**Position:** Senior Security Engineer - IOT **Job Description:** **Experience:** 2–6 years of relevant experience in system security, embedded systems, and vulnerability assessments. **Key Skills:** + **Firmware Analysis Tools:** Expertise in using firmware analysis tools such as **Ghidra** , **Binwalk** , and **Radare2** for static and dynamic analysis of firmware images. + **Embedded Linux Platforms:** In-depth knowledge of **embedded Linux** , **Yocto** , and **OpenWRT** platforms for secure firmware and OS testing. + **Secure Boot & Firmware Update Mechanisms:** Proficiency in testing **secure boot** processes and **firmware update** mechanisms, ensuring integrity and authenticity. + **OS Hardening & Security Configurations:** Strong understanding of **OS hardening techniques** and security configurations to mitigate threats and enhance system integrity. + **Vulnerability Assessment & CVE Analysis:** Extensive experience with **vulnerability assessment frameworks** and **CVE analysis** , identifying and addressing security vulnerabilities in embedded systems. + **Debugging & Emulation Tools:** Proficient in using **debugging tools** and **emulators** such as **QEMU** to analyze embedded system behavior. + **SBOM & Secure Update Protocols:** Familiarity with **SBOM (Software Bill of Materials)** , patch management, and **secure update protocols** to ensure safe software deployments. + **Firmware Reverse Engineering:** Expertise in performing **reverse engineering** of firmware images to detect vulnerabilities and potential exploits. + **Penetration Testing Frameworks:** Experience using **penetration testing frameworks** like **Metasploit** , **Kali Linux** , and custom tools for system vulnerability testing. + **Custom Test Case Development:** Ability to **develop and execute custom test cases** to simulate real-world attack scenarios and identify potential risks in embedded systems. + **Leadership & Mentoring:** Strong leadership skills with a proven track record of **mentoring junior engineers** and guiding teams in advanced security testing methodologies. + **Technical Writing & Reporting:** Excellent **technical writing skills** , including the ability to produce clear, concise, and detailed reports on security findings and risk assessments. + **Proactive Security Risk Mitigation:** Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices. **Responsibilities:** + **Leadership in Security Testing:** Lead **system-level Vulnerability Assessment and Penetration Testing (VAPT)** for firmware, operating systems, and embedded software, ensuring thorough security evaluations. + **Test Plan Development & Execution:** Develop and implement comprehensive **test plans** for **secure update** and **patch validation** , ensuring security fixes are applied correctly and without introducing new risks. + **Firmware Static & Dynamic Analysis:** Conduct detailed static and dynamic analysis of **firmware images** using tools like **Ghidra** , **Binwalk** , and **Radare2** to identify potential vulnerabilities. + **Secure Boot & Root of Trust Validation:** Validate **secure boot** implementations and **hardware root of trust** to ensure system integrity and protection from malicious code injection. + **OS Hardening & Access Control Testing:** Test **OS hardening configurations** and **secure access control mechanisms** to strengthen system defenses against unauthorized access and exploitation. + **Vulnerability Identification & Classification:** Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as **CVSS** for risk assessment and remediation prioritization. + **Collaboration with Compliance & Engineering:** Work closely with compliance and engineering teams to **prioritize remediation** efforts, ensuring that vulnerabilities are addressed effectively. + **Custom Attack Simulations:** Develop and execute **custom test cases** to simulate **real-world attack scenarios** and evaluate the system's resilience against cyber threats. + **Rollback & Patch Management Testing:** Oversee testing of **rollback** and **patch management** procedures, ensuring that system updates do not compromise security or functionality. + **Mentoring & Knowledge Sharing:** Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes. + **CVE Monitoring & Testing Updates:** Monitor relevant **CVE feeds** , integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection. + **Reporting & Risk Assessments:** Provide detailed **technical reports** and **risk assessments** to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations. + **Regulatory Compliance:** Ensure that all testing activities align with industry **standards** , including **RED 18031** compliance, and adhere to relevant regulatory frameworks. + **Secure Lab Environment Maintenance:** Maintain a **secure lab environment** for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting. **Qualifications & Certifications:** + **Education:** Bachelor's or Master’s degree in **Cybersecurity** , **Embedded Systems** , **Computer Engineering** , or a related field. + **Certifications (Preferred):** + **OSCP** (Offensive Security Certified Professional) + **OSCE** (Offensive Security Certified Expert) + **GXPN** (GIAC Exploit Researcher and Advanced Penetration Tester) + Equivalent certifications in **ethical hacking** , **penetration testing** , or **embedded system security** are also highly valued. + **Industry Standards Familiarity:** Familiarity with security frameworks such as **ISO/IEC 62443** , **RED 18031** , and **IoT security** frameworks. **Why Join Us?** + Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment. + Competitive salary and benefits package. + Career growth opportunities in a fast-paced and dynamic industry. + A strong focus on work-life balance and employee well-being. **Location:** IN-GJ-Ahmedabad, India-Ognaj (eInfochips) **Time Type:** Full time **Job Category:** Engineering Services Arrow Electronics, Inc.'s policy is to provide equal employment opportunities to all qualified employees and applicants without regard to race, color, religion, age, sex, marital status, gender identity or expression, sexual orientation, national origin, disability, citizenship, veran status, genetic information, or any other characteristics protected by applicable state, federal or local laws. Our policy of equal employment opportunity and affirmative action applies to all employment decisions personnel policies and practices, or programs.