Security Evaluator

Mobile devices are ubiquitous in everyday life. They provide our modern society with an endless range of applications and advantages. Some of these mobile devices, however, are used to handle sensitive information such as personal, financial or even medical data. Such data needs to be adequately secured and protected.

We are looking for Mobile Software Security Evaluators. We will not only consider skilled individuals with years of experience with software security for mobile devices, but also recent graduates seeking to start a successful professional journey. Above all, we want people who are passionate about software security.

You will be part of a multidisciplinary team of international experts evaluating the security of cutting-edge mobile devices solutions. Some examples of solutions you will be evaluating are mobile payment, content protection and biometric authentication.

You will thoroughly examine the software-based security implementations of mobile and other connected devices. Specifically on platforms such as Android, embedded Linux or iOS. This includes analysing how a given solution works, performing code reviews and executing practical penetration testing to identify potential vulnerabilities. For this, you will work in our state-of-the-art laboratory to instrument code binaries using advanced reverse engineering techniques and investigate the extent to which the security protections can be circumvented.

You will also participate in R&D projects in the context of mobile software-based security by developing and replicating new attacks, increasing the efficiency of the evaluations, etc.

• Software Security BS degree or higher (MSc, PhD) on Computer Science, or disciplines such as Electronics, Physics or Mathematics, or proven work experience as software security engineer.
• Good knowledge of mobile platform environments, such as Android, embedded Linux or iOS, and its security principles and related coding languages (Java, C, C++, assembly). You are familiar with technical concepts behind mobile platform technologies, particularly the controller architectures (ARM, x86).
• Familiar with reverse engineering on binaries and applications, familiar with static and dynamic software reverse engineering analysis tools.
• Knowledge of techniques, standards and state-of-the-art capabilities for authentication, cryptography, security vulnerabilities and counter measures is highly desired.
• A willingness to learn in a fast pace changing environment.
• A keen interest in all aspects of security research and development.
• You can work both individually and together with fellow team members.
• You never give up, but know when you’ve done enough. Security analysis of mobile applications is like an obstacle race. Successfully finding your way around secure implementations require perseverance and resourcefulness.
• You never get tired of learning new concepts and are always up to date with the latest developments and publications. Security is a constantly moving target. You are eager to use your creativity to do new things every day.
• Security is a complex and challenging field. The key to successfully performing a thorough and adequate security evaluation lies in a good cooperation with your colleagues. You enjoy working in a collaborative manner and getting the best out of a team, keeping in mind your sense of organization and accountability.
• Our security evaluations are concluded by writing a detailed evaluation report. Good writing and communication skills in English are essential.