Principal Device Offensive Security Engineer
Location: Remote PolandOur Video Collaboration products help companies stay connected and can be found in the conference rooms of some of the biggest businesses in the world. We are a small nimble group and we are growing our team. We create amazing experiences in the conference room using creative design, surprising science, and innovation. We love what we do because we are passionate about connecting people and we use the products we create every day to stay connected to our team.
We are looking for a Senior Device Security engineer who is interested in working across the entire technology stack; from device hardware, firmware, through mobile applications, communication protocols, and into back-end cloud software and infrastructure. We don't require 'full stack experience', but we do expect you to be a subject matter expert in at least one area.
Ideal candidates can come from many different backgrounds — you may be a software engineer who is passionate about security, a bug bounty researcher, have already worked in product security teams, or you've had experience working as a security consultant.
Product Security goes beyond finding and eliminating security vulnerabilities in our products; we want to stop them occurring in the first place. As a team, we're passionate about root cause analysis; training and awareness; driving security in product road maps; and improving on core frameworks, infrastructure or detection tooling.
RESPONSIBILITIES
Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. Leave your ego at the door when you come to work every day. These are the behaviors you’ll need for success at Project. In this role you will be responsible for:
Lead and mentor the team that will focus on offensive security
Develop plans for testing the various interfaces on the device including hardware and software
Identify best in class tools to accomplish the goals
Continuously improve our abilities to attack a device
Provide leadership in this domain
SKILLS
MUST
Must have performed penetration testing on IOT devices and other appliances running windows, Android, Linux and other operating systems
Deep knowledge of penetration testing of network interfaces like WiFI/Ethernet with tools and processes
Good knowledge of testing BT/BLE interfaces with tools and processes
Must have developed some custom tools and crafted custom messages to inject threats and assess how the device holds up
Good knowledge of the device boot process and how to assess and generate threats that can make the device fail to boot or modify the boot parameters that change the state of the device
Good understanding of modern operating systems Linux, Android, Yocto and what security mechanisms exist in the various components including known vulnerabilities
Advanced knowledge of revision control and code review tools like git, gerrit and build infrastructure like gradle, maven, jenkins
Advanced programming skills in scripting languages, Python, Bash etc
Good knowledge of pentesting cloud apis
Good knowledge of programming languages, C/C++/Java and how to write secure code
Advanced knowledge of cryptography cipher suites, PKI, symmetric and asymmetric cryptography
Good knowledge of how TLS sessions are established, how encryption works and how to protect/secure a network or infrastructure
NICE TO HAVE
Any relevant certifications like Offensive Security Certified Professional (OSCP)
Advanced knowledge of other certifications like FedRAMP, FIPS 140-2, etc and how to qualify the device for compliance
Lead other engineers and mentored them, groomed them and got the best results from the team
- Competitive salary
- Luxoft Training Center
- Access to e-learning Library
- Individual development plans
- Long-term cooperation with possibility to gain experience in different projects and technologies
- A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)
- Group Life Insurance
- Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
- Medical costs reimbursement for employees (up to certain amount per quarter)
- Travel Insurance
- Benefit Program - Cafeteria and Multisport Card
- Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
- Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
- Convenient locations in a modern offices with game rooms
- Multinational projects for clients all over the world
Check out our open roles at career.luxoft.com
and follow us on Facebook!
www.facebook.com/luxoft.poland