- Embedded C
- Hardware penetration
- Pentesting/product test/VAPT
- Networking
- Architecture, high/low level design and coding in Embedded C. (must have)
- Execution skills regarding defensive/offensive cyber security measures within embedded products
- Hands on experience on cybersecurity elements as cryptography, signing, Secure memory, audit logging, user management and so on.
- Structured, modularized development and testing at all levels for different embedded software components like
- RTOS knowledge (Threadx, Yocto Linux), memory, etc.
- Knowledge on communication drivers and protocols e.g. RS232, RS485, I2C, SPI etc.
- Having good experience and able to work independently on at least few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, HCL AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
- Hands on experience with hardware penetration testing
- Strong experience in performing penetration tests and/or vulnerability assessments on products (IoT devices, PCB hardware), web applications, mobile Applications, Thick client applications and networks.
- Strong knowledge & understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX/Linux), and Scripting languages (Python, Shell)
- Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark, STIG DoD & NIST
- Network protocol knowledge i.e., TCP/IP, UDP, IPSEC, HTTP, HTTPS, DHCP/NTP etc.
- A strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc.
- Main standards and regulations such as: ISA 62443, NIST, ISO 21434, UL WP 29, UL2900, UL MCV 1376
- Knowledge of product security standards and regulations IEC 62443, ETSI etc.
- Understanding of framework elements such as OWASP, NIST CSF, CSA CCM, IoT SF Security
- Knowledge on relevant tools, e.g., MS Threat Modeling, statistical code analysis, security test, code scan
- SW testing tools at unit level preferably
- CPPUnit/Google test.
- Any continuous integration tool. Preferably
- Jenkins.
- Any version control tool. Preferably
- GIT
- Knowledge of scripting languages like Python
- Should have excellent communication skills & experience in stakeholder management
- Should have good business acumen to help management team make business critical decisions
Embedded Penetration Testing - Chennai, India - MaimsD Technology
Description
Position : Embedded Pent Testing
Location : Chennai
Experience : 10+ Yrs
Employment Type : Full Time, Permanent
Working mode : Regular
Notice Period:
Immediate : 15 Days
Mandatory Skills :
Technical Competencies & Experience :
Relevant experience Yrs
Embedded concepts at SW as well HW levels.