Logo
IOActive

Senior Automotive Security Consultant - Seattle, WA or Remote US

IOActive, Seattle, Washington, us, 98127


Description

Senior Automotive Security Consultant - Seattle, WA or Remote US

About IOActive:

Founded in 1998, IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker's perspective to every client engagement to maximize security investments and improve client's overall security posture and business resiliency.

What you'll do:

Senior Automotive Security Consultants are responsible for performing high-end security evaluations including penetration testing, Threat Analysis and Risk Assessment (TARA) and research for our clients, focused on a range of automotive areas. In this role, you will work with other team members to deliver high-quality results to IOActive's clients throughout the world. This position is located in Seattle, WA, but a remote work arrangement may be considered for well-qualified candidates throughout the US.

Our consultants maintain a high level of expertise regarding known threats and technical advances in automotive security. This position requires expert knowledge in the end-to-end automotive technology ecosystem, including both in-vehicle and offboard systems such as E/E architecture, ECUs and connectivity.

The Senior Automotive Security Consultant will undertake advanced level security evaluation tasks and duties to meet customer requirements and project deadlines. This includes:Scope and perform penetration testing of automotive componentsScope and perform TARAs based on ISO/SAE 21434 and customer needsCommunicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staffDevelop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive productsPerform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environmentEvangelize IOActive through blogs, white papers, presentations, etc.What you bring:

Required Technical Skills

Deep knowledge and understanding of:Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICEEmbedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking & communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.)Understanding of EV vehicle architecture and the associated security concernsEmbedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc.C/C++, RUST, and ARM assembly including standard vulnerabilities and mitigationsCryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc,Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and componentsPerform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc...Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including:Rapid identification of attack surfaces and entry points using implicit threat modeling techniquesExtraction and demonstratable experience and skills reverse engineering of ECU firmwareLow-level code review including crypto implementation code reviews, specifically for secure boot and code signingWi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols)Hardware/embedded system hacking, including Interface and fuzz testing.Electronic and electrical knowledge including:Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors)Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanismsConsulting Skills + Experience

Rigorous attention to detail and strong analytic skillsAbility to write test plans based upon initial impressions and discussions with the teamComfortable navigating large codebases with minimal guidanceExcellent command of written and spoken EnglishComfortable leading and working as part of a multinational and multidisciplinary teamLogical and structured approach to projects5+ years of relevant work experience in a high-paced, enterprise consulting environmentPrevious CVEs in the automotive space are a bonus.Salary Range and Benefits

The salary range for this position is $90-175k annuallyUSA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance

Why IOActive:

The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focuses on security that has real-world impact. Join a team committed to making a difference.

Join us!

IOActive is proud to be an Equal Opportunity Employer