Lead Cyber Security Engineer- Penetration Tester Full Time NEW

Required Qualifications

• Engineering Degree in CS, E&TC, EE, Cybersecurity—or equivalent
• experience – 7-12 years
• Industry – Automotive, Information Technology, Mechatronics, Automation
• Strong hands-on with embedded/automotive protocols (CAN, UDS, DoIP, SOME/IP) and industrial/IoT protocols (Modbus, OPC UA, PROFINET, EtherNet/IP; plus wired/wireless Fieldbus/LoRa/WirelessHART).

Proficiency in tools: CANoe/CANalyzer/SocketCAN; Burp, Metasploit, Nmap, Wireshark.

Key Responsibilities

• Plan and perform end-to-end penetration tests on ECUs, gateways, TCUs, infotainment, ADAS-related ECUs, IoT and medical/industrial devices.

Assess in-vehicle networks (CAN, LIN, FlexRay, Automotive Ethernet) and design realistic attack chains across vehicle, mobile, cloud/back-end

• Align methods with ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443.
• Collaborate with firmware, hardware, cloud, DevOps, and systems teams; present risks and remediation to customers and stakeholders.

Drive architecture reviews, threat modeling (TARA) and attack surface analysis; contribute to work products and reports

• Conduct firmware/boot-chain testing (secure boot, OTA) and embedded Linux/RTOS security reviews.
• Execute hardware-level testing (JTAG/UART/SPI/I²C, flash extraction, debug interface analysis) and support SDR/RF assessments.
• Lead security architecture reviews, threat modeling (TARA), and attack-surface reduction across platforms.

Set and evolve methodologies aligned to ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443; ensure audit-readiness

• Build/extend tools, scripts, and exploits to validate real-world attacks; leverage AI/ML tools where beneficial.
• Mentor junior testers; improve team practices, tooling, and reporting quality.