Lead Hardware Security Engineer
Plantweb Test service
Looking for a candidate with strong experience in Hardware Security assessment (secure design and security testing) and is keen on exploring new techniques to secure Emerson products.
Principal Functional Responsibilities:
- Exploring vulnerabilities and attacks in top of the line SoC (System-on-Chip).
- Execute physical attacks (invasive attacks, side-channel attacks, fault attacks, in Side Channel Analysis, Fault Injection -and Perturbation -attacks) and Reverse Engineering.
- Provide the Development teams with effective security inputs on vulnerabilities root-causes, suggest mitigations and preventions, guide for fixes and defense.
- Embedded security research: SCADA/ICS, IIoT hardware security, security mitigations.
- Evaluate and tests new cybersecurity tools and capabilities.
- Manage Test environment setup, configuration, process, procedure definition and documentation.
- Develop security assessment scripts and specify tools relative to specific requirements.
- Perform security assessments and deliver comprehensive reports with specific recommendations.
- Security audits of the architecture, hardware blocks.
- Mentor and coach colleagues in your area of expertise.
• Experience / Skills:
§ Strong knowledge of embedded system: Micro controller and its peripherals, real time operating system (QNX), memory, Trusted Platform Module, Root of Trust / Immutable Identity and HSM (Hardware Security Module).
§ Experience verifying security hardware Crypto, DES / AES.
§ Experience working with UART, SPI, I2C, JTAG, Chip-Whisperer interface.
§ Deep understanding of various hardware security principles, security attacks and associated defense dynamics.
§ Experience in reverse engineering PCBs and components and mitigation techniques.
§ Ability to track the latest security vulnerabilities, Failure isolation or failure analysis in modern chips & processes.
§ Experience with performing physical attacks (power analysis, invasive attacks, side-channel attacks, fault attacks, Side Channel Analysis, Fault Injection -and Perturbation -attacks).
§ Knowledge to utilize hardware-aided security functions.
- Hacker mind-set, learning new knowledge domains quickly, deep technological understanding, ability to identify flaws and vulnerabilities in complex secure systems, suggest mitigations and security guidelines for design and implementation.
- Strong analytical skills and decision-making capabilities.
- Proven verbal and written communications skills to work effectively at all levels of an organization.
§ Experience with hardware design and driver/OS integration beneficial.
§ Experience with embedded systems, low-level board development.
§ Experience with cryptographic libraries (e.g. OpenSSL, LibreSSL, mbed TLS).
- Experience with isolation technologies, such as secure containers / sandboxing at both the system and application levels beneficial.
- Comprehensive understanding of PLC, RTU, IED, PID, HMI, DCS and relevant protocols like HART/ FF/ PROFIBUS/ WiFi / BLE / WirelessHART / PROFINET/ MODBUS / Ethernet IP / OPC UA.
- Deep understanding of industrial automation, hardware security, applied cryptography, threat modeling, vulnerability research.
- Ability to quickly analyze and grasp key concepts in hardware specification documents, academic publications and industry white papers.
- Practical cryptoanalysis, evaluation of weaknesses in crypto-primitives implementation.
- Experience incorporating hardware-based security techniques (Hardware Security modules, TrustZone, Secure Boot, UEFI/BIOS and TPM, etc) into a robust hardware/software system design.
- Working knowledge of IEC 61850.
- Possess collaboration skills and experience of working with internal/external partners.
- Bachelors or Master's degree in Computer / Electronics Engineering or related field with 6-10 years of relevant experience.
- Cybersecurity Certification is preferred.
Emerson places a high value on ensuring that employees have a good work-life balance. We provide access to a competitive benefits package, including the following: medical insurance, group term life and personal accident insurance, as well as an option for voluntary mediclaim for parents and / or in-laws, fitness center, higher education opportunities and parental leave. Employee resource groups, including a very active Diversity and Inclusion committee, ensure that the Emerson values are incorporated into everyday life of our people.
Equal Opportunity Employer
Emerson is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, age, marital status, political affiliation, sexual orientation, gender identity, genetic information, disability or protected veteran status. We are committed to providing a workplace free of any discrimination or harassment.
If you have a disability and are having difficulty accessing or using this website to apply for a position, you can request help by sending an email to [ Link removed ] .
Emerson, a Fortune 500 company with $18.4 billion in sales, more than 20 Innovation, Solutions & Engineering Centers, and 200 manufacturing locations worldwide, is committed to helping employees grow and thrive throughout their careers. We are innovators, question-askers and problem-solvers. We don’t settle for good enough or “This is the way it’s always been done.” Instead, we push ourselves and strive for the “never been done before.”
Our Automation Solutions business enables the greatest use of the world's most valuable resources, ensuring the performance and safety of industries that are the backbone of daily life.
Our Commercial & Residential Solutions business helps ensure human comfort and health, protect food quality and safety, advance energy efficiency and create sustainable infrastructure.
Proportional Integral Derivative (Closed Loop Control)
Supervisory Control And Data Acquisition (Scada)
Universal Asynchronous Receiver/Transmitter
Human Computer Interaction