SGS Brightsight is the largest independent security evaluation lab in the world, with seven accredited labs worldwide.
SGS Brightsight supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.
We are looking for Software Security Evaluators. We will not only consider skilled individuals with years of experience with software security for mobile devices, but also recent graduates seeking to start a successful professional journey. Above all, we want people who are passionate about software security.
You will be part of a multidisciplinary team of international experts evaluating the security of cutting-edge mobile devices solutions. Some examples of solutions you will be evaluating are mobile payment, content protection and biometric authentication.
You will thoroughly examine the software-based security implementations of mobile and other connected devices. Specifically on platforms such as Android or iOS. This includes analyzing how a given solution works, performing code reviews and executing practical penetration testing to identify potential vulnerabilities. For this, you will work in our state-of-the-art laboratory to instrument code binaries using advanced reverse engineering techniques and investigate the extent to which the security protections can be circumvented.
YOUR HARD SKILLS
Software Security BS degree or higher (MSc, PhD) on Computer Science, or disciplines such as Electronics, Physics or Mathematics, or proven work experience as software security engineer.
- Good knowledge of mobile platform environments, such as Android, embedded Linux or iOS, and its security principles and related coding languages (Java, C, C++, assembly). You are familiar with technical concepts behind mobile platform technologies, particularly the controller architectures (ARM, x86).
- Familiar with reverse engineering on binaries and applications, familiar with static and dynamic software reverse engineering analysis tools.
- Knowledge of techniques, standards and state-of-the-art capabilities for authentication, cryptography, security vulnerabilities and counter measures is highly desired.
- A willingness to learn in a fast pace changing environment.
- A keen interest in all aspects of security research and development.
YOUR SOFT SKILLS
- You can work both individually and together with fellow team members.
- You never give up, but know when you’ve done enough. Security analysis of mobile applications is like an obstacle race. Successfully finding your way around secure implementations requires perseverance and resourcefulness.
- You never get tired of learning new concepts and are always up to date with the latest developments and publications. Security is a constantly moving target. You are eager to use your creativity to do new things every day.
- Security is a complex and challenging field. The key to successfully performing a thorough and adequate security evaluation lies in a good cooperation with your colleagues. You enjoy working in a collaborative manner and getting the best out of a team, keeping in mind your sense of organisation and accountability.
- Our security evaluations are concluded by writing a detailed evaluation report. Good writing and communication skills in English are essential.
Additional Information
WHY WORK FOR SGS BRIGHTSIGHT?
SGS Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.
At SGS Brightsight you will:
- Be part of a multicultural team with highly motivated colleagues from all over the world
- Work for the recognized global leader in security evaluations
- Work with all major developers on their latest innovations
- Enjoy an informal and intellectually challenging work environment
