To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

Security Analyst (Software Focus)

This vacancy is open in San Francisco, the USA.

Welcome to Riscure!

At Riscure, we help our customers to make Mallory go elsewhere. By looking for security vulnerabilities in devices, chipsets, firmware or software applications we help to protect brands and reputations, maintain consumer confidence, and avoid costly product recalls. After all, prevention is better than cure! We’re proud that manufacturers of mobile phones, smart meters, automotive subsystems and payment technology all rely on Riscure’s expertise. Our teams of technical and academic professionals are located close to our customers, in office locations throughout the US, Europe, and Asia.

 

What does a day at Riscure look like?

We evaluate the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analyzing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.

 

In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive.

 

We mainly work from our offices in San Francisco, California; we think it’s important to have a physical place of work where colleagues meet, hang out, knowledge share, and make terrible jokes. This does not mean all the work is restricted to the office: parts of a project may require working on a customer’s premises (all over the US). Our office culture is highly technical, informal and flexible: work function is given priority over form, and new ideas and insights are always welcomed.

 

What skills should I have to be able to join?

  • You have successfully completed a Bachelor (better: Master) in Computer Science, Computer Engineering or Electrical Engineering.
  • You don’t mind getting your hands dirty: the core of our work is digging deep into the technical details of both hardware and software of devices.
  • You have 2 to 4 years work experience.
  • You are capable of completing security evaluations unassisted.
  • You have an excellent command of the English language, both verbally and written.
  • are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists.
  • You are excited at the prospect of problem solving with clients, and are not intimidated by ambiguous issues that may arise from a clients’ demands.
  • You are flexible, and you enjoy travelling to customers within North America, or Europe/Asia every now and then. May require travel 1 week a month, or more depending on the project and client demands.
  • You are authorized to work in the United States.

Software focus

Do you get excited over a firmware image? Or how about the full source of a TEE OS? Does the prospect of using libFuzzer or AFL on a Trusted Application give you goosebumps? Do you call IDA Pro or radare2 ~, and ARM/MIPS your friends?  Even more reason to come aboard!

  • Experience finding vulnerabilities in source code or binaries through manual review
  • Experience fuzzing for vulnerabilities
  • Experience using symbolic execution to find vulnerabilities
  • Knowledge of embedded system architecture, OS internals, Trusted Execution Environments
  • Knowledge of cryptographic algorithms and protocols, whitebox crypto, x509 certificates
  • Hands-on experience with Firmware security
    • Experienced in a college setting, home/hobbyist setting. It’s great if you’ve messed around with things, and made them do what they’re not supposed to do.

One note here: we are interested in speaking with you even if you don’t meet all the criteria detailed above.  Pobody’s nerfect, after all J.

 

Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work this entails rating content over appearances, and creating an open and sincere work environment with ample room for fresh ideas. Riscure is also one of the world’s most advanced players in the field of side channel attacks and embedded technology evaluation. This makes for a unique workplace with fascinating customers.

 

At Riscure you are working together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

 

In addition to great benefits (medical, vision, dental and lots of PTO), you are given the chance of letting your own responsibility and personal development grow with the organization.

 

I want in.

Send your resume and motivation letter to crockett@riscure.com. If you have any hardware project, source code, academic thesis, whitepaper, or anything else that is relevant and that you’re proud of, don’t hesitate send a to link to it as well.

 

We are an equal opportunity employer, and do not discriminate based of race, nationality, gender identity, sexual orientation, disability status, veteran status, age, or any other legally applicable characteristics. Being a diverse, multi-national company is one of the things that makes us strong, and we don’t intend to change any time soon.