Senior Security Evaluator – Crypto code review

Product security is the result of a combination of security provided by hardware and general security cannot be provided by hardware alone and needs to be complemented by security implemented in software. The smallest details can make the difference between a secure and an insecure product. Careful examination is therefore required to judge the security quality. 

Most of the ICT products for secure applications implement cryptographic operations. During the vulnerability analysis of these products the code of the crypto library is thoroughly analyzed to identify weaknesses in the implementation of the crypto algorithms with the aim to exploit attacks using advanced techniques such as fault injection or side channel analysis. 

As a crypto library code reviewer you apply your expertise in secure cryptographic implementations to identify the security mechanisms and to define sophisticated attack scenarios using state-of-the-art attack methods. It is your responsibility to convince product developers of your findings to allow them to improve their cryptographic implementations and to provide sufficient argumentation to certification schemes why a product is (still) secure. 

Brightsight is looking for enthusiastic cryptography experts with some background in hardware security who are up for this challenge and believe they have the capabilities to perform these assessments.  

You will collaborate in different evaluation teams with experts in different fields: secure coding secure hardware design fault injection side channel cryptography evaluation methodology experts etc. with the goal to assess if the products can be certified.   

During these assessments you will have direct contact with crypto library developers and provide feedback to their solution. Customer meetings are internationally oriented which involves discussions in different cultural contexts. You will document the findings and argumentation for both the product developer and the approval bodies. You will also support colleagues who are executing in the labs the attack scenarios you have defined. 

Products are changing rapidly as are the attacks applied to these products. Thus crypto library code reviewers require constant improvement and adaptation to keep on top of what is out in the field and could threaten products you are currently assessing. You will gain significant knowledge on secure product implementation by having access to different vendor solutions. The interaction with many developers around the world is a great experience that will trigger continuous improvement. 

To get up to speed for this position you will participate in the Brightsight training program on Methodology and Technology. You will also join different technical domain groups (e.g. crypto side channel etc.) where technical experts meet globally to discuss the state-of-the-art daily challenges and improvements. You will work in a very international environment and have the opportunity to learn from reviewing and assessing many secure implementations. 

Qualifications :

• We are looking for people with a BSc MSc or PhD. degree in a technical field (Information Security Computer Science Electronics Mathematics) that have experience with cryptographic implementations and testing for embedded systems. 

• You must have knowledge in different cryptographic algorithms including DES AES RSA ECC HMAC and experience with secure implementations. 

• Demonstrable understanding of Post Quantum Cryptography is preferred.  

• You must have the ability to understand state-of-the-art attack methods (side channel analysis fault injections etc.) to perform the security assessment. 

• This job also requires that you communicate knowledge convincingly both orally and in writing to internal and external entities. 

• You must be able to guide and support experts in side channel and fault injection attacks by clearly explaining weaknesses in the implementations. 

• You must have a good knowledge of the English language. 

Additional Information :

SGS Brightsight provides a very good training program from the basics to expert level We offer a supportive work environment that fosters professional growth and development We offer a competitive salary package based on the candidate.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment.

Remote Work :

No

Employment Type :

Full-time