System Security Engineer

Senior Systems Security EngineerLife is Short. Solve Hard Problems with Cool People.Idaho Scientific is the Goldilocks of the spirit and growth of a startup, with a financial footing and safety of a stable corporation. The perks of working at Idaho Scientific include all the benefits you’d expect from an employer who prioritizes a balanced human experience:Competitive PayFlexible Work ScheduleHealth Benefits and InsuranceRetirement fund contributionsProfit SharingGenerous Paid Time Off PolicySolve the Problem, Not the Symptom.Idaho Scientific designs and deploys secure system solutions through novel CPU design, crypto cores, purpose-built system-on-a-chip architectures and hardened operating systems. Our solutions are the foundation for how military systems will remain safe and secure in the conflicts of the future. We need smart people like you to join us in solving hard problems that matter.Position Description.A Senior System Security Engineer (SSE) is a subject matter expert on the topics of anti-tamper, cyber security, and supply chain trust. A successful candidate will possess implementation level details of vulnerabilities and their countermeasures across a wide range of system types including microcontrollers, FPGA based system-on-chip (SoC) systems, and workstation grade single board computers. Idaho Scientific is equally interested in physical and virtual threat vectors.Example Physical threats:Side Channel Analysis against crypto systemsGlitching and fault injectionInvasive and non-invasive chip and circuit card level failure analysis techniquesJTAG and in-circuit debugDirect Memory access and bus protocol exploitationExample Virtual threats:Software exploitationFirmware ExploitationRoot Kits and Boot KitsProtocol exploitationCryptanalysisCPU Side Channel AnalysisRowhammerThe primary responsibility of this candidate is to contribute to the vulnerability analysis and countermeasure selection/design for subsystem and component (circuit card or device level) elements within U.S. weapon systems.What You’ll Get to Do:Evaluate proposed or existing system architectures for reverse engineering and cyber exploitation vulnerabilitiesDocument vulnerabilities in white papers and attack countermeasure analysisRecommend architectural changes to reduce system vulnerabilitiesArchitect system level security design and requirements to address the vulnerabilities enumerated within U.S. weapon systems.Document system design and requirements within a program protection plan and anti-tamper planDevelop Crypto and Key management plansPrepare for, attend, and brief customer and government design review meetingsParticipate in all aspects of the product design life cycle including system architecture, design, development, and verificationDistill complex technical concepts into clear and concise writing to support proposals for new opportunitiesContribute to new product ideas and proposalsAdvise, mentor, and trainStay current with threats, vulnerabilities, countermeasures, hardware and software architectureAdvise and train customers on system vulnerabilities and countermeasures enabling them to design and requirements to secure their architecturesAdvise customers on security and design principles, best practices, and system security engineering processes and approvalsParticipate in industry working groups and provide security recommendations to relevant government and commercial standards, policies, and proceduresParticipate in development and delivery of internal and external training effortsRequired Qualifications & ExperienceUS CitizenshipAbility to get a security clearanceMore than five (5) years of proven past performance in embedded systems security design; preference given to candidates who have experience with US Department of Defense (DoD) embedded systems securityAdvanced knowledge of crypto algorithms, when and how to use each algorithm, vulnerabilities of each algorithm and vulnerabilities inherent to an implementation of each algorithmAdvanced knowledge of attacks and vulnerabilities against hardware and software, as well as an understanding of balancing solutions with acceptable residual vulnerabilitiesAdvanced understanding of computer hardware and software architectures, including being able to clearly articulate how a CPU works, how a FPGA works, how Operating Systems work and how user space application runtime environments workExperience with key generation and key management solutionsFamiliarity with latest research in secure boot services and why additional research is neededDegree in Cryptography, Computer Engineering, Computer Science, Electrical Engineering, Mathematics or related fieldAbility to clearly capture complex technical concepts in writing for both technical and general audiencesStrong analytical and problem-solving skillsMust be highly creative and have experience interfacing directly with external customersPreferred Qualifications & ExperienceActive US Security ClearanceWorking knowledge of applied cryptographyExperience applying principles of cyber security to operational technology and embedded systemsExperience reverse engineering hardware and softwareExperience developing program protection plans for US weapons systemsExperience with software assurance, system integrity, trust strategies, supply chain exploitation methods and countermeasures and/or general vulnerability analysisExperience with CPU design, preferably Intel x86Knowledge of Operating System architecture and design, Linux preferredLocationThe preferred work location is at Idaho Scientific headquarters in Boise, Idaho.Commitment to Diversity.Idaho Scientific is an equal employment opportunity employer. Qualified applicants will not be discriminated against due to race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition including pregnancy, or any protected category prohibited by local, state or federal laws.

#J-18808-Ljbffr