Do you like analyzing complex security issues?
Riscure is a young, ambitious organization specializing in embedded security testing for leading international clients from the semiconductor, payment, Pay TV, mobile, and smart metering industry. In addition, Riscure is the leading vendor of specialist security testing products. We have 140+ employees with mixed technical and academic backgrounds working from offices in Delft (The Netherlands), San Francisco (USA) and Shanghai (China).
We are looking for Experienced Security Analysts who like to use a variety of techniques (for instance source code review, software reverse engineering and exploitation) to discover a product’s fraud risk profile in order to improve its security. The position is mainly for Mobile security assessments in the payment market, but hardware projects, or any other type of project may come your way if you are up for it. Do you get excited over software reversing? Or how about analyzing a Trusted Applications? Does the prospect of using libFuzzer or AFL on a Trusted Application give you goosebumps? Do you call IDA Pro or radare2 your friends? Do you dream in hex? Even more reasons to come aboard!
What does a day at Riscure look like?
We evaluate the security of products that use embedded, smart card, and mobile technologies usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart a device’s specifications, code or hardware, and then developing the necessary tools to attack the security. Results of this go into a report, and we give recommendations for solving these problems.
In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects to ensure it is preserved and shared within Riscure.
We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communications with our customers are in English.
What skills should I have to be able to join?
You have successfully completed an academic course in Information Technology or Electrical Engineering.
You have 1 to 5 year’s work experience.
You have a good understanding of the following:
- Mobile Security, low-level computer architecture, security concepts, embedded system architecture, OS internals, Trusted Execution Environments.
- Cryptographic algorithms and protocols, whitebox crypto.
- Reverse engineering of binary code.
- ARM assembly and the programming languages C/C++, and Java.
- Exploitation of software vulnerabilities.
- Finding vulnerabilities in source code or binaries through manual review
- With mobile security for iOS or Android.
It would be a bonus when you have experience with developing mobile applications or have experience in the payment market.
You have a creative mind with an eye for detail, and you like to make sure we use the right methods and equipment to detect security issues. You have a good command of the English language, both verbally and written. You have good social skills and you are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists. You are flexible, and you enjoy travelling to customers in Europe, North America, or Asia every now and then. We are interested in speaking with you even if you don’t meet all the criteria detailed above.
Ok, so what does Riscure offer?
Most of our customers are large, international organizations based in North America, Europe, and Asia. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work this entails rating content over appearances, and creating an open and sincere work environment with ample room for fresh ideas. Because of the type of projects and clients, you will be exposed to bleeding edge technology way before it hits the newspapers.
At Riscure you work together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.
In addition to attractive terms of employment, you will be given the chance of letting your own responsibility and personal development grow with the organization.
I want in
Send your resume and motivation letter to firstname.lastname@example.org. If you have any hardware project, source code, academic thesis, whitepaper, or anything else that is relevant and that you’re proud of, don’t hesitate add a link to it as well.
Only applications including a motivation letter will be considered. Reference checking, a background screening and technical/personal assessment may be part of the application procedure.
We are an equal opportunity employer, and do not discriminate based of race, nationality, gender identity, sexual orientation, disability status, veteran status, age, or any other legally applicable characteristics. Being a diverse, multi-national company is one of the things that makes us strong, and we don’t intend to change any time soon.