Technical Evaluation Lead

You just found a job description for the challenging role of a technical evaluation lead with a focus on embedded security! We are looking for a security professional with experience in Smart Cards, Secure Elements or other Embedded devices, proficient in security code reviews and attack technics using software, side channel analysis and fault injection.

Do you have experience similar to a Senior Security Analyst/Evaluator with a focus on complex evaluations? Are you ready to take part in an international, technically diverse and experienced team to help customers from all over the world improve the security of their products? Are you looking for a challenging yet opened and transparent work environment with ample room for fresh ideas?

What does a day at Riscure look like?

We evaluate the security of products that use embedded and smart card technologies, usually in teams of 2-4 security analysts. The main activities of the evaluation process include analysing threats and weaknesses by taking apart device’s specifications, code or hardware, and then developing the necessary tools to attack the security. The results go into a report, often alongside recommendations to help solving the problems found.

As part of the mission statement of the company (driving security forward), Riscure believes that knowledge sharing is key to innovation and evolution of employees. Time is arranged for personal development and for weekly sharing knowledge events that are organized for everyone to join.

In addition to evaluation work we carry out other projects, including consultancy work, research, tool development, and training. As a state-of-the-art lab, our internal research and development process is a necessity to remain competitive. We record the knowledge we gain during our projects in the Riscure knowledge database to ensure it is preserved and shared within Riscure.

We mainly work at our office in Delft. Parts of a project may require working at the customer’s premises. Depending on the type of assignment and your level of experience you are in regular contact with a customer’s technical liaison during a project. All communication with our customers is in English.

What skills should I have to be able to join?

• You have successfully completed an academic course in Information Technology or Electrical Engineering.
• You have at least 4 years work experience in:
• Programming languages: C, C++, JavaCard, Assembly.
• Smart Cards, Secure elements or other embedded devices such as System-on-Chips, and associated applicable test methods (Logical, Fault Injection and Side Channel Analysis).
• Dealing with the major security evaluation schemes like Common Criteria, SESIP, EMVCo or Global Platform.
• Being responsible for the technical quality of evaluation projects. Ideally you are used to steering a team of analysts during evaluation activities.
• Leading technical projects.
• Experience with software development or (security) testing for embedded systems.
• Knowledge of (EMV) payment products is an advantage, as is experience with security evaluations, attack techniques and an interest in hacking products
• Knowledge and experience with Java Card evaluations, namely:
  • Knowledge and experience with Java Card Platform Virtual Machine, the Java Card Platform Runtime Environment and the Java Card Application Programming Interface.
  • Knowledge and experience with Java Card System Protection Profile - Closed Configuration, BSI-CC-PP-0101-V2-2020.
  • Knowledge and experience with Java Card System Protection Profile - Open Configuration, BSI-CC-PP-0099-V2-2020.
• Supporting project management in coordinating complex evaluation projects under the given timelines and budgets.
• Being the technical interface to customers, various ITSEFs and certification schemes
• You have a creative mind with an eye for detail, and the ambition to drive security forward.
• You have an excellent command of the English language and the ability to communicate knowledge convincingly to external parties.
• You have good social skills and you are a pleasant co-worker who likes to collaborate in a multidisciplinary team of security specialists.
• You are flexible, and you enjoy travelling to customers in Europe, North America, or Asia every now and then.
  
  

Ok, so what does Riscure offer me?

Most of our customers are large, international organizations based in North America, Europe, and Asia. It is very important for us to be able to provide these customers with high-quality, professional services. In our daily work, this entails rating content over appearances and creating an open and sincere work environment with ample room for fresh ideas. Because of the type of projects and clients, you will be exposed to bleeding-edge technology way before it hits the market.

At Riscure you work together with people who are passionate about their job. Each of them is eager to learn and willing to share knowledge. You form part of a small, highly specialized company with an informal working environment, ensuring that your work is varied and that you have direct contact with every layer within the organization.

In addition to attractive terms of employment, you will be given the chance of growing your responsibility and personal development within the organization.

Other advantages of working at Riscure

• Flexibility to explore your personal growth. We do not confine talent in a box. You have plenty of freedom to try new things - research, tool development, training, and services development.
• Working hours are flexible. Possibility to work from home when the projects allow.
• Academic atmosphere - supporting colleagues to help each other grow technically and create strong teams with members that have complementary skills and interests.
• Opportunity to become proficient or expert in a variety of technical domains. Again, we do not confine talent in a box. We promote the understanding of security as a whole, both from a formal point of view and also deeply technical.
• Many personal training opportunities and weekly technical knowledge-sharing sessions
• No dress code. “Feeling at home” is a core value of the company!