SuperMicro seeks PenTester with CHIPSEC skills

It is rare to see a vendor mention “CHIPSEC” in a job posting, maybe once a quarter. Most recent one is SuperMicro.

Supermicro is looking for a Software QA Engineer focusing on Security Penetration Testers with either Firmware, Network and/or Web Application penetration testing experience. You will have to be creative and come with original ideas to build infrastructure for automation and figure out on how to break the software & firmware. […]

https://jobs.supermicro.com/job/San-Jose-Software-QA-Engineer-Cali/638885500/

Intel seeks Security Researcher

[Reminder: I occasionally post interesting-sounding job postings for firmware security researchers and/or developers, using a tag of ‘job-posting’.]

Intel Security Center of Excellence’s goal is to be a prominent leader in the industry to assure security in computing platforms by conducting advanced security research. If you are a seasoned threat, vulnerability and exploit research expert who craves for tons of fun and pride in raising the security bar for ubiquitous computing systems, we would like you to join us as a proud member of Intel’s Advanced Security Research Team. Through your deep vulnerability analysis and mitigation development expertise, you will influence the security of a variety of Hardware, Firmware, Software & Systems spanning a range of products including Devices, Cloud, Auto, IOT, AI, VR, Drones, and Networks. Intel’s Product Assurance & Security team is chartered with building & maintaining customer trust through unparalleled security, privacy & assurance of Intel products. This team drives security & assurance governance, identifies emerging threats, secures existing products through mitigations and defines & initiates future security innovations for Intel products.

https://jobs.intel.com/ShowJob/Id/1658098/Security%20Researcher

Microsoft seeks Director Firmware Development

The Cloud Server Infrastructure Firmware Development (CSI-FW) team is responsible for server hardware definition, design and development of Server and Rack Infrastructure engineering for Microsoft’s online services. We are seeking a Director for our Firmware Development team. In this role it will be your job to help the firmware development team deliver on its product roadmap and strategy. You are also expected to educate and grow the software engineers on your team as well as help teach the engineers across our organization to see the vision you help us create. The candidate should have strong coding skills, debugging and troubleshooting abilities, with experience in leading and driver development in either Linux Kernel or Windows Kernel. The successful candidate should have experience with some or all of the following: firmware development, driver development, Windows OS development, yocto, UEFI, network sockets, platform initialization, Board Support Packages, peripherals interfaces such as PCIe, I2C, eMMC, SPI, USB, UARTs. OS primitives, memory management, scheduling, interrupts requests, threading and synchronization.

https://careers.microsoft.com/us/en/job/577536/Director-Firmware-Development

Dynetics: seeks Weapons System Analysis, Hardware and Embedded Firmware

This is new kind of role for the new cyberwar era. I wish Consumer Reports was doing likewise for consumer devices.

Weapon System Analysis – Hardware and Embedded Firmware

Job responsibilities/focus areas include:

Embedded hardware and firmware characterization and vulnerability analysis of foreign weapon systems including missiles and radars.

https://careers.dynetics.com/job-view.php?p=4920

SAIC seeks Computer Hardware Reverse Engineer

Re:  https://firmwaresecurity.com/2018/07/27/required-skills-of-a-nation-state-attacker-defender/ here’s a similar post:

– Conducting initial analysis of traditional and non-traditional systems in support of HQ US Cyber Command.
– Conducting technical exploitation and examination of high-priority digital media to include reverse-engineering, failure analysis, and vulnerability analysis of hardware to identify exploitation opportunities.
– Modifying hardware to either enable forensic analysis of the media or to change the functionality of the hardware for other purposes.
– Performing inspection, imaging, decapsulation, deprocessing, and other activities related to hardware reverse-engineering and exploitation in a state-of-the-art microelectronics exploitation laboratory.
– Enhancing and maintaining frameworks, processes, design patterns, techniques, tools, and standards for conducting hardware exploitation of digital media.
– Keeping abreast of and reporting on scientific, engineering, and operational advances in hardware exploitation.
– Performing full-scope forensic examinations from the hardware aspect of media.
– Using reverse engineering tools and methods to determine vulnerabilities of the device for technical exploitation purposes.
– Determining how a device boots/initializes, and obtaining a binary that can be used for reverse-engineering.
– Identifying the function that responds to network connections requests; understanding internal communications mechanisms; outlining the general structure of the system software; and determining how system state is altered/saved.
– Leading teams and participating in the analysis of embedded platform firmware and operating systems to understand security vulnerabilities associated with various platform communication links.
– Creating and executing test plans to ensure all requirements of developed capabilities are fully- satisfied.
– Using knowledge gained through the application of reverse-engineering and other research techniques, design and develop low-level C and assembly applications for embedded ARM platforms that interface directly with platform hardware.

– Assembly language and C/C++ programming experience; solid understanding of programming language and operating system concepts.
– Reverse- engineering skills for embedded systems with proprietary operating systems
– Experience examining a hardware platform to understand the software and hardware interaction of embedded systems.
– Experience applying knowledge of C and Assembler software development for embedded platforms that run commercial and/or custom operating systems.
– Experience with embedded system design, communication with peripheral devices at the hardware level, and reverse- engineering of system software.
– Experience scripting with the following Languages: shell, Perl, Python or the like.
– Experience with the following in Microprocessors/Architectures: ARM, MIPS, RISC, PowerPC, XScale, StrongARM, x86.
– Familiarity with microprocessor instruction sets is highly-desired.
– Experience with the following Operating Systems: VxWorks, Integrity, Embedded Linux, JunOS, Linux, Unix, Windows Embedded.
– Experience with RTOS is highly-desired.
– Experience with the following IDEs: Tornado, Workbench, VxSim, MULTI, TimeMachine, TraceEdge.
– Experience with the following Hardware Tools and Debuggers: Green Hills, Probe, SuperTrace Probe, Slingshot, spectrum analyzer, logic analyzer, JTAG, Agilent Technologies equipment.
– Experience with the following Software Tools and Debuggers: Wireshark, IDA Pro, OIlyDbg, pcap, gdb, make, hex editor.

https://jobs.saic.com/job/Huntsville-Computer-Hardware-Reverse-Engineer-Huntsville-Job-AL-35801/509680000/

Intel seeks Security Researcher

Responsible for secure design, development and operation of Intel’s hardware and software products and services. Responsibilities may include threat assessments, design of security components, and vulnerability assessment.
4+ years of experience in the field of system security research and exploring software and hardware techniques as a method of attack against targets within compute systems.
In-depth experience with security threats, vulnerability research, physical attack techniques (power analysis, fault injection, reverse engineering, etc.), side-channel attack methods.
Knowledge of security technologies: authentication, cryptography, secure protocol, etc.
Knowledge of computer architecture CPU, SoC, chipsets, BIOS, Firmware, Drivers, and others

https://jobs.intel.com/ShowJob/Id/1826346/Security%20Researcher

Amazon.com seeks Hardware Security Engineer

[…]AWS Security is looking for an experienced Senior Security Engineer, specializing in hardware technologies[…]
— IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security)
— Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
— x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot)
— Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc)
— PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)
— hardware cryptography (certificates, attestation, TPM/HSM)
— embedded/IoT solution design and security considerations

https://us-amazon.icims.com/jobs/679222/hardware-security-engineer/job

Facebook seeks Silicon Security Architect

Facebook Reality Labs, or FRL, focuses on delivering Facebook’s vision through Augmented Reality (AR). Compute power requirements of Augmented Reality require custom silicon. Facebook Silicon team is driving the state of the art forward with breakthrough work in computer vision, machine learning, mixed reality, graphics, displays, sensors, and new ways to map the human body. Our chips will enable AR devices where our real and virtual world will mix and match throughout the day. We believe the only way to achieve our goals is to look at the entire stack, from transistor, through architecture, to firmware, and algorithms. We are looking for a Security Architect who will work with a world-class group of researchers and engineers.[…]
* Drive a silicon security architecture that includes functions from secure boot, to encryption, to protection to device authentication.
[…]

https://www.facebook.com/careers/jobs/289123918543829/?ref=a8lA00000004CJ6IAM

Dell seeks Vulnerability Researcher

The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business.

Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware

Developing and maintaining tools to assist in vulnerability research and exploit development

5+ years direct or equivalent experience in areas of vulnerability research, exploit development, reverse engineering and fuzzing

https://jobs.dell.com/job/-/-/375/9088745

Required skills of a nation-state attacker/defender

I occasionally post interesting job postings from security firms or device makers. I usually avoid all of the US military-focused jobs, things that require secret clearance, etc. But there’s a LOT of military postings, a LOT more than the from the device makers and civilian security firms. Below are a few excerpts from a job posting from a US DOD contractor job description, if you’ve any doubt that firmware-level attacks are a thing or not, and what attack skills and tools are being considered, below job posting is fairly verbose. I really wish I knew how to track similar jobs from all governments, not just from US-based job sites, that would be fascinating to compare different state actors in this way.

OEMs: look at how governments are attacking your hardware, it isn’t just hobbyist hackers having fun on Twitter. Please make more secure hardware.

Excerpt from:

https://engility.taleo.net/careersection/ex/jobdetail.ftl?job=1811575&src=JB-10182

Senior Hardware Exploitation Engineer

Overseeing the reverse-engineering, failure analysis, and vulnerability analysis of hardware to identify exploitation opportunities

Leading the modification of hardware to either enable forensic analysis of the media or to change the functionality of the hardware for other purposes.

Managing a microelectronics exploitation laboratory, consisting of state-of-the-art tools for inspection, imaging; decapsulation, deprocessing, and other activities related to hardware-reverse engineering and exploitation

Directing the enhancement and maintenance of frameworks, processes, design patterns, techniques, tools, and standards for conducting hardware exploitation of digital media

Performing full-scope forensic examinations from the hardware aspect of media.

Employing reverse-engineering tools and methods to determine vulnerabilities of the device for technical exploitation purposes.

Determining how a device boots/initializes, and obtaining a binary that can be used for reverse engineering.

Leading teams and participating in the analysis of embedded platform firmware and operating systems to understand security vulnerabilities associated with various platform communication links

Leveraging knowledge gained through the reverse-engineering and other research techniques to enhance low-level C and assembly applications for embedded ARM platforms that interface directly with platform hardware

Reverse-engineering skills on embedded systems with proprietary operating systems for the express purpose of introducing functionally to an already existing fielded system.

Experience examining a hardware platform to understand the software and hardware interaction of embedded systems.

Experience with embedded system design, communication with peripheral devices at the hardware level, and reverse-engineering of system software.

Experience in Microprocessors/Architectures: ARM, MlPS, RISC, PowerPC, XScale, StrongARM, x86. Familiarity with microprocessor instruction sets is highly-desired.

Experience with the following Operating Systems: VxWorks, Integrity, Embedded Linux, JunOS, Linux, Unix, Windows Embedded. Experience with RTOS is highly-desired.

Experience using the following Hardware Tools and Debuggers: Green Hills Probe, SuperTrace Probe, Slingshot, spectrum analyzer, logic analyzer, JTAG, Agilent Technologies equipment.

Diverse Lynx: seeks PenTester to use CHIPSEC [against Lenovo?]

Lenovo working throug an external pentest firm? Wish I saw more OEMs asking for appropriate job skills.

If you’re thinking about applying, look at some of the reviews for this consulting firm before doing so. Maybe look if Lenovo has a direct position open as well.

Diverse Lynx: Penetration tester
[…]It is also firmware analysis which according to Lenovo is analyzing anything that may be on disk. […] Chipsec needs to be used for this assessment. It’s for UEFI attacks, but it’s fairly automated.[…]

https://www2.jobdiva.com/candidates/myjobs/openjob_outside.jsp?id=10760288

https://www.diverselynx.com/

 

Intel Platform Armoring and Resiliency group seeking senior security researcher

The Platform Armoring and Resiliency SSG/STO/PSI/PAR organization is looking for a senior security researcher. The ideal candidate will be responsible for secure design, development and operation of Intel’s hardware and software products and services. […]

https://jobs.intel.com/ShowJob/Id/1605323/Security%20Researcher

I wonder, is this to fill John’s recently-vacated position? 🙂

 

 

HPE seeks senior UEFI developer

Senior UEFI Development Engineer
Job ID 1023806

Strong knowledge in UEFI security or firmware security in general.
Strong knowledge in TPM, Secure Boot, TXT, and RSA.
Knowledge of industry standard technologies including ACPI, USB, SMBIOS, IPMI, Redfish, and PCI express.
8+ years’ experience in firmware or BIOS/UEFI development.
In-depth knowledge of UEFI architecture and development (focused on the EDK2 development environment).

https://careers.hpe.com/job/-/-/3545/7942722

Intel seeks BIOS/UEFI Tools Developer

BIOS-UEFI Firmware Tools Engineer

As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]

https://jobs.intel.com/ShowJob/Id/1573600/BIOS%20UEFI%20Firmware%20Tools%20Engineer

PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(

PS: Intel HR: spaces in URLs is generally frowned upon.

 

Amazon [Snowball] seeks Senior Hardware Security Engineer

Sr. Hardware Security Engineer

AWS Security is looking for an experienced Senior Security Engineer, specializing in hardware technologies, to help ensure AWS services are designed and implemented to the highest possible security standards. You will be responsible for supporting AWS service teams in the secure design of services, including customer-facing services with hardware components such as AWS Snowball. As the primary technical and strategic advocate for a variety of AWS-wide security initiatives, you will help internal and external partners to design from the beginning with security in mind.This is not an entry-level position, and a confident understanding of hardware/firmware security and the ability to collaborate with other leaders across the industry are essential to success in this role.
[…]
* Demonstrate *exceptional* judgment, integrity, business acumen, and communication skills
* Minimum 4 years of experience with two or more of the following categories:
— IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security)
— Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
— x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot)
— Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc)
— PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)

https://us-amazon.icims.com/jobs/626253/sr.-hardware-security-engineer/job

See-also:

AWS Snowball:
https://aws.amazon.com/snowball/