Job Description

:
The candidate needs to have the following profile / experience:

• Experience with reverse engineering tools and techniques:

• Debuggers, decompilers, disassemblers, deobfuscators
• Static and dynamic binary analysis, binary injection
• Packet sniffers
• Solid knowledge and experience in ARM architecture exploitation.
• Solid experience in platform security, good understanding of OS internals & security features, bypassing SELinux controls, attacking secure boot sequence.
• Good C/assembly development skills
• Good understanding of security architecture of Linux, Android/iOS OS
• Good knowledge of networking protocols, Cryptography (RSA, SHA, AES, ...), trusted execution environment, hardware security, etc.
• Experience in identifying vulnerabilities by source code analysis.
• Good writing skills to provide clear vulnerability reports and assist the developer to fix the vulnerabilities.
• Conduct penetration tests on web applications, mobile applications, and embedded systems to identify security vulnerabilities.

Experience in the following topics is desirable:

• Anti-tamper tools and techniques
• Hardware attack vectors
• Malware analysis
• Networking protocols

Department:
Account_Core_Technologies_Product_Security
Skills Required:
Offensive Security, Application security testing, Penetration Testing
Role:
Activities are expected to be executed by the new team member,

• Own the project from the beginning to the end - scope clarification with the customer, test plan creation and effort estimations, execution according to the plan, reporting to the customer and follow-up on validation of the fixes
• Hands on security testing/reverse engineering (black/grey/white box depending on the project)
• Perform vulnerability research on a variety of Sony's embedded devices (mostly ARM based) and windows-based products to identify previously unknown vulnerabilities affecting Sony products
• Perform security source code review (mainly C/C++)
• Development of security assessment tools and PoCs for the identified vulnerabilities
• Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues
• Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
• Being able to create and deliver demos advertising offensive security capabilities of the team to different audience

Years Of Exp:
4 to 6 Years
Education/Qualification:
BE - Computer Science, Security
Designation:
Product Security Engineer (G4)