The Hardware Security and Vulnerability Analyst will examine embedded systems at the lowest levels to uncover security weaknesses. This position focuses on low-level code analysis, firmware extraction, and reverse engineering to assess how systems behave under attack conditions.
Key Responsibilities
- Investigate hardware and firmware behavior to identify failure modes and potential security impacts.
- Extract and analyze firmware and executable code from embedded devices to locate sensitive data such as passwords or cryptographic keys.
- Disable or circumvent security controls through techniques like debug port activation, signature bypass, and privilege escalation.
- Conduct side-channel analysis to extract secrets such as encryption keys or plaintext data.
- Perform fault injection to disrupt normal operation and test system resilience.
- Create custom exploit methods to demonstrate vulnerabilities in secured environments.
- Document testing setups, procedures, and findings thoroughly to ensure reproducibility.
- Keep pace with emerging techniques in hardware reverse engineering and security research.
Qualifications
Candidates must be eligible to obtain and retain a U.S. Government Security Clearance. Proficiency in C/C++, Python, and assembly language is strongly preferred. Experience with tools such as IDA Pro and Ghidra is valuable. Background in FPGA development, cryptography, embedded software, and hardware security principles is essential.
Knowledge of reverse engineering, side-channel attacks, and fault injection techniques is highly recommended. The role requires up to 20% travel, with remote work supported.
