Security Analyst - Mobile Security

Do you like analyzing complex security issues?

Riscure is a young, ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile, and smart metering industry. In addition, Riscure is the leading vendor of specialist security testing products. We have 60 employees with mixed technical and academic backgrounds working from offices in
Delft, The Netherlands and San Francisco, USA. Riscure is organized in three units: Security Lab, Inspector, and Riscure North America.

We are looking for Experienced Security Analysts who like to use a variety of techniques (for instance source code review, software reverse engineering and exploitation) to discover a product’s fraud risk profile in order to improve its security. The position is mainly for Mobile security assessments in the payment market, but hardware projects, or any other type of project may come your way if you are up for it. Do you get excited over software reversing? Or how about analyzing a Trusted Applications? Does the prospect of using libFuzzer or AFL on a Trusted Application give you goosebumps? Do you call IDA Pro or radare2 your friends? Do you dream in hex? Even more reasons to come aboard!

What does a day at Riscure look like?

We evaluate the security of products that use embedded, smart card, and mobile technologies usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.

In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects to ensure it is preserved and shared within Riscure.

We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communications with our customers are in English.

What skills should I have to be able to join?

• You have successfully completed an academic course in Information Technology or Electrical Engineering.
• You have 1 to 5 year’s work experience.
• You have a good understanding of the following:
  • Mobile Security, low-level computer architecture, security concepts, embedded system architecture, OS internals, Trusted Execution Environments.
  • Cryptographic algorithms and protocols, whitebox crypto.
  • Reverse engineering of binary code.
  • ARM assembly and the programming languages C/C++, and Java.
  • Exploitation of software vulnerabilities.
  • Finding vulnerabilities in source code or binaries through manual review
  • With mobile security for iOS or Android.

It would be a bonus when you have experience with developing mobile applications or have experience in the payment market.

You have a creative mind with an eye for detail, and you like to make sure we use the right methods and equipment to detect security issues. You have a good command of the English language, both verbally and written. You have good social skills and you are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists. You are flexible, and you enjoy travelling to customers in Europe, North America, or Asia every now and then. We are interested in speaking with you even if you don’t meet all the criteria detailed above.