Embedded Security Expert (Hardware Attacks & Certifications)
Skills
Failure AnalysisEccFipsPost-Quantum CryptographySide-Channel AnalysisSide-Channel MitigationChaos TestingDpaAesChaos EngineeringNistToolingCpaCryptographyFault InjectionCountermeasuresCommon CriteriaGlitchingEmfiLaser InjectionElectromagnetic EmissionsTiming AttacksSecurity TargetSecurity ArchitectureAutomation
About the Role
You will perform side channel analysis and fault injection attacks to identify vulnerabilities in hardware designs. You will design and validate countermeasures against physical attacks at the silicon and firmware levels. You will implement and validate cryptographic modules including classical algorithms and post-quantum schemes. You will guide projects through formal security certification processes (for example Common Criteria, FIPS, NIST). You will develop and improve tooling and automation for security testing and verification, and communicate findings clearly to internal and external stakeholders.
Requirements
- Senior experience in embedded security with understanding of software and silicon intersection
- Deep expertise in at least one domain: physical attacks, side channel analysis, cryptography, or compliance and certification
- Practical experience with glitching (voltage, clock), EMFI or laser injection
- Proficiency in power analysis (DPA/CPA), electromagnetic emissions and timing attacks
- Deep understanding of cryptographic mathematics and implementation pitfalls
- Experience driving certification processes and drafting Security Targets
- System-oriented thinking and ability to communicate complex findings to diverse audiences
- Comfortable contributing in an open source culture
Responsibilities
- Perform side channel analysis and fault injection to identify hardware vulnerabilities
- Design and validate countermeasures against physical attacks at silicon and firmware levels
- Implement and validate cryptographic modules including AES, ECC and post-quantum algorithms
- Lead formal security certification processes such as Common Criteria, FIPS and NIST
- Develop and improve tools for automated security testing and verification
Benefits
- Flexible work arrangements (remote, hybrid or from the office)
- Autonomy and flexibility in how you work
- Public open source impact for your work
- Occasional in-person team meetups in Prague