HiringCafe
Posted 3mo ago

Hardware Security and Vulnerability Analyst - Remote (IL, Chicago)

@ EndoSec
View All Jobs
Chicago, Illinois, United States
RemoteFull Time
Responsibilities:Analyze systems, Bypass security, Extract firmware
Requirements Summary:Experience in firmware/data analysis, vulnerability discovery in software, firmware, and hardware; familiarity with debugging, reverse engineering, side-channel analysis, fault injection; remote work; travel up to 20%; eligible for U.S. government security clearance.
Technical Tools Mentioned:C/C++, Python, Assembly, IDA Pro, Ghidra, FPGA, Cryptography, Embedded software, Hardware security, Reverse engineering
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Hardware Security and Vulnerability Analyst - Remote




  • EndoSec LLC,

  • Remote

  • Preferred Skills: C/C++, Python, assembly, IDA Pro, Ghidra, FPGA, cryptography, hardware, embedded software, hardware security, reverse engineering, side channel attacks, fault injection

  • Travel required up to 20%.



Full Time



Must be able to apply for and maintain a U.S. Government Security Clearance




Job Description




The EndoSec Hardware Security and Vulnerability Analyst is responsible for extracting and analyzing firmware and data at rest, identifying vulnerabilities in software, firmware, and hardware, as well as developing proof of concept exploits. The candidate will collaborate with other engineers and security experts to find and exploit security flaws and vulnerabilities within devices and designs as well as to build secure and efficient systems, contributing to our products and services? ongoing security and privacy. This is a remote position.



Key Responsibilities




  1. System Analysis: Analyze systems to understand functionality, failure points, and consequences of failure.

  2. Security Measure Circumvention: Bypass implemented security measures to gain access to sensitive data, including enabling debugging, forging or bypassing signatures, gaining elevated privileges, and simulating environmental and working conditions.

  3. Binary Code Extraction and Analysis: Extract firmware, executables, and other sensitive data from embedded systems and analyze the extracted code for possible vulnerabilities and sensitive data, e.g. passwords, cryptographic keys, etc.

  4. Side-Channel Analysis and Fault Injection: Setup and perform side-channel analysis to recover sensitive data, e.g. cryptographic keys, sensitive plaintext, etc. Setup and perform fault injection attacks to bypass security measures and/or recover sensitive data.

  5. Exploit Development: Develop custom and novel exploits to bypass security measures, recover sensitive data, or gain elevated privileges in embedded systems.

  6. Documentation: Prepare detailed documentation, including physical setups, testing procedures, and user guides, for reproducibility of found results and maintenance.

  7. Continuous Learning: Stay current with the latest advancements in reverse engineering and hardware security to continually refine and enhance skills.