Job Overview

einfochips (an arrow company):

einfochips, an arrow company (a $27.9 b, nasdaq listed (arw); ranked on the fortune list), is a leading global provider of product engineering and semiconductor design services. 25+ years of proven track record, with a team of over 2500+ engineers, the team has been instrumental in developing over 500+ products and 40m deployments in 140 countries. company's service offerings include silicon engineering, embedded engineering, hardware engineering & digital engineering services. einfochips services 7 of the top 10 semiconductor companies and is recognized by nasscom, zinnov and gartner as a leading semiconductor service provider.

job description:

experience:

4-9 years of relevant experience in system security, embedded systems, and vulnerability assessments.

key skills:

firmware analysis tools:

• expertise in using firmware analysis tools such as ghidra, binwalk, and radare2 for static and dynamic analysis of firmware images.

embedded linux platforms:

• in-depth knowledge of embedded linux, yocto, and openwrt platforms for secure firmware and os testing.

secure boot & firmware update mechanisms:

• proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity.

os hardening & security configurations:

• strong understanding of os hardening techniques and security configurations to mitigate threats and enhance system integrity.

vulnerability assessment & cve analysis:

• extensive experience with vulnerability assessment frameworks and cve analysis, identifying and addressing security vulnerabilities in embedded systems.

debugging & emulation tools:

• proficient in using debugging tools and emulators such as qemu to analyze embedded system behavior.

sbom & secure update protocols:

• familiarity with sbom (software bill of materials), patch management, and secure update to ensure safe software deployments.
• firmware reverse engineering:
• expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits.
• penetration testing frameworks:
• experience using penetration testing frameworks like metasploit, using distributions like kali linux, and custom tools for system vulnerability testing.
• custom test case development:
• ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems.
• leadership & mentoring:
• strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies.
• technical writing & reporting:
• excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments.
• proactive security risk mitigation:
• proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices.

responsibilities:

• system-level vulnerability assessment and penetration testing (vapt) for firmware, operating systems, and embedded software, ensuring thorough security evaluations.

test plan development & execution:

• develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks.

firmware static & dynamic analysis:

• conduct detailed static and dynamic analysis of firmware images using tools like ghidra, binwalk, and radare2 to identify potential vulnerabilities.

secure boot & root of trust validation:

• validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection.

os hardening & access control testing:

• test os hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation.

vulnerability identification & classification:

• identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as cvss for risk assessment and remediation prioritization.

collaboration with compliance & engineering:

• work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively.

custom attack simulations:

• develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats.

rollback & patch management testing:

• oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality.

mentoring & knowledge sharing:

• mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes.

cve monitoring & testing updates:

• monitor relevant cve feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection.

reporting & risk assessments:

• provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations.

regulatory compliance:

• ensure that all testing activities align with industry standards, including red 18031 compliance, and adhere to relevant regulatory frameworks.

secure lab environment maintenance:

• maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting.

qualifications & certifications:

education:

• bachelor's or master's degree in cybersecurity, embedded systems, computer engineering, or a related field.

certifications (preferred):

• oscp (offensive security certified professional)
• osce (offensive security certified expert)

why join us?

opportunity to work on cutting-edge technologies.

lead a high-performing team in a fast-paced, dynamic environment.

location: ahmedabad

interested candidates can share resume on