Do you want to boost the future towards a safe, secure and sustainable world?
At DEKRA we deal with future topics in every field of work: from vehicle inspection to cyber security, from product testing to clean energies or from automated driving to artificial intelligence. We anticipate technical developments early on and drive industry transformation as thought leaders. For the exciting tasks that lie ahead we are looking for skilled and passionate people who want to grow and achieve their best in a global team. Enthusiasts wanting to do meaningful work and to make a contribution as a trusted partner for our clients and for society. People like you.
A Day in the Life and the Impact You’ll Make:
As a Cybersecurity Engineer in our Cybersecurity team, working as part of the Product Security & Certification team, you will help ensure that hardware and software products meet internationally recognized security assurance standards—contributing directly to a safer and more trusted digital world. Each day brings new technical challenges, from security architecture reviews and threat modeling to penetration testing, vulnerability analysis, and client-facing technical reporting, making your contribution essential to helping clients identify risks, strengthen product security, and achieve successful certification outcomes.
What You’ll Do:
- Conduct security architecture reviews and design documentation analysis for hardware and software products, and provide security assurance assessment conclusions based on applicable certification standards.
- Perform threat modeling and attack surface analysis on products under evaluation, identify potential attack paths, and assess residual security risks.
- Design and execute penetration testing activities covering firmware, embedded systems, smart cards, software applications, and network components.
- Prepare formal deliverables including technical assessment reports, vulnerability analysis reports, observation reports, and other evaluation documentation.
- Continuously track emerging threats, vulnerability disclosures, and attack techniques, maintaining strong technical awareness of the product categories under assessment.
What You’ll Bring:
You should possess knowledge and experience in at least two to three of the following areas:
1. System and Software Security
- Strong understanding of operating system internals, including process isolation, memory management, and privilege escalation mechanisms.
- Ability to review and audit source code written in C/C++, Java, Python, or similar programming languages.
- Familiarity with common vulnerability classes and static/dynamic analysis tools.
2. Cryptography
- Solid understanding of symmetric and asymmetric cryptographic primitives and common security protocols (e.g., TLS, key exchange mechanisms).
- Ability to identify implementation-level security weaknesses, such as timing side channels, nonce reuse, weak random number generation, and key management issues.
3. Hardware and Embedded Security
- Knowledge of embedded architectures such as ARM and RISC-V.
- Understanding of hardware security concepts including Secure Boot, Trusted Execution Environment (TEE), and tamper resistance.
- Familiarity with hardware attack techniques such as side-channel analysis and fault injection.
4. Penetration Testing and Vulnerability Research
- Hands-on experience in penetration testing and security assessments.
- Proficiency with tools such as Ghidra, IDA Pro, Frida, Burp Suite, and related security toolchains.
- Ability to perform reverse engineering, firmware extraction and analysis, and Proof-of-Concept (PoC) development.
5. Threat Modeling
- Experience applying methodologies such as STRIDE, Attack Trees, or equivalent frameworks.
- Ability to decompose complex systems into trust boundaries and data flows, and translate analysis results into actionable testing plans.
6. Technical Writing
- Ability to produce well-structured, evidence-based technical documentation under formal quality requirements.
- Comfortable working with large-scale technical specifications and standards documents (including documents exceeding several hundred pages).
7. Language Skills
- Professional working proficiency in English, particularly in reading and technical writing.
Nice to Have
- Experience with security certification and evaluation schemes such as Common Criteria (CC), FIPS 140-3, SESIP, IEC 62443, or similar frameworks.
- Relevant security certifications, such as OSCP, OSWE, CISSP, or equivalent credentials.
- Previous experience in a security consulting firm, evaluation laboratory, certification body, or red team environment.
- Demonstrated security research contributions, including CVEs, conference presentations, security blogs, published research, or open-source security tools.
What You’ll Receive for the Value You Bring:
- A culture of trust, collaboration, and continuous learning
- A secure, future-oriented employer committed to your personal and professional growth
***We foster a culture that values and embraces diversity among our employees, promoting appreciation, open-mindedness and respect. We believe that diversity of thought, background, and experience strengthens our team and brings the extra mile. As an equal opportunity employer, we encourage applicants from all walks of life to apply and join us in creating an environment that celebrates diversity***
At DEKRA we value your unique experiences,
perspectives, and backgrounds. We are committed to an inclusive workplace for all team members.
