SGS logo

Senior Security Evaluator – Crypto code review

SGS
1 day ago
Full-time
On-site
Delft, 11

JobsCloseBy Editorial Insights

SGS Brightsight is seeking a Senior Security Evaluator to conduct crypto library code reviews for embedded systems, joining a multinational team in Delft. You will apply cryptographic expertise to identify weaknesses in DES, AES, RSA, ECC, HMAC implementations, assess side-channel and fault-injection attack scenarios, and develop sophisticated attack models to support certification decisions. Strong communication is essential: you must convincingly argue findings to developers and certification bodies, and guide colleagues in attack methods. Ideal candidates hold a BSc/MSc/PhD in information security, computer science, electronics, or math, with practical crypto experience and knowledge of post-quantum crypto preferred. Highlight global collaboration, training, and continuous learning in your application, with specific examples of secure implementations and cross-team impact.

Company Description

SGS Brightsight is the world’s largest independent security evaluation lab, with accredited facilities across the globe. Our teams in Delft (The Netherlands), Barcelona and Madrid (Spain), Graz (Austria), Meyreuil (France), Beijing and Shanghai (China), Taipei (Taiwan), Singapore, and the USA are dedicated to helping companies ensure their products comply with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products across various industries, we work at the forefront of security, evaluating products against stringent governmental and private standards. 

At SGS Brightsight, our knowledge-driven environment is powered by professionals from diverse technical backgrounds. We pride ourselves on fostering an open, ambitious, and international atmosphere that values continuous growth. More information about our work can be found at SGS Brightsight: Security Evaluation Lab.

Job Description

Product security is the result of a combination of security provided by hardware and software. In general, security cannot be provided by hardware alone and needs to be complemented by security implemented in software. The smallest details can make the difference between a secure and an insecure product. Careful examination is therefore required to judge the security quality.  

Most of the ICT products for secure applications implement cryptographic operations. During the vulnerability analysis of these products, the code of the crypto library is thoroughly analyzed to identify weaknesses in the implementation of the crypto algorithms with the aim to exploit attacks using advanced techniques such as fault injection or side channel analysis. 

As a crypto library code reviewer, you apply your expertise in secure cryptographic implementations to identify the security mechanisms and to define sophisticated attack scenarios using state-of-the-art attack methods. It is your responsibility to convince product developers of your findings to allow them to improve their cryptographic implementations, and to provide sufficient argumentation to certification schemes why a product is (still) secure. 

Brightsight is looking for enthusiastic cryptography experts with some background in hardware security who are up for this challenge and believe they have the capabilities to perform these assessments.  

You will collaborate in different evaluation teams with experts in different fields: secure coding, secure hardware design, fault injection, side channel, cryptography, evaluation methodology experts, etc., with the goal to assess if the products can be certified.   

During these assessments you will have direct contact with crypto library developers and provide feedback to their solution. Customer meetings are internationally oriented, which involves discussions in different cultural contexts. You will document the findings and argumentation for both the product developer and the approval bodies. You will also support colleagues who are executing in the labs the attack scenarios you have defined. 

Products are changing rapidly as are the attacks applied to these products. Thus, crypto library code reviewers require constant improvement and adaptation to keep on top of what is out in the field and could threaten products you are currently assessing. You will gain significant knowledge on secure product implementation by having access to different vendor solutions. The interaction with many developers around the world is a great experience that will trigger continuous improvement. 

To get up to speed for this position you will participate in the Brightsight training program on Methodology and Technology. You will also join different technical domain groups (e.g. crypto, side channel, etc.) where technical experts meet globally to discuss the state-of-the-art, daily challenges and improvements. You will work in a very international environment and have the opportunity to learn from reviewing and assessing many secure implementations. 

Qualifications

  • We are looking for people with a BSc, MSc or PhD. degree in a technical field (Information Security, Computer Science, Electronics, Mathematics) that have experience with cryptographic implementations and testing for embedded systems. 

  • You must have knowledge in different cryptographic algorithms including DES, AES, RSA, ECC, HMAC and experience with secure implementations. 

  • Demonstrable understanding of Post Quantum Cryptography is preferred.  

  • You must have the ability to understand state-of-the-art attack methods (side channel analysis, fault injections, etc.) to perform the security assessment. 

  • This job also requires that you communicate knowledge convincingly, both orally and in writing, to internal and external entities. 

  • You must be able to guide and support experts in side channel and fault injection attacks by clearly explaining weaknesses in the implementations. 

  • You must have a good knowledge of the English language. 

Additional Information

SGS Brightsight provides a very good training program, from the basics to expert level We offer a supportive work environment that fosters professional growth and development We offer a competitive salary package based on the candidate.

At SGS Brightsight you will:

  • Be part of a multicultural team with highly motivated colleagues from all over the world
  • Work for the recognized global leader in security evaluations
  • Work with all major developers on their latest innovations
  • Enjoy an informal and intellectually challenging work environment.