Description

SGS Brightsight in Graz is looking for a Senior/Junior Side-Channel Evaluator. The appointed candidate will join a multidisciplinary team to execute penetration tests within security evaluations on state-of-the-art products. Security evaluations include a variety of tests from which the security of products can be assessed. One of the most powerful techniques is known as side-channel analysis (SCA). SCA attacks aim to measure the unintentional information leakage from devices (power consumption, electromagnetic emanations) in order to get access to protected assets such as secret keys. Many types of side-channel attack methods have been developed over recent decades, posing a critical threat for modern secured products. Side-channel security evaluators use a wide range of attack methods to evaluate a product’s security. As part of the team, the appointed candidate will execute SCA tasks ranging from understanding potential vulnerabilities, following procedures and scheme specifications, scripting, performing attacks and reporting the results. Additionally, you will be responsible for maintaining the quality of the pen-test laboratory together with the rest of the team. This job also requires that you communicate doubts, issues and results to internal entities such as the Lead Evaluator, the Project Manager or the Lab Manager, and other evaluators. 

Qualifications

Must: 

• You have a Bachelor’s or Master’s degree in a technical field of study (computer science, telecommunications, electronics, physics, mathematics) 
• You are familiar with electronic laboratory equipment such as oscilloscopes, function generators, logic analyzers, etc. 
• You are familiar with signal treatment and analysis. 
• You have programming skills, preferably in JavaScript or other similar programming language 
• You have English language skills 
• You have attention to detail, are methodical and eager to learn! 

Desirable: 

• Knowledge of side-channel attacks, concepts and techniques 
• Knowledge of the most common cryptographic algorithms (DES, AES, RSA, ECC) and their related attacks and leakage points. 
• Knowledge of payment protocols such as EMVCo, MasterCard, Visa, AMEX... 
• Knowledge/experience of smartcards, HSM, ARM, cryptography Knowledge/experience in source code review and vulnerability analysis 

Additional Info

WHY WORK FOR SGS BRIGHTSIGHT?

SGS Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment

This position will be based at our lab in Graz.   

Company Description

Devices that store secure data require protection on both hardware and software level. Thorough security evaluation on Integrated Circuits, software applications and systems is mandated by industry schemes and organisations, to protect sensitive data. Without certification, security products cannot be launched.

SGS Brightsight offers security evaluations and certificates on behalf of the major payment schemes and industry organisations to ensure the right level of security is obtained. These services are provided to IC manufacturers, (embedded) secure device manufacturers, card suppliers and service providers. SGS Brightsight can assure the turn-round time of product evaluations that the customer needs, because it has the most accreditations from industry organisations, the largest team of security evaluators and the most extensive evaluation equipment. 

SGS Brightsight is the number one independent security lab in the world. We are now based in Delft (The Netherlands), Barcelona and Madrid (Spain), Graz (Austria), Meyreuil (France), Beijing and Shanghai (China), Taipee (Taiwan), Singapore and US. SGS Brightsight is a knowledge-based company. Our international team of experts stay up to date with the latest technologies and requirements to ensure the most reliable and efficient evaluation process possible for our customers. Our ambition is to grow our team to maintain our position as the world’s number one security lab, on both quality and quantity levels.