SERMA SAFETY AND SECURITY

About the Company

SSERMA Safety and Security is your single point of contact for the SECURITY and SAFETY of your products and systems. Because security and safety are closely linked, and product security should not favor hardware or software at the expense of the system, we have developed a unique offering of expertise, evaluation, and consulting. Founded in 2015, SERMA Safety and Security has a unique expertise that allows us to operate across the entire value chain of your systems, from design to operational maintenance and supervision of equipment. We work on products and systems in various fields, including IoT, embedded systems, industry, and information systems. Our areas of expertise: Cybersecurity: Identifying and mitigating threats to information systems, products, embedded and IoT systems, and industrial solutions. Security evaluation laboratory: Defining and assessing security levels to achieve certification. Functional safety: Ensuring the safety of critical systems. Formal methods: Modeling, verification, and mathematical proof to guarantee the reliability and security of critical systems. SERMA Safety and Security is recognized for its technical excellence, earning numerous qualifications and certifications, including CESTI, PASSI RGS, PASSI LPM, SESIP, FIPS, SBMP, and more. In addition to these activities, the company offers training across its entire expertise in functional safety and cybersecurity. With nine sites across France and over 230 employees, SERMA Safety and Security continues to support and secure the most demanding industries.

Listed Jobs

Company Name

SERMA SAFETY AND SECURITY

Job Title

Ingénieur Evaluation Conformité Logiciel F/H

Job Description

**Job Title** Software Compliance Evaluation Engineer (F/H) **Role Summary** Evaluate software and embedded product security against international Common Criteria standards, supporting technical assessment projects within a cybersecurity lab. **Expectations** - Handover quality assessments and reports to project leads. - Proactively identify and document security weaknesses. - Collaborate with multidisciplinary teams on product security improvement. **Key Responsibilities** - Conduct security evaluations of software and embedded products following Common Criteria procedures. - Prepare detailed evaluation documentation, analysis reports, and compliance certificates. - Review source code and system designs to identify potential vulnerabilities. - Assist in test plan creation, execution, and result interpretation. - Provide technical guidance on security features and risk mitigation to stakeholders. - Stay updated on industry standards, regulatory requirements, and emerging threats. **Required Skills** - Strong analytical and problem‑solving abilities. - Familiarity with Common Criteria evaluation processes or related security compliance frameworks. - Knowledge of software security, code reviews, and embedded system architecture (ICs, smart cards, secure USB, mobile, automotive, aerospace). - Ability to read and understand technical documentation in English. - Excellent written and verbal communication skills in English. - Proficiency in documentation tools (Word, PowerPoint, SharePoint). - Team collaboration, adaptability, and independent work ethic. **Required Education & Certifications** - Engineering degree or equivalent in Computer Science, Electronics, Mathematics, or related field. - (Preferred) Experience as a Common Criteria evaluator, consultant, developer, or other security compliance role. - (Preferred) Certifications such as ISO/IEC 27001 Lead Auditor, Common Criteria Practitioner, or relevant security credentials. - English language proficiency at a technical level.

Pessac, France

On site

19-01-2026

Company Name

SERMA SAFETY AND SECURITY

Job Title

Ingénieur Evaluation Cybersécurité Mobile F/H

Job Description

Job title: Mobile Cybersecurity Evaluation Engineer (F/M) Role Summary: Provide advanced security evaluation and penetration testing of mobile payment, content protection, and authentication applications on Android and iOS platforms. Conduct code reviews, dynamic testing, and develop tools/attack techniques for client‑proposed products. Support R&D initiatives in mobile security standards such as EMVCo SBMP, PCI 3DS, PCI mPOC. Expectations: * Deliver thorough vulnerability assessments in compliance with industry standards. * Collaborate with cross‑functional teams to implement security improvements. * Continuously research emerging threats and update testing methodologies. * Communicate findings clearly to technical and non‑technical stakeholders. Key Responsibilities: * Analyze software implementations on mobile and embedded devices. * Perform static and dynamic reverse engineering of applications. * Conduct penetration tests, identify potential weaknesses, and provide remediation guidance. * Design and implement custom attack tools and testing frameworks. * Contribute to the development of mobile security evaluation frameworks and documentation. * Stay current on mobile OS security models, authentication mechanisms, cryptography, and relevant standards. Required Skills: * Proficiency in Java, C/C++, ARM and x86 assembly. * Strong knowledge of Android and iOS security architectures. * Experience with reverse engineering tools (IDA Pro, Ghidra, Frida, Radare2) and static/dynamic analysis platforms. * Familiarity with mobile security standards (EMVCo SBMP, PCI 3DS, PCI mPOC). * Understanding of authentication protocols, cryptographic primitives, and countermeasures. * Excellent technical communication in English. * Ability to work independently and in a team, managing multiple security assessment projects. Required Education & Certifications: * Bachelor’s or Master’s degree in Computer Science, Software Engineering, or related field. * Equivalent technical experience may substitute for formal degree. * Certifications such as OSCP, CEH, or equivalent in mobile security are highly desirable.

Pessac, France

On site

19-01-2026