PC/ Windows Vulnerability Assessment and Research Engineer

Title: PC/ Windows Venerability Assessment and Research Engineer
Company: Samsung Research America (SRA) 
Lab:  MPS/ KNOX
Location: Mountain View, CA

Lab Summary:

Samsung KNOX is a comprehensive, secure mobile solution for both work life and personal life. It addresses the mobile security needs of enterprise IT without invading an employee’s personal privacy. Samsung KNOX enables employees to use their favorite personal mobile devices at work as well as enabling enterprises to allow personal use of company devices.

Position Summary:

Samsung KNOX™ (https://www.samsungknox.com/) is Samsung’s guarantee of security, and a secure device gives you the freedom to work and play how, where, and when you want. Samsung Knox consists of a highly secure platform built into Samsung devices and a set of solutions that leverage this platform. Whether you would like to keep your personal photos private, or remotely manage a batch of business smartphones, Knox has you covered. Come join the Samsung KNOX team and help us define and develop the future role of security and productivity for Samsung devices and services! We are hiring at all levels. Apply immediately to our fast-growing team!

Position Summary:

The successful candidate will work to secure Samsung’s next-generation enterprise laptop computers based on Windows and Intel. You will perform vulnerability assessments of the existing platform, analyze reported exploits, and suggest ways to strengthen the security of Samsung’s enterprise computer platform. You will develop tools for automated security analysis of code and binaries. This is an R&D position, so research publications in academic conferences and patents are encouraged.

Technical Keywords:

Exploitation, vulnerability assessment, reverse engineering, static and dynamic analysis, fuzz testing, UEFI/BIOS, firmware, hypervisor/VMM, rootkits, security research, emulation

Responsibilities:

• Perform security assessments of various layers of the software stack
• Use existing tools and develop new tools for automated vulnerability assessment as required
• Keep up-to-date with latest attacks and analyze exploits from any reported incidents on our PCs
• Recommend fixes and features to strengthen the security of the platform
• Provide expert security guidance to global development teams to ensure proper fixes of security issues
• Research and innovate security through academic publications and patents as appropriate

Technical Background Required:

• A holistic understanding of the PC software stack with deep technical knowledge of one or more layers – firmware, UEFI/BIOS, SMM, hypervisor, Windows OS
• Experience with using security assessment techniques such as fuzz testing, reverse engineering, static and dynamic analysis, symbolic execution, emulation
• Knowledge of exploitation techniques such as buffer overflows, ROP, heap spraying, and defenses such as ASLR, access control, and an understanding of local and remote security threats facing Windows/PC platforms such as malware and ransomware
• Ability to use a programming language of choice to write proof-of-concept exploits, patches, and develop new tools for automated testing

Qualifications:

• Typically requires 5+ years of related experience in a professional role with a Bachelor's degree; or 3+ years with a Master's degree; or a PhD; or equivalent experience

(Preferred) Previous research experience with computer security, academic security publications, CVEs reported

Samsung is committed to encouraging a diverse workplace and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.

If you have a disability or special need that requires accommodation, please let us know.