Senior Security Analyst - Native Code @ UL
- 9Viewed
- 5In Consideration
- 4Not Selected
Job Details
Skills And Tools:
Job Description
Due to continued expansion, our client's Transaction Security Division is looking to hire an experienced Security Analyst, specializing in Native, or Closed Platform products.
The successful candidate for this position will have significant experience with native code based products (C and Assembly) and is expected to take responsibility for performing security evaluation tasks on our customers’ products – through code review, vulnerability analysis, security test planning and support, and interpretation of test results. The evaluation tasks are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report has to be prepared for the customer, and the Security Analyst is normally the technical coordinator for the entire project.
Security Analysts are expected to maintain a high level of expertise regarding known threats and to follow technical developments in the embedded security arena to protect transaction applications. They will be particularly experienced in C, Java, assembly languages and EMV standards, perhaps with a background in data security and cryptography.
In addition, the Senior Security Analyst role will require someone with demonstrated capability to work creatively and with minimum supervision and will have extensive relevant experience, preferably in the field of secure embedded software development.
Responsibilities:
To undertake security evaluation tasks and duties in order to meet customer requirements and project deadlines. The tasks may include:
- Support for the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations;
- Customer code review: because of stringent confidentiality and security requirements, this often necessitates travel to customer premises in Europe;
- Based on the code review a vulnerability analysis has to be carried out, to determine if the customer product has any potential security weaknesses. Products with OS, JavaCard API, and various applications are typically considered;
- Investigate possible logical attack scenarios.
- Analyze the platform code, develop attack applets and provide support for the security evaluation engineers in charge of product testing – by interpreting the code review findings, orienting the attack paths and analyzing the test results;
- Formal report writing in line with customer and certification scheme requirements;
- Delivery of customer projects on time;
- Develop sophisticated, state-of-the-art attacks with tools and scripts by maintaining a high level of expertise in the latest attack methods against embedded products;
- Contribute to internal work processes by improving tools for evaluation efficiency, report writing and technical training;
- Undertake ad hoc tasks as may be required;
- Any other duties as defined in the local Staff Handbook, client Standards of Business Conduct and the Quality Control Manual.
Job Requirements
- Degree in Computer Science or other technical discipline.
- Cryptography and Data Security knowledge would be advantageous
Experience:
- Extensive experience in software development on embedded products. Payment or security industry, Smart cards experience are desired;
- Extensive experience in C, C++ is required, good knowledge of micro controller architectures and their assembly languages, Java;
- Hands-on experience of native OS, applications and products;
- Rigorous attention to detail.
- Dependable in meeting commitments and deadlines;
- Good commitment, logical and structured approach;
- Creative and analytic skills;
- Strong team player, able to learn from and to train your colleagues;
- Excellent command of written and spoken English; Comfortable working in a multi-national and multi-disciplinary team.
Languages :
- English: fluent / bilingual
