Role Overview
As a Hardware Security and Vulnerability Analyst, you will conduct in-depth evaluations of hardware and embedded systems to uncover security flaws. Your work will involve extracting and analyzing firmware, reverse engineering code, and developing proof-of-concept exploits to demonstrate potential risks. You'll collaborate with engineering teams to enhance product resilience and ensure robust security controls are effectively implemented.
Key Responsibilities
- Examine hardware systems to determine operational behavior, failure modes, and the impact of potential breaches.
- Defeat existing security protections by enabling debug interfaces, forging or circumventing digital signatures, escalating privileges, and replicating real-world operating environments.
- Retrieve firmware and executable data from embedded devices and analyze them for exploitable flaws or exposed secrets such as passwords and cryptographic keys.
- Conduct side-channel analysis to extract confidential information like encryption keys or plaintext data.
- Implement fault injection methods to disrupt normal operation and bypass security mechanisms.
- Create custom exploits that demonstrate how attackers could compromise system integrity or access protected resources.
- Document test setups, procedures, and results thoroughly to ensure reproducibility and support long-term maintenance.
- Keep pace with emerging techniques in hardware reverse engineering and embedded security to continuously improve assessment methods.
Qualifications
Applicant must be eligible to obtain and retain a U.S. Government Security Clearance.
Preferred skills include: C/C++, Python, assembly language, IDA Pro, Ghidra, FPGA development, cryptography, embedded software, hardware security, reverse engineering, side-channel analysis, and fault injection techniques.
Work Environment
This position supports remote work and may require travel of up to 20% for on-site testing or team collaboration.
