NXP Semiconductors logo

Principal Embedded Security Vulnerability Analyst (m/f/d)

NXP Semiconductors
July 03, 2026
Full-time
On-site
Gratkorn, Austria
Other Semiconductor Jobs, Level - Senior

Job Title

Principal Embedded Security Vulnerability Analyst (m/f/d)

Role Summary

Lead deep technical analysis of embedded systems to discover, assess, and influence remediation of security vulnerabilities at the hardware/software boundary. Work across firmware, boot code, trusted execution environments and low-level system components to improve product security and evaluation approaches.

Position combines hands-on vulnerability research, tool and methodology development, and cross-team influence to harden next-generation products.

Experience Level

Senior / Principal level. Specific years of experience not provided; role requires expert-level systems thinking and advanced technical leadership.

Responsibilities

Primary responsibilities include leading technical investigations, defining analysis strategies, and scaling capabilities across the organization.

  • Lead in-depth vulnerability analysis of embedded software (bare-metal, RTOS, trusted execution environments).
  • Analyze boot flows, privilege boundaries, crypto/key handling, and other security-critical components.
  • Perform root-cause analysis, assess exploitability, and determine systemic impact of findings.
  • Define and guide security evaluation strategies for certifications (e.g., PSA, SESIP, Common Criteria).
  • Lead PSIRT incident analysis and drive structural and architectural improvements.
  • Architect and develop advanced analysis tooling and automation (static analysis, fuzzing, frameworks).
  • Design and institutionalize workflows that combine static/dynamic analysis with AI-assisted techniques.
  • Evaluate emerging attack techniques and incorporate them into internal methodologies.
  • Translate findings into mitigations and influence product and architecture decisions.
  • Mentor and guide other engineers in vulnerability analysis and research methodologies.

Requirements

Must-have technical skills and experience; listed differentiators are desirable but not mandatory.

  • Must-have: Deep understanding of low-level system behavior (memory layout, interrupts, privilege levels, concurrency).
  • Must-have: Extensive experience in C programming and strong familiarity with ARM and/or RISC-V architectures.
  • Must-have: Strong assembly-level debugging and low-level system analysis skills.
  • Must-have: Practical experience with static and dynamic analysis, fuzzing, and assessing exploitability.
  • Must-have: Experience with debugging interfaces and tooling (e.g., JTAG, trace, GDB).
  • Must-have: Track record in vulnerability research, reverse engineering, or exploit development; ability to lead complex investigations and communicate technical risk.
  • Nice-to-have: Experience with symbolic execution, side-channel analysis, or advanced exploitation techniques.
  • Nice-to-have: Experience evaluating and operationalizing AI-assisted vulnerability discovery tools and agentic workflows.
  • Nice-to-have: Experience building scalable automated analysis pipelines (scripting, distributed systems, agent-based approaches).
  • Nice-to-have: Rust experience or interest in memory-safe system design.

Education Requirements

Degree in Electrical Engineering, Computer Science, Mathematics, or a related technical field, or equivalent practical experience.


About the Company

Company: NXP Semiconductors

Headquarters: Nijmegen, Netherlands

NXP Semiconductors N.V. is a global semiconductor company that provides High Performance Mixed Signal and Standard Product solutions. With over 45,000 employees and operations in more than 35 countries, NXP is a leader in secure connectivity solutions for embedded applications, catering to automotive, industrial IoT, mobile, and communication infrastructure markets. The company is committed to innovation and sustainability, advancing a smarter, safer, and more sustainable world through technology.

NXP Semiconductors logo

Date Posted: 2026-07-03