Senior Cyber Security/ Penetration Test Engineer

07 Feb 2017
07 Mar 2017
Alex Ronald
Clearance Level
Job Type
Senior Cyber Security/ Penetration Test Engineer

Cars are becoming easier Cyber targets - you may have recently seen on the news that a range of cars are easily hacked; allowing their heating and air-conditioning systems to be hijacked - Your skills in PenTesting would be an immediate positive impact to the automotive industry! Are you an infrastructure PenTester with real hunger to take the next step? To grow? If yes, then I want to talk to you!

My client is a world-class, independent engineering consultancy, operating in multiple locations around the world, to support vehicle manufacturers and their supply chain with cutting-edge engineering and testing expertise.

They offer full-system design, test and integration expertise to automotive, defence, rail and transport industries and also specialise in developing low carbon and autonomous and co-operative driving technologies.

Below are some further details on the role. At the bottom of the page is where you can apply.

Main Purpose of Job
Penetration testing of cyber-physical systems

Objective evaluation, reporting and making recommendations on system resilience

Key Functions
Coordinating penetration testing activities within a small team
Coaching other team members to deliver consistent and successful results
Bringing and integrating know-how from IT and IoT domains into the automotive domain
Executing structured attacks on cyber physical systems within a white-hat laboratory
Executing attacks in the lab, the workshop and on the proving ground
Building team resources (tools, team and process)
Developing and delivering training for internal/external delivery
Working with design-side consultants to engineer value-add security solutions
Supporting the product groups in tendering activities

Essential QualificationsPreferred Qualifications
Good first degree (minimum 2:1) in electrical/electronic engineering, IT system, computer sciences or other relevant related discipline

Higher degree (relevant M.Sc, Eng D or Ph.D)
Corporate membership of an engineering institution including Chartered Engineer qualification
Relevant vocational courses (certified IT professional courses for example)

Essential ExperiencePreferred Experience
Competent (2+ years' experience in):
Commercial penetration testing in the information technology and/or internet of things domain

Experience in some combination of:
Commercial-off-the-shelf embedded operating systems (embedded Windows, Linux, QNX, Android, IOS… )
WiFi and Ethernet networks: monitoring and attacking
Bluetooth, NFC or other wireless networks: monitoring and attacking
USB subsystems and manipulation
DAB radio services and implementation
Deployment of over-the-air updates
Commonplace tools such as SDR
Writing attack code/malware
Internet / cloud security
Mobile security (smartphone integration, CarPlay, etc)
Code analysis (reverse engineering binary code)
Threat modelling
Frameworks such as Metasploit
Software attacks such as SQL injection

The candidate must have a strong experience in orchestrating structured attacks and recording data in a systematic way.
Some combination of:
Penetration testing cyber-physical systems
Knowledge of vehicle broadcast networks (CAN, LIN, Flexray, MOST) and associated security
Knowledge of industrial control systems
Knowledge of garage diagnostic systems
Knowledge of calibration systems (XCP/CCP)
Knowledge and experience of "connected vehicle" applications for example Connected Drive, OnStar, …
Knowledge of the AUTOSAR framework
Attack trees
Hardware reverse engineering and manipulation (e.g. SPI/I2C)
Social engineering
Side channel attacks
Clock glitching

Additional skills which could be beneficial:
Architectural design for security
System on a Chip (SOC) devices and implementations
Boot-loaders: design and security
Time Triggered Ethernet (TTE)

Other information
The candidate should:
Be capable of delivering a high standard of technical writing
Be capable of presenting technical information confidently to customers
Be a self-starter and able to execute designated tasks accurately and within timing and budget constraints
Have well-developed analytical skills - rigorous but pragmatic, being able to justify decisions with solid rationale
Have good interpersonal skills - a consensus-builder not confrontational
Be capable of technically coordinating a small group of engineers
Be willing to travel and work flexibly: The job is likely to involve periods of 1 week at a time spent overseas approximately 3 or 4 times per year. The job may also involve extended placements at customer facilities requiring travel within the UK for 1 to 3 days per week
Be willing to engage in the security clearance process and work on defence related projects

Role:Penetration Tester
Location:Warwickshire, Leicestershire, Northamptonshire
Salary:Competitive + Excellent benefits

Skills: Cyber Security, CREST, CHECK, CHECK Team Leader, Pen Tester, Penetration testing, pen-tester, EC Council, CEH, CISSP, CISA, CISM, CPA, SCA, PRINCE2, ITIL, OPTS, CTL, CTM, CCT, CRT, CCSAM, CCSAS, OSCP, SCF, CSSLP, TIGER, RedHat, hacker

Electus Recruitment Solutions provides specialist engineering and technical recruitment solutions to a number of high technology industries. We thank you for your interest in this vacancy. If you don't hear from us within 7 working days please presume your application has been unsuccessful on this occasion. You are of course free to resubmit your CV/details in the future and we shall assess your suitability at that time.

Electus Recruitment Ltd is acting as an Employment Agency in relation to this vacancy.

Similar jobs

Similar jobs