Senior Automotive Security Consultant – Seattle, WA or Remote US
Seattle, Washington, United States | United States, United States, United States
Applications have closed
- Scope and perform penetration testing of automotive components
- Scope and perform TARAs based on ISO/SAE 21434 and customer needs
- Communicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staff
- Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive products
- Perform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environment
- Evangelize IOActive through blogs, white papers, presentations, etc.
- Deep knowledge and understanding of:
- Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICE
- Embedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking & communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.)
- Understanding of EV vehicle architecture and the associated security concerns
- Embedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc.
- C/C++ and ARM assembly including standard vulnerabilities and mitigations
- Cryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc,
- Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and components
- Perform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc…
- Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including:
- Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
- Extraction and demonstratable experience and skills reverse engineering of ECU firmware
- Low-level code review including crypto implementation code reviews, specifically for secure boot and code signing
- Wi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols)
- Hardware/embedded system hacking, including Interface and fuzz testing.
- Electronic and electrical knowledge including:
- Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors)
- Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanisms
- Rigorous attention to detail and strong analytic skills
- Ability to write test plans based upon initial impressions and discussions with the team
- Comfortable navigating large codebases with minimal guidance
- Excellent command of written and spoken English
- Comfortable leading and working as part of a multinational and multidisciplinary team
- Logical and structured approach to projects
- 5+ years of relevant work experience in a high-paced, enterprise consulting environment
- Previous CVEs in the automotive space are a bonus.
- The salary range for this position is $90-175k annually
- USA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AES C Crypto Cryptography Encryption Ethernet Full stack Hashing HMAC ISO/SAE 21434 Linux Pentesting Reverse engineering Risk assessment RSA UNECE R155 Vulnerabilities
Perks/benefits: 401(k) matching Career development Health care Insurance Salary bonus Signing bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.