Skip to content

Security Evaluator

  • Delft, Zuid-Holland, Netherlands

Job description

Do you like analyzing complex security issues?

Riscure is a young, ambitious organization specializing in embedded security testing for leading international clients from the secure elements (embedded / integrated) industry. In addition, Riscure is the leading vendor of specialist security testing products. We have 100+ employees with mixed technical and academic backgrounds working from offices in Delft, The Netherlands, Shanghai, China and San Francisco, USA. Riscure is organized in 2 units: Security Lab, Inspector.

We are looking for Senior Security Common Criteria Evaluators who like to use a variety of techniques (for instance source code review, fault injection, and side-channel analysis) to discover a product's risk profile to validate a product’s security. We have engaging projects, an open office environment, and we are looking for self-motivated individuals who are looking to carve out their niche in our growing company. Are you the person with a focus on complex evaluation, ready to work with clients from all over the world, in our young, open and transparent work environment with ample room for fresh ideas?

What does a day at Riscure look like?

We evaluate the security of the newest products that use embedded and smart card technologies, usually in teams of 4-6 security analysts. The main activities of the evaluation process include analyzing and learning about a device’s specifications, code or hardware, and locating the weaknesses and vulnerabilities. We advise clients as we test their products through critical parts of their development cycle or in the form of a detailed report at the end of a more standard evaluation.

In addition to evaluation work, we carry out research and development, tool development, and training bring security to the next level. As a state-of-the-art lab, our internal research and development process and continued commitment to innovating for better security is a necessity to remain competitive and make real headway in the advancement of security.

We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communications with our customers are in English.

Your responsibilities

  • Perform Common Criteria security evaluations, as lead evaluator or evaluator
  • Coach colleagues to grow as evaluators
  • Understand complex designs (hardware and/or software)
  • Apply critical thinking to distinguish what is crucial and what is not
  • Effectively and convincingly communicate to internal and external entities.

Job requirements

What skills should I have to be able to join?

  • You have a bachelor/master/PhD in a technical field (physics, mathematics, electronics, computer science. computer engineering, etc.)
  • You have proven experience in CC projects preferably as an evaluator, but if not as a consultant or developer
  • You have a track record in CC projects in ICs, smartcards, card-related devices, operating systems, TEE or network devices.
  • You have a positive and ambitious mindset with a can-do attitude
  • Excellent English command, both orally and written

Nice to have:

  • Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, random number generators, etc.
  • Knowledge of EMVCo, JavaCard/Global Platform
  • Hands-on experience on SCA / FI
  • You are well familiar with the Dutch scheme (or otherwise any other SOGIS scheme member)

Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America, Europe, and Asia. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work, this entails rating content over appearances and creating an open and sincere work environment with ample room for fresh ideas. Because of the type of projects and clients, you will be exposed to bleeding-edge technology way before it hits the newspapers.

At Riscure you work together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

In addition to attractive terms of employment, you will be given the chance of growing your responsibility and personal development within the organization.

Other advantages of working at Riscure

  • Flexibility to explore your personal growth. We do not confine talent in a box. You have plenty of freedom to try new things - research, tool development, training, and services development.
  • Working hours are flexible. Possibility to work from home when the projects allow.
  • Academic atmosphere - supporting colleagues to help each other grow technically and create strong teams with members that have complementary skills and interests.
  • Opportunity to become proficient or expert in a variety of technical domains. Again, we do not confine talent in a box. We promote the understanding of security as a whole, both from a formal point of view and also deeply technical
  • Many personal training opportunities and weekly technical knowledge-sharing sessions
  • No dress code. Feeling at home is a core value of the company!