Security Engineer - IOT

What We Look For

– Your expertise is your primary qualification, not your degree or certification

– Papers you have written, tools you have developed are your references

– Your published exploits, your CTF scores and hall of fame listings are the testimonies of your work

– Your research papers published and presented at conferences

– Ability to think like an adversary, identify potentially vulnerable spots in design implementations.

–Hands on knowledge of x86 and ARM server platform architecture and ability to read and understand x86 and ARM assembly.

– Hands on experience with disassemblers/decompilers (e.g. IDA Pro, HexRays, Ghidra, Radare, objdump, GDB etc.)

– Practical knowledge of cryptographic algorithms/ standards and basic knowledge of data structures and distributed systems.

– Hands on knowledge with memory corruption bugs (Stack/Heap/Integer buffer overflows, format strings). Exploiting stack overflows with basic protections enabled on Windows and Linux.

– Hands on experience with analogue and digital electronics and ability to understand complex schematic diagrams.

– Ability to communicate on, monitor, and debug common embedded communications interfaces such as JTAG, SPI, I2C, UART, SWD, USB etc.

– Ability to use common hardware lab tools (e.g. soldering iron, logic analyzer, oscilloscope, function generator, power supply etc.)

– Practical experience with Hardware attacks like side channel, fault injection. Past experience with hardware attack tools for e.g., chip whisperer is highly desirable.

– Practical Knowledge of Linux OS internals. Proficiency in Bash and ability to self-teach any language, given appropriate resources to study and practice.

– Ability to participate in Web or network penetration tests, practical knowledge of common web flaws (SQL injection, XSS, SSRF, upload/download abuse, RCE)

– Experience with micro-architectural attacks, Return oriented programming attacks etc.

– Practical experience with cache side-channel, Spectre, Meltdown or Rowhammer attacks.

– Experience with Static/Dynamic analysis and fuzzing.

What You Will Do

– Reverse Engineering circuits

– Securing Embedded Devices based on various chipsets (Qualcomm, Mediatek, Unisoc, ZTE etc)

– Collect evidence and maintain a detailed write-up of the findings

– Explain and demonstrate vulnerabilities to system owners

– Design, develop, and implement existing and new classes of attacks.

– Contribute to product security by testing, developing, and integrating security technologies while investigating new ones.

– Design, develop, implement and test security solutions with cost, performance and reliability in mind.

– Provide appropriate remediation and mitigations of the identified vulnerabilities

– Individually or collaboratively review the system designs, source code, configurations, communications for security gaps.

– Deliver results within stipulated timelines.

– Sharpen your saw with continuous research, learning, training on the latest tools and techniques, keeping up with new research and sharing the same with the ecosystem.

– Communicate well using verbal and written skills, within and out of the team