PCI PTS Security Evaluator

Company Description

SGS Brightsight is the world’s largest independent security evaluation lab, with accredited facilities across the globe. Our teams in Delft (The Netherlands), Barcelona and Madrid (Spain), Graz (Austria), Meyreuil (France), Beijing, Shanghai and Guangzhou (China), Singapore, and the USA are dedicated to helping companies ensure their products comply with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products across various industries, we work at the forefront of security, evaluating products against stringent governmental and private standards. 

At SGS Brightsight, our knowledge-driven environment is powered by professionals from diverse technical backgrounds. We pride ourselves on fostering an open, ambitious, and international atmosphere that values continuous growth. More information about our work can be found at SGS Brightsight: Security Evaluation Lab.

Job Description

Payment terminals and secure hardware devices are at the core of today’s financial ecosystem. These devices process highly sensitive information such as cardholder data, PINs, and cryptographic keys. Ensuring they meet stringent global security requirements—such as PCI PTS—is essential to safeguarding trust in electronic payments.

We are looking for PCI PTS Security Evaluators who are passionate about hardware and logical security. Whether you are an experienced security professional or a recent graduate eager to enter the field of hardware penetration testing, we welcome curiosity, technical drive, and a willingness to explore advanced attack techniques.

Qualifications

As a PCI PTS Security Evaluator, you will join a multidisciplinary team of international experts assessing the security of payment terminals and secure hardware modules. Your work will focus primarily on hardware penetration testing, logical security testing, and tamper‑resistance evaluation in line with PCI PTS and related security standards.

You will:

• Analyse payment terminal architectures, security modules, and embedded systems.
• Perform hands‑on hardware penetration testing using techniques such as side‑channel analysis, invasive and semi‑invasive attacks, and circuit‑level probing.
• Conduct logical security testing, including secure boot validation, key management verification, firmware inspection, and interface/communication protocol testing.
• Perform firmware code reviews to assess secure coding practices, cryptographic implementations, and compliance with PCI PTS requirements
• Use laboratory equipment such as oscilloscopes, and power analysis setups, as well as simple physical tools such as drills, milling tools, and other basic mechanical instruments used in tamper‑resistance testing.
• Document attack paths, assess exploit feasibility, and evaluate compliance with PCI PTS requirements.
• Contribute to internal R&D by researching emerging attack vectors, developing new tooling, and improving evaluation methodologies.

Your Hard Skills

• Technical degree (BSc, MSc, or PhD) in Computer Science, Electrical Engineering, Embedded Systems, Physics, Mathematics, or equivalent practical experience in hardware or embedded security.
• Experience or strong interest in hardware security techniques such as Board‑level probing and debugging (JTAG, SWD, UART).
• Familiarity with logical security testing, secure firmware design, cryptographic implementations, and secure boot chains.
• Knowledge of cryptographic protocols, authentication mechanisms, tamper protections, and attack countermeasures is highly desirable.
• A willingness to learn rapidly in a field that evolves continuously.

Your Soft Skills

• You can work both independently and collaboratively in a multidisciplinary team.
• You are persistent, creative, and resourceful—essential traits for hardware penetration testing, where bypassing protections requires experimentation and ingenuity.
• You enjoy learning new concepts and staying informed on the latest research, standards, and attack techniques.
• You appreciate structured teamwork coupled with personal accountability—security evaluation relies heavily on transparent cooperation.
• You are able to write clear, detailed technical evaluation reports in English.

Additional Information