Senior security evaluator - software

Werkgever:
Keysight Technologies
Regio:
Delft
 
Functieomschrijving

Overview


Keysight is on the forefront of technology innovation, delivering breakthroughs and trusted insights in electronic design, simulation, prototyping, test, manufacturing, and optimization. Our ~15,000 employees create world-class solutions in communications, 5G, automotive, energy, quantum, aerospace, defense, and semiconductor markets for customers in over 100 countries. Learn more about what we do.


Our award-winning culture embraces a bold vision of where technology can take us and a passion for tackling challenging problems with industry-first solutions. We believe that when people feel a sense of belonging, they can be more creative, innovative, and thrive at all points in their careers.


Responsibilities


  • Perform code reviews and structured vulnerability analyses in accordance with formal security certification requirements (e.g., EMVCo, Common Criteria, SESIP, GlobalPlatform).
  • Provide guidance and mentoring to junior colleagues by reviewing their analysis results and offering coaching rooted in certification scheme expectations.
  • Maintain and share up-to-date knowledge on certification scheme developments, vulnerability classes, and evaluation methodologies relevant to the secure product certification domain.
  • Translate vulnerability analysis findings into clear and actionable input for the security testing team, aligning results with applicable scheme thresholds and evaluation metrics.
  • Lead the technical aspects of evaluation projects by coordinating with the project manager and evaluation lead to ensure compliance, technical rigor, and timely delivery.
  • Act as the primary technical contact point for customers, certification bodies, and other ITSEFs, ensuring clear communication and alignment with scheme-specific technical expectations.


Qualifications


  • Academic background (BSc/MSc) in Information Technology, Electrical Engineering, Cybersecurity, or a closely related field.
  • Minimum of 4 years of experience in the security evaluation domain, specifically:
  • Proven proficiency in at least two of the following: C, C++, Java Card, Assembly.
  • Experience with secure embedded systems, such as Smart Cards, Secure Elements, System-on-Chips (SoCs), or Trusted Execution Environments.
  • Practical experience with vulnerability classes and test methods relevant to certification schemes: logical attacks, fault injection, and side-channel analysis.
  • Direct involvement in evaluation projects conducted under Common Criteria (EAL4+ or higher), EMVCo, SESIP, or GlobalPlatform schemes.
  • Familiarity with evaluation frameworks, such as Protection Profiles, Security Targets, Evaluation Reports, and Scheme-specific interpretations (e.g., JIL, EMVCo Guidelines).
  • Experience in software development or certification-oriented testing for embedded platforms, with a focus on compliance and assurance rather than exploratory research.
  • Specific knowledge of Java Card technology is highly valued:
  • Java Card Virtual Machine and Runtime Environment.
  • Java Card APIs and usage within secure environments.
  • Familiarity with Java Card Protection Profiles (Open and Closed Configurations).
  • Advantageous: knowledge of payment product certification, including understanding of compliance deadlines, scheme constraints, and product lifecycle.
  • Strong analytical skills, attention to detail, and a methodical approach aligned with assurance evidence generation.
  • Excellent interpersonal and communication skills; thrives in team environments with diverse stakeholders (technical teams, evaluators, and customers).
  • Willingness to occasionally travel to clients or certification bodies in Europe, North America, or Asia.