Job description:
Who we want:
Dedicated achievers. People who thrive in a fast-paced environment and will stop at nothing to ensure a project is complete and meets regulations and expectations.
Curious learners. People who seek out cutting-edge research and information to expand and enhance their ability to be ready for what’s next.
Self-directed initiators. People who take ownership of their work and need no prompting to drive productivity, change, and outcome and will stop at nothing to ensure a project is complete and meets regulations and expectations
Inspires others. A genuine, relationship-focused leader who connects, collaborates and fosters an inclusive environment of enthusiasm, trust and pride. He/she makes others want to follow, building momentum for action and positively influencing outcomes.
Champions talent development. A manager who focuses on maximizing the ability, potential and contributions of themselves and others. Fosters an environment where people can excel through developing, coaching and rewarding performance.
What you will do:
The candidate must have a great inclination towards conducting deep rooted research on Embedded/IoT systems/devices in order to uncover the vulnerabilities and methods that can be used to compromise device security. He/She should have proven credentials in different phases for compromising device security:-
- Initial Reconnaissance (Understand product’s internal as well as communication mechanism)
- Attack Surface Identification - Physical, Wireless, Wired & Web
- Threat Modelling (Identification of Actors and Entity Boundary)
- Protocol Endpoints - Read/Understand Protocol Specification, Gather Sample Protocol Implementations & Protocol Simulators, Testing with the Simulators and ability to write Scripts to Interact with The device
- Firmware Vulnerability Analysis - Firmware Extraction and Analysing Firmware, Vulnerability Analysis, Manual Reversing of Binaries, Understand Firmware Update Process
- Hardware Vulnerability Analysis - Identify and analyse Hardware Debug ports, Memory extraction and analysis, Malicious data injection
- Manage all facets of Vulnerability Assessment and Penetration testing involving embedded devices.
- Perform attacks and identify vulnerabilities on interfaces like USB, WiFi. Ethernet etc.
- Expertise/Familiarity with Hardware & Radio Security Testing:-
- Data extraction from external flash memory, UART Debug port testing, JTAG Debug port testing, Hardcoded Sensitive information in firmware, sensor manipulation, Bluetooth testing, Zigbee testing, Wi-Fi testing, MQTT testing, Radio testing etc.
What you need:
Minimum Qualifications (Required):
- Bachelor’s in Software/Electronics Engineering or equivalent degree.
- 3-7 years of hands-on experience in Vulnerability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc.
- Excellent communication and interpersonal skills.
Preferred Qualifications (Strongly desired):
Technical Skills:
- Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.
- Understanding of Cloud based environments like Azure and AWS.
- At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.
- Must be flexible, independent and self-motivated.
- Ability to conceptualize, eager to learn and detail orientation.
- Good to have: Prior work experience in medical devices.