Job Title

Product Security Test Engineer – China Market

Job Description

Your role:
Key tasks are to assure security robustness, by conducting efficient and effective security assessments on products / services / systems to ensure robustness w.r.t the security features. The security assessor is a subject ma er expert who identifies and helps resolve security issues, and also supports soldering work for hardware product security tests. The position reports to Director Product Security China, and dot-line functionally report to Indian SCoE manager.
 

You're the right fit if:

3+ years of progressive experience in security domain with expertise in any one or more of the following areas:

• AI Security testing

• IoT Security testing

• Bluetooth/Zigbee/Wi-Fi security testing

• Mobile application hacking

• Web application / Web Services security testing

• Infrastructure security testing

• Cloud security assessments

• Automation and integration of security testing

• Good hands-on experience with Security Assessment tools

• Good hands-on experience with embedded devices

• Exposure to Hardware protocols such as JTAG, UART, SPI, I2C, MQTT etc.

• Good understanding of types of Firmware such as RTOS, Full pledged Operating system etc.

• Good Knowledge in reverse engineering the application binaries such as .exe and ELF etc.

• Experience in conducting security assessments and penetration testing on IoT devices

• Should be Proficient in IEEE 802.11 standards (Wi-Fi)

• Knowledge of WPA3, WPA2, and WEP encryption standards

• Familiarity with 802.1X for network access control

• Understanding of VPN protocols (IPSec, L2TP, SSL/TLS)

• Experience in conducting security assessments and penetration testing on Wi-Fi devices

• Experience in conducting security assessments and penetration testing on Bluetooth devices

• Familiarity with tools for Bluetooth security analysis (e.g., BlueZ, Blescanner, Wireshark)

• Understanding of security frameworks for wireless communications (e.g., IEEE 802.15.1)

• Experience on manual exploitation of vulnerabilities, generating the reports, pin-pointing the vulnerabilities and provide detail recommendations on vulnerability exploitation

• Exposure to current security threats, specific to the application security

• *Experience/exposure to programming platforms such as Java /.Net/ C and C++, is an added advantage

• *Should have been involved in end to end application security testing for multiple products / projects / applications with good appreciation for SDLC and test life cycle.

• Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)

• Willing to occasionally travel domestically (Suzhou, Shenyang, Shenzhen) and international (Bangalore, The Netherlands)

• Languages: Mandarin and English 

Note (*): highly recommended but non-mandatory

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.