Description

Our job is to ensure the security functionality and robustness of the hardware and software design within a product. Working as a core member of our Secure Products and Systems team, you will assess the security systems of JavaCard products, i.e., IC hardware, platforms and applets. Based on this knowledge, you will investigate different attack paths and create test plans to be executed on security products. 

You Will:

• Evaluate the implementation security of JavaCard hardware / platform / applets;  
• Analyze the security of devices under test conditions; 
• Identify potential security vulnerabilities of a product and how they could be exploited; 
• Qualitative and quantitative results analysis; 
• Develop test plans;
• Be technical contact point for customers and certification bodies;
• Design test frameworks and new attack methods for future projects. 

Qualifications

• Academic background in disciplines such as computer science, information technology, cybersecurity, microelectronics or physics, or respective practical and proven experience; 
• JavaCard development, testing or analysis background; 
• Knowledge of JavaCard OS, JavaCard Applet and secure ICs;
• At least basic understanding of cryptography and security related implementations and protocols;
• Good coding skills and additional familiarity with languages such as C, C++, Python, Assembly;
• System design knowledge;
• Knowledge of vulnerabilities and attacks related to logical attacks, fault injection, side-channel attacks;
• Knowledge of design documentation and specification of JavaCards is a plus;
• Knowledge of evaluation and certification activities under Common Criteria and / or the technical domain “SmartCards and Similar Devices”, EMVCo, or SESIP is a plus;
• Hands-on experience with OS test tools (e.g. TCK) for ICs and development tools for embedded systems is a plus;

Additional Info

This position will be based at our Cyber Lab in Graz.

Company Description

SGS Brightsight is the world’s largest independent security evaluation lab, with accredited facilities across the globe. Our teams in Delft (The Netherlands), Barcelona and Madrid (Spain), Graz (Austria), Meyreuil (France), Beijing and Shanghai (China), Singapore, and the USA are dedicated to helping companies ensure their products comply with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products across various industries, we work at the forefront of security, evaluating products against stringent governmental and private standards. 

At SGS Brightsight, our knowledge-driven environment is powered by professionals from diverse technical backgrounds. We pride ourselves on fostering an open, ambitious, and international atmosphere that values continuous growth. More information about our work can be found at SGS Brightsight: Brightsight: Your Trusted Cybersecurity Evaluation Lab and Certification Body.