Offensive Cybersecurity Engineer
Casablanca, MA, 20270
IDEMIA
We make it safer and easier for people to pay, connect, be identified, access, travel and stay safe in the physical and digital worlds.
Since our founding, IDEMIA has been on a mission to unlock the world and make it safer through our cutting-edge identity technologies. Our technology leadership makes us the partner of choice for hundreds of governments and thousands of enterprises in over 180 countries, including some of the biggest and most influential brands in the world. In applying our unique expertise in biometrics and cryptography, we enable our clients to unlock simpler and safer ways to pay, connect, access, identify, travel and protect public places – at scale and in total security.
Our teams work from 5 continents and speak 100+ different languages. We strongly believe that our diversity is a key driver of innovation and performance.
Purpose
Inside the penetration testing team of IPS, you will perform pentest and security audits of IDEMIA IPS Products and Programs on a wide variety of scope. You will help ensure that the products and programs of IPS are safe and help the engineering secure their deliveries to customers. Your perimeter of action will help you put your skills to test and grow your experience toward a variety of scopes: mobile apps (Android and iOS), Web apps and API, fat clients (Windows, Linux, macOS), network infrastructure classical or cloud (AWS/Azure), and embedded devices (Linux and proprietary OS).
Key Missions
As an offensive cybersecurity officer, you are executing technical evaluations of products and programs developments. You will identify vulnerabilities and propose remediation actions. You may have to use different types of security assessment depending on the perimeter (pentest, code review, configuration audit, etc.).
Security audit realization:
- Define pentest and audit strategy
- Execute and document pentest and security audits on different environments
- Define attack scenario and achieve attacks on targeted environment
- Achieve code review on the targeted components
- Adopt a global vision of the system to pentest/audit
- Collect configuration elements on equipment to review their security configurations
Perform vulnerability assessment and technical control continuously or automatized:
- Discuss with different teams to evaluate the impacts for the business of detected vulnerabilities
- Redact report containing an analysis and root cause of the vulnerabilities identified; highlight risks and business impacts
- Define recommendation to allow remediating risks associated with identified vulnerabilities.
- Help development and operational team implement technical recommendations
Ensure technical watch:
- Ensure permanent watch on attack scenario, new threats and associated vulnerabilities and on development of new tests contexts
- Develop Tools used for pentest and audits
- Identify new means to detect new breach
Profile & Other Information
- Master embedded pentesting techniques
- Vulnerability research in binaries e.g. memory manipulation
- Methodology to pentest an embedded operating system
- Reverse engineering
- Hardware attacks
- Knowledge of web application pentest technique : OWASP methodology
- Knowledge of mobile application pentest technique: Android and iOS
- Operating system intrusion in Linux (embedded or not), windows is a plus
- Network protocol security : capable of performing network attacks
- Applicative layer security
- Scripting
- Technology watch and security trends study
- Synthetic mind with ability to vulgarize to non-technical public
- Good writing skills for different levels of stakeholders
- Passionate by hacking with ethical hacker mindset e.g. participating to CTF, or performing challenges
- Capacity to work as a team
- Rigor
- Autonomy
- Experience: 5 to 10 years in cybersecurity (Experience with embedded security pentesting is a plus)
- Language: French, English
By choosing to work at IDEMIA, you will join a unique tech company, offering a wide range of growth opportunities. You will contribute to a safer world, collaborating with an international and global community. We value the diversity of our teams and welcome people from all walks of life, regardless of how they look, where they come from, who they love, or what they think.
We deliver cutting edge, future proof innovation that reach the highest technological standards and we’re transforming, fast, to stay a leader in a world that’s changing fast, too.
At IDEMIA, people can develop their expertise and feel a sense of ownership and empowerment, in a global environment, as part of a company with the ambition and the ability to change the world.
Visit our website to know more about the leader in Identity Technologies
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Audits AWS Azure Cloud Cryptography CTF iOS IPS Linux MacOS OWASP Pentesting Reverse engineering Scripting Security assessment Strategy Vulnerabilities Windows
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.