Senior Security Evaluator - Hardware

Delft, Zuid-Holland
Vast
Voltijds

1 maand geleden

Job Description:Overviewis on the forefront of technology innovation, delivering breakthroughs and trusted insights in electronic design, simulation, prototyping, test, manufacturing, and optimization. Our ~15,000 employees create world-class solutions in communications, 5G, automotive, energy, quantum, aerospace, defense, and semiconductor markets for customers in over 100 countries. Learn moreOur culture embraces a bold vision of where technology can take us and a passion for tackling challenging problems with industry-first solutions. We believe that when people feel a sense of belonging, they can be more creative, innovative, and thrive at all points in their careers.At Keysight Technologies, we’re at the forefront of secure product testing and certification, enabling the world’s leading semiconductor and device manufacturers to bring trustworthy, high-assurance technologies to market. Whether it’s payment chips, embedded secure elements, or complex System-on-Chips, our expertise helps customers demonstrate compliance with the most stringent global security standards — from Common Criteria (CC) and EMVCo, to GlobalPlatform, SESIP, and beyond.Our Security Evaluation Lab is a highly skilled, international team of specialists with backgrounds in hardware, software, and embedded security. We combine deep technical expertise with a thorough understanding of certification schemes, helping customers meet both technical robustness and regulatory requirements. We regularly collaborate with certification bodies and other ITSEFs around the world.
Responsibilities

Lead and execute vulnerability analysis and penetration testing campaigns on secure hardware products (e.g., Secure ICs, Secure Sub-Systems in SoCs) in accordance with certification schemes like Common Criteria (PP0084, PP0117) and EMVCo.
Design, plan, and document test strategies and test plans aligned with scheme-specific requirements (e.g., JIL, AVA_VAN.5, EMVCo attack paths).
Perform and guide fault injection (FI) and side-channel analysis (SCA) testing (e.g., laser, EM, voltage, glitching), and analyze collected traces for vulnerability identification.
Conduct in-depth hardware design reviews, including schematics, layout, and countermeasure analysis, to assess resistance against physical and logical attacks.
Analyze and reverse-engineer bootloaders, embedded software, and firmware using Assembly, C/C++, and scripting tools.
Review and assess RTL code (e.g., Verilog, VHDL) to identify potential architectural and implementation-level weaknesses.
Document findings in technical reports and certification deliverables in a clear, structured, and evidence-driven manner, suitable for submission to certification bodies and scheme owners.
Technically lead evaluation teams by assigning tasks, reviewing technical deliverables, and ensuring conformance with certification expectations and project timelines.
Act as a subject-matter expert for hardware-based evaluations, engaging with customers and certification authorities to explain findings and defend evaluation results.
Provide guidance and mentoring to junior colleagues by reviewing their analysis results and offering coaching rooted in certification scheme expectations.
Maintain and share up-to-date knowledge on certification scheme developments, vulnerability classes, and evaluation methodologies relevant to the secure product certification domain.
Translate vulnerability analysis findings into clear and actionable input for the security testing team, aligning results with applicable scheme thresholds and evaluation metrics.

Qualifications

A completed academic degree (BSc/MSc) in Electrical Engineering, Embedded Systems, or Computer Engineering.
At least 5 years of technical, hands-on experience in hardware security evaluations, including:

Security assessments on Smart Cards, Secure ICs, and Secure Sub-Systems in SoC (PP0117).
Leading and performing fault injection and side-channel analysis, including attack potential rating and threshold testing as per JIL or EMVCo requirements.
Deep familiarity with Common Criteria (PP0084, PP0117), JIL hardware attack methods, or EMVCo Security Evaluation Process.
Experience in evaluating bootloaders, embedded code, and proprietary protocols.

Expert-level skills in:

Embedded programming: Assembly, C, C++
Hardware design review: PCB schematics, layout files, protection mechanisms
RTL code analysis: Verilog, VHDL
Working with hardware security lab equipment: oscilloscopes, lasers, EM probes, FI tooling

Strong technical documentation and reporting skills; able to translate complex technical findings into certification-ready reports.
Comfortable working with multidisciplinary teams (hardware, software, crypto, compliance) and interfacing with both technical and scheme-level stakeholders.
Willing to travel occasionally to customer locations or certification authority meetings across Europe, North America, or Asia

***Keysight is an Equal Opportunity Employer.***

Keysight Technologies

Solliciteer