Company Description
SGS Brightsight is the world’s largest independent security evaluation lab, with accredited facilities across the globe. Our teams in Delft (The Netherlands), Barcelona and Madrid (Spain), Meyreuil (France), Beijing, Shanghai and Guangzhou (China), Singapore, and the USA are dedicated to helping companies ensure their products comply with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products across various industries, we work at the forefront of security, evaluating products against stringent governmental and private standards.
At SGS Brightsight, our knowledge-driven environment is powered by professionals from diverse technical backgrounds. We pride ourselves on fostering an open, ambitious, and international atmosphere that values continuous growth. More information about our work can be found at SGS Brightsight: Security Evaluation Lab.
Job Description
We are seeking a Software Developer to design, develop, and maintain security attack test benches used to evaluate the resilience of software, embedded systems, networks, and connected products against cybersecurity threats. The test systems focus on side-channel analysis, fault injection testing, and security protocol validation for secure products and cryptographic implementations.
Gather the product requirements
The engineer will analyze the existing test bench architecture, interact directly with users (security evaluators and researchers), and translate operational needs into new features and functional requirements.
Develop new features
The developer will translate defined requirements and system specifications into robust, maintainable, and efficient Java code, ensuring proper integration within the existing architecture. This includes extending and modifying system components, integrating new lab instruments into the tool, developing new modules, and delivering features that meet user needs while adhering to established coding standards, software engineering best practices, and quality expectations.
In addition, the developer will use the C programming language to design and implement secure test applications running on the evaluated products or other hardware components.
Validate the product release
The developer will also be responsible for extending, executing and validating tests on the test bench product to ensure that implemented features meet functional, performance, and security requirements.
The developer will create and maintain CI/CD scripts and pipelines to automate build, integration, testing, and deployment processes, ensuring consistent software delivery abd improved reliability.
Document the changes
The developer will also be responsible for documenting system requirements, software architecture, and technical specifications in a clear and structured manner. This includes maintaining up-to-date documentation of the existing test bench architecture, capturing design decisions, and ensuring that newly defined features and functional requirements are properly specified and traceable.
Qualifications
-
Bachelor's or Master's degree in Computer Science, Software Engineering, or related field.
- Proactive attitude with a strong motivation to learn about cybersecurity analysis and attack techniques
- Strong programming skills in:
- Java
- C (for microcontrollers and RTOS)
- Experience with Maven
- Experience building and maintaining Swing-based UI components
- Experience with Windows and Linux-based development environments.
- Experience and motivation to work with protocols and byte-level programming
- Experience with version control systems such as Git.
Desired Skills
Familiarity with penetration testing concepts and vulnerability assessment.
- Knowledge of cybersecurity testing methodologies
- Familiarity with penetration testing concepts and vulnerability assessment.
- Knowledge of secure coding practices and threat modeling.
- Experience working with NetBeans Platform framework
- Experience working with Java Native Interface
- Experience communicating with lab instruments
- Smartcard / NFC knowledge
- Docker, virtualization, or cloud environments.
- Fuzz testing, Fault injection and Side channel attacks implementation
- Working knowledge of common cryptography algorithms such as AES, DES, RSA, SHA, etc.
- Experience working with CUDA/GPU Computing
- Programming skills in:
- Python
- Go or Rust
The field of security evaluation is very broad, constantly on the move, and very exciting. We look forward to welcoming you to our team!