Automotive Cybersecurity Penetration Tester

Apply now

Active job offers

Automotive Cybersecurity Penetration Tester

  • System Engineering & FuSa & Cyber Security

 

Job description

You will play a critical role in ensuring the security and integrity of automotive systems, contributing to the development of robust and resilient solutions in line with industry standards and best practices.

Requirements

  • In-depth knowledge of automotive communication protocols such as CAN (Controller Area Network), LIN (Local Interconnect Network), and FlexRay.
  • Understanding of relevant automotive standards and specifications such us ISO21434.
  • Familiarity with the security mechanisms and vulnerabilities associated with various ECUs in vehicles (vehicle control units, infotainment systems, advanced driver-assistance systems).
  • Knowledge of secure boot processes and firmware update mechanisms. Expertise in analysing and securing in-vehicle networks.
  • Ability to assess the security of in-car communication buses and identify potential attack vectors.
  • Ability to assess vulnerabilities in multimedia interfaces, entertainment systems, and communication interfaces. Proficiency in reverse engineering and analysing firmware running on automotive ECUs.
  • Capability to identify and exploit vulnerabilities within ECU firmware.
  • Familiarity with diagnostic and testing tools used in the automotive industry.
  • Ability to use tools for debugging, sniffing, and analysing in-vehicle network traffic.
  • Understanding of security challenges associated with vehicle-to-cloud communication.
  • Ability to assess the security of cloud-connected services and backend systems.
  • Proficiency in using penetration testing tools tailored for automotive embedded systems.
  • Experience with tools specific to analysing and exploiting automotive security vulnerabilities.
  • Capability to perform risk assessments and threat modelling specific to automotive environments.
  • Understanding of potential threats and their impact on vehicle security.
  • Awareness of legal and compliance considerations in automotive penetration testing.
  • Incident Response for Vehicles:
    Clear and concise communication skills to convey findings to both technical and non-technical stakeholders. Ability to generate detailed penetration testing reports with actionable recommendations.

Responsibilities

• Identifying potential threats and assessing their impact on vehicle security.
• Conducting analyses and exploiting security vulnerabilities to strengthen overall system security.
• Demonstrating expertise in automotive communication protocols, including CAN, LIN, and FlexRay.
• Utilizing knowledge to design, implement, and troubleshoot communication systems within vehicles.
• Assessing the security of in-car communication buses and identifying potential attack vectors.
• Test planning and execution

Benefits

More reasons to work with us

add_home_work

Work from home or the office

Depending on the position, you can work remotely, from the office or in a hybrid model.

sync_saved_locally

Top-of-the-line equipment

We provide the equipment that best suits your needs and the requirements of your role.

redeem

Training budget

Use your personal training budget to gain new skills and knowledge.

diversity_2

Internal initiatives

Take part in our knowledge-sharing meetups organised by and for tech enthusiasts.

stethoscope

Private health insurance

Keep your health in check with easy access to medical professionals.

Recruitment process

It only takes a few steps

Different roles have different requirements, so the recruitment process depends on the specific position you are applying for.

quick_reference_all

Checking your CV

We read every resume we receive carefully. If you meet our requirements, we will call you to learn more about your expertise and needs.
psychology

Evaluating your qualifications

After an initial phone call, we check your skills with a task related to your position and provide you with feedback afterwards.
sms

Making an appointment

The next step is a meeting at our office or online, where you can learn more about the team and our work culture from a Spyrosoft manager and/or partner.
task_alt

Getting the answer

At Spyrosoft, we contact every person participating in the recruitment process. Upon acceptance, we will provide a list of the next steps.

Meet the recruiter

Karolina Kwaśnik Spyrosoft

At Spyrosoft, we focus on your professional development. You have influence on how and what you work on.

Karolina Kwasnik

Lead Recruitment Specialist

CONTACT OUR RECRUITMENT TEAM

Apply for
Automotive Cybersecurity Penetration Tester

If this offer seems to be perfect for you - don't wait, send us your CV

    Please note that we accept PDF, .doc, .docx or .odt format only.

    By agreeing to one of the following statements, I confirm that I provide my data voluntarily and accept the information contained in the Communication.
    See Communication text
    At the same time, I declare that I voluntarily provide my personal data and I acknowledge that the Controller of my personal data is Spyrosoft S.A. with its registered office in Wrocław, Plac Nowy Targ 28, the recipients of my data can be companies related with the Data Controller: in particular:
    a) dominant companies within the meaning of art. 4 § 1 point 4 of the Commercial Companies Code of 15 September 2000,
    b) affiliated companies within the meaning of art. provisions of the Commercial Companies Code of 15 September 2000,
    c) companies associated personally with the Administrator, i.e. those in which persons discharging functions in the Administrator's bodies hold at least 20% of votes or shares,
    as well as the Customers of these companies or the entities providing services in favour of the Data Controller who may act as data controllers and processors and my personal data shall be processed pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, pursuant to Art. 6 (1) (a) of this Regulation, during the period not exceeding 6 months

    At the same time, I acknowledge that I have the right to access and rectify my personal data, its erasure, limitation of processing, the right to object to the processing of data, the right to transfer data, the right to withdraw the consent at any time (without impact on the lawfulness of the processing carried out before the withdrawal), as well as the right to lodge a complaint to a supervisory body. Withdrawal of the consent and willingness to exercise other rights can be reported via e-mail: rodo@spyro-soft.com or by post to the following address: Spyrosoft S.A., Plac Nowy Targ 28, 50-141 Wrocław.

    I acknowledge that personal data is not subject to the automated decision making, including profiling.