Payment Assurance PA Device Security Evaluator - Ottawa ON

PA Device Security Evaluator is involved with cybersecurity evaluations of payment devices to various Payment Card Industry (PCI) requirements including:

• PIN Transaction Security (PTS) Point of Interaction (POI)
• PIN Transaction Security (PTS) Hardware Security Module (HSM)
• Softwarebased PIN Entry on COTS (SPoC)
• Contactless Payments on COTS (CPoC)
• Mobile Payments on COTS (MPoC)

Evaluations can include the following types of assessments:

• Physical device security
• Tamper detection mechanisms (e.g. the electrical/electronic components)
• Sidechannel analysis
• Secure boot
• Cryptographic key management
• Sourcecode review
• Firmware/OS hardening
• Secure software development lifecycle
• Malformed input (i.e. fuzzing)
• Vulnerability assessment and penetration testing
• Reverse engineering
• Mobile application testing (e.g. OWASP MASVS/MSTG)
• Policy process and procedure review

It is expected that a candidate will have expertise in a few of the above areas with at least an interest in the remaining areas. Skills in the remaining areas can be gained through onthejob training.

Device security analysis and assessments can require the use or knowledge of:

• Standard hand tools
• Drilling and rotary tools
• Soldering
• Heat and solvents
• Electronic circuits
• PCB design
• File formats
• Communication protocols
• Secure coding and common weaknesses
• iOS and Android application protections

The work is being done on client devices and as such communicating the results of testing is necessary and done through technical reports. In order to produce high quality reports the following is needed:

• Attention to detail including consistency and completeness
• Ability to communicate effectively in English
• Good use of figures images and tables
• Effective use of the Office suite (Word and Excel in particular)

Additional skills that are sought in a candidate include:

• Communicating and working effectively within a small team
• Communicating with clients
• Being able to work in a shared lab environment
• Being able to work independently
• Being able to identify and understand limitations in tests
• Being able to come up with new test plans or improvements on existing test plans

For this position work is mainly in the office with potential for onsite client visits. In addition to the assessment work there will be opportunities to develop and deliver training and consulting to clients which could be done virtually or onsite. While the position is for the Payment Assurance area of the company work in other related areas of the company (e.g. IoT security) may be assigned as needed.

The work requires a mixture of hardware software (firmware/OS level) and communications knowledge. A postsecondary degree or diploma or equivalent work experience is needed for this position. Candidates should already have or be eligible to obtain a Government of Canada SECRET level clearance (e.g. 10 years verifiable history).

This position outline is a general guideline and does not represent all encompassing details. The position assumes that the incumbent has both the mental and physical requirements to carry out the above defined duties.

We Value Diversity

Interteks network of phenomenal peopleare our greatest assets and the diversity they bring fuels our success. Intertek is an Equal Employment Opportunity Employer that values inclusion and diversity. We take affirmative action to ensure all qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or other legally protected characteristics.

For individuals with Disabilities who would like to request accommodation or who need assistance applying please email

Please apply online atIntertek Canada Careers

*Intertek does not accept unsolicited approaches from agencies and will not pay a fee for any placement resulting from the receipt of an unsolicited resume.