Keysight Technologies
jobid=A.0.0313
pOverview /ppKeysight is on the forefront of technology innovation, delivering breakthroughs and trusted insights in electronic design, simulation, prototyping, test, manufacturing, and optimization. Our ~15,000 employees create world-class solutions in communications, 5G, automotive, energy, quantum, aerospace, defense, and semiconductor markets for customers in over 100 countries. Learn more about what we do. /ppOur award-winning culture embraces a bold vision of where technology can take us and a passion for tackling challenging problems with industry-first solutions. We believe that when people feel a sense of belonging, they can be more creative, innovative, and thrive at all points in their careers. /ppResponsibilities /pulliPerform code reviews and structured vulnerability analyses in accordance with formal security certification requirements (e.g., EMVCo, Common Criteria, SESIP, GlobalPlatform). /liliProvide guidance and mentoring to junior colleagues by reviewing their analysis results and offering coaching rooted in certification scheme expectations. /liliMaintain and share up-to-date knowledge on certification scheme developments, vulnerability classes, and evaluation methodologies relevant to the secure product certification domain. /liliTranslate vulnerability analysis findings into clear and actionable input for the security testing team, aligning results with applicable scheme thresholds and evaluation metrics. /liliLead the technical aspects of evaluation projects by coordinating with the project manager and evaluation lead to ensure compliance, technical rigor, and timely delivery. /liliAct as the primary technical contact point for customers, certification bodies, and other ITSEFs, ensuring clear communication and alignment with scheme-specific technical expectations. /li /ulpQualifications /pulliAcademic background (BSc/MSc) in Information Technology, Electrical Engineering, Cybersecurity, or a closely related field. /liliMinimum of 4 years of experience in the security evaluation domain, specifically: /liliProven proficiency in at least two of the following: C, C++, Java Card, Assembly. /liliExperience with secure embedded systems, such as Smart Cards, Secure Elements, System-on-Chips (SoCs), or Trusted Execution Environments. /liliPractical experience with vulnerability classes and test methods relevant to certification schemes: logical attacks, fault injection, and side-channel analysis. /liliDirect involvement in evaluation projects conducted under Common Criteria (EAL4+ or higher), EMVCo, SESIP, or GlobalPlatform schemes. /liliFamiliarity with evaluation frameworks, such as Protection Profiles, Security Targets, Evaluation Reports, and Scheme-specific interpretations (e.g., JIL, EMVCo Guidelines). /liliExperience in software development or certification-oriented testing for embedded platforms, with a focus on compliance and assurance rather than exploratory research. /liliSpecific knowledge of Java Card technology is highly valued: /liliJava Card Virtual Machine and Runtime Environment. /liliJava Card APIs and usage within secure environments. /liliFamiliarity with Java Card Protection Profiles (Open and Closed Configurations). /liliAdvantageous: knowledge of payment product certification, including understanding of compliance deadlines, scheme constraints, and product lifecycle. /liliStrong analytical skills, attention to detail, and a methodical approach aligned with assurance evidence generation. /liliExcellent interpersonal and communication skills; thrives in team environments with diverse stakeholders (technical teams, evaluators, and customers). /liliWillingness to occasionally travel to clients or certification bodies in Europe, North America, or Asia. /li /ul
