Experience:
6–10 years
Key Skills:
• Extensive experience with threat modeling frameworks (STRIDE, TARA)
• Deep understanding of embedded system architectures (ARM/SoC, MCU)
• Expertise in secure boot and hardware root of trust evaluations
• Proficient in analyzing secure design and risk management methodologies
• Strong knowledge of compliance standards (RED, IEC 62443, ISO 27001)
• Ability to integrate architectural risk assessments with VAPT planning
• Skilled in attack surface analysis for complex embedded systems
• Experience with security assessment tools and architectural review platforms
• Excellent technical documentation and reporting skills
• Ability to mentor and guide engineering teams on secure design practices
• Strong analytical and problem-solving skills
• Proficient in developing detailed risk assessments and remediation plans
• Experience in reviewing hardware-software integration for security gaps
• Excellent communication skills for bridging technical and compliance teams
• Proactive in keeping current with emerging design vulnerabilities
Responsibilities:
• Lead comprehensive architecture reviews and threat modeling assessments
• Analyze device/system architecture for vulnerabilities impacting security
• Define clear test objectives and attack scenarios based on design flaws
• Translate architectural risks into actionable VAPT test cases
• Oversee and guide the development of detailed security risk assessments
• Collaborate with VAPT teams to ensure design vulnerabilities are tested
• Provide mentorship and technical guidance to engineering teams
• Document architectural weaknesses and recommend remediation measures
• Coordinate with compliance teams to ensure design evaluations align with RED 18031
• Develop and maintain comprehensive architecture review documentation
• Conduct periodic reviews and updates of threat models based on emerging risks
• Participate in security workshops and training sessions on secure design
• Evaluate secure boot, update processes, and hardware root of trust implementations
• Review integration points between hardware and software for potential flaws
• Present findings to both technical and non-technical stakeholders
Qualifications & Certifications:
• Bachelor’s or Master’s in Electronics, Embedded Systems, or Information Security
• Preferred: CISSP, CSSLP, or equivalent secure design certifications
• Familiarity with IEC 62443 and RED 18031 threat modeling practices is a plus