What are the responsibilities and job description for the Embedded Device Security Consultant position at HumanEdge?
Embedded Device Security Consultants are responsible for performing high-end security evaluations and research for our clients, focused on a range of embedded devices. In this role, you will work with other team members to deliver high-quality results to the Company’s clients throughout the world. This position would be based in the US, but we will consider qualified candidates worldwide. Our consultants maintain a high level of expertise regarding known threats and technical advances in embedded security. This position requires expert knowledge in areas such as C, Java, assembly languages, open platforms, and cryptography.
Cyber Security The Embedded Device Security Consultant will undertake advanced level security evaluation tasks and duties in order to meet customer requirements and project deadlines.
Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
Create tools to assist in project goals
Communicate complex vulnerabilities to both technical and non-technical client staff
Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
Evangelize Company Labs through blogs, white papers, presentations, etc.
Support business development efforts through the scoping of engagements
#INDNJ,#ZRNJPA
Cyber Security The Embedded Device Security Consultant will undertake advanced level security evaluation tasks and duties in order to meet customer requirements and project deadlines.
Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
Create tools to assist in project goals
Communicate complex vulnerabilities to both technical and non-technical client staff
Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
Evangelize Company Labs through blogs, white papers, presentations, etc.
Support business development efforts through the scoping of engagements
- Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
- Ability to connect and use JTAG/on-chip Debuggers
- Low-level C code review
- FreeRTOS, Android, Linux kernel drivers, protocol parsing
- Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail
- Crypto implementation code reviews, specifically for secure boot and code signing
- Java, especially Android app side
- ARM 32- and 64-bit assembly
- Extensive Git/GitHub experience
- Wi-Fi/Bluetooth
- Reverse engineering, specifically firmware
- Hardware/embedded system hacking
- Vulnerability assessment and penetration testing
- Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage
- Ability to work independently under deadline
- Rigorous attention to detail and strong analytic skills
- Ability to write test plans based upon initial impressions and discussions with the team
- Comfortable navigating large codebases with minimal guidance
- Excellent command of written and spoken English
- Comfortable working as part of a multinational and multidisciplinary team
- Logical and structured approach to projects
- 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment
#INDNJ,#ZRNJPA
