Required skills of a nation-state attacker/defender

I occasionally post interesting job postings from security firms or device makers. I usually avoid all of the US military-focused jobs, things that require secret clearance, etc. But there’s a LOT of military postings, a LOT more than the from the device makers and civilian security firms. Below are a few excerpts from a job posting from a US DOD contractor job description, if you’ve any doubt that firmware-level attacks are a thing or not, and what attack skills and tools are being considered, below job posting is fairly verbose. I really wish I knew how to track similar jobs from all governments, not just from US-based job sites, that would be fascinating to compare different state actors in this way.

OEMs: look at how governments are attacking your hardware, it isn’t just hobbyist hackers having fun on Twitter. Please make more secure hardware.

Excerpt from:


Senior Hardware Exploitation Engineer

Overseeing the reverse-engineering, failure analysis, and vulnerability analysis of hardware to identify exploitation opportunities

Leading the modification of hardware to either enable forensic analysis of the media or to change the functionality of the hardware for other purposes.

Managing a microelectronics exploitation laboratory, consisting of state-of-the-art tools for inspection, imaging; decapsulation, deprocessing, and other activities related to hardware-reverse engineering and exploitation

Directing the enhancement and maintenance of frameworks, processes, design patterns, techniques, tools, and standards for conducting hardware exploitation of digital media

Performing full-scope forensic examinations from the hardware aspect of media.

Employing reverse-engineering tools and methods to determine vulnerabilities of the device for technical exploitation purposes.

Determining how a device boots/initializes, and obtaining a binary that can be used for reverse engineering.

Leading teams and participating in the analysis of embedded platform firmware and operating systems to understand security vulnerabilities associated with various platform communication links

Leveraging knowledge gained through the reverse-engineering and other research techniques to enhance low-level C and assembly applications for embedded ARM platforms that interface directly with platform hardware

Reverse-engineering skills on embedded systems with proprietary operating systems for the express purpose of introducing functionally to an already existing fielded system.

Experience examining a hardware platform to understand the software and hardware interaction of embedded systems.

Experience with embedded system design, communication with peripheral devices at the hardware level, and reverse-engineering of system software.

Experience in Microprocessors/Architectures: ARM, MlPS, RISC, PowerPC, XScale, StrongARM, x86. Familiarity with microprocessor instruction sets is highly-desired.

Experience with the following Operating Systems: VxWorks, Integrity, Embedded Linux, JunOS, Linux, Unix, Windows Embedded. Experience with RTOS is highly-desired.

Experience using the following Hardware Tools and Debuggers: Green Hills Probe, SuperTrace Probe, Slingshot, spectrum analyzer, logic analyzer, JTAG, Agilent Technologies equipment.


Diverse Lynx: seeks PenTester to use CHIPSEC [against Lenovo?]

Lenovo working throug an external pentest firm? Wish I saw more OEMs asking for appropriate job skills.

If you’re thinking about applying, look at some of the reviews for this consulting firm before doing so. Maybe look if Lenovo has a direct position open as well.

Diverse Lynx: Penetration tester
[…]It is also firmware analysis which according to Lenovo is analyzing anything that may be on disk. […] Chipsec needs to be used for this assessment. It’s for UEFI attacks, but it’s fairly automated.[…]





Intel Platform Armoring and Resiliency group seeking senior security researcher

The Platform Armoring and Resiliency SSG/STO/PSI/PAR organization is looking for a senior security researcher. The ideal candidate will be responsible for secure design, development and operation of Intel’s hardware and software products and services. […]


I wonder, is this to fill John’s recently-vacated position? 🙂




HPE seeks senior UEFI developer

Senior UEFI Development Engineer
Job ID 1023806

Strong knowledge in UEFI security or firmware security in general.
Strong knowledge in TPM, Secure Boot, TXT, and RSA.
Knowledge of industry standard technologies including ACPI, USB, SMBIOS, IPMI, Redfish, and PCI express.
8+ years’ experience in firmware or BIOS/UEFI development.
In-depth knowledge of UEFI architecture and development (focused on the EDK2 development environment).