Job Title
Software Security Analyst (m/f/d)
Role Summary
Perform deep technical analysis of embedded systems to identify and assess vulnerabilities at the hardware/software boundary. The role focuses on low-level firmware, boot code, privilege boundaries and security-critical components, and works with development teams to translate findings into fixes and secure designs.
The team applies and develops modern analysis approaches, including automation and AI-assisted workflows, to improve depth and scalability of vulnerability discovery.
Experience Level
Senior-level; years of experience not specified.
Responsibilities
Core responsibilities include vulnerability discovery, root-cause and exploitability analysis, and driving mitigations with engineering teams.
- Perform in-depth vulnerability analysis of embedded software (bare-metal, RTOS, trusted execution environments)
- Analyze boot flows, privilege boundaries, and security-critical components (crypto, key handling, isolation)
- Conduct root cause analysis and assess exploitability and impact of identified weaknesses
- Support security certifications and evaluations (e.g., PSA, SESIP, Common Criteria)
- Analyze PSIRT incidents and recommend structural improvements
- Develop and apply analysis tooling and methodologies (static analysis, fuzzing, scripting, automation)
- Design and refine workflows that combine static/dynamic analysis with AI-assisted techniques
- Research and evaluate emerging attack techniques relevant to embedded systems
- Collaborate with development teams to translate findings into concrete mitigations
Requirements
Must-have technical skills and experience.
- Strong understanding of low-level system behavior (memory layout, interrupts, privilege levels, concurrency)
- Solid experience in C programming
- Familiarity with ARM and/or RISC-V architectures
- Experience with assembly-level debugging and analysis
Nice-to-have / differentiators.
- Experience in vulnerability research, reverse engineering, or exploit development
- Familiarity with static/dynamic analysis tools, fuzzing, or symbolic execution
- Experience with debugging interfaces (JTAG, trace, GDB)
- Experience using or evaluating AI-assisted code-analysis or vulnerability-discovery tools
- Experience building or integrating automated analysis workflows (scripting, pipelines, agent-based approaches)
- Rust experience or interest in memory-safe system design
- Clear technical communication and ability to drive complex investigations independently
Education Requirements
Degree in Electrical Engineering, Computer Science, Mathematics, or a related field.
About the Company
Company: NXP Semiconductors
Headquarters: Nijmegen, Netherlands
NXP Semiconductors N.V. is a global semiconductor company that provides High Performance Mixed Signal and Standard Product solutions. With over 45,000 employees and operations in more than 35 countries, NXP is a leader in secure connectivity solutions for embedded applications, catering to automotive, industrial IoT, mobile, and communication infrastructure markets. The company is committed to innovation and sustainability, advancing a smarter, safer, and more sustainable world through technology.

Date Posted: 2026-07-03