We look for the risk-takers, the collaborators, the inspired and the inspirational. We want the people who are brave enough to work at the cutting edge and create solutions that will enrich and improve the lives of people across the globe. So, if you want to make the world say wow, let's talk.

The conversation starts here. If this role matches your ambitions and skillset, let's get started with your application. Take a look at our other open positions too. Our many opportunities can lead to infinite possibilities.

Job profile: Senior Security Researcher

Position Summary

Software Architecture Division (SARD) is looking for a motivated, creative, experienced and hands-on security researcher.

Product security group in SARD has been providing defensive and offensive security testing services since 2012. We do security assessments for different Sony products such as PlayStation, consumer electronics (CE) and professional solutions many of each you can found on the official Sony site.

SARD primarily works on core technologies that are used in Sony products and services as part of Sony India Software Centre located in Bangalore.

We help Sony entities finding vulnerabilities before their products are released to the market by looking at them from a skilled human attacker point of view. We know how the attackers think and what tools they use. Our assessments are 90% manual, but we use different automation techniques (e.g., fuzzers) helping us to identify suspicious areas for future investigations.

Our team found and fixed various security vulnerabilities that could be exploited in PlayStation and several CE devices.

A job position is available to join the team of security researches, which offers an independent evaluation of the security measures in Sony products by attacking and reverse engineering the existing protections.

The team is also responsible for organizing the cumulated knowledge about existing vulnerabilities and potential threats on specific targets.

Auxiliary tools are developed as a part of the execution and automation of the research process.

Finally, the team closely collaborates with colleagues in Sony Brussels Laboratory, who have been providing a wide range of offensive security services inside Sony for the last 10 years.

In general, the following activities are expected to be executed by the new team member:

• Own the project from the beginning to the end – scope clarification with the customer, test plan creation and effort estimations, execution according to the plan, reporting to the customer and follow-up on validation of the fixes
• Hands on security testing/reverse engineering (black/grey/white box depending on the project)
• Perform vulnerability research on a variety of Sony’s embedded devices (mostly ARM based) and windows-based products to identify previously unknown vulnerabilities affecting Sony products
• Perform security source code review (mainly C/C++)
• Development of security assessment tools and PoCs for the identified vulnerabilities
• Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues
• Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
• Being able to create and deliver demos advertising offensive security capabilities of the team to different audience

Job Start and Duration

Job start is ASAP. We are interested in both permanent and temporary contracts. For the temporary type of contract we are interested to keep the hired security researcher longer if we are happy with the performance.

Profile

The candidate needs to have the following profile / experience:

• Experience with reverse engineering tools and techniques,
• Debuggers, decompilers, disassemblers, deobfuscators
• Static and dynamic binary analysis, binary injection
• Packet sniffers
• Solid knowledge and experience in ARM architecture exploitation
• Solid exploitation skills
• Experience in identifying vulnerabilities by source code analysis
• Good understanding of OS internals, security features and ways to bypassing them
• Good C/assembly development skills
• Good writing skills
• Fluent English

Experience in the following topics is desirable:

• Anti-tamper tools and techniques
• Hardware attack vectors
• Malware analysis
• Networking protocols