Senior/Principal Software Security Assessor (m/f/d) - Fulltime OR Parttime (80%)

Job Description

The future starts here! Ready to join the Crypto & Security group at NXP?

We currently have an opening for a senior expert in

security assessment

of SoC/IC security software architectures, specifications and implementations. You can apply and expand your extensive security knowledge based on your existing experience and your interests to influence new innovative security technologies in NXP’s products and to ensure that NXP’s products achieve best class security.
This role is reporting to the head of Software Security Assessment within the NXP Crypto & Security group, and is located at the NXP sites in Gratkorn in Austria, Hamburg in Germany, Delft or Eindhoven in the Netherlands or Glasgow in the UK. Other NXP locations may also be considered for the right candidate.

The responsibilities of this exciting, varied role will include
Software security assessment of SoC/IC security architectures and security scope specifications
Plan, track and execute process, specification as well as software implementation reviews
Assessment of software security robustness and effectiveness of security mechanisms
Lead software security assessment efforts for a product domain, work with key stakeholders to overlook that agreed targets are meet and drive continuous improvements
Work with engineering teams and security engineers to innovate solutions to security-related problems
Manage the NXP’s software secure development lifecycle (SSDLC) applied on product developments in order to minimize security risks
Work on continuous improvements to keep up with state of the art security technologies
Refine software security best practices to assure and efficient and effective application
Provide consultation on specific areas of security expertise and on the application of the SSDLC

To ensure your successful performance in this role, the following is desired
Finished a Bachelor of Science or Master of Science in Electrical Engineering preferred in Security Engineering or Software Engineering
Have good understanding of embedded software design, programming, documentation and testing
Have 5+ year experience in the design and development of secure software, focus on embedded systems or complete solutions
Have detailed experience in the security concept/design, thread analysis, risk/threat modelling and mitigation strategies
Have professional knowledge of software languages (C, Java, Java Card, Phyton, Ruest)
Be familiar with "state of the art" software tools, CI/CD, secure software engineering processes, IoT solutions and service (depending on area of expertise)
Have very good communication skills, are willing to listen and adapt
Are a team player with strong interpersonal skills, ideally experienced in multicultural and global working environments
Have a strong security background and understanding of security concepts and principles. Professional knowledge of applying ISO21434 as well as global security certification processes like CC EAL, EMVCo and SESIP would be advantageous