Job Information
Cisco Embedded Security Consultant in Chicago, Illinois
What You'll Do
Cisco is at the forefront of securing today's emerging technologies. You’ll be part of a highly skilled team hunting for critical security vulnerabilities in third party connected devices that will shape our future. Your primary objective will be identifying, exploiting and documenting vulnerabilities in embedded systems and their associated remote services. Targets will include components from connected vehicles, medical devices, and industrial control systems.
You’ll also:
Develop threat models
Review design / architecture documents
Identify and interface with hardware attack vectors. (UART, JTAG, SWD, NVRAM, Flash, USB Peripherals, SD Cards, etc.)
Configure cross-compiler toolchains for obscure targets
Reverse engineer communications protocols
Develop process-specific fuzz testing environments
Reverse engineer firmware targeting ARM & PPC processors
Bus message analysis, instrumentation, and fault injection (e.g. SPI, I2C, USB, CAN, LIN)
Instrument and test communications channels (e.g. Wi-Fi, Bluetooth/BLE, Cellular)
Jailbreak devices (get root)
Write reports which clearly document vulnerabilities and provide context at various levels of detail
Who You'll Work With
You’ll be working with a seasoned group of security consultants each with an average of more than 10 years of experience in offensive security roles. Our team represents a broad skill set including expertise in hardware & software reverse engineering, electrical engineering, cryptography, fault injection, side-channel analysis, hardware glitching and RF communications.
Who You Are
You’re naturally curious about how devices work and how they can be compromised or subverted. You’re a professional who collaborates with colleagues to deliver excellent results. You can communicate and present complex topics to customers clearly. You have a working knowledge of fundamental electronics concepts including passive components and transistors.
Minimum qualifications:
Bachelor’s degree in Computer Science, Computer Engineering, or Electrical Engineering
Fluency in C, C++, ARM assembly, x86 assembly and Python
7 years of professional experience penetration testing
5 years experience reverse engineering software with IDA Pro or Ghidra
3 years experience working with embedded systems
Solid understanding of networking concepts and tools (e.g. nmap, scapy, nessus)
Solid understanding of application security concepts
Extensive knowledge of common threats and vulnerabilities affecting devices
Experience identifying and exploiting security vulnerabilities
Exceptional English communication skills, both oral and written
Desired skills (any of the following are a plus but not required):
OSCP or OSCE certifications
Soldering & SMT rework
Solid understand of secure boot and ARM TrustZone concepts
Familiarity with common electrical test equipment
Oscilloscopes, Logic Analyzers, Bus Protocol Analyzers, Multimeters, Spectrum Analyzers
Comfortable working with SBCs such as the Raspberry Pi or BeagleBone
Intimate knowledge of the Linux kernel
Working knowledge of QNX
Practical experience with Software Defined Radio (SDR)
Reading / capturing electrical schematics (e.g. Altium, KiCad)
Verilog / VHDL and FPGA design
Extensive knowledge of on-board and connectivity protocols
SPI, I2C, CAN, LIN, USB
Bluetooth / BLE
Wi-Fi
3G & 4G Cellular
Practical experience identifying and exploiting side channel attacks
Practical experience circumventing device security using clock/power glitching
Experience evaluating cryptography and protection of sensitive information
Why Cisco
We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren’t afraid to change the way the world works, lives, plays and learns.
We are thought leaders, tech geeks, pop culture aficionados, and we even have a few purple haired rock stars. We celebrate the creativity and diversity that fuels our innovation. We are dreamers and we are doers.
We Are Cisco.
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.