Embedded Device Security Consultant - Cheltenham in London

Overview of the Embedded Device Security Consultant role at IOActive, Inc. This is not a remote position and it is expected to report for work at our security lab in Cheltenham, United Kingdom.

What You'll Do

• Perform high-end security evaluations and research for clients, focused on a range of embedded devices.
• Work with team members to deliver high-quality results to IOActive's clients worldwide.
• Investigate possible logical attack scenarios by interpreting code review findings, orienting attack paths, and analyzing test results.
• Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products.
• Create tools to assist in project goals.
• Communicate complex vulnerabilities to both technical and non-technical client staff.
• Perform research on new attack vectors, discover new vulnerabilities, and create new exploitation techniques.
• Evangelize IOActive Labs through blogs, white papers, presentations, etc.
• Support business development efforts through the scoping of engagements.

What You Bring

• Required Technical Skills

• Rapid identification of attack surfaces and entry points using implicit threat modeling techniques.
• Ability to connect and use JTAG/on-chip Debuggers.
• Low-level C code review.
• FreeRTOS, Android, Linux kernel drivers, protocol parsing.
• Sandbox policy review: SELinux/SE Android, seccomp, Linux namespaces, Minijail/Firejail.
• Crypto implementation code reviews, specifically for secure boot and code signing.
• Java, especially Android app side.
• ARM 32- and 64-bit assembly.
• Extensive Git/GitHub experience.
• Wi-Fi/Bluetooth.
• Reverse engineering, specifically firmware.
• Hardware/embedded system hacking.
• Vulnerability assessment and penetration testing.
• Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage.

• Ability to work independently under deadline.
• Rigorous attention to detail and strong analytic skills.
• Ability to write test plans based upon initial impressions and discussions with the team.
• Comfortable navigating large codebases with minimal guidance.
• Excellent command of written and spoken English.
• Comfortable working as part of a multinational and multidisciplinary team.
• Logical and structured approach to projects.
• 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment.

What We Offer

• A chance to work with an industry leader in cyber security.
• Access to world-class technical teams and research.
• A high-energy, collaborative team that values innovation.
• Opportunities for travel.
• Competitive compensation and performance-based incentives.

If this sounds like your kind of challenge, we'd love to hear from you. Let's talk!

Why IOActive

The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focus on security with real-world impact. Join a team committed to making a difference.

IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.