Talent.com
Senior Security Engineer - IOT

Senior Security Engineer - IOT

ConfidentialPune, Ahmedabad
30+ days ago
Job description

Key Skills : Firmware Analysis Tools :

  • Expertise in using firmware analysis tools such as Ghidra ,  Binwalk , and  Radare2  for static and dynamic analysis of firmware images.
  • Embedded Linux Platforms :
  • In-depth knowledge of embedded Linux ,  Yocto , and  OpenWRT  platforms for secure firmware and OS testing.

Secure Boot Firmware Update Mechanisms :

  • Proficiency in testing secure boot  processes and  firmware update  mechanisms, ensuring integrity and authenticity.
  • OS Hardening Security Configurations :
  • Strong understanding of OS hardening techniques  and security configurations to mitigate threats and enhance system integrity.
  • Vulnerability Assessment CVE Analysis :
  • Extensive experience with vulnerability assessment frameworks  and  CVE analysis , identifying and addressing security vulnerabilities in embedded systems.
  • Debugging Emulation Tools :
  • Proficient in using debugging tools  and  emulators  such as  QEMU  to analyze embedded system behavior.
  • SBOM Secure Update Protocols :
  • Familiarity with SBOM (Software Bill of Materials) , patch management, and  secure update protocols  to ensure safe software deployments.

    • Firmware Reverse Engineering :

  • Expertise in performing reverse engineering  of firmware images to detect vulnerabilities and potential exploits.
  • Penetration Testing Frameworks :
  • Experience using penetration testing frameworks  like  Metasploit ,  Kali Linux , and custom tools for system vulnerability testing.
  • Custom Test Case Development :
  • Ability to develop and execute custom test cases  to simulate real-world attack scenarios and identify potential risks in embedded systems.
  • Leadership Mentoring :
  • Strong leadership skills with a proven track record of mentoring junior engineers  and guiding teams in advanced security testing methodologies.
  • Technical Writing Reporting :
  • Excellent technical writing skills , including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.
  • Proactive Security Risk Mitigation :
  • Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.
  • Responsibilities : Leadership in Security Testing :
  • Lead system-level Vulnerability Assessment and Penetration Testing (VAPT)  for firmware, operating systems, and embedded software, ensuring thorough security evaluations.
  • Test Plan Development Execution :
  • Develop and implement comprehensive test plans  for  secure update  and  patch validation , ensuring security fixes are applied correctly and without introducing new risks.
  • Firmware Static Dynamic Analysis :
  • Conduct detailed static and dynamic analysis of firmware images  using tools like  Ghidra ,  Binwalk , and  Radare2  to identify potential vulnerabilities.
  • Secure Boot Root of Trust Validation :
  • Validate secure boot  implementations and  hardware root of trust  to ensure system integrity and protection from malicious code injection.
  • OS Hardening Access Control Testing :
  • Test OS hardening configurations  and  secure access control mechanisms  to strengthen system defenses against unauthorized access and exploitation.
  • Vulnerability Identification Classification :
  • Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS  for risk assessment and remediation prioritization.
  • Collaboration with Compliance Engineering :
  • Work closely with compliance and engineering teams to prioritize remediation  efforts, ensuring that vulnerabilities are addressed effectively.
  • Custom Attack Simulations :
  • Develop and execute custom test cases  to simulate  real-world attack scenarios  and evaluate the systems resilience against cyber threats.
  • Rollback Patch Management Testing :
  • Oversee testing of rollback  and  patch management  procedures, ensuring that system updates do not compromise security or functionality.
  • Mentoring Knowledge Sharing :
  • Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.
  • CVE Monitoring Testing Updates :
  • Monitor relevant CVE feeds , integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.
  • Reporting Risk Assessments :
  • Provide detailed technical reports  and  risk assessments  to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.
  • Regulatory Compliance :
  • Ensure that all testing activities align with industry standards , including  RED 18031  compliance, and adhere to relevant regulatory frameworks.
  • Secure Lab Environment Maintenance :
  • Maintain a secure lab environment  for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.
  • Qualifications Certifications :
  • Education :
  • Bachelors or Master s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field.
  • Certifications (Preferred) :
  • OSCP  (Offensive Security Certified Professional)
  • OSCE  (Offensive Security Certified Expert)
  • GXPN  (GIAC Exploit Researcher and Advanced Penetration Tester)
  • Equivalent certifications in  ethical hacking ,  penetration testing , or  embedded system security  are also highly valued.

    • Skills Required

    Network Security, Vulnerability Assessment, Penetration Testing

    Create a job alert for this search

    Senior Security Engineer • Pune, Ahmedabad