Principal Embedded Security Vulnerability Analyst (m/f/d)
We are seeking a Principal Embedded Security Vulnerability Analyst to lead deep technical analysis of embedded systems, focusing on identifying and understanding vulnerabilities at the hardware/software boundary.
You will drive the discovery and analysis of complex vulnerabilities in low-level firmware, boot code, and system components, and influence the security architecture of next-generation products. This role requires expert-level systems thinking, a deep understanding of attack techniques, and the ability to reason about complex execution environments.
You will also define and advance modern vulnerability analysis approaches, including the integration of AI-assisted and agentic workflows, to significantly improve the depth, scalability, and effectiveness of security assessments.
If you are already exploring how LLMs and agentic workflows can augment deep code and system analysis, this role provides an opportunity to apply, scale, and shape these approaches across an organization.
We welcome both:
experienced security researchers
highly experienced embedded engineers with a demonstrated transition into security
Your Responsibilities
Lead in-depth vulnerability analysis of embedded software (bare-metal, RTOS, trusted execution environments)
Drive analysis of boot flows, privilege boundaries, and security-critical components (e.g., crypto libraries, key handling, isolation mechanisms)
Own root cause analysis and assess exploitability and systemic impact of identified weaknesses
Define and guide security evaluation strategies for certifications (e.g., PSA, SESIP, Common Criteria)
Lead analysis of PSIRT incidents and drive structural and architectural improvements
Architect and develop advanced analysis methodologies and tooling (static analysis, fuzzing, automation frameworks)
Define and scale the use of AI-assisted techniques for code analysis and vulnerability discovery (e.g., LLM-based and agentic workflows)
Design and institutionalize workflows that combine traditional analysis (static/dynamic) with AI-assisted approaches
Evaluate and introduce emerging attack techniques and incorporate them into internal methodologies
Influence product teams and architecture decisions by translating findings into systemic mitigations
Mentor and guide other engineers in vulnerability analysis and research methodologies
Education & Qualifications
Degree in Electrical Engineering, Computer Science, Mathematics, or related field, or equivalent practical experience
Deep understanding of low-level system behavior (memory layout, interrupts, privilege levels, concurrency)
Extensive experience in C programming; strong familiarity with ARM and/or RISC-V architectures
Strong experience with assembly-level debugging and low-level system analysis
Strong differentiators:
Proven track record in vulnerability research, reverse engineering, or exploit development
Deep experience with static and dynamic analysis tools, fuzzing, or symbolic execution
Strong understanding of vulnerability classes (memory corruption, logic flaws, side channels) and exploitation techniques
Experience with debugging interfaces (e.g., JTAG, trace, GDB) in complex systems
Experience evaluating and operationalizing AI-assisted vulnerability discovery tools and workflows
Experience building scalable and automated analysis pipelines (e.g., scripting, distributed systems, agent-based approaches)
Rust experience or strong interest in memory-safe system design
Your Profile
Expert-level analytical thinking and strong intuition for how systems fail under adversarial conditions
Ability to lead complex, ambiguous technical investigations end-to-end
Strong interest in combining deep technical expertise with modern AI-assisted methodologies
Ability to influence technical direction across teams and organizational levels
Clear and authoritative communication of technical risks and findings
Mentorship mindset and willingness to develop others
Why Join Us
Lead vulnerability analysis for security-critical components of modern embedded systems and silicon
Directly influence the security architecture of next-generation products
Shape and scale advanced vulnerability research methodologies, including AI-assisted analysis
Work in an environment that values deep technical expertise and offensive security thinking
Collaborate with experts across hardware, firmware, and applied security research
Please note: The successful candidate may/will be responsible for security related tasks. The assignment may/will be in scope of security certifications, therefore a conscious and reliable way of working is necessary.
For applications in Gratkorn: NXP provides market competitive compensation according to the benchmarking of the electronic and semiconductor industry. Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA) “Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung“, this position (fulltime) is graded in Employment Group V after 6 years. Your individual experiences and expectations will be considered in the application process. Moreover, we provide attractive benefits to our employees like home office, flexible working time, meal benefits and more.