Senior/Principal Software Security Analyst (m/f/d) - Fulltime OR Parttime (80%)

Full Job Description

The future starts here! Ready to join the Crypto & Security group at NXP?

We currently have an opening for a senior expert in security assessment of SoC/IC security software architectures, specifications and implementations. You can apply and expand your extensive security knowledge based on your existing experience and your interests to influence new innovative security technologies in NXP’s products and to ensure that NXP’s products achieve best class security.

This role is reporting to the Head of Software Security Assessment within the NXP Crypto & Security group, and is located at the NXP sites in Gratkorn in Austria, Hamburg in Germany, Delft or Eindhoven in the Netherlands or Glasgow in the UK. Other NXP locations may also be considered for the right candidate.

The responsibilities of this exciting, varied role will include

• Software security assessment of SoC/IC security architectures and security scope specifications
• Plan, track and execute process, specification as well as software implementation reviews
• Assessment of software security robustness and effectiveness of security mechanisms
• Lead software security assessment efforts for a product domain, work with key stakeholders to overlook that agreed targets are meet and drive continuous improvements
• Work with engineering teams and security engineers to innovate solutions to security-related problems
• Manage the NXP’s software secure development lifecycle (SSDLC) applied on product developments in order to minimize security risks
• Work on continuous improvements to keep up with state of the art security technologies
• Refine software security best practices to assure and efficient and effective application
• Provide consultation on specific areas of security expertise and on the application of the SSDLC

To ensure your successful performance in this role, the following is desired

• Finished a Bachelor of Science or Master of Science in Electrical Engineering preferred in Security Engineering or Software Engineering
• Have good understanding of embedded software design, programming, documentation and testing
• Have 5+ year experience in the design and development of secure software, focus on embedded systems or complete solutions
• Have detailed experience in the security concept/design, thread analysis, risk/threat modelling and mitigation strategies
• Have professional knowledge of software languages (C, Java, Java Card, Phyton, Ruest)
• Be familiar with "state of the art" software tools, CI/CD, secure software engineering processes, IoT solutions and service (depending on area of expertise)
• Have very good communication skills, are willing to listen and adapt
• Are a team player with strong interpersonal skills, ideally experienced in multicultural and global working environments
• Have a strong security background and understanding of security concepts and principles. Professional knowledge of applying ISO21434 as well as global security certification processes like CC EAL, EMVCo and SESIP would be advantageous