Senior Security Engineer - IOT

Description

Experience :

2–6 years of relevant experience in system security, embedded systems, and vulnerability assessments.

Key Skills :

Firmware Analysis Tools :

Expertise in using firmware analysis tools such as Ghidra , Binwalk , and Radare2 for static and dynamic analysis of firmware images.

Embedded Linux Platforms :

In-depth knowledge of embedded Linux , Yocto , and OpenWRT platforms for secure firmware and OS testing.

Secure Boot & Firmware Update Mechanisms :

Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity.

OS Hardening & Security Configurations :

Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity.

Vulnerability Assessment & CVE Analysis :

Extensive experience with vulnerability assessment frameworks and CVE analysis , identifying and addressing security vulnerabilities in embedded systems.

Debugging & Emulation Tools :

Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior.

SBOM & Secure Update Protocols :

Familiarity with SBOM (Software Bill of Materials) , patch management, and secure update protocols to ensure safe software deployments.

Firmware Reverse Engineering :

Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits.

Penetration Testing Frameworks :

Experience using penetration testing frameworks like Metasploit , Kali Linux , and custom tools for system vulnerability testing.

Custom Test Case Development :

Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems.

Leadership & Mentoring :

Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies.

Technical Writing & Reporting :

Excellent technical writing skills , including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.

Proactive Security Risk Mitigation :

Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

Responsibilities :

Leadership in Security Testing :

Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations.

Test Plan Development & Execution :

Develop and implement comprehensive test plans for secure update and patch validation , ensuring security fixes are applied correctly and without introducing new risks.

Firmware Static & Dynamic Analysis :

Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra , Binwalk , and Radare2 to identify potential vulnerabilities.

Secure Boot & Root of Trust Validation :

Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection.

OS Hardening & Access Control Testing :

Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation.

Vulnerability Identification & Classification :

Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization.

Collaboration with Compliance & Engineering :

Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively.

Custom Attack Simulations :

Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats.

Rollback & Patch Management Testing :

Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality.

Mentoring & Knowledge Sharing :

Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.

CVE Monitoring & Testing Updates :

Monitor relevant CVE feeds , integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.

Reporting & Risk Assessments :

Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.

Regulatory Compliance :

Ensure that all testing activities align with industry standards , including RED 18031 compliance, and adhere to relevant regulatory frameworks.

Secure Lab Environment Maintenance :

Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

Qualifications & Certifications :

Education :

Bachelor's or Master’s degree in Cybersecurity , Embedded Systems , Computer Engineering , or a related field.

Certifications (Preferred) :

OSCP (Offensive Security Certified Professional)

OSCE (Offensive Security Certified Expert)

GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Equivalent certifications in ethical hacking , penetration testing , or embedded system security are also highly valued.

Industry Standards Familiarity :

Familiarity with security frameworks such as ISO / IEC 62443 , RED 18031 , and IoT security frameworks.

Why Join Us?

Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment.

Competitive salary and benefits package.

Career growth opportunities in a fast-paced and dynamic industry.

A strong focus on work-life balance and employee well-being.

Location :

IN-GJ-Ahmedabad, India-Ognaj (eInfochips)

Time Type : Full time

Job Category : Engineering Services