Automotive Penetration Tester

Om jobbet

About the Role

We are seeking an experienced Automotive Penetration Tester to join our growing cybersecurity engineering team. In this role, you will be responsible for assessing the security of in-vehicle systems, ECUs, automotive communication networks, and connected vehicle services. You will work closely with software developers, security architects, and test teams to identify vulnerabilities, perform penetration testing, and contribute to secure-by-design automotive solutions.

This position is ideal for someone who is passionate about vehicle security, hands-on testing, and staying ahead of emerging automotive cyber threats.

Key Responsibilities

Perform penetration testing, vulnerability assessments, and security evaluations on:

ECUs and embedded automotive systems

In-vehicle networks (CAN, LIN, FlexRay, Ethernet)

Vehicle connectivity modules (Telematics, Bluetooth, Wi-Fi)

Mobile apps, backend services, and cloud-connected vehicle platforms

Conduct threat analysis and risk assessment (TARA) according to automotive cybersecurity standards.

Execute fuzzing, reverse engineering, and exploit development for automotive interfaces.

Analyze and debug communication logs using automotive tools.

Review code, binaries, and firmware for security weaknesses.

Prepare clear, detailed reports including findings, severity, and mitigation recommendations.

Support development teams with secure coding practices and remediation guidance.

Stay updated on the latest automotive security trends, attack methods, and tools.

Required Experience & Skills

Experience:

4-5 years of hands-on penetration testing or automotive cybersecurity experience

Strong knowledge of automotive EE architecture, ECU communication, and vehicle network behavior

Technical Skills:

Penetration testing tools

Burp Suite, Metasploit, Wireshark, Nmap, Scapy, Nessus, OpenVAS

Automotive-specific tools

CANoe, CANalyzer, CANtact, CAN-utils, Kayak

UDS security testing, DoIP testing tools

Reverse engineering & debugging

IDA Pro, Ghidra, Radare2, Binary Ninja

Scripting & automation

Python, Bash, PowerShell

Protocol knowledge

CAN, LIN, FlexRay, Automotive Ethernet, UDS, DoIP, SOME/IP

Fuzzing tools

AFL, Peach Fuzzer, BooFuzz

Operating systems & environments

Linux, Android, Embedded Linux, QNX

Nice-to-Have / Meritorious

Experience with ISO 21434, UNECE R155/R156

Knowledge of secure boot, secure flashing, cryptographic modules

Automotive SOC experience or work with IDS/IPS for vehicles

Experience with cloud-based automotive platforms and API security

Certifications such as:

OSCP, OSWE, CEH, GPEN, CISSP, CPSA, CREST, SSCP

Understanding of automotive testing tools like dSPACE, HIL/VIL setups

Soft Skills

Strong analytical and problem-solving abilities

Clear communication and documentation skills

Proactive, detail-oriented, and committed to high-quality testing

Ability to work independently and in cross-functional teams