Job Description:
• Perform high-end security evaluations and research for our clients, focused on a range of embedded devices
• Work with other team members to deliver high-quality results to IOActive’s clients throughout the world
• Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
• Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
• Create tools to assist in project goals
• Communicate complex vulnerabilities to both technical and non-technical client staff
• Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
• Evangelize IOActive Labs through blogs, white papers, presentations, etc.
• Support business development efforts through the scoping of engagements
Requirements:
• 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment
• Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
• Ability to connect and use JTAG/on-chip Debuggers
• Low-level C code review
• FreeRTOS, Android, Linux kernel drivers, protocol parsing
• Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail
• Crypto implementation code reviews, specifically for secure boot and code signing
• Java, especially Android app side
• ARM 32- and 64-bit assembly
• Extensive Git/GitHub experience
• Wi-Fi/Bluetooth Reverse engineering, specifically firmware
• Hardware/embedded system hacking
• Vulnerability assessment and penetration testing
• Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage
• Ability to work independently under deadline
• Rigorous attention to detail and strong analytic skills
• Ability to write test plans based upon initial impressions and discussions with the team
• Comfortable navigating large codebases with minimal guidance
• Excellent command of written and spoken English
• Comfortable working as part of a multinational and multidisciplinary team
• Logical and structured approach to projects
Benefits:
• PTO
• Holiday
• Medical
• Dental
• Vision
• 401(k) match
• Long and Short Term Disability
• Life Insurance
• Employee Assistance Program (EAP)
• Business Travel Insurance