We are seeking a Senior Embedded Security Vulnerability Analyst to perform deep technical analysis of embedded systems, focusing on identifying and understanding vulnerabilities at the hardware/software boundary.
You will analyze low-level firmware, boot code, and system components to uncover exploitable weaknesses and work closely with development teams to drive secure designs. The role requires a strong systems mindset, curiosity for attack techniques, and the ability to reason about complex execution environments. You will also leverage and help shape modern analysis approaches, including AI-assisted vulnerability discovery workflows, to improve both depth and scalability of analysis.
If you are already exploring how LLMs and agentic workflows can augment deep code and system analysis, this role provides an opportunity to apply and advance these approaches in a real-world embedded security setting.
We welcome both:
Your Responsibilities
Perform in-depth vulnerability analysis of embedded software (bare-metal, RTOS, trusted execution environments)
Analyze boot flows, privilege boundaries, and security-critical components (e.g., crypto libraries, key handling, isolation mechanisms)
Conduct root cause analysis and assess exploitability and impact of identified weaknesses
Support security certifications and evaluations (e.g., PSA, SESIP, Common Criteria)
Analyze PSIRT incidents and derive structural improvements
Develop and apply analysis methodologies and tooling (static analysis, fuzzing, scripting, automation)
Apply and evaluate AI-assisted techniques for code analysis and vulnerability discovery (e.g., LLM-based workflows)
Design and refine workflows that combine traditional analysis (static and dynamic) with AI-assisted approaches
Research and evaluate emerging attack techniques relevant to embedded systems
Collaborate with development teams to translate findings into concrete mitigations
Education & Qualifications
Degree in Electrical Engineering, Computer Science, Mathematics, or related field
Strong understanding of low-level system behavior (memory layout, interrupts, privilege levels, concurrency)
Solid experience in C programming; familiarity with ARM and/or RISC-V architectures
Experience with assembly-level debugging and analysis
Strong differentiators:
Experience with vulnerability research, reverse engineering, or exploit development
Familiarity with static and dynamic analysis tools, fuzzing, or symbolic execution
Understanding of common vulnerability classes (memory corruption, logic flaws, side channels)
Experience with debugging interfaces (e.g., JTAG, trace, GDB)
Experience using or evaluating AI-assisted code analysis or vulnerability discovery tools
Experience building or integrating automated analysis workflows (e.g., scripting, pipelines, agent-based approaches)
Rust experience or interest in memory-safe system design
Your Profile
Strong analytical thinking and curiosity for how systems fail under adversarial conditions
Ability to work independently and drive complex technical investigations
Interest in combining deep technical analysis with modern AI-assisted techniques
Clear communication of technical findings and risks to diverse audiences
Collaborative mindset when working with development and architecture teams
Please note: The successful candidate may/will be responsible for security related tasks. The assignment may/will be in scope of security certifications, therefore a conscious and reliable way of working is necessary.
For applications in Gratkorn: NXP provides market competitive compensation according to the benchmarking of the electronic and semiconductor industry. Due to the Austrian Equal Treatment Act we are obligated to state the employment group of our applicable collective bargaining agreement (CBA) “Kollektivvertrag für Angestellte Gewerbe und Handwerk und in der Dienstleistung“, this position (fulltime) is graded in Employment GroupV. Your individual experiences and expectations will be considered in the application process. Moreover, we provide attractive benefits to our employees like home office, flexible working time, meal benefits and more.
More information about NXP in Austria...
#LI-a8a1