Logo NXP Semiconductors Austria

Principal Embedded Security Vulnerability Analyst

New

Job

  • Level
    Lead
  • Job Field
    IT, Embedded, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Gratkorn
  • Working Model
    Hybrid, Onsite
  • Job Summary

    In this role, you conduct deep analyses of embedded systems, identify vulnerabilities in low-level firmware, and develop innovative AI-assisted approaches for security assessments.

    Job Technologies

    Your role in the team

    • We are seeking a Principal Embedded Security Vulnerability Analyst to lead deep technical analysis of embedded systems, focusing on identifying and understanding vulnerabilities at the hardware/software boundary.
    • You will drive the discovery and analysis of complex vulnerabilities in low-level firmware, boot code, and system components, and influence the security architecture of next-generation products.
    • This role requires expert-level systems thinking, a deep understanding of attack techniques, and the ability to reason about complex execution environments.
    • You will also define and advance modern vulnerability analysis approaches, including the integration of AI-assisted and agentic workflows, to significantly improve the depth, scalability, and effectiveness of security assessments.
    • If you are already exploring how LLMs and agentic workflows can augment deep code and system analysis, this role provides an opportunity to apply, scale, and shape these approaches across an organization.
    • Lead in-depth vulnerability analysis of embedded software (bare-metal, RTOS, trusted execution environments).
    • Drive analysis of boot flows, privilege boundaries, and security-critical components (e.g., crypto libraries, key handling, isolation mechanisms).
    • Own root cause analysis and assess exploitability and systemic impact of identified weaknesses.
    • Define and guide security evaluation strategies for certifications (e.g., PSA, SESIP, Common Criteria).
    • Lead analysis of PSIRT incidents and drive structural and architectural improvements.
    • Architect and develop advanced analysis methodologies and tooling (static analysis, fuzzing, automation frameworks).
    • Define and scale the use of AI-assisted techniques for code analysis and vulnerability discovery (e.g., LLM-based and agentic workflows).
    • Design and institutionalize workflows that combine traditional analysis (static/dynamic) with AI-assisted approaches.
    • Evaluate and introduce emerging attack techniques and incorporate them into internal methodologies.
    • Influence product teams and architecture decisions by translating findings into systemic mitigations.
    • Mentor and guide other engineers in vulnerability analysis and research methodologies.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • Degree in Electrical Engineering, Computer Science, Mathematics, or related field, or equivalent practical experience.

    Qualifications

    • Deep understanding of low-level system behavior (memory layout, interrupts, privilege levels, concurrency).
    • Proven track record in vulnerability research, reverse engineering, or exploit development.
    • Strong understanding of vulnerability classes (memory corruption, logic flaws, side channels) and exploitation techniques.
    • Expert-level analytical thinking and strong intuition for how systems fail under adversarial conditions.
    • Ability to lead complex, ambiguous technical investigations end-to-end.
    • Strong interest in combining deep technical expertise with modern AI-assisted methodologies.
    • Ability to influence technical direction across teams and organizational levels.
    • Clear and authoritative communication of technical risks and findings.
    • Mentorship mindset and willingness to develop others.

    Experience

    • Extensive experience in C programming; strong familiarity with ARM and/or RISC-V architectures.
    • Strong experience with assembly-level debugging and low-level system analysis.
    • Deep experience with static and dynamic analysis tools, fuzzing, or symbolic execution.
    • Experience with debugging interfaces (e.g., JTAG, trace, GDB) in complex systems.
    • Experience evaluating and operationalizing AI-assisted vulnerability discovery tools and workflows.
    • Experience building scalable and automated analysis pipelines (e.g., scripting, distributed systems, agent-based approaches).
    • Rust experience or strong interest in memory-safe system design.

    This text has been machine translated. Show original

    What we offer

    • For applications in Gratkorn: NXP provides market competitive compensation according to the benchmarking of the electronic and semiconductor industry.
    • Due to the Austrian Equal Treatment Act, we are obliged to specify the employment group of our applicable collective bargaining agreement (CBA) "Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung." This position (full-time) is classified in Employment Group V after 6 years.
    • Your individual experiences and expectations will be considered in the application process.
    • Moreover, we provide attractive benefits to our employees such as home office, flexible working hours, meal benefits, and more.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Food & Drink

    More net

    Health, Fitness & Fun

    Topics that you deal with on the job

    Job Locations

    Map of company locations
    • Location Gratkorn

      8101 Steiermark

      Austria

    This is your employer

    NXP Semiconductors Austria

    NXP Semiconductors Austria

    Gratkorn

    NXP Semiconductors is a global leader in microelectronics with subsidiaries in more than 25 countries. The Gratkorn site near Graz is the Austrian headquarters of the international group and the competence center for secure contactless identification systems.

    Description

  • Founding year
    2006
  • Language
    English
  • Company Type
    Established Company
  • Working Model
    Full Remote, Hybrid, Onsite
  • Industry
    Industry, Production
  • Dev Reviews

    by devworkplaces.com

    Total

    (2 Reviews)
    3.7
    • Engineering

      3.4
    • Culture

      3.7
    • Workingconditions

      4.2
    • Career Growth

      3.5
    Show All Dev Reviews
    Logo NXP Semiconductors Austria

    Principal Embedded Security Vulnerability Analyst

    Location
    Gratkorn
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs