The Security Engineer will be responsible for helping to build and support the Copeland Product Security Program. This cross-functional position will work directly with product development teams by consulting on and testing security strategies.
As a Security Engineer, You Will:
Perform product security testing and reporting, including but not limited to:
- Black box reverse engineering of hardware and firmware
- Vulnerability research
- Exploit development
- Fuzz testing
- Protocol reverse engineering
Conduct manual penetration testing, including but not limited to:
o Mobile Applications (iOS & Android)
o Web Applications
o Cloud Infrastructure
o Network Systems
Facilitate threat modeling with Copeland application, infrastructure, and product teams.
Perform security training and outreach to internal development teams.
Perform security analysis & evaluation of ICS/OT environments related to product manufacturing.
Perform security analysis & evaluation of both hardware and software supply chains.
Maintain documentation and metrics for the product security program s services.
Department Summary:
The Copeland Product Security department is focused on ensuring that our products are secure and that we are protecting our clients from relevant cyber threats by proactively identifying, addressing, and preventing vulnerabilities that could impact the confidentiality, integrity, or availability of our products, services, or solutions. We seek individuals with experience and innovative ideas in Operational Technology (OT)/ICS SCADA/IOT security interested in integrated security operations (IT, OT, and Physical) and adversary emulation.
Who you are:
You look beyond the obvious and don t stop at the first answers. You adjust communication content and style to meet the needs of diverse stakeholders. You maintain relationships across a variety of functions and locations. You are not afraid to disagree and are open to debate.
Minimum Qualifications:
Minimum of 5 years of experience with any combination of the following: embedded systems and IoT security, red teaming, or penetration testing
Experience conducting security testing of embedded hardware and the ability to identify and manipulate debug interfaces (UART, JTAG, SWD, etc.) and peripheral buses (SPI, I2C, etc.)
Binary Reverse Engineering of ARM, MIPS, and PowerPC firmware using industry-standard tools such as IDA Pro, Binary Ninja, Ghidra, etc.
Experienced planning and executing Red Team exercises.
