Mobile Software Security Evaluator

Company Description

Brightsight provides evaluation and certification services to companies around the world. Our laboratories and global network provide specialist Cyber Security testing and certification services for digital products, networked systems and online services. We provide a one-stop-shop approach for all Cyber Security certification matters, offering a comprehensive range of services to help manufacturers and suppliers comply with international, national and industry standards.

Job Description

Mobile devices are ubiquitous in everyday life. They provide our modern society with an endless range of applications and advantages. Some of these mobile devices, however, are used to handle sensitive information such as personal, financial or even medical data. Such data needs to be adequately secured and protected. 

We are looking for Mobile Software Security Evaluators. We will not only consider skilled individuals with years of experience with software security for mobile devices, but also recent graduates seeking to start a successful professional journey. Above all, we want people who are passionate about software security. 

What are you going to do? 

You will be part of a multidisciplinary team of international experts evaluating the security of cutting-edge mobile devices solutions. Some examples of solutions you will be evaluating are mobile payment, content protection and biometric authentication. 

You will thoroughly examine the software-based security implementations of mobile and other connected devices. Specifically on platforms such as Android, embedded Linux or iOS. This includes analysing how a given solution works, performing code reviews and executing practical penetration testing to identify potential vulnerabilities. For this, you will work in our state-of-the-art laboratory to instrument code binaries using advanced reverse engineering techniques and investigate the extent to which the security protections can be circumvented. 

You will also participate in R&D projects in the context of mobile software-based security by developing and replicating new attacks, increasing the efficiency of the evaluations, etc. 

Qualifications

Your hard skills 

• Software Security BS degree or higher (MSc, PhD) on Computer Science, or disciplines such as Electronics, Physics or Mathematics, or proven work experience as software security engineer. 

• Good knowledge of mobile platform environments, such as Android, embedded Linux or iOS, and its security principles and related coding languages (Java, C, C++, assembly). You are familiar with technical concepts behind mobile platform technologies, particularly the controller architectures (ARM, x86). 

• Familiar with reverse engineering on binaries and applications, familiar with static and dynamic software reverse engineering analysis tools. 

• Knowledge of techniques, standards and state-of-the-art capabilities for authentication, cryptography, security vulnerabilities and counter measures is highly desired. 

• A willingness to learn in a fast pace changing environment. 

• A keen interest in all aspects of security research and development. 

Your soft skills 

• You can work both individually and together with fellow team members. 

• You never give up, but know when you’ve done enough. Security analysis of mobile applications is like an obstacle race. Successfully finding your way around secure implementations requires perseverance and resourcefulness. 

• You never get tired of learning new concepts and are always up to date with the latest developments and publications. Security is a constantly moving target. You are eager to use your creativity to do new things every day. 

• Security is a complex and challenging field. The key to successfully performing a thorough and adequate security evaluation lies in a good cooperation with your colleagues. You enjoy working in a collaborative manner and getting the best out of a team, keeping in mind your sense of organisation and accountability. 

• Our security evaluations are concluded by writing a detailed evaluation report. Good writing and communication skills in English are essential. 

Additional Information

SGS Brightsight provides a very good training program, from the basics to expert level We offer a supportive work environment that fosters professional growth and development We offer a competitive salary package based on the candidate.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment.