To undertake security evaluation tasks at some of the highest levels in Common Criteria methodology (generally EAL5+) and duties in order to meet customer requirements and project deadlines.
The tasks will include : Working together with the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations Review of Security Targets and Design Verification packages;
Customer code review : because of stringent confidentiality and security requirements, this often necessitates travel to customer premises in Europe and sometimes further afield;
Based on the reviews, a vulnerability analysis has to be carried out, to determine if the customer product has any potential security weaknesses.
Functions such as OS, JavaCard API, OpenPlatform, various applications and product interfaces are typically considered; Support for the security evaluation engineers in charge of product testing by interpreting the review findings, orienting the attack paths and analyzing the test results;
Formal report writing in line with customer and certification scheme requirements; Delivery of customer projects on time;
Contribute to the development of sophisticated, state-of-the-art attacks with tools and scripts by maintaining a high level of expertise in the latest attack methods against embedded products;
To contribute to internal work processes by improving tools for evaluation efficiency, report writing and technical training (especially for Senior roles);
To undertake any ad hoc duties as may be required; Any other duties as defined in the UL Standards of Business Conduct and the Quality Control Manual.