytic skills
Excellent command of written and spoken English
Comfortable working as part of a multi-national and multi-disciplinary team
Logical and structured approach to projects
Five years or more of relevant work experience in high-paced, enterprise environment
Security Skills
Reverse engineering and source code review experience
Vulnerability assessment and penetration testing experience
Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage, etc.
Knowledge of cryptography is desirable
Soft Skills
Ability to work independently under deadline
Rigorous attention to detail and strong analytic skills
Excellent command of written and spoken English
Comfortable working as part of a multi-national and multi-disciplinary team
Logical and structured approach to projects
Additional Experience
Five years or more of relevant work experience in high-paced, enterprise environment
