To use our site, you agree to the use of cookies and data processing according to our privacy statement.

Security Analyst (Software Focus)

This vacancy is open in San Francisco, the USA.

Welcome to Riscure!

At Riscure, we help our customers to make Mallory go elsewhere. By looking for security vulnerabilities in devices, chipsets, firmware or software applications we help to protect brands and reputations, maintain consumer confidence, and avoid costly product recalls. We’re proud that manufacturers of mobile phones, smart meters, automotive subsystems and payment technology all rely on Riscure’s expertise. Our teams of technical and academic professionals are scattered all around the world, with office locations throughout the US, Europe, and Asia.


What does a day at Riscure look like?

We evaluate the security of the newest products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analyzing and learning about a device’s specifications, code or hardware, and locating the weaknesses and vulnerabilities. We advise clients as we test their products through critical parts of their development cycle or in the form of a detailed report at the end of a more standard evaluation.

In addition to evaluation work we carry out research and development, tool development, and training in an effort to bring security to the next level. As a state-of-the-art lab, our internal research and development process and continued commitment to innovate for better security is a necessity to remain competitive and make real headway in the advancement of security.

We remain at the cutting edge of how we work. Currently 90% of our North American team works remotely. We have team members across the United States. The bulk of the technical team live throughout the San Francisco Bay Area and use the security lab located in San Francisco, California. We engage regularly by video conference and maintain a lively team spirit through monthly game nights, fun technical presentations, and quick touch points (and often bad pun jokes) over chat. Parts of a project may require working on a customer’s premises all over the US or being flown to San Francisco to work in our security lab. Our culture is a security nerd heaven. Informal and flexible, work function is given priority over form, and new ideas and insights are expected and welcomed.


What kind of skills should I have?

  • You are a pleasant co-worker who likes to collaborate, learn and share your knowledge with a remote team of security specialists.
  • You are a self-motivated and creative problem solver who enjoys the struggle of figuring things out yourself but also knows when to ask for help.
  • You are excited at the prospect of problem solving with your colleagues and clients, and are ready to tackle complicated problems our clients struggle to solve.
  • You enjoy digging deep into the technical details of both hardware and software of devices and understanding complex systems fast.
  • You are capable of completing security evaluations unassisted.
  • You have an excellent command of the English language, verbal and written.
  • You have successfully completed a Bachelor or Masters in Computer Science, Computer Engineering, or Electrical Engineering.
  • You have 2-4 years of work experience.
  • You are flexible and enjoy travelling to customers within North America, or Europe/Asia every now and then. One week, a month, or more travel to client sites depending on client needs.*
  • You are authorized to work in the United States.

We are interested in speaking with you even if you don’t meet all the criteria detailed above.  Pobody’s nerfect, after all☺.

Software focus

Do you get excited over a firmware image? Or how about the full source of a TEE OS? Does the prospect of using libFuzzer or AFL on a Trusted Application give you goosebumps? Do you call IDA Pro or radare2 ~, and ARM/MIPS your friends?  Even more reason to come aboard!

  • Experience finding vulnerabilities in source code or binaries through manual review
  • Experience fuzzing for vulnerabilities
    • Experience using symbolic execution to find vulnerabilities
    • Knowledge of embedded system architecture, OS internals, Trusted Execution Environments
    • Knowledge of cryptographic algorithms and protocols, whitebox crypto, x509 certificates
    • Hands-on experience with Firmware security
      • Experienced in a college setting, home/hobbyist setting. It’s great if you’ve messed around with things, and made them do what they’re not supposed to do.
    • Nice to have
      • Experience in pre-silicon [Hardware] security
      • Development background & understanding of client’s general development process and needs
      • Experience with payment networks


Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America. It is important we provide our customers with high-quality, professional services. In our daily work this entails rating content over appearances, and creating an open and sincere work environment with ample room for fresh ideas. Riscure is one of the world’s most advanced players in the field of side channel attacks and embedded technology security. We are a creative and innovative workplace with fascinating customers and colleagues.

At Riscure you are working together with people who are passionate about their work, always eager to learn more, and excited to share their knowledge. You will be part of a highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

We offer great benefits! Health care is 100% covered (medical, dental, and vision insurance plans), generous PTO and sick leave, a flexible working environment, and retirement plan with match. You are given the chance of letting your own responsibility and personal development grow with the organization.


I want in.

Apply here via Recruitee. Include your resume, cover letter, and if you have any hardware project, source code, academic thesis, whitepaper, or anything else that you are proud of, please send a link as well.

We are an equal opportunity employer, and do not discriminate based of race, nationality, gender identity, sexual orientation, disability status, veteran status, age, or any other legally applicable characteristics. We pride ourselves on our diverse, multi-national teams and know from first-hand experience that our diversity gives us the advantage we need to serve the security industry with fresh and ground breaking discoveries.

*COVID-19 update: The health and safety of our employees and our global community is at utmost importance to us. As we continue to monitor the evolving situation, we appreciate your understanding and flexibility with any changes related to travel, the position, and our interviewing process.