Role Overview:
Cyient seeking a Vulnerability Assessment and Penetration Testing (VAPT) Engineer to strengthen the security posture of aerospace systems and embedded system. The role involves conducting in-depth security assessments across avionics, embedded system, cabin networks and IoT environments used in aerospace. The successful candidate will be responsible for identifying vulnerabilities, ensuring system resilience, and achieving industry-standard security compliance.
________________________________________
Key Responsibilities:
1. Vulnerability Assessment & Penetration Testing (VAPT):
o Perform detailed VAPT on aerospace, embedded systems and flight control units.
o Evaluate cabin network components, ECUs, IoT systems, and communication.
o Test firmware, bootloaders, and secure communication protocols for vulnerabilities.
2. Threat Modeling and Risk Assessment:
o Conduct TARA (Threat Assessment & Remediation Analysis) to identify and mitigate risks.
o Assess communication buses like CAN, AFDX, and critical embedded infrastructure.
3. Compliance and Standards Adherence:
o Ensure software and embedded system compliance with MISRA C guidelines, OWASP, security guidelines and RTCA DO-178C.
4. Security Reporting & Documentation:
o Deliver comprehensive reports with severity impact, mitigation strategies, and Proof of Concept (PoC) for identified vulnerabilities.
o Collaborate with engineering teams to implement security fixes.
5. Tool Usage and Security Automation:
o Utilize tools like Burp Suite, Nessus, Wireshark, and IDA Pro to conduct assessments.
o Develop and automate security tests for firmware and embedded systems.
________________________________________
Required Skills & Experience:
3-10 years of experience in VAPT, focusing on embedded and aerospace systems security.
Expertise in encryption algorithms, cryptographic implementations, and secure protocols.
Familiarity with communication standards used in aerospace, such as CAN, ARINC 664, and AFDX.
Knowledge of communications security, cabin network protection, and IoT ecosystems.
Experience in reverse engineering, firmware analysis, and secure boot mechanisms.
Working knowledge of TARA-based threat modeling and secure SDLC processes.
________________________________________
Preferred Qualifications:
Certifications such as OSCP, CEH, CISSP, or CISM.
Experience working on embedded VAPT projects.
Familiarity with PKI infrastructure and secure communication protocols (TLS/SSL), ECU Units.
________________________________________
Soft Skills:
Strong problem-solving abilities and attention to detail.
Excellent communication skills for reporting and teamwork.
Ability to work independently and collaboratively in a high-stakes environment.