Lead Cyber Security Engineer- Penetration Tester

Required Qualifications

• Engineering Degree in CS, E&TC, EE, Cybersecurity—or equivalent
• 7–12 years of experience
• Industry experience in Automotive, Information Technology, Mechatronics, Automation
• Strong hands‑on experience with embedded/automotive protocols (CAN, UDS, DoIP, SOME/IP) and industrial/IoT protocols (Modbus, OPC UA, PROFINET, EtherNet/IP; plus wired/wireless Fieldbus/LoRa/WirelessHART)
• Proficiency in tools: CANoe, CANalyzer, SocketCAN; Burp, Metasploit, Nmap, Wireshark

Key Responsibilities

• Plan and perform end‑to‑end penetration tests on ECUs, gateways, TCUs, infotainment, ADAS‑related ECUs, IoT and medical/industrial devices.
• Assess in‑vehicle networks (CAN, LIN, FlexRay, Automotive Ethernet) and design realistic attack chains across vehicle, mobile, cloud/back‑end.
• Align methods with ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443.
• Collaborate with firmware, hardware, cloud, DevOps, and systems teams; present risks and remediation to customers and stakeholders.
• Drive architecture reviews, threat modeling (TARA) and attack surface analysis; contribute to work products and reports.
• Conduct firmware/boot‑chain testing (secure boot, OTA) and embedded Linux/RTOS security reviews.
• Execute hardware‑level testing (JTAG/UART/SPI/I²C, flash extraction, debug interface analysis) and support SDR/RF assessments.
• Lead security architecture reviews, threat modeling (TARA), and attack‑surface reduction across platforms.
• Set and evolve methodologies aligned to ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443; ensure audit‑readiness.
• Build/extend tools, scripts, and exploits to validate real‑world attacks; leverage AI/ML tools where beneficial.
• Mentor junior testers; improve team practices, tooling, and reporting quality.