Senior Offensive Security Engineer - Vulnerability Researcher

Our Video Collaboration products help companies stay connected and can be found in the conference rooms of some of the biggest businesses in the world. We are a small nimble group and we are growing our team. We create amazing experiences in the conference room using creative design, surprising science, and innovation. We love what we do because we are passionate about connecting people and we use the products we create every day to stay connected to our team.

We are looking for a Senior Offensive Security Engineer who can think out of the box and define how to validate product security and continuously invest in making our products more secure..

Ideal candidates can come from many different backgrounds — you may be a software quality engineer who is passionate about security, have already worked in product security teams, or you've had experience working as a security quality consultant.

Product Security goes beyond finding and eliminating security vulnerabilities in our products; we want to stop them occurring in the first place. As a team, we're passionate about root cause analysis; training and awareness; driving security in product road maps; and improving on core frameworks, infrastructure or detection tooling.

• Conduct black-box and white-box security assessment of Android and Linux-based devices
• Identify attack vectors, find and exploit vulnerabilities in applications, system, drivers, kernel, bootloader or pure hardware
• Conduct penetration tests of the various communication interfaces on the device
• Develop testing methodology

• must have performed penetration testing on IoT devices, network appliances or other running Android, Linux or other Linux-based operating systems
• advanced knowledge of penetration testing of communication interfaces like Ethernet, WIFI, BL/BLE, USB
• good understanding of modern operating systems used in the IoT and embedded devices (like Android, Yocto, Linux or RTOS)
• reverse-engineering and binary analysis skills (GDB/IDA/Ghidra/Frida)
• have experience with black-box and white-box fuzzing (AFL++, LibFuzzer, syzkaller or others), setting up sanitizers
• ability to conduct secure code review, leverage static and dynamic analysis tools to find security vulnerabilities in the product
• practical programming skills in C/C++/Java and Python
• knowledge of revision control and code review tools like git, gerrit

• practical knowledge in the field of the network security, cryptography, device attestation
• practical skills in developing own tools for network traffic modification or fuzzing
• good knowledge about existing security mechanisms like Secure Boot, SELinux, Verified Boot
• good knowledge of pentesting web applications and cloud apis
• good knowledge of pentesting Windows applications
• knowledge of security standards and guidelines from NIST/FIPS
• relevant certifications like OSCP/OSCE/GIAC-GSEC
• CVEs

• Competitive salary
• Luxoft Training Center
• Access to e-learning Library
• Individual development plans
• Long-term cooperation with possibility to gain experience in different projects and technologies
• A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)

• Group Life Insurance
• Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
• Medical costs reimbursement for employees (up to certain amount per quarter)
• Travel Insurance
• Benefit Program - Cafeteria and Multisport Card

• Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
• Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
• Convenient locations in a modern offices with game rooms
• Multinational projects for clients all over the world