Principal Hardware Security Engineer

Itron is revolutionizing how utilities and cities manage energy and water. We are committed to creating a more sustainable, resourceful world. Join us.

In this role as a Principal Hardware Security Engineeryou will be focused on penetration testing and deep technical assessments of our Company's hardware and embedded devices. You will discover potential vulnerabilities in our environments, catalog vulnerabilities, and highlight solutions to vulnerabilities and steps to remediate those findings.

Duties and Responsibilities:

We are looking to you to clearly explain security vulnerabilities and articulate business impact risk to both technical and non-technical audiences.

If you enjoy deep technical testing, reverse engineering, coaching/mentoring associate consultants, and driving new security initiatives then we want to speak with you!

Required Skills and Experience:

• Minimum 12 years Linux shell experience at the root admin level

• Reading and understand schematics for embedded designs

• Understanding the interfaces used for debug and development (console, JTAG, SWD)

• Experience with at least one JTAG debugging adapter tool like JLINK

• Understand how to intercept data in motion and at rest (RAM/ROM,FLASH. UART)

• C/C programming proficiency (both reading and writing code)

• Demonstrated experience capturing firmware images from embedded or IoT devices

• Use of tools such as binwalk, to unpack and examine firmware images

• Demonstrated experience with soldering and removing board components

• JTAG, SPI, I2C, and other serial-based connection creation experience

• Firmware reverse engineering proficiency

• Experience emulating software using tools (e.g., Qemu, ARM emulators)

• Fault Injection experience

• OpenOCD (open source JTAG tool)

• Knowledge of 32- or 64-bit architectures

• Knowledge of exotic filesystems, or kernel-less OSes

• Working knowledge of oscilloscopes, logic analyzers, and multi-meters

• Reading schematics and tech design documents

• Exposure to RTOS and other non-Linux environments

Preferred Skills and Experience:

• Understand wireless protocols in the 802.1x family (e.g., Zigbee, Bluetooth)

• Understand tamper-proofing of systems and potential circumvention methods

• Understand the basics of fault injection and common side-channels

• Understanding of bytecode and flashing a custom firmware

• Experience analyzing side-channel attacks (e.g., power consumption, Electromagnetic Interference)

• Arduino or Raspberry Pi development

• Ability to use FPGAs and develop software for them

This is a hybrid-remote position based in Raleigh, NC . You'll be expected to be onsite part time to utilize and manage our lab. Due to this it is best if you are located in a drivable distance from our Raleigh, NC office.

#LI-MB1

Itron is committed to building an inclusive and diverse workforce and providing an authentic workplace experience for all employees. If you are excited about this role but your past experiences don't perfectly align with every requirement, we encourage you to apply anyway. In the end, you may be just who we are looking for!

The successful candidate's starting salary will be determined based on permissible, non-discriminatory factors such as skills and experience.

Itron is proud to be an Equal Opportunity, Affirmative Action Employer. If you require an accommodation to apply, please contact a recruiting representative at 1-800-635-5461 or email Accessibility@itron.com.

Itron enables utilities and cities to safely, securely and reliably deliver critical infrastructure solutions. We provide smart networks, software, services, meters, and sensors to better manage electricity, gas, water and city services. We are dedicated to creating a more resourceful world.