Embedded Device Security Consultant - Cheltenham
Join to apply for the Embedded Device Security Consultant - Cheltenham role at IOActive, Inc.
Embedded Device Security Consultant - Cheltenham
2 days ago Be among the first 25 applicants
Join to apply for the Embedded Device Security Consultant - Cheltenham role at IOActive, Inc.
OUR MISSION UNITES US
"Making the world a safer and more secure place."
It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.
About IOActive
IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.
This is not a Remote position. This position is expected to report for work at our security lab in Cheltenham, United Kingdom.
Who You Are
Our Embedded Device Security consultants maintain a high level of expertise regarding threats and technical advances in embedded security. This position requires expert knowledge in areas such as C, Java, assembly languages, open platforms, and cryptography. Intellectual curiosity, the ability to navigate ambiguous environments and a bias to action are critical competencies required for success.
What You'll Do
* Perform high-end security evaluations and research for our clients, focused on a range of embedded devices
* Work with other team members to deliver high-quality results to IOActive’s clients throughout the world
* Investigate possible logical attack scenarios by interpreting the code review findings, orienting the attack paths, and analyzing the test results
* Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against embedded products
* Create tools to assist in project goals
* Communicate complex vulnerabilities to both technical and non-technical client staff
* Perform research on new attack vectors, discover new vulnerabilities, create new exploitation techniques
* Evangelize IOActive Labs through blogs, white papers, presentations, etc.
* Support business development efforts through the scoping of engagements
What You Bring
Required Technical Skills
* Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
* Ability to connect and use JTAG/on-chip Debuggers
* Low-level C code review
* FreeRTOS, Android, Linux kernel drivers, protocol parsing
* Sandbox policy review: SELinux/SE Android, seccomp, Linux name spaces, Minijail/Firejail
* Crypto implementation code reviews, specifically for secure boot and code signing
* Java, especially Android app side
* ARM 32- and 64-bit assembly
* Extensive Git/GitHub experience
* Wi-Fi/Bluetooth
* Reverse engineering, specifically firmware
* Hardware/embedded system hacking
* Vulnerability assessment and penetration testing
* Knowledge of security-related topics, such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage
Consulting Skills + Experience
* Ability to work independently under deadline
* Rigorous attention to detail and strong analytic skills
* Ability to write test plans based upon initial impressions and discussions with the team
* Comfortable navigating large codebases with minimal guidance
* Excellent command of written and spoken English
* Comfortable working as part of a multinational and multidisciplinary team
* Logical and structured approach to projects
* 3-5 years or more of relevant work experience in a high-paced, enterprise consulting environment
What We Offer
A chance to work with an industry leader in cyber security
Access to world-class technical teams and research
A high-energy, collaborative team that values innovation
️ Opportunities for travel
Competitive compensation and performance-based incentives
If this sounds like your kind of challenge, we’d love to hear from you. Let’s talk!
Why IOActive
The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focuses on security that has real-world impact. Join a team committed to making a difference.
IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.
Seniority level
* Seniority level
Mid-Senior level
Employment type
* Employment type
Full-time
Job function
* Job function
Information Technology
* Industries
Computer and Network Security
Referrals increase your chances of interviewing at IOActive, Inc. by 2x
Get notified about new Security Consultant jobs in Bishop's Cleeve, England, United Kingdom.
Gloucester, England, United Kingdom 1 week ago
Cyber Security & Information Assurance Consultants
Cyber Security Consultant - Strategy, Engagement & Risk
Knightsbridge, England, United Kingdom 1 week ago
Great Malvern, England, United Kingdom 1 week ago
Stonehouse, England, United Kingdom 4 days ago
Senior Embedded Security Consultant - Cheltenham
Bishop's Cleeve, England, United Kingdom 2 days ago
Gloucester, England, United Kingdom 2 days ago
Gloucester, England, United Kingdom 1 week ago
Infrastructure Business Analyst (DV Security Clearance)
Gloucester, England, United Kingdom 2 weeks ago
Software Security Architect (DV Security Clearance)
Gloucester, England, United Kingdom 1 month ago
Gloucester, England, United Kingdom 6 days ago
Cyber Security Engineer SoC/SIEM (Contract)
Cyber Security Engineer SoC/SIEM (Contract)
Cyber Security Engineer SoC/SIEM (Contract)
Fire & Security Small Works & Service Engineer
Gloucester, England, United Kingdom 2 weeks ago
Gloucester, England, United Kingdom 1 week ago
Sr. Technical Program Manager - Microsoft Security Organziation (MSO)
Gloucester, England, United Kingdom 1 week ago
Linux Infrastructure Engineer (DV Security Clearance)
Gloucester, England, United Kingdom 4 days ago
Senior Software Engineer (National Security)
Openshift Infrastructure Engineer (DV Security Clearance)
Gloucester, England, United Kingdom 4 days ago
Gloucester, England, United Kingdom 2 weeks ago
Site Reliability Engineer (DV Security Clearance)
Gloucester, England, United Kingdom 1 month ago
Software Engineer - Gloucester - National Security
Gloucester, England, United Kingdom 3 months ago
Site Reliability Engineer (DV Security Clearance)
Gloucester, England, United Kingdom 2 weeks ago
Software Engineer – Gloucester – National Security
Gloucester, England, United Kingdom 1 week ago
Software Defined Network Engineer (DV Security Clearance)
Gloucester, England, United Kingdom 2 weeks ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr