Senior Device Security Engineer
Luxoft
Krakow, PL
‎4 godz. temu

Responsibilities

Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. Leave your egoat the door when you come to work every day.

These are the behaviors you’ll need for success at Logitech. Inthis role you will be responsible for :

Drive security best practices within the team

Develop and manage build signing with production keys across all product lines

Own and maintain Static code analysis tools, Software composition analysis and other relevant tools for security

Partner with external security firms on pen-testing and other security services

Configure current systems for highest level of security

Continuously monitor systems security as new builds roll off and recommend / drive corrections, as needed

Must have

Expertise in programming languages like Java,C,C++,Kotlin etc

Deep knowledge of PKI namely, ciphers like AES,3DES, hash functions like MD5, SHA-1,2,3,

cryptography like RSA,DSA,ECC

Have worked with signing infrastructure like primekey for signing Android / Linux binaries

Advanced knowledge of creating various device / client certificates with openssl and established

root-of-trust

Have worked on securing device identity with factory key provisioning, device data confidentiality with

enabling disk-encryption, device integrity with secure boot / e-fuse, device attestation support with

keybox, on mobile SOCs like Qualcomm,MediaTek, NxP and others

Configuring security policies on Android for SE-Linux for various applications / services / processes.

Advanced knowledge of Android application sandboxing and secure data sharing between different

apps and services

Have supported all aspects of device security on at least one commercial device

Understand the tradeoff between security and ease-of-use / support

Demonstrable experience with tailoring the security requirements in support of a device's or

company's privacy goals.

Advanced knowledge of revision control and code review tools like git, gerrit and build infrastructure like gradle, maven, jenkins

Nice to have

Security assessment methodologies

Code comprehension in two or more languages (e.g. Java, C / C++,Kotlin)

Developing and running scripts for automated static code analysis and worked with tools like

Klocwork, Coverity etc

Common security flaws in two or more modern tech stacks. For example :

Android mobile applications / frameworks

Linux

Cloud connected Services

Security by design

Threat modelling (e.g. STRIDE, DREAD, etc.)

Securing IOT devices / appliances

Scripting & Automation

Ability to automate common tasks in Python

Device Security Validation

Have taken a device through penetration testing with external security partners

Worked with various stakeholders to mitigate threats found in penetration testing

Continue to drive security post production

Zgłoś tę pracę
checkmark

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Aplikuj
Mój adres email
Klikając przycisk "Kontynuuj", wyrażam zgodę neuvoo na przetwarzanie moich danych i wysyłanie powiadomień e-mailem, zgodnie z zasadami przedstawionymi przez neuvoo. W każdej chwili mogę wycofać moją zgodę lub zrezygnować z subskrypcji.
Kontynuuj
Formularz wniosku