2024013 - Automotive Cybersecurity Pen Tester
- Understand the target automotive system, its firmware, its in-vehicle network and its connectivity with outside world to define the scope of penetration testing.
- Perform Threat modelling and identify the potential threats on the target system
- Perform Vulnerability scanning, identify the CVEs and prioritise the threat levels using CVSS system.
- Perform the exploitation Penetration testing on the target and identify the weak points.
- Prepare executive and detailed report of all findings during penetration testing.
- · Strong hands on experience in Automotive Embedded system within in Base Software (BSW) and/or ECU Hardware level for several years.
- More than 1 year of experience in Automotive Cybersecurity SW testing in the areas like Penetration testing, fuzz testing, network security testing or cybersecurity controls testing
- Working knowledge in testing one of the in-vehicle network like CAN, CAN-FD, LIN or Ethernet
- Working knowledge of Threat modelling and Vulnerability scanning
- Knowledge in testing connectivity protocols like Bluetooth, Wifi, RF, Mobile network.
- Knowledge of Bootloaders, Microcontroller architecture and Embedded SW
- Knowledge of Cryptography, HSM, Encryption-Decryption, Hashing, key management etc.
Good to have:
- Working knowledge on Penetration Test Execution Standard (PTES) is meritorious
- Executing tests in box car or vehicle environments is added advantage.
- Hands on experience with testing of diagnostic protocols like UDS is a plus
- Knowledge of regulations/standards (SAE/ISO) and associated regulatory frameworks such as ISO/SAE 21434 and UNECE WP29
- Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
- Experience with project management tools like JIRA