IOActive
Senior Automotive Security Consultant - Seattle, WA or Remote US
IOActive, Seattle, Washington, us, 98127
Description
Senior Automotive Security Consultant - Seattle, WA or Remote US
About IOActive:
Founded in 1998, IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker's perspective to every client engagement to maximize security investments and improve client's overall security posture and business resiliency.
What you'll do:
Senior Automotive Security Consultants are responsible for performing high-end security evaluations including penetration testing, Threat Analysis and Risk Assessment (TARA) and research for our clients, focused on a range of automotive areas. In this role, you will work with other team members to deliver high-quality results to IOActive's clients throughout the world. This position is located in Seattle, WA, but a remote work arrangement may be considered for well-qualified candidates throughout the US.
Our consultants maintain a high level of expertise regarding known threats and technical advances in automotive security. This position requires expert knowledge in the end-to-end automotive technology ecosystem, including both in-vehicle and offboard systems such as E/E architecture, ECUs and connectivity.
The Senior Automotive Security Consultant will undertake advanced level security evaluation tasks and duties to meet customer requirements and project deadlines. This includes: Scope and perform penetration testing of automotive components Scope and perform TARAs based on ISO/SAE 21434 and customer needs Communicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staff Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive products Perform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environment Evangelize IOActive through blogs, white papers, presentations, etc. What you bring:
Required Technical Skills
Deep knowledge and understanding of: Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICE Embedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking & communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.) Understanding of EV vehicle architecture and the associated security concerns Embedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc. C/C++, RUST, and ARM assembly including standard vulnerabilities and mitigations Cryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc, Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and components Perform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc... Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including: Rapid identification of attack surfaces and entry points using implicit threat modeling techniques Extraction and demonstratable experience and skills reverse engineering of ECU firmware Low-level code review including crypto implementation code reviews, specifically for secure boot and code signing Wi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols) Hardware/embedded system hacking, including Interface and fuzz testing. Electronic and electrical knowledge including: Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors) Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanisms Consulting Skills + Experience
Rigorous attention to detail and strong analytic skills Ability to write test plans based upon initial impressions and discussions with the team Comfortable navigating large codebases with minimal guidance Excellent command of written and spoken English Comfortable leading and working as part of a multinational and multidisciplinary team Logical and structured approach to projects 5+ years of relevant work experience in a high-paced, enterprise consulting environment Previous CVEs in the automotive space are a bonus. Salary Range and Benefits
The salary range for this position is $90-175k annually USA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance
Why IOActive:
The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focuses on security that has real-world impact. Join a team committed to making a difference.
Join us!
IOActive is proud to be an Equal Opportunity Employer
Senior Automotive Security Consultant - Seattle, WA or Remote US
About IOActive:
Founded in 1998, IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker's perspective to every client engagement to maximize security investments and improve client's overall security posture and business resiliency.
What you'll do:
Senior Automotive Security Consultants are responsible for performing high-end security evaluations including penetration testing, Threat Analysis and Risk Assessment (TARA) and research for our clients, focused on a range of automotive areas. In this role, you will work with other team members to deliver high-quality results to IOActive's clients throughout the world. This position is located in Seattle, WA, but a remote work arrangement may be considered for well-qualified candidates throughout the US.
Our consultants maintain a high level of expertise regarding known threats and technical advances in automotive security. This position requires expert knowledge in the end-to-end automotive technology ecosystem, including both in-vehicle and offboard systems such as E/E architecture, ECUs and connectivity.
The Senior Automotive Security Consultant will undertake advanced level security evaluation tasks and duties to meet customer requirements and project deadlines. This includes: Scope and perform penetration testing of automotive components Scope and perform TARAs based on ISO/SAE 21434 and customer needs Communicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staff Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive products Perform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environment Evangelize IOActive through blogs, white papers, presentations, etc. What you bring:
Required Technical Skills
Deep knowledge and understanding of: Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICE Embedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking & communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.) Understanding of EV vehicle architecture and the associated security concerns Embedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc. C/C++, RUST, and ARM assembly including standard vulnerabilities and mitigations Cryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc, Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and components Perform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc... Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including: Rapid identification of attack surfaces and entry points using implicit threat modeling techniques Extraction and demonstratable experience and skills reverse engineering of ECU firmware Low-level code review including crypto implementation code reviews, specifically for secure boot and code signing Wi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols) Hardware/embedded system hacking, including Interface and fuzz testing. Electronic and electrical knowledge including: Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors) Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanisms Consulting Skills + Experience
Rigorous attention to detail and strong analytic skills Ability to write test plans based upon initial impressions and discussions with the team Comfortable navigating large codebases with minimal guidance Excellent command of written and spoken English Comfortable leading and working as part of a multinational and multidisciplinary team Logical and structured approach to projects 5+ years of relevant work experience in a high-paced, enterprise consulting environment Previous CVEs in the automotive space are a bonus. Salary Range and Benefits
The salary range for this position is $90-175k annually USA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance
Why IOActive:
The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focuses on security that has real-world impact. Join a team committed to making a difference.
Join us!
IOActive is proud to be an Equal Opportunity Employer