Position Summary
We have an opportunity available for Security Engineer to join us on a 12 month contract basis here at Samsung Research UK.
You will be responsible for Android applications’ security assessment and for their approval and solution development to support B2B business for Samsung Galaxy devices. In particular supporting applications’ approval for government use and, depending upon opportunities, mobile solution development, deployment, provisioning and updates. Expertise is required in the area of concept definition and security requirements for emerging security solutions leveraging Knox mobile software, hardware components on Galaxy devices, and Knox service infrastructure.
Supporting solution development may also involve developing android applications, web services, smart card applications and mobile platform components, collaborating with internal and external stakeholders. You will have an interface role to play between potential partners/customers and internal stakeholders including business and R&D teams across the organisation. You will be responsible for providing expertise in the area of mobile security to address both short and long-term requirements of enterprise customers across the globe.
Role and Responsibilities
1. Producing security assessments and generating evidence reports for Samsung Galaxy applications as per acceptance requirements set by the government agencies. The security assessment task includes testing applications in line with well-known industry standards including: OWASP MASVS testing, threat modelling, tool relating to data flow analysis within the device and to the network; static and dynamic testing using tools such as MobSF, Frida, Jadx, cve-gin-tool and others for application risk assessment. These tasks may also require development of necessary tools for testing and hence development experience with programming languages such as Python is essential.
2. Support Samsung partners and customers to build solutions based on Samsung Knox platform and Knox service infrastructure. This task includes development experience with front-end and back-end and web services using the latest IDE and tool chains.
3. Depending upon needs, support Android and smartcard applications and mobile platform framework development tasks, in particular being responsible for functional specifications, requirements, design documentation along with supporting implementation and deployment, as necessary.
4. Development of tools to enable solution installation, provisioning and approval.
5. Creation of necessary documentation as per requirements to support approval of the solution including solution design and deployment guide documents.
6. Coordination between internal and external stakeholders throughout the process and to support the product roadmap and strategy.
7. Create necessary process documents to share with business stakeholders.
8. Create necessary documents to describe issues encountered in an effective manner to get the right support from development teams.
9. Travel as required, including to attend meetings with customers and partners.
10. Timely provision of written progress reports to management and others, as required.
All work is to be of a professional standard, paying due regard to safety, efficiency, cost effectiveness, time scales and the needs of the company.
Skills and Qualifications
Essential:
11. A degree in Computing and Communications or any related discipline (an equivalent period of industrial experience may be substituted).
12. Experience with application testing using various methods and tools including OWASP MASVS, MobfSF, Frida and tools to conduct static and dynamic testing.
13. Knowledge of various device security attack vectors including apps, browsers, connectivity, device management, networking, local storage. etc.
14. Knowledge of C, C++ and Java programming languages (at least 3 years’ experience). This experience is necessary to understand existing code and write test code to verify security requirements.
15. Experience in development of Java Cryptography Extension (JCE) provider for Android KeyStore.
16. Familiarity with PKI, certificate enrolment, Public Key Cryptography Standards (PKCS #)
17. Documentation skills required for creating high quality technical, process and day-to-day documents including use of MS Word and PowerPoint.
18. A high degree of self-motivation, and a proactive approach to problem resolution.
19. A good level of inter-personal and communication skills.
Desirable:
Experience with
20. Global Platform Card Specification 2.3 and amendments A, C, D, E, F, ISO 7816 smart card standard, NFC and ETSI 102 705 APIs.
21. Experience with the development of smart card-based Android applications including the necessary SDK. Hands-on experience with Javacard API, crypto engines and crypto libraries.
22. Front-end and back-end and Web Services development and hence experience with Javascript, Python and the latest IDE and toolchain is desirable.
23. Defining security concepts, requirements and security architecture.
24. Applying security-by-design principles.
25. Secure mobile platform development.
26. Mobile device security features including device lock and data encryption.
27. Common criteria certification of security-critical software including CC, FIPS, VS-NfD, etc.
Samsung has a strict policy on trade secrets. In applying to Samsung and progressing through the recruitment process, you must not disclose any trade secrets of a previous employer.
*