Cybersecurity Offensive Analyst 1

At IDEMIA, we aim to offer our employees, a dynamic and exciting environment where you have opportunities for career growth and professional development.

 

Internal mobility is a great way for you to energize your career and to build your personal brand. It’s also a great way to explore other functions, professions or countries as IDEMIA operates in different businesses and in 50+ locations around the world.

Purpose

We are looking for a Junior Penetration Tester to join our IPS Cybersecurity Pentest team. As a pentester you will perform pentest on Web applications, mobile applications and embedded systems. You will work on IDEMIA PUBLIC SECURITY internal products and services on a wide variety of scope. You will help ensure that the products and services of the group are safe and help the engineering secure their deliveries to customers. Your perimeter of action will help you put your skills to test and grow your experience toward a variety of scopes: mobile apps (Android and iOS), Web apps and API, fat clients (Windows, Linux, macOS), network infrastructure classical or cloud (AWS/Azure), and embedded devices (Linux and proprietary OS). 

Key Missions

As a cybersecurity pentester and auditor, you are executing technical evaluations of complex system environments in the context of R&D products developments and customer delivery programs. You will identify vulnerabilities and propose remediation actions. You may have to use different types of security assessment depending on the perimeter (pentest, code review, configuration audit, etc.) 

• Perform penetration tests on Web applications and APIs 
• Analyze mobile application (Android/iOS) 
• Work on embedded/IoT security pentests (firmware analysis, basic hardware interface exploration) 
• Detect and validate vulnerabilities 
• Document findings clearly and present them into a technical report 
• Collaborate with project teams to help validate fixed 
• Participate at Cybersecurity conferences and CTF 
• Develop internal tools used for pentest 

Profile & Other Information

For this position, we seek a candidate with the following skills set: 

Required technical skills: 

• Knowledge embedded pentesting techniques 

-Vulnerability research in binaries e.g. memory manipulation 

-Methodology to pentest an embedded operating system 

-Reverse engineering  

-Hardware attacks 

• Knowledge of web application pentest technique: 
• Knowledge of mobile application pentest technique: Android and iOS 
• Operating system intrusion in Linux (embedded or not), windows is a plus 
• Network protocol security: capable of performing network attacks 
• Applicative layer security 
• Scripting 
• Technology watch and security trends study 

 

 

Required Soft-skills: 

• Synthetic mind with ability to vulgarize to non-technical public 
• Good writing skills for different levels of stakeholders 
• Passionate by hacking with ethical hacker mindset e.g. participating to CTF, or performing challenges 
• Capacity to work as a team 
• Rigor 
• Autonomy 

Education: Bac +5, Engineering school 

Experience: 0 to 3 years in cybersecurity involving embedded security pentesting 

Language: French, English 

Seize all the opportunities of our fast-paced environment. Expect the unexpected.