Keywords:
Cyber, Security, ICT, Software engineer
Type:
Permanent employment
Location:
Delft
Education:
Associate degree (EQF 5), Bachelor (EQF 6)
Published:
16/07/2020
Status:
Open
Apply before:
28/08/2020
Hours p/wk:
40

You just found a job description for the challenging role of a technical evaluation lead with a focus on software security! We are looking for a security professional with experience in Smart Cards, Secure Elements or other Embedded devices, proficient in security code reviews and attack technics using software, side channel analysis and fault injection.


Riscure is an ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile and automotive industry. In addition, Riscure is the leading vendor of specialist security testing products. Our main office in the Netherlands has been around since 2001, but we have satellite offices in San Francisco, California and in Shanghai, China. We have engaging projects and a constructive work environment based on knowledge sharing. We are looking for self-motivated individuals who would like to embrace the opportunity to drive security forward in our growing company. Do you have experience as a Senior Security Analyst with a focus on complex evaluations? Are you ready to take part in an international, technically diverse and experienced team to help customers from all over the world improve the security of their products? Are you looking for a challenging yet opened and transparent work environment with ample room for fresh ideas?

 

We are also looking for analysts focused on software security and Crypto, you can find these vacancies here: vacancy for Technical Lead Hardware and vacancy for SA Crypto.

 

What does a day at Riscure look like?

We evaluate the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. The results go into a report, alongside recommendations to help solving the problems found.

 

As part of the mission statement of the company (driving security forward), Riscure believes that knowledge sharing is key to innovation and evolution of employees. Time is arranged for personal development and for weekly sharing knowledge events that are organized for everyone to join.

 

In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the Riscure knowledge database to ensure it is preserved and shared within Riscure.

 

We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communication with our customers is in English.

 

What skills should I have to be able to join?

  • You have successfully completed an academic course in Information Technology or Electrical Engineering.
  • You have at least 4 years work experience in:
    • Programming languages: C, C++, JavaCard, Assembly.
    • Smart Cards, Secure elements or other embedded devices such as System-on-Chips, and associated applicable test methods (Logical, Fault Injection and Side Channel Analysis).
    • Dealing with the major security evaluation schemes like Common Criteria, EMVCo or Global Platform.
    • Being responsible for the technical quality of evaluation projects. Ideally you are used to steering a team of analysts during evaluation activities.
    • Leading technical projects.
  • Experience with software development or (security) testing for embedded systems.
  • Knowledge of (EMV) payment products is an advantage, as is experience with security evaluations, Java Cards, attack techniques and an interest in hacking products.
  • Supporting project management in coordinating complex evaluation projects under the given timelines and budgets.
  • Being the technical interface to various ITSEFs and certification schemes
  • You have a creative mind with an eye for detail, and the ambition to drive security forward.
  • You have an excellent command of the English language and the ability to communicate knowledge convincingly to external parties.
  • You have good social skills and you are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists.
  • You are flexible, and you enjoy travelling to customers in Europe, North America, or Asia every now and then.

Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America, Europe, and Asia. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work, this entails rating content over appearances, and creating an open and sincere work environment with ample room for fresh ideas. Riscure is also one of the world’s most advanced players in the field of side channel attacks and embedded technology evaluation. This makes for a unique workplace with fascinating customers.

 

At Riscure you are working together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

 

In addition to attractive terms of employment, you will be given the chance of letting your own responsibility and personal development grow with the organization.

 

I want in

For more information, contact our HR department at +31 (0)15 2514 090. Would you prefer to apply directly? Send your CV and motivation letter to recruitment@riscure.com.  If you have any hardware project, source code, academic thesis, whitepaper, or anything else that is relevant and that you’re proud of, don’t hesitate send a to link to it as well.

 

Only applications including a motivation letter will be considered. Reference checking, a background screening and technical/personal assessment may be part of the application procedure.

 

We are an equal opportunity employer, and do not discriminate based of race, nationality, gender identity, sexual orientation, disability status, veteran status, age, or any other legally applicable characteristics. Being a diverse, multi-national company is one of the things that makes us strong, and we don’t intend to change any time soon.