We are seeking a Principal Embedded Security Vulnerability Analyst to lead deep technical analysis of embedded systems, focusing on identifying and understanding vulnerabilities at the hardware/software boundary. You will drive the discovery and analysis of complex vulnerabilities in low-level firmware, boot code, and system components, and influence the security architecture of next‑generation products. This role requires expert‑level systems thinking, a deep understanding of attack techniques, and the ability to reason about complex execution environments. In this role you will also define and advance modern vulnerability analysis approaches, including the integration of AI‑assisted and agentic workflows, to significantly improve the depth, scalability, and effectiveness of security assessments. Responsibilities
Lead in‑depth vulnerability analysis of embedded software (bare‑metal, RTOS, trusted execution environments) Drive analysis of boot flows, privilege boundaries, and security‑critical components (e.g., crypto libraries, key handling, isolation mechanisms) Own root cause analysis and assess exploitability and systemic impact of identified weaknesses Define and guide security evaluation strategies for certifications (e.g., PSA, SESIP, Common Criteria) Lead analysis of PSIRT incidents and drive structural and architectural improvements Architect and develop advanced analysis methodologies and tooling (static analysis, fuzzing, automation frameworks) Define and scale the use of AI‑assisted techniques for code analysis and vulnerability discovery (e.g., LLM‑based and agentic workflows) Design and institutionalize workflows that combine traditional analysis (static/dynamic) with AI‑assisted approaches Evaluate and introduce emerging attack techniques and incorporate them into internal methodologies Influence product teams and architecture decisions by translating findings into systemic mitigations Mentor and guide other engineers in vulnerability analysis and research methodologies Education & Qualifications
Degree in Electrical Engineering, Computer Science, Mathematics, or related field, or equivalent practical experience Deep understanding of low‑level system behavior (memory layout, interrupts, privilege levels, concurrency) Extensive experience in C programming; strong familiarity with ARM and/or RISC‑V architectures Strong experience with assembly‑level debugging and low‑level system analysis Proven track record in vulnerability research, reverse engineering, or exploit development Deep experience with static and dynamic analysis tools, fuzzing, or symbolic execution Strong understanding of vulnerability classes (memory corruption, logic flaws, side channels) and exploitation techniques Experience with debugging interfaces (e.g., JTAG, trace, GDB) in complex systems Experience evaluating and operationalizing AI‑assisted vulnerability discovery tools and workflows Experience building scalable and automated analysis pipelines (e.g., scripting, distributed systems, agent‑based approaches) Rust experience or strong interest in memory‑safe system design Your Profile
Expert‑level analytical thinking and strong intuition for how systems fail under adversarial conditions Ability to lead complex, ambiguous technical investigations end‑to‑end Strong interest in combining deep technical expertise with modern AI‑assisted methodologies Ability to influence technical direction across teams and organizational levels Clear and authoritative communication of technical risks and findings Mentorship mindset and willingness to develop others Benefits and Employment Group
The successful candidate will receive market competitive compensation, with the position graded in Employment Group V after 6 years. Attractive benefits include home office options, flexible working time, and meal benefits. Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA). We are committed to diversity, inclusion, and equality. All qualified applicants are encouraged to apply.
#J-18808-Ljbffr
Lead in‑depth vulnerability analysis of embedded software (bare‑metal, RTOS, trusted execution environments) Drive analysis of boot flows, privilege boundaries, and security‑critical components (e.g., crypto libraries, key handling, isolation mechanisms) Own root cause analysis and assess exploitability and systemic impact of identified weaknesses Define and guide security evaluation strategies for certifications (e.g., PSA, SESIP, Common Criteria) Lead analysis of PSIRT incidents and drive structural and architectural improvements Architect and develop advanced analysis methodologies and tooling (static analysis, fuzzing, automation frameworks) Define and scale the use of AI‑assisted techniques for code analysis and vulnerability discovery (e.g., LLM‑based and agentic workflows) Design and institutionalize workflows that combine traditional analysis (static/dynamic) with AI‑assisted approaches Evaluate and introduce emerging attack techniques and incorporate them into internal methodologies Influence product teams and architecture decisions by translating findings into systemic mitigations Mentor and guide other engineers in vulnerability analysis and research methodologies Education & Qualifications
Degree in Electrical Engineering, Computer Science, Mathematics, or related field, or equivalent practical experience Deep understanding of low‑level system behavior (memory layout, interrupts, privilege levels, concurrency) Extensive experience in C programming; strong familiarity with ARM and/or RISC‑V architectures Strong experience with assembly‑level debugging and low‑level system analysis Proven track record in vulnerability research, reverse engineering, or exploit development Deep experience with static and dynamic analysis tools, fuzzing, or symbolic execution Strong understanding of vulnerability classes (memory corruption, logic flaws, side channels) and exploitation techniques Experience with debugging interfaces (e.g., JTAG, trace, GDB) in complex systems Experience evaluating and operationalizing AI‑assisted vulnerability discovery tools and workflows Experience building scalable and automated analysis pipelines (e.g., scripting, distributed systems, agent‑based approaches) Rust experience or strong interest in memory‑safe system design Your Profile
Expert‑level analytical thinking and strong intuition for how systems fail under adversarial conditions Ability to lead complex, ambiguous technical investigations end‑to‑end Strong interest in combining deep technical expertise with modern AI‑assisted methodologies Ability to influence technical direction across teams and organizational levels Clear and authoritative communication of technical risks and findings Mentorship mindset and willingness to develop others Benefits and Employment Group
The successful candidate will receive market competitive compensation, with the position graded in Employment Group V after 6 years. Attractive benefits include home office options, flexible working time, and meal benefits. Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA). We are committed to diversity, inclusion, and equality. All qualified applicants are encouraged to apply.
#J-18808-Ljbffr
Principal Embedded Security Vulnerability Analyst (m/f/d) Arbeitgeber: NXP Semiconductors
NXP Semiconductors ist ein hervorragender Arbeitgeber, der seinen Mitarbeitern in Gratkorn, Österreich, eine dynamische und unterstützende Arbeitsumgebung bietet. Mit einem starken Fokus auf Mitarbeiterentwicklung und Weiterbildungsmöglichkeiten können Sie Ihre Fähigkeiten im Bereich der eingebetteten Sicherheit weiter ausbauen. Die Zusammenarbeit mit erfahrenen Ingenieuren und die Möglichkeit, an innovativen Projekten zu arbeiten, machen NXP zu einem attraktiven Ort für alle, die eine sinnvolle und erfüllende Karriere anstreben.