Offensive Cybersecurity Engineer

Purpose

Inside the penetration testing team of IPS, you will perform pentest and security audits of IDEMIA IPS Products and Programs on a wide variety of scope. You will help ensure that the products and programs of IPS are safe and help the engineering secure their deliveries to customers. Your perimeter of action will help you put your skills to test and grow your experience toward a variety of scopes: mobile apps (Android and iOS), Web apps and API, fat clients (Windows, Linux, macOS), network infrastructure classical or cloud (AWS/Azure), and embedded devices (Linux and proprietary OS).

Key Missions

As an offensive cybersecurity officer, you are executing technical evaluations of products and programs developments. You will identify vulnerabilities and propose remediation actions. You may have to use different types of security assessment depending on the perimeter (pentest, code review, configuration audit, etc.). 

Security audit realization:

• Define pentest and audit strategy
• Execute and document pentest and security audits on different environments 
• Define attack scenario and achieve attacks on targeted environment
• Achieve code review on the targeted components
• Adopt a global vision of the system to pentest/audit
• Collect configuration elements on equipment to review their security configurations 

Perform vulnerability assessment and technical control continuously or automatized:

• Discuss with different teams to evaluate the impacts for the business of detected vulnerabilities
• Redact report containing an analysis and root cause of the vulnerabilities identified; highlight risks and business impacts
• Define recommendation to allow remediating risks associated with identified vulnerabilities.
• Help development and operational team implement technical recommendations

Ensure technical watch:

• Ensure permanent watch on attack scenario, new threats and associated vulnerabilities and on development of new tests contexts
• Develop Tools used for pentest and audits
• Identify new means to detect new breach

Profile & Other Information

• Master embedded pentesting techniques
  • Vulnerability research in binaries e.g. memory manipulation
  • Methodology to pentest an embedded operating system
  • Reverse engineering 
  • Hardware attacks
• Knowledge of web application pentest technique : OWASP methodology
• Knowledge of mobile application pentest technique: Android and iOS
• Operating system intrusion in Linux (embedded or not), windows is a plus
• Network protocol security : capable of performing network attacks
• Applicative layer security
• Scripting
• Technology watch and security trends study
• Synthetic mind with ability to vulgarize to non-technical public
• Good writing skills for different levels of stakeholders
• Passionate by hacking with ethical hacker mindset e.g. participating to CTF, or performing challenges
• Capacity to work as a team
• Rigor
• Autonomy
• Experience: 5 to 10 years in cybersecurity (Experience with embedded security pentesting is a plus)
• Language: French, English