Sr Lead Security Engineer

Job Responsibilities Perform and lead hardware and firmware security evaluations using techniques such as source code review, fault injection, and side-channel analysis to validate product security posture. Understand and analyze complex hardware and firmware designs, locating weaknesses and vulnerabilities in AMD and Intel server platforms, network and DMZ devices, laptops, and IoT devices. Perform firmware security analysis and hardware bill of materials (BOM) content security analysis to identify supply chain risks and unauthorized modifications. Detect Indicators of Compromise (IOCs) in firmware and hardware components across the enterprise infrastructure. Advise internal product teams through critical parts of their lifecycle management, providing detailed security assessment reports and remediation guidance. Coach and mentor colleagues to grow as security evaluators and architects within the hardware security domain. Apply critical thinking to distinguish security-critical issues from lower-priority findings and communicate risk effectively to stakeholders. Drive internal research and development of new attack methodologies, security testing tools, and evaluation frameworks to advance the firm's hardware security capabilities. Collaborate with cross-functional teams including product delivery managers, security engineers, and other stakeholders to translate security requirements into technical designs. Ensure alignment of hardware and firmware security architecture with business goals, regulatory requirements, and industry certification standards (e.g., Common Criteria, EMVCo). Uses enterprise-authorized AI capabilities within the work environment to accelerate security risk analysis and documentation (e.g., synthesizing threat assessments), validating outputs and ensuring sensitive data is handled appropriately. Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations Required qualifications, capabilities, and skills Formal training or certification with 5+ years of applied experience in hardware or firmware security evaluation. Proven experience in Common Criteria (CC) projects, preferably as an evaluator, or as a security consultant or developer of secure embedded products. Track record in CC or equivalent security evaluation projects involving ICs, server platforms, operating systems, TEE (Trusted Execution Environments), network devices, or IoT devices. Proficiency in programming languages relevant to hardware and firmware security (e.g., C, Python, Assembly, VHDL, Verilog). Experience disassembling and reverse-engineering firmware for ARM, MIPS, or Intel architectures. Knowledge of cryptographic primitives and protocols including encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, and random number generators. Hands-on experience with Side-Channel Analysis (SCA) and Fault Injection (FI) techniques and tooling. Basic to advanced knowledge of electronics, embedded systems, chip design, and applied cryptography. Ability to work independently and lead security assessments without close supervision. Effective communication and stakeholder management across business and technology teams; strong technical writing abilities for producing detailed security evaluation reports. Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support security engineering workflows with strong validation habits and awareness of data sensitivity. Ability to review and validate AI-assisted security recommendations before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations. Preferred qualifications, capabilities, and skills Experience extracting and identifying firmware filesystems, reverse-engineering embedded binaries, emulating firmware for dynamic analysis, fuzzing parsers and scanning network services for vulnerability discovery, interfacing with hardware debug ports (JTAG/SWD) and flash memory for firmware extraction, and performing advanced physical attacks including side-channel analysis and fault injection. Debugging and instrumentation experience for Android, iOS, or Linux on embedded platforms. Experience with security testing tools and methodologies for embedded and IoT devices. Experience extracting and identifying firmware filesystems, reverse-engineering embedded binaries, emulating firmware for dynamic analysis, fuzzing parsers and network services for vulnerability discovery, interfacing with hardware debug ports (JTAG/SWD) and flash memory for firmware extraction, and performing advanced physical attacks such as side-channel analysis and fault injection. Prior experience in the banking or financial services industry. Understanding of regulatory requirements and compliance standards applicable to payment and financial hardware security.