TS Senior Security Analyst

The TS Senior Security Analyst performs test activities and manages the internal or external customer independently. The TS Senior Security Analyst is responsible for customer satisfaction of the test deliverables and enables a smoothly running testing, validation or certification process. This includes using test automation tools, analyzing and validating test results and reporting to the customer. The TS Senior Security Analyst participates in evaluating the security of IT products, such as network device, encryption software, mobile devices, payment terminals, e-Passports, smartcards, etc. based on certain scheme requirement, such as Common Criteria, Common.SECC etc. This will include the development document review, IT products analysis, the development and the realization of penetration test, the support and training of evaluation engineers. 

• Support the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations.
• Customer code review: due to stringent confidentiality and security requirements, it often requires traveling to customer premises.
• Perform software penetration testing for evaluation with regards to reverse engineering (static and dynamic) and protocol attacks.
• Based on the code review a vulnerability analysis has to be carried out, to determine if the customer product has any potential security weaknesses.
• Investigate possible logical attack scenarios.
• Provide support for the security evaluation engineers in charge of product testing  by interpreting the code review findings, orienting the attack paths and analyzing the test results.
• Formal report writing in line with customer and certification scheme requirements.
• Delivery of customer projects on time.
• Develop sophisticated, state-of-the-art attacks with tools and scripts by maintaining a high level of expertise in the latest attack methods against embedded products.
• Maintains/improves technical knowledge by attending educational workshops, reviewing professional publications, obtaining applicable certifications and participating in professional societies and cross-departmental task forces.
• Contribute to internal work processes by improving tools to evaluate efficiency, report writing and technical training.
• Read and follow the Underwriters Laboratories Code of Conduct and follow all physical and digital security practices.
• Performs other duties as directed.

• Master or Bachelor level degree (or equivalent) in Information Technology, Cryptography, Computer Science or equivalent proving your analytical skills and technical approach. 

• Minimum 5 to 8 years’ information security, testing inspection certification working experience, Common Criteria evaluation experience is the best and ISO 27001 auditing will be an advantage. 

• Possessing CISM / CISA / CISSP Certification or related is an added advantage. 

• COMMON CRITERIA NETHERLANDS EVALUATOR (under NSCIB) Certified is an added advantage. 

• Experience in evaluating/testing/developing Smartcard and similar devices: IC, SoC, MCU, Embedded Software will be an advantage. 

• Experience in developing and improving the cryptographic side-channel and fault injection attacks of the UL Laboratory homemade attack tools. 

• Comfortable in analyzing various standards, frameworks and regulations 

• Comfortable in trying yourself in new areas without necessarily knowing everything and can figure out things as you go. 

• Like working towards a larger goal and willing to take the initiative in your own hands. 

• Good at communicating and can convey messages to both technical and business audiences. 

• High analytical skills, attention to detail.   

• Able to make decisions independently under certain scenarios, such as during site audit in customer site. 

• Ability to work independently, to be innovative and creative.  

• Ability to communicate with clarity and efficiency.  

• Enjoys working in a team and engaging their colleagues. 

A global leader in applied safety science, UL Solutions (NYSE: ULS) transforms safety, security and sustainability challenges into opportunities for customers in more than 110 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers’ product innovation and business growth. The UL Mark serves as a recognized symbol of trust in our customers’ products and reflects an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage.