Vacant job

About the Role

We are seeking an experienced Automotive Penetration Tester to join our growing cybersecurity engineering team. In this role, you will be responsible for assessing the security of in-vehicle systems, ECUs, automotive communication networks, and connected vehicle services. You will work closely with software developers, security architects, and test teams to identify vulnerabilities, perform penetration testing, and contribute to secure-by-design automotive solutions.

This position is ideal for someone who is passionate about vehicle security, hands-on testing, and staying ahead of emerging automotive cyber threats.

Key Responsibilities

• Perform penetration testing, vulnerability assessments, and security evaluations on:
• ECUs and embedded automotive systems
• 
  
• In-vehicle networks (CAN, LIN, FlexRay, Ethernet)
• 
  
• Vehicle connectivity modules (Telematics, Bluetooth, Wi-Fi)
• 
  
• Mobile apps, backend services, and cloud-connected vehicle platforms
• Conduct threat analysis and risk assessment (TARA) according to automotive cybersecurity standards.
• 
  
• Execute fuzzing, reverse engineering, and exploit development for automotive interfaces.
• 
  
• Analyze and debug communication logs using automotive tools.
• 
  
• Review code, binaries, and firmware for security weaknesses.
• 
  
• Prepare clear, detailed reports including findings, severity, and mitigation recommendations.
• 
  
• Support development teams with secure coding practices and remediation guidance.
• 
  
• Stay updated on the latest automotive security trends, attack methods, and tools.

Required Experience & Skills

Experience:

• 4–5 years of hands-on penetration testing or automotive cybersecurity experience
• 
  
• Strong knowledge of automotive EE architecture, ECU communication, and vehicle network behavior

Technical Skills:

• Penetration testing tools
• Burp Suite, Metasploit, Wireshark, Nmap, Scapy, Nessus, OpenVAS
• Automotive-specific tools
• CANoe, CANalyzer, CANtact, CAN-utils, Kayak
• 
  
• UDS security testing, DoIP testing tools
• Reverse engineering & debugging
• IDA Pro, Ghidra, Radare2, Binary Ninja
• Scripting & automation
• Python, Bash, PowerShell
• Protocol knowledge
• CAN, LIN, FlexRay, Automotive Ethernet, UDS, DoIP, SOME/IP
• Fuzzing tools
• AFL, Peach Fuzzer, BooFuzz
• Operating systems & environments
• Linux, Android, Embedded Linux, QNX

Nice-to-Have / Meritorious

• Experience with ISO 21434, UNECE R155/R156
• 
  
• Knowledge of secure boot, secure flashing, cryptographic modules
• 
  
• Automotive SOC experience or work with IDS/IPS for vehicles
• 
  
• Experience with cloud-based automotive platforms and API security
• 
  
• Certifications such as:
• OSCP, OSWE, CEH, GPEN, CISSP, CPSA, CREST, SSCP
• Understanding of automotive testing tools like dSPACE, HIL/VIL setups

Soft Skills

• Strong analytical and problem-solving abilities
• 
  
• Clear communication and documentation skills
• 
  
• Proactive, detail-oriented, and committed to high-quality testing
• 
  
• Ability to work independently and in cross-functional teams
•