EndoSec LLC

Compensation

Full Description

Hardware Security and Vulnerability Analyst - Remote • EndoSec LLC, • Remote • Preferred Skills: C/C++, Python, assembly, IDA Pro, Ghidra, FPGA, cryptography, hardware, embedded software, hardware security, reverse engineering, side channel attacks, fault injection • Travel required up to 20%. Full Time Must be able to apply for and maintain a U.S. Government Security Clearance Job Description The EndoSec Hardware Security and Vulnerability Analyst is responsible for extracting and analyzing firmware and data at rest, identifying vulnerabilities in software, firmware, and hardware, as well as developing proof of concept exploits. The candidate will collaborate with other engineers and security experts to find and exploit security flaws and vulnerabilities within devices and designs as well as to build secure and efficient systems, contributing to our products and services? ongoing security and privacy. This is a remote position. Key Responsibilities • System Analysis: Analyze systems to understand functionality, failure points, and consequences of failure. • Security Measure Circumvention: Bypass implemented security measures to gain access to sensitive data, including enabling debugging, forging or bypassing signatures, gaining elevated privileges, and simulating environmental and working conditions. • Binary Code Extraction and Analysis: Extract firmware, executables, and other sensitive data from embedded systems and analyze the extracted code for possible vulnerabilities and sensitive data, e.g. passwords, cryptographic keys, etc. • Side-Channel Analysis and Fault Injection: Setup and perform side-channel analysis to recover sensitive data, e.g. cryptographic keys, sensitive plaintext, etc. Setup and perform fault injection attacks to bypass security measures and/or recover sensitive data. • Exploit Development: Develop custom and novel exploits to bypass security measures, recover sensitive data, or gain elevated privileges in embedded systems. • Documentation: Prepare detailed documentation, including physical setups, testing procedures, and user guides, for reproducibility of found results and maintenance. • Continuous Learning: Stay current with the latest advancements in reverse engineering and hardware security to continually refine and enhance skills.