Senior Security Engineer - IOT

Position:Senior Security Engineer - IOT

Job Description:

Experience:

6–10 years of relevant experience in system security, embedded systems, and vulnerability assessments.

Key Skills:

• Firmware Analysis Tools:
  Expertise in using firmware analysis tools such as Ghidra, Binwalk, and Radare2 for static and dynamic analysis of firmware images.

• Embedded Linux Platforms:
  In-depth knowledge of embedded Linux, Yocto, and OpenWRT platforms for secure firmware and OS testing.

• Secure Boot & Firmware Update Mechanisms:
  Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity.

• OS Hardening & Security Configurations:
  Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity.

• Vulnerability Assessment & CVE Analysis:
  Extensive experience with vulnerability assessment frameworks and CVE analysis, identifying and addressing security vulnerabilities in embedded systems.

• Debugging & Emulation Tools:
  Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior.

• SBOM & Secure Update Protocols:
  Familiarity with SBOM (Software Bill of Materials), patch management, and secure update protocols to ensure safe software deployments.

• Firmware Reverse Engineering:
  Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits.

• Penetration Testing Frameworks:
  Experience using penetration testing frameworks like Metasploit, Kali Linux, and custom tools for system vulnerability testing.

• Custom Test Case Development:
  Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems.

• Leadership & Mentoring:
  Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies.

• Technical Writing & Reporting:
  Excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.

• Proactive Security Risk Mitigation:
  Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

Responsibilities:

• Leadership in Security Testing:
  Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations.

• Test Plan Development & Execution:
  Develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks.

• Firmware Static & Dynamic Analysis:
  Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra, Binwalk, and Radare2 to identify potential vulnerabilities.

• Secure Boot & Root of Trust Validation:
  Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection.

• OS Hardening & Access Control Testing:
  Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation.

• Vulnerability Identification & Classification:
  Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization.

• Collaboration with Compliance & Engineering:
  Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively.

• Custom Attack Simulations:
  Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats.

• Rollback & Patch Management Testing:
  Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality.

• Mentoring & Knowledge Sharing:
  Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.

• CVE Monitoring & Testing Updates:
  Monitor relevant CVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.

• Reporting & Risk Assessments:
  Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.

• Regulatory Compliance:
  Ensure that all testing activities align with industry standards, including RED 18031 compliance, and adhere to relevant regulatory frameworks.

• Secure Lab Environment Maintenance:
  Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

Qualifications & Certifications:

• Education:
  Bachelor's or Master’s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field.

• Certifications (Preferred):

  • OSCP (Offensive Security Certified Professional)

  • OSCE (Offensive Security Certified Expert)

  • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

  • Equivalent certifications in ethical hacking, penetration testing, or embedded system security are also highly valued.

• Industry Standards Familiarity:
  Familiarity with security frameworks such as ISO/IEC 62443, RED 18031, and IoT security frameworks.

Why Join Us?

• Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment.

• Competitive salary and benefits package.

• Career growth opportunities in a fast-paced and dynamic industry.

• A strong focus on work-life balance and employee well-being.

Location:IN-GJ-Ahmedabad, India-Ognaj (eInfochips)

Time Type:Full time

Job Category:Engineering Services