Senior Product Security Analyst - Software

Reports to: Lead Product Security Analyst

Department: Product

Please note: While we are currently hiring for one position within our Product Security team, we are open to considering candidates at both mid and senior levels. This advert reflects a more senior scope, but we welcome applications from strong Product Security Analysts who may not yet meet every requirement at the senior level.

💼 About the role

PQShield is looking for an experienced software security expert with a focus on embedded software to expand our product security team. Candidates should have a degree in Electronic Engineering/Computer Science or equivalent. We hope that you have at least 7 years of experience, but also an open, research-oriented mindset.

We have been established since 2018, so you would be directly working with the founders and inventors of this deep tech startup. This is a great opportunity for career progression and to make an immediate impact in a rapidly expanding segment of the semiconductor industry (Post-Quantum Cryptography and RISC-V).

⚒️ What you’ll be doing

• Build and maintain the fuzzing infrastructure within the company.
• Set up fuzzing tests and maintain coverage of our different pure software and hardware / software co-design IPs.
• Ensure our cryptography implementations do not leak any secret information due to micro-architectural issues.
• Provide feedback to architects and engineers on resistance to micro-architectural attacks.
• Collaborate with engineering to integrate fuzzing and constant-time tests in their continuous-integration flows.
• Conduct research into micro-architectural attack techniques and countermeasures on post-quantum cryptography algorithms.

🎯 Required Skills And Qualifications

• Excellent written and verbal communication skills.
• A commitment to high quality engineering in all areas of their work, including advocating for the best long-term solutions over the easiest or quickest.
• 7+ years of experience working as a vulnerability analyst with a focus on embedded software security.
• Knowledge of micro-architectural effects on different embedded platforms.
• Knowledge of setting up fuzzing campaigns.
• Knowledge of post-quantum cryptography standards.
• Degree in Electrical Engineering, Computer Science or related field.

🖥️ Specific Technologies You Are Confident Using

• Version control using Git.
• Programming languages for embedded platforms such as C and assembly.
• Confidence using tools like Bash, CMake and Makefiles safely and sensibly.
• Simulation tools like QEMU.

👍 Preferred Skills And Qualifications

• Experience architecting, implementing and deploying fuzzing campaigns.
• Experience verifying security properties, and/or cryptographic IPs.
• Knowledge of Industry standard SoC Security Architectures
• Experience working on secure element or smart cards designs.
• Experience using Gitlab CI, or otherwise principles of continuous integration and testing.

🏆Some of the perks of working with us:

• Unparalleled opportunities to learn and accelerated career development.
• A collaborative, team environment with people who truly love what they do.
• Competitive salary and share option scheme.
• Flexible and hybrid working, and a working from home budget.
• Private health insurance for yourself and your family.
• 25 days annual leave (plus bank holidays and two wellness weeks).
• 50% gym membership discount.
• The chance to work with a spirited, smart, and friendly team!