Thales e-Security is securing the world’s cryptographic infrastructure – the keys, the algorithms, and the business logic. We are safeguarding some of the biggest names in technology, and are securing over 80% of the worlds banking transactions. We are looking for talented Security Engineers who can help us secure our next generation of security products based from Cambridge.|
Our Security Engineers are part of a global team supporting development as subject matter experts in topics such as security architecture, secure coding, cryptography, vulnerability assessment, and security certifications. They collaborate directly with the teams to not only assist in product security, but also to educate and elevate the security maturity of the teams in a manner that will scale.
Security Engineers are involved in every aspect of product development, from "cradle-to-grave" and working at Thales e-Security affords you the opportunity to be involved and influence every stage of the secure product life-cycle.
What you'll do:
- As the security authority on product developments, you will assume an active role in all aspects of the definition, development, deployment, and maintenance of our current, and next generation products:
- You will be embedded amongst software, hardware, and certification engineers to scope, architect, design, and evaluate the security of our products.
- Pragmatically balance security, performance, and compliance to ensure that products are not just secure, but usable for real world use cases.
- Stay abreast of the evolving threat landscape; investigate, prototype, and test mitigations that defend against current and new attack techniques.
- Champion security within the development teams to help them make their implementations more secure.
- As a member of the global Security Office team:
- Act as a security subject matter authority on projects and initiatives;
- Explore security topics that interest you and develop your skills in those areas;
- Advocate and help implement security practices across all domains within Thales e-Security.
- A demonstrated track record of building things, but also a curiosity for the many interesting ways in which things can break:
- A desire for learning and understanding the security discipline;
- Professional experience building products in at least one high-level language;
- Knowledge of how to read (and break) code in languages such as C, C , or Java.
- Understanding of how cryptography is correctly applied in products and protocols to provide capabilities such as authentication, privacy, and integrity.
- Been involved in solving challenging security problems using knowledge and/or skills in one, or more, of the following areas:
- Cryptography & Secure Protocols;
- Threat Modeling;
- Vulnerability Assessments/Penetration Testing;
- Static/Dynamic Code Analysis & Code Reviews;
- Vulnerability Management;
- Secure Development NA oral and written communications skills.
- Collaborated well in a team environment, were sensitive to needs of the teams, and effectively developed relationships across disciplines.
- Smarts, curiosity, humility, and equal willingness to both learn and teach
- Experience with security certification standards, such as FIPS 140-2, Common Criteria, or PCI.
- Utilized software and firmware fuzzing tools to identify security flaws in products.
- Practical experience with web application security technologies, mitigation techniques, and potential pitfalls.
- Experience with virtualization and sandboxing technologies such as VMWare, Xen, Linux Containers (LxC), or VirtualBox.
- Understanding or experience with hardware attack techniques such as physical tampering, counterfeiting, side-channel attacks, or glitching.
To apply please click on the 'Apply' button *LI-CC