• Security Engineer - Common Criteria

    Location FR-La Ciotat
    Job ID
    # of Openings
    Job Category
    Software Development
  • Overview

    For the global Common Criteria team, UL’s Identity Management and Security (IMS) division is looking for a Security Engineer in La Ciotat, FR.. UL’s team of Common Criteria specialists work closely together performing high assurance evaluations. We have a strong focus on Smart Cards and Secure Elements, payment terminals, HSM, tachograph vehicle units.


    The successful candidate for this position is expected to take responsibility for performing Common Criteria security evaluation tasks on our customers’ products –  from Security Target, design documents and code review through to vulnerability analysis, test planning and interpretation of results. The evaluation tasks are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report has to be prepared for the customer and the certification authority, and the Common Criteria analyst is normally the technical coordinator for the entire project.


    Security Engineers are expected to maintain a high level of expertise regarding known threats and to follow technical developments in the embedded security arena that protect transaction applications. They will be particularly experienced in C, Java, assembly languages, OpenPlatform and EMV standards, perhaps with a background in data security and cryptography.


    In addition, the Security Engineer role will require someone with demonstrated capability to work creatively, remotely and with minimum supervision. They will have relevant experience in the field of Common Criteria evaluations, and able to participate in projects.


    To undertake security evaluation tasks at some of the highest levels in Common Criteria methodology (generally EAL5+) and duties in order to meet customer requirements and project deadlines. The tasks will include:

    • Working together with the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations
    • Support for the security evaluation engineers in charge of product testing by interpreting the review findings, orienting the attack paths and analyzing the test results
    • Writing Technical Reports of Evaluations in line with Certification Bodies and internal quality management requirements
    • Review and evaluation of customer security documentation
    • Customer code review (because of stringent confidentiality and security requirements, this often necessitates travel to customer premises in Europe and sometimes further afield)
    • Based on the reviews, a vulnerability analysis has to be carried out, to determine if the customer product has any potential security weaknesses
    • Contribute to the development of sophisticated, state-of-the-art attacks with tools and scripts by maintaining a high level of expertise in the latest attack methods against embedded products
    • To contribute to internal work processes by improving tools for evaluation efficiency, report writing and technical training (especially for Senior roles)
    • To undertake any ad hoc duties as defined in the UL Standards of Business Conduct and the Quality Control Manual


    • Master’s Degree in Computer Science or other technical discipline
    • Proven working experience in this field
    • Experience in Common Criteria evaluations applied to embedded products
    • Relevant security certifications such as FIPS 140-2, PCI and CC certifications for regional schemes are a plus
    • Experience in software on embedded products, hardware experience is a plus
    • Working understanding of Cryptography and security protocols
    • Ability to work independently and creatively to meet deadlines
    • Excellent commands of written and spoken English
    • Open to business travel


    We offer

    • The opportunity to work in a dynamic international laboratory with a dedicated focus on security and safety providing customers with the highest level of requirements
    • A challenging position in an international team with a wide security expertise in multiple domains such as Identity, Payment and other security devices
    • A chance to mark your mark on the future of our Security Assurance group
    • Personal development: a large range of professional training enables our staff to continually develop their technical, business and soft skills


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.