Senior Security Engineer - IOT

Position: Senior Security Engineer - IOT

Job Description: Experience:

2–6 years of relevant experience in system security, embedded systems, and vulnerability assessments. Key Skills: • Firmware Analysis Tools: Expertise in using firmware analysis tools such as Ghidra, Binwalk, and Radare2 for static and dynamic analysis of firmware images. • Embedded Linux Platforms: In-depth knowledge of embedded Linux, Yocto, and OpenWRT platforms for secure firmware and OS testing. • Secure Boot & Firmware Update Mechanisms: Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity. • OS Hardening & Security Configurations: Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity. • Vulnerability Assessment & CVE Analysis: Extensive experience with vulnerability assessment frameworks and CVE analysis, identifying and addressing security vulnerabilities in embedded systems. • Debugging & Emulation Tools: Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior. • SBOM & Secure Update Protocols: Familiarity with SBOM (Software Bill of Materials), patch management, and secure update protocols to ensure safe software deployments. • Firmware Reverse Engineering: Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits. • Penetration Testing Frameworks: Experience using penetration testing frameworks like Metasploit, Kali Linux, and custom tools for system vulnerability testing. • Custom Test Case Development: Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems. • Leadership & Mentoring: Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies. • Technical Writing & Reporting: Excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments. • Proactive Security Risk Mitigation: Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

Responsibilities: • Leadership in Security Testing: Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations. • Test Plan Development & Execution: Develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks. • Firmware Static & Dynamic Analysis: Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra, Binwalk, and Radare2 to identify potential vulnerabilities. • Secure Boot & Root of Trust Validation: Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection. • OS Hardening & Access Control Testing: Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation. • Vulnerability Identification & Classification: Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization. • Collaboration with Compliance & Engineering: Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively. • Custom Attack Simulations: Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats. • Rollback & Patch Management Testing: Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality. • Mentoring & Knowledge Sharing: Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes. • CVE Monitoring & Testing Updates: Monitor relevant CVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection. • Reporting & Risk Assessments: Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations. • Regulatory Compliance: Ensure that all testing activities align with industry standards, including RED 18031 compliance, and adhere to relevant regulatory frameworks. • Secure Lab Environment Maintenance: Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

Qualifications & Certifications: • Education: Bachelor's or Master’s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field. • Certifications (Preferred): • OSCP (Offensive Security Certified Professional) • OSCE (Offensive Security Certified Expert) • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) • Equivalent certifications in ethical hacking, penetration testing, or embedded system security are also highly valued. • Industry Standards Familiarity: Familiarity with security frameworks such as ISO/IEC 62443, RED 18031, and IoT security frameworks.

Why Join Us? • Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment. • Competitive salary and benefits package. • Career growth opportunities in a fast-paced and dynamic industry. • A strong focus on work-life balance and employee well-being.

Location: IN-GJ-Ahmedabad, India-Ognaj (eInfochips)

Time Type: Full time

Job Category: Engineering Services