Security Analyst Hardware

You just found a job description for the challenging role of security analyst with a focus on hardware security! We are looking for a security professional with experience in Smart Cards, Secure Elements and other Embedded devices, proficient in using side channel analysis, fault injection and physical manipulation. Do you have at least 2 years of experience in evaluating Smart Cards, Secure Elements or other Embedded devices, using side channel analysis, fault injection and physical manipulation, then this is the job for you.

What does a day at Riscure look like?

We evaluate the security of products that use Embedded and Smart Card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.

In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the Riscure knowledge database to ensure it is preserved and shared within Riscure.

We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience, you are in regular contact with a customer’s technical liaison during a project. All communications with our customers are in English.

• You have successfully completed an academic course in Information Technology or Electrical Engineering.
• You have at least 2 year’s work experience in:
  • Security evaluations on Smart Card products, Secure Elements (SE) and other embedded devices like System-on-Chips (SoC), where test methods such as Fault Injection, Side Channel Analysis, physical manipulation, etc. are applied.
  • the major security evaluation schemes like Common Criteria, EMVCo or Global Platform
  • performing site audits of development and production sites of our customers
  • being responsible for the technical quality of evaluation projects. Ideally you are used to steer a team of analysts during evaluation activities
  • supporting project management in coordinating complex evaluation projects under the given timelines and budgets
  • supporting sales managers in scoping and acquisition of new projects
  • being the technical interface to various ITSEFs and certification schemes
  • studying new market trends and developing innovative security evaluation methodologies for emerging technologies

• You have a creative mind with an eye for detail, and the ambition to drive security forward.
• You have an excellent command of the English language, both verbal and written.
• You have good social skills and you are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists.
• You are flexible, and you enjoy travelling to customers in Europe, North America, or Asia every now and then.

Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America, Europe, and Asia. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work, this entails rating content over appearances and creating an open and sincere work environment with ample room for fresh ideas. Because of the type of projects and clients, you will be exposed to bleeding-edge technology way before it hits the newspapers.

At Riscure you work together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

In addition to attractive terms of employment, you will be given the chance of growing your responsibility and personal development within the organization.

Other advantages of working at Riscure

• Flexibility to explore your personal growth. We do not confine talent in a box. You have plenty of freedom to try new things - research, tool development, training, and services development.
• Working hours are flexible. Possibility to work from home when the projects allow.
• Academic atmosphere - supporting colleagues to help each other grow technically and create strong teams with members that have complementary skills and interests.
• Opportunity to become proficient or expert in a variety of technical domains. Again, we do not confine talent in a box. We promote the understanding of security as a whole, both from a formal point of view and also deeply technical
• Many personal training opportunities and weekly technical knowledge-sharing sessions
• No dress code. Feeling at home is a core value of the company!