Job Position: Embedded Penetration Tester
Job Location: Detroit, MI (Onsite)
Type: Contract-W2
Job Description
We are looking for experienced penetration tester for Automotive, with very good background in Electronical and Electronics systems (Electrical Engineering background) in a car and with OSCP certificates
This is an onsite role, and the candidate must be prepared to spend 6 months
Systems engineering, architecture or electronic product development experience (understanding of embedded
architecture, development, design principles).
? Minimum 2+ year’s industry experience.
? Aware of State of Art in Embedded Security with knowledge of Industry Standards, eg. Knowledge of SAE J3061,
UNECE WP 29 R155 & R156, ISO/SAE AWI 21434.
? Knowledge in embedded cybersecurity
o specification of security controls
o Secure Boot, Secure Programming, Secure Communication, Secure debug.
o Secure coding, including the development of security mechanisms (e.g. firewall, boot sequence, OTA updating,
access controls).
Main tasks, activities:
- Understanding the different automotive products and having in-depth knowledge about the products.
- Understanding the different automotive cyber security regulations such as J3061, UNECE WP29 R155, ISO/SAE 21434 and ISO 26262.
- Systems engineering, architecture or electronic product development experience (understanding of embedded architecture, development, design principles)
- Embedded product knowledge with knowledge of MCU & SoC based systems, ideally, Automotive embedded products. experience in the design of embedded Cyber Security mechanisms preferred, significant knowledge in software development
- Minimum 6+ years industry experience, minimum 3+ years’ experience in security governance, security architecture development and implementation, industry accepted security technologies, and integration of security requirements into architecture components used by systems architects and developers.
- System architecture, including security by design; privacy by design or functional safety by design
- Knowledge of Automotive Vehicle Networks and general electronic automotive products is an advantage
- 5 or 6 hands-on experience in performing penetration testing, functional cyber security testing, Interface testing & fuzz testing.
- Excellent communication skills, both written and verbal, clarity, concision, able to adapt reporting to customer management expectations.
Job Responsibilities
- Performing offensive cybersecurity activities in compliance with customer policies and applicable regulation.
- Reviewing internal requirements, Customer requirements and Specifications. Support Design Reviews, internal and with suppliers.
- Collaborating with the Product Line projects by communicating the results of the tests, e.g. identified vulnerabilities, and helping them in bringing the security to the expected level. Follow-up with the project the security fixes until the expected security level is achieved.
- Providing technical expertise to customer stakeholders under the scope of incident management.
- Providing technical reports related to uncovered cybersecurity defects, including the initial assessment as well as the methods, tools and entry points that attackers may use to exploit vulnerabilities or weaknesses.
- Supporting technical architecture and standards assignments.
- Following standardization rules.
- Following the evolution of the state of the art. Create, adapt or improve testing methods to identify new vulnerabilities.
- Perform functional, Interface, fuzz testing activities and its vulnerability management (Recommendations).
- Perform penetration testing (Black, Grey & White Box testing) activities and its vulnerability management (Recommendations).
-Manage the team members and full- fill the expectations of the management.