What you’ll do
You get inspired by our mission to give our customers “Freedom to move”. You will use your deep knowledge to analyze and enhance the protective measures that we install in all parts of the in-vehicle embedded system.
You will perform vulnerability tests, security assessments, and risk analysis activities related to in-vehicle communication independently or as a part of a team. You will collaborate with concept owners to establish verification methods and work closely with the automation team who automates test cases into the Continuous Integration (CI) machinery.
You will develop security mechanisms and help to receive teams implement them, by supporting or implementing a concept that Security Group owns and share with the company. Programming environments extend from script languages like Python to C, will also be among your tasks.
Further, verify security requirements of different types of ECUs related to e.g. Infotainment, Gateway, and Connectivity functions will be on your response as well as ensuring proficiency and adequate level of details in reports and test results.
You will get the chance to work within different test environments, i.e. real cars, as well as Boxcars or similar settings and, are excepted to demonstrate critical thinking and creative analytical skills to for example identify vulnerabilities/attack vectors that are difficult to detect.
You and your skills
You use your skills as Cyber Security Engineer and your passion for security in embedded systems to expand your technical insights and to build and maintain a network that includes people from all areas of the company. You have experience within the field of security by design.
We believe that you have an M.Sc. or B.Sc. degree in Software, Electrical or Computer engineering, or equivalent education and a strong understanding for the threat landscape of a connected device and the mitigation mechanisms needed for protection. You are proficient in programming languages such as C/C++ and Python/Bash/CAPL and in the English language, both in written and oral form.
You will need a couple of years of relevant professional experience in developing security solutions in vehicles or other embedded environments.
You are curious and want to contribute to developing groundbreaking technology. Driven by customer focus you get things done. You are committed to high delivery quality and have the ability to proceed with your work without having all facts at hand before you start. You are flexible and have excellent communication and documentation skills. With your positive attitude, you have the ability to work constructively both as an individual or in teams.
You need a learning mindset to grow within the given role. You are experienced with agile development and familiar with software development best practices.
• Competence to examine security from a holistic view, including threat modeling, risk, and vulnerability assessment.
• Knowledge and experience on vehicle networks and communication protocols such as CAN, TCP/IP, IEEE 802.11x, BLE, and Bluetooth
• Experience of one or several tools such as Wireshark, CANalyzer, and CANoe
• Previous knowledge of automotive-related standards such as UDS and SOME/IP
• Experience with reverse engineering, pen-testing for embedded devices
• Experience of Metasploit framework and Kali Linux OS.
• International Software Testing Qualifications Board (ISTQB) certification
• Other security-related certifications such as CISSP and CEH.
• Code Reviews (Gerrit etc)
• Threat Modeling (Heavens)
• Static/Dynamic/Interactive Code and 3rd party analysis tools and processes
• Security in the Cloud
• Embedded systems, IoT and Hardware-based attacks