Payment Assurance (PA) Device Security Evaluator - Ottawa, ON
PA Device Security Evaluator is involved with cybersecurity evaluations of payment devices to various Payment Card Industry (PCI) requirements including:
* PIN Transaction Security (PTS) Point of Interaction (POI)
* PIN Transaction Security (PTS) Hardware Security Module (HSM)
* Software-based PIN Entry on COTS (SPoC)
* Contactless Payments on COTS (CPoC)
* Mobile Payments on COTS (MPoC)
Evaluations can include the following types of assessments:
* Physical device security
* Tamper detection mechanisms (e.g., the electrical/electronic components)
* Side-channel analysis
* Secure boot
* Cryptographic key management
* Source-code review
* Firmware/OS hardening
* Secure software development lifecycle
* Malformed input (i.e., fuzzing)
* Vulnerability assessment and penetration testing
* Reverse engineering
* Mobile application testing (e.g., OWASP MASVS/MSTG)
* Policy, process, and procedure review
It is expected that a candidate will have expertise in a few of the above areas with at least an interest in the remaining areas.
Skills in the remaining areas can be gained through on-the-job training.
Device security analysis and assessments can require the use or knowledge of:
* Standard hand tools
* Drilling and rotary tools
* Soldering
* Heat and solvents
* Electronic circuits
* PCB design
* File formats
* Communication protocols
* Secure coding and common weaknesses
* iOS and Android application protections
The work is being done on client devices and as such, communicating the results of testing is necessary and done through technical reports.
In order to produce high quality reports, the following is needed:
* Attention to detail including consistency and completeness
* Ability to communicate effectively in English
* Good use of figures, images, and tables
* Effective use of the Office suite (Word and Excel in particular)
Additional skills that are sought in a candidate include:
* Communicating and working effectively within a small team
* Communicating with clients
* Being able to work in a shared lab environment
* Being able to work independently
* Being able to identify and understand limitations in tests
* Being able to come up with new test plans or improvements on existing test plans
For this position, work is mainly in the office with potential for on-site client visits.
In addition to the assessment work, there will be opportunities to develop and deliver training and consulting to clients, which could be done virtually or on-site.
While the position is for the Payment Assurance area of the company, work in other related areas of the company (e.g., IoT security) may be assigned as needed.
The work requires a mixture of hardware, software (firmware/OS level), and communications knowledge.
A post-secondary degree or diploma, or equivalent wo...
- Rate: Not Specified
- Location: Ottawa, CA-ON
- Type: Permanent
- Industry: Engineering
- Recruiter: EWA Canada
- Contact: Recruiter Name
- Email: to view click here
- Reference: 14183
- Posted: 2026-03-10 07:32:46 -
- View all Jobs from EWA Canada
More Jobs from EWA Canada
- Principal Cybersecurity Architect-IAM
- Lead Technical Program Manager
- Product Manager - Identity Proofing and Verification
- Customer Success Manager, Executive Director - Solution Discovery
- Rewards Product Associate
- Risk Management - Strategic Analytics - Associate
- Executive Director, Senior Human Resources Business Advisor (Enterprise Technology)
- Compliance Risk Management Director (Retail Alternative Investment Funds) - Executive Director
- Part Time Associate Banker Novi, MI (30 hours)
- Principal Software Engineer
- Senior Manager, Software Engineering
- Senior Site Reliability Engineer
- Sr. IT Manager - Enterprise IT Operations Center
- Senior Project Manager
- Security Officer
- Outlet Store Associate
- Team Member
- Assistant Manager Food Service Operation
- Team Member
- Team Member