- A minimum of 5 years of work experience in embedded device or related experience with hardware hacking.
- Experience with soldering/desoldering hardware components and extraction of embedded device flash chips.
- Experience with firmware extraction techniques using hardware debugging interfaces such as JTAG, UART, SPI, I2C.
- Experience with firmware extraction, firmware reverse engineering, analysis and identification of security vulnerabilities
- Proficiency with software debugging tools such as, IDA Pro, Ollydbg, or gdb to analyse device software and firmware.
- Proficiency with performing device monitoring and analysis using logic analyzer hardware tools such as Saleae Logic Pro or Open Workbench Logic Sniffer.
- Experience with developing custom shell code to exploit embedded device firmware.
- Experience with intercepting and attacking low power Radio Frequency (RF) communication protocols such as Z-Wave, Zigbee, and BLE; using hardware tools such spectrum analyzer, Software Defined Radio (SDR), and HackRF.
- Experience of testing communication protocols including MQTT, CoAP, 6LowPan, LWM2M etc
- Experience with performing bus spying, tampering, spoofing and injection testing techniques.
- Experience with exploiting side-channel attacks against embedded devices including power, timing, and fault injection techniques using hardware tools.
Ideally, you’ll also have...
- Strong understanding of embedded systems architecture and circuit design
- Proficiency with hardware description languages such as VHDL or Verilog
- Deep understanding of embedded systems architecture and disassembly / assembly of microprocessors code such as ARM, AVR, MIPS, or x86
- Deep understanding and experience of fuzzing techniques to discover and exploit identified vulnerabilities
- Knowledge of attacking cryptographic protocols including Public Key cryptography.
- Understanding of hardware, firmware, IoT communication protocols, network, application, API security and popular attacks vectors against IoT devices.
- An understanding of web-based application vulnerabilities (OWASP Top 10)
- Experience testing mobile application, web application, API and cloud security testing
Call me or email at 408-858-8561or email@example.com.
Job Family Group Name:Product Development
Scheduled Weekly Hours:40