Description
PA Device Security Evaluator is involved with cybersecurity evaluations of payment devices to various Payment Card Industry (PCI) requirements including:
- PIN Transaction Security (PTS) Point of Interaction (POI)
- PIN Transaction Security (PTS) Hardware Security Module (HSM)
- Software-based PIN Entry on COTS (SPoC)
- Contactless Payments on COTS (CPoC)
- Mobile Payments on COTS (MPoC)
Evaluations can include the following types of assessments:
- Physical device security
- Tamper detection mechanisms (e.g., the electrical/electronic components)
- Side-channel analysis
- Secure boot
- Cryptographic key management
- Source-code review
- Firmware/OS hardening
- Secure software development lifecycle
- Malformed input (i.e., fuzzing)
- Vulnerability assessment and penetration testing
- Reverse engineering
- Mobile application testing (e.g., OWASP MASVS/MSTG)
- Policy, process, and procedure review
It is expected that a candidate will have expertise in a few of the above areas with at least an interest in the remaining areas. Skills in the remaining areas can be gained through on-the-job training.
Device security analysis and assessments can require the use or knowledge of:
- Standard hand tools
- Drilling and rotary tools
- Soldering
- Heat and solvents
- Electronic circuits
- PCB design
- File formats
- Communication protocols
- Secure coding and common weaknesses
- iOS and Android application protections
The work is being done on client devices and as such, communicating the results of testing is necessary and done through technical reports. In order to produce high quality reports, the following is needed:
- Attention to detail including consistency and completeness
- Ability to communicate effectively in English
- Good use of figures, images, and tables
- Effective use of the Office suite (Word and Excel in particular)
Additional skills that are sought in a candidate include:
- Communicating and working effectively within a small team
- Communicating with clients
- Being able to work in a shared lab environment
- Being able to work independently
- Being able to identify and understand limitations in tests
- Being able to come up with new test plans or improvements on existing test plans
For this position, work is mainly in the office with potential for on-site client visits. In addition to the assessment work, there will be opportunities to develop and deliver training and consulting to clients, which could be done virtually or on-site. While the position is for the Payment Assurance area of the company, work in other related areas of the company (e.g., IoT security) may be assigned as needed.
The work requires a mixture of hardware, software (firmware/OS level), and communications knowledge. A post-secondary degree or diploma, or equivalent work experience is needed for this position. Candidates should already have or be eligible to obtain a Government of Canada SECRET level clearance (e.g., 10 years verifiable history).
This position outline is a general guideline and does not represent all encompassing details. The position assumes that the incumbent has both the mental and physical requirements to carry out the above defined duties.
We Value Diversity
Intertek's network of phenomenal people are our greatest assets, and the diversity they bring fuels our success. Intertek is an Equal Employment Opportunity Employer that values inclusion and diversity. We take affirmative action to ensure all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other legally protected characteristics.
For individuals with Disabilities, who would like to request accommodation, or who need assistance applying, please email hr.canada@intertek.com
Please apply online at Intertek Canada Careers (oraclecloud.com)
*Intertek does not accept unsolicited approaches from agencies and will not pay a fee for any placement resulting from the receipt of an unsolicited resume.
Apply on company website
Find Connections via Linkedin
