IoT Security Researcher
Description
The IoT Security Researcher is responsible for discovering, evaluating and exploiting vulnerabilities in embedded systems, including consumer electronics, networking gear, or similar components. Candidates should have experience in auditing firmware, reverse engineering binaries, and developing exploits for various architectures. We are looking for senior researchers with multiple years of professional VR experience in relevant areas, however exceptions are considered for outstanding candidates.
We offer:
Full-remote work with flexible working hours and/or great office locations in Copenhagen and Barcelona
An opportunity to work as part of a small but experienced team in a researcher focused company
Learning and conference compensation
Competitive salary and bonus scheme
Social and professional team events
If you are interested in this position you may apply by sharing your resume with us via email at careers@safateam.com
Required Skills
- Understanding of MIPS, ARMv7/v8, and common embedded systems architectures.
- Proficiency in reverse engineering firmware with IDA Pro, Ghidra, or Binary Ninja.
- Experience finding and exploiting memory corruption or logic flaws in C, C++ and native code.
- Skill in leveraging common hardware debug and serial interfaces for software analysis.
- Competency in C and Python for creating research tools and scripts.
- Effective collaboration within a distributed, multi-cultural international team.
- Skill in dissecting undocumented software systems and opaque proprietary protocols.
Preferred Skills
- Proven expertise in the identification and exploitation of vulnerabilities in networking gear and connected devices; Bug Bounty or Pwn2Own success is an advantage
- Experience in the engineering of robust, reliable exploits
- Proficiency with emulation frameworks such as QEMU or Unicorn to facilitate the analysis.
- Experience with coverage-guided fuzzing tools such as AFL and variants.
- Experience analyzing custom kernel drivers.
- Ability to quickly master new technologies, scripting languages, and non-standard software stacks.
If you are interested in this position you may apply by sharing your resume with us via email at careers@safateam.com
Download Public KeyOther Positions
IT Operations Lead
The IT Systems Operation Lead is responsible for designing, implementing and administering the internal infrastructure and IT services that support our research and development and business practices.
Android Kernel Researcher
The Android Kernel Researcher is responsible for discovering, evaluating and exploiting vulnerabilities in the kernel of the Android operating system.
Windows Kernel Researcher
The Windows Kernel Researcher is responsible for discovering, evaluating and exploiting vulnerabilities in the kernel of the Windows operating system.
About SAFA
SAFA's progressive approach to cybersecurity means we’re not content to see clients protected in the present; we strive to keep them ahead of developing cyber threats. Our in-house research and advanced technologies let you see what’s coming and proactively adapt.
Your organization should be able to operate and grow without constant fear of cybercrime. SAFA is here to help you safeguard it with foresight and confidence now and into the future.
SAFA let's you see the future of cybersecurity
Our progressive combination of in-house research and advanced tools keeps you confidently protected from threats now and in times ahead.
Innovation
SAFA strives to push the boundaries of what's possible in the fight against cyberthreats. Our researchers are continually investigating innovative new technologies and methodologies to provide clients with the best defensive capabilities in the industry.
Collaboration
Adapting to changing cyber threats requires collective effort and shared knowledge. Our clients and partners are an integral part of SAFA's ongoing efforts to improve, and we foster open collaboration to benefit all.
Integrity
SAFA adheres to the highest standards of responsibility and accountability in the cybersecurity industry. Through transparency and communication, clients can be sure we're serving their best interests at all points.