R&D SW expert certification and security expert for payment terminal.

You will work in a team of several security experts with various experience and competences. The team main missions are:

• Interfacing the R&D at the early stage of the product developpment for security support. The R&D entities are located in several countries.
• Ensure the product security certification with the security labs and the security "maintenance" during the product lifetime. The security labs are located in several countries.
• Interfacing the customers and SW team worldwide to support and advice them on security aspects.
• Performing advanced security tests (HW & SW) & audits on the payment devices

Key Responsibilities:

• Software security expert for PCI standards, focus on PCI PTS
• Security and conformity analysis for payment terminals embedded software and payment solutions
  • Security architecture and API design review
  • Chain of Trust audit, information flow validation
  • Attack surface continuous evaluation, vulnerability and risk assessment
  • Incident & CVE analysis and response
• Embedded Software attacks implementation against payment devices
  • Internal security audit and pentesting on embedded communication interfaces
  • Technological watch and innovation on software / hardware attacks
• Security certification of new payment devices:
  • Prepare the security documentation for the Security Lab evaluation.
  • Follow up of security evaluation with the Security Lab.
  • Interact with R&D to answer the Lab requests.

Core Competencies:  

• Embedded Software audit and security, knowledge of Android is a big plus
• PCI SSC standards, knowledge of PCI P2PE is a plus
• Cryptography / PKI architecture
• Payment industry, knowledge of EMV is a plus

​​​​​Note that a equivalent to a master degree or more is the minium education level requested.

A significant security experience in complex environments will be appreciated.