Software engineer II - Product Security

Job Description

This role is responsible for conducting offensive security testing on Philips products, ensuring they meet security requirements before being released to the market. Given the evolving threat landscape, this position is crucial in safeguarding the security of Philips products. By contributing to the overall security process, you will gain valuable experience and knowledge, while directly impacting Philips' Cost of Goods Sold and supporting the company's broader objectives and vision.

Technical skills and experience

• 2-4 years of progressive experience in manual vulnerability exploitation, report generation, identifying vulnerabilities, and providing detailed recommendations for exploitation. Expertise in one or more of the following areas:

Preferred Expertise (This is in addition to the outlined 'Required Expertise'):

• System Testing: Proficiency in kiosk bypass techniques, hardening bypass methods, and bypassing application whitelisting solutions.

Required Expertise:

• Thick Client Testing: Hands-on penetration testing experience with fat client applications developed in .NET, Java, C++, Electron, etc.

Keywords: Desktop application security, Thick client penetration/security testing, dotPeek, dnSpy, Procmon, Process Hacker, Microsoft Sysinternals, Fiddler, Frida, Binary patching, Hooking, DLL Injection, Electron Security, .NET framework security.

• Web Application Testing: Expertise in testing web applications built with contemporary frameworks, such as React, Angular, Node.js, and others. In-depth understanding of web application security principles, OWASP Top 10, and common vulnerabilities in both legacy and modern applications (e.g., SQL injection, XSS, CSRF, etc.).
• Tools & Techniques:
• Thick Client Testing: Expertise in using tools such as Microsoft Sysinternals Suite, dnSpy and reverse engineering techniques for testing fat clients. Familiarity with debugging, decompiling, and analyzing .NET, Java, C++, and Electron-based client applications.
• Web Application: Proficiency with web application penetration testing tools such as Burp Suite, OWASP ZAP, and other automated or manual testing tools for vulnerabilities like SQL injection, XSS, SSTI and others.
• General Tools: Familiarity with industry-standard penetration testing tools (e.g., Metasploit, Nmap, Nessus) for both web and system/thick client applications, with an emphasis on manual and automated vulnerability identification and exploitation.
• Scripting: Proficiency in scripting languages such as Python, PowerShell, or Rust to automate repetitive test cases and process-related activities, streamlining testing workflows and enhancing efficiency.

Good to have Expertise(This is in addition to the outlined 'Required Expertise'):

• IoT Security testing
• Bluetooth/Zigbee/Wifi security testing
• Infrastructure security testing.
• Cloud security assessments.
• Good hands-on experience with Security Assessment / SCA tools.
• Exposure to current security threats, specifically application security.
• Experience/exposure to programming platforms such as Java /.Net/ C and C++, is an added advantage.
• Should have experience in end-to-end application security testing for multiple products, projects, or applications, with a strong understanding of the SDLC and testing lifecycle.
• Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)

Key Area Responsibility

• Performs Ethical Hacking into products/solutions.
• Stay current with industry trends and consistently apply this knowledge and expertise in the workplace.
• Conduct training sessions and workshops within areas of expertise.
• Pro-actively co-ordinate and collaborate with different stake holders at different stages of security testing in the project.
• Creates and updates test specifications.
• Ensure technical & testing documentation is kept up to date and audit ready.
• Automate repetitive test cases and process-related activities, streamlining testing workflows and enhancing efficiency.

Personal skills include:

• Exemplifies a positive attitude and strong persistence in overcoming technical challenges and contributing to a collaborative work environment.
• Excellent verbal and written communication skills.
• Proven ability to thrive and adapt in a fast-paced, dynamic environment.
• Proactive and capable of working effectively both independently and as part of a team.
• Proven ability to handle confidential information with discretion, coupled with strong analytical and innovative problem-solving skills.
• Highly passionate about security and dedicated to continuous improvement of skills and expertise.

How we work together

We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week.

Onsite roles require full-time presence in the company’s facilities.

Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.

About Philips

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.

• Learn more about our business.

• Discover our rich and exciting history.

• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.