CSMS Mobile Application Penetration Tester / IOT Tester

Company

Job Description

Job Description: Connected Cars IoT/Mobile Application Penetration Tester

CSMS Mobile Application Penetration Tester / IOT Tester

We are seeking a skilled Application Penetration Tester to join our team and contribute to the security assessment of next generation connected vehicles. As a Connected Cars IoT/Mobile Application Penetration Tester, you will play a crucial role in identifying and mitigating security vulnerabilities in in-vehicle infotainment (IVI), telematics, key fob systems, mobile applications and, enhancing the security of IoT-enabled vehicles.

Key Responsibilities

• Conduct penetration tests on connected car components, including ECUs (Electronic Control Units), communication modules, and mobile apps.
• Analyse firmware and software for vulnerabilities.
• Evaluate the security of in-vehicle apps, telematics systems, and mobile interfaces.
• Perform penetration testing on in-vehicle communication protocols (CAN, LIN, Ethernet) and wireless interfaces (Bluetooth, Wi-Fi, cellular).
• Define custom security test cases and scripts to assess interfaces such as OBD-2 ports, USB ports, etc.
• Utilize open-source tools (e.g., Hack-RF, CANAlyzer, rubber-ducky, Ubertooth, IDA-Pro) to simulate attacks.
• Perform grey box assessments on mobile applications, and vehicle management applications.
• Identify vulnerabilities in IVI systems, telematics units, and mobile apps.
• Collaborate with cross-functional teams to remediate security issues.
• Develop custom scripts and tools for testing and exploitation.
• Stay up to date with the latest security threats and vulnerabilities specific to connected cars, mobile apps and IoT ecosystems.

Qualifications

• Bachelor’s degree in computer science, Cybersecurity, or a related field.
• Proven experience in mobile application security testing.
• Familiarity with mobile platforms (iOS, Android) and, with automotive communication protocols (CAN, UDS, etc.).
• Understanding of the vehicle architecture and CAN (Controller Area Network) bus communication.
• Hands-on experience with security tools (Burp Suite, Wireshark, Metasploit, etc.).
• Hands on knowledge in Reverse engineering of mobile apps both (android and iOS).
• Binary analysis using Ghidra and IDaPro.
• Strong knowledge in developing custom frida scripts for process hooking.
• Certifications such as CEH, OSCP, or OSCE, eMAPT are a plus.
• Proficiency in operating systems (Linux, Windows), networks, and Active Directory.
• Strong analytical skills and attention to detail.
• Ability to think like an attacker and anticipate potential threats.

• Passion for automotive security and a desire to make a positive impact.
• Excellent communication skills to convey findings and recommendations.

If you are passionate about automotive security and want to contribute to the safety of connected vehicles, we encourage you to apply!

Job Family

Renault Group is committed to creating an inclusive working environment and the conditions for each of us to bring their passion, perform to the full and grow, whilst being themselves.  
We find strength in our diversity and we are engaged to ensure equal employment opportunities regardless of race, colour, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, etc. If you have a disability or special need requiring layout of the workstation or work schedule, please let us know by completing this form.

In order to follow in real time the evolution of your applications and to stay in touch with us, we invite you to create a candidate account. This will take you no more than a minute and will also make it easier for you to apply in the future.

By submitting your CV or application, you authorise Renault Group to use and store information about you for the purposes of following up your application or future employment. This information will only be used by Renault Group companies as described in the Group Privacy Policy.