Senior Automotive Security Consultant – Seattle, WA or Remote US

Description

• Scope and perform penetration testing of automotive components
• Scope and perform TARAs based on ISO/SAE 21434 and customer needs
• Communicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staff
• Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive products
• Perform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environment
• Evangelize IOActive through blogs, white papers, presentations, etc.

• Deep knowledge and understanding of:

• Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICE
• Embedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking &  communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.)

• Understanding of EV vehicle architecture and the associated security concerns

• Embedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc.
• C/C++ and ARM assembly including standard vulnerabilities and mitigations
• Cryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc,

• Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and components
• Perform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc…
• Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including:

• Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
• Extraction and demonstratable experience and skills reverse engineering of ECU firmware
• Low-level code review including crypto implementation code reviews, specifically for secure boot and code signing
• Wi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols)
• Hardware/embedded system hacking, including Interface and fuzz testing.
• Electronic and electrical knowledge including:
• Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors)
• Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanisms

• Rigorous attention to detail and strong analytic skills
• Ability to write test plans based upon initial impressions and discussions with the team
• Comfortable navigating large codebases with minimal guidance
• Excellent command of written and spoken English
• Comfortable leading and working as part of a multinational and multidisciplinary team
• Logical and structured approach to projects
• 5+ years of relevant work experience in a high-paced, enterprise consulting environment
• Previous CVEs in the automotive space are a bonus.

• The salary range for this position is $90-175k annually
• USA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance