Senior Security Evaluator
Delft, The Netherlands
Riscure is a young, ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile and smart metering industry. In addition, Riscure is the leading vendor of specialist security testing products. We have 80 employees with mixed technical and academic backgrounds working from offices in Delft, The Netherlands and San Francisco, USA. For our office in Delft, The Netherlands, we are looking for a Senior Security Evaluator who likes to theoretically and practically analyse the security of a product at different levels.
- You perform evaluation activities under the major security evaluation schemes like Common Criteria, EMVCo or Global Platform on smart card products and other embedded devices;
- As a technical lead you will be responsible for the technical and methodological quality of a project. You support your project team members during their evaluation activities. The technical lead supports the Security Evaluation Manager in managing the evaluation process;
- You support the Sales Managers in the scoping and acquisition of new projects;
- You will be the technical interface with various ITSEFs and certification schemes, including government agencies;
- You perform site audits of development and production sites of our customers;
- You contribute to studying and developing security requirements for various product types (e.g. by writing Protection Profiles and developing evaluation methodologies for new markets);
- You follow the evolution of standards and technologies through the participation in standardization working groups;
- With your expert knowledge and experience you advise the Riscure management on market trends, and developments, and you are proactive in suggesting leading roles for our organization;
- You collaborate with highly skilled security analysts and define internal R&D projects such as research on possible security risks of new technologies, and the development of new forms of attacks;
- In your role as experienced senior security evaluator it is crucial that you inspire and coach colleagues to achieve their career goals.
- You have a Master or Engineering degree in Mathematics, Cryptography, Computer Science or equivalent;
- You have 5+ years of practical experience in a technical role as Common Criteria and/or EMVCo evaluator or equivalent security evaluation schemes, including exposure to penetration testing;
- You are used to take a methodical and structured approach to security evaluations but still combined with a strong out-of the-box thinking when looking for unconventional exploits or new attack methods;
- You have proven ability to perform a comprehensive vulnerability assessment, mastering both the schemes’ requirements as well as the technical coverage.
- You are capable of recognizing hurdles in an evaluation process and resolve issues proactively in a leading technical role – together with the Security Evaluation Manager or Management, if needed;
- You ideally have experience with formal methods to verify the security level and correct implementation of a design;
- You ideally have additional experience to work in a security consultant role and experience in supporting customers to create evaluation deliverables such as security target, functional specifications, design documentation, formulation of policies etc., however, this is not a requirement;
- You have a track record in smart card or other high assurance evaluations and their typical challenges; similar knowledge of embedded devices would be an asset, but is not required;
- You have excellent oral and written communication skills in English for report writing and customer relations, including the capability to communicate complex technological aspects to customers (please provide sample of technical writing for review);
- You have networking skills that streamline a smooth and pleasant collaboration with our partners, schemes and customers;
- You are willing to travel globally for on-site reviews and site audits.
- You will externally collaborate with software developers, hardware developers, government agencies and evaluation schemes, and internally with security analysts and security evaluation managers.
- You will receive technical directions from the lab manger and the evaluation team lead while being fully responsible for your own personal development track.
What Riscure offers
- Most of our customers are large, international organizations based in Europe, Asia, and North America. It is very important for us to be able to provide these customers with high-quality, professional products, training and support. In our daily work we value content, creating an open and sincere work environment with ample room for fresh ideas.
- Riscure is continuously striving to apply and improve security evaluation capabilities to technology that matters with a strong focus on new emerging product types. At Riscure you will be working together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. We have weekly lunch meetings during which we take turns to keep one another up to date about the latest developments.
- You will form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.
- Riscure offers a relocation package for suitable candidates from abroad.
Are you interested?
You can apply by sending your resume accompanied by a short motivation and a sample of technical writing to email@example.com. An assessment may be part of the application procedure.
[Acquisition by agencies is not appreciated.]