Senior Embedded Systems Security Engineer

About Census

About The Job And Key Responsibilities

Role

Product Security Professional Services

Embedded Systems Security Domain

• – to execute design reviews, implementation assessments and mitigation consulting activities scoped across products of various industries.
• You will work side-by-side with our clients’ development and security teams & partners, under engagements / projects that involve:
• Reviewing product security designs, documenting missing security controls, and driving analysis for security improvements.
• Executing and reviewing threat modelling, attack surface enumeration and attack tree creation activities for embedded system products.
• Researching, reviewing, comparing, and proposing technologies that can satisfy the client’s established requirements, and aligning with their strategies.
• Executing end-to-end security posture assessments via source code auditing, functional testing, fuzz testing and other applicable methodologies.
• Verifying if output implementation is aligned with the products’ security architecture, requirements, and threat model.
• Documenting and presenting product security risks in both technical- and business-oriented language.
• Support a small team (2-3) of security engineers and consultants to successfully assess and research bleeding edge technologies and products.

Minimum Qualifications

• MSc or BSc in Electrical Engineering, Computer Science, Computer Engineering, Electronics Engineering, or equivalent practical experience.
• 4+ years of experience in embedded, general- or special-purpose computer system-level software security. Experience can be an engineering / development position (e.g., consumer or enterprise), an engineering-based consultancy role, an equivalent engineering-based role, or a combination of them.
• Proven experience in developing, auditing, or testing security solutions for embedded, IoT, general computing or mobile / smartphone systems.

Key Skills

• Experience with Embedded Systems, Linux, or Real Time Operating systems security concepts.
• Experience with reviewing and researching system security architecture and engaged technologies.
• Experience with ARM architecture and techniques to debug software running on these platforms.
• Experience with C, C++, Rust, or Assembly (ARM) programming languages in the context of system software (bootloaders, drivers, kernel, system services, etc.).
• Experience with secure boot, firmware & software integrity, OTA updates, and hardware-backed device attestation technologies.
• Experience with cryptographic primitives and cryptographic best practices in the context of system security (inline crypto engines, storage encryption, attestation, HW key rooting, derivation, wrapping/unwrapping, etc.).
• Experience in identifying and reporting security vulnerabilities on system software (memory corruption, side-channel attacks, business logic, etc.).
• Familiarity with HW-backed security features for system hardening and security domains / trust-boundaries separation (MPU, MMU/IOMMU, NX, DAC/MAC, stack canaries, securing heap allocators, etc.).
• Familiarity with TEE, TPM, SE, SPU, and other related technologies to isolate execution of security critical operations.
• Experience of working with international teams in other regions and time zones worldwide.
• Problem solving skills, analytical thinking, and willingness to learn/grow.
• Proficient in English and excellent communication skills.