At the heart of cyber innovation - creating a more secure digital future

Embedded Device Security Consultant

Security EngineerSecurity EngineerFull TimeRemoteTeam 1,001-5,000Since 1999H1B SponsorCompany Site LinkedIn

Location

United States

Posted

111 days ago

Salary

$80K - $120K / year

Bachelor Degree3 yrs expEnglishAndroidAssemblyJavaLinux

Job Description

• Perform high-end security evaluations and research for our clients, focused on a range of embedded devices • Work with other team members to deliver high-quality results to IOActive’s clients throughout the world • Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results • Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products • Create tools to assist in project goals • Communicate complex vulnerabilities to both technical and non-technical client staff • Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques • Evangelize IOActive Labs through blogs, white papers, presentations, etc. • Support business development efforts through the scoping of engagements

Job Requirements

3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment
Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
Ability to connect and use JTAG/on-chip Debuggers
Low-level C code review
FreeRTOS, Android, Linux kernel drivers, protocol parsing
Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail
Crypto implementation code reviews, specifically for secure boot and code signing
Java, especially Android app side
ARM 32- and 64-bit assembly
Extensive Git/GitHub experience
Wi-Fi/Bluetooth Reverse engineering, specifically firmware
Hardware/embedded system hacking
Vulnerability assessment and penetration testing
Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage
Ability to work independently under deadline
Rigorous attention to detail and strong analytic skills
Ability to write test plans based upon initial impressions and discussions with the team
Comfortable navigating large codebases with minimal guidance
Excellent command of written and spoken English
Comfortable working as part of a multinational and multidisciplinary team
Logical and structured approach to projects