- Scope and perform penetration testing of automotive components
- Scope and perform TARAs based on ISO/SAE 21434 and customer needs
- Communicate complex vulnerabilities, risks, and mitigations to both technical and non-technical client staff
- Develop sophisticated, state-of-the-art attacks that integrate the latest attack methods against automotive products
- Perform research on new attack vectors, discover new vulnerabilities, create tools and new exploitation techniques in an automotive environment
- Evangelize IOActive through blogs, white papers, presentations, etc.
- Deep knowledge and understanding of:
- Automotive security & safety standards and regulations including ISO/SAE 21434:2021, ISO 26262:2018, UNECE R155 & R156 & Automotive ASPICE
- Embedded automotive cybersecurity architecture and design including in end-to-end connected vehicles (telematics, infotainment, etc.) in-vehicle networking & communication (automotive Ethernet, CAN, CAN-FD, Flex-ray, BLE, Wi-Fi etc.)
- Understanding of EV vehicle architecture and the associated security concerns
- Embedded security mechanisms such as hypervisors, secure boot, automotive OSes (QNX & Linux), automotive software frameworks (AutoSAR, etc), secure communication, secure key storage (HSMs & Trustzone) access control, OTA updates, etc.
- C/C++ and ARM assembly including standard vulnerabilities and mitigations
- Cryptography concepts including symmetric encryption and signing (AES & HMAC), asymmetric encryption, signing and verification (RSA & ECC), hashing (HMAC) etc,
- Perform TARAs (threat analysis and risk assessment) on a range of vehicle features and components
- Perform penetration testing of EV and EVSE technologies such as V2x, EV Chargers/Dischargers, etc...
- Perform penetration testing of automotive components including ECUs (IVI, central gateway, telematics) using approaches including:
- Rapid identification of attack surfaces and entry points using implicit threat modeling techniques
- Extraction and demonstratable experience and skills reverse engineering of ECU firmware
- Low-level code review including crypto implementation code reviews, specifically for secure boot and code signing
- Wi-Fi/Bluetooth testing along with demonstratable understanding of the electro-magnetic spectrum (near field such as NFC and far field such as UHF, Microwave and associated physical layer protocols)
- Hardware/embedded system hacking, including Interface and fuzz testing.
- Electronic and electrical knowledge including:
- Extensive experience with digital electronics and signal capturing tools (Oscilloscope, logic analyzer, protocol specific adaptors)
- Experience with protocol and signals analysis, reverse engineering of custom data formats and transport mechanisms
- Rigorous attention to detail and strong analytic skills
- Ability to write test plans based upon initial impressions and discussions with the team
- Comfortable navigating large codebases with minimal guidance
- Excellent command of written and spoken English
- Comfortable leading and working as part of a multinational and multidisciplinary team
- Logical and structured approach to projects
- 5+ years of relevant work experience in a high-paced, enterprise consulting environment
- Previous CVEs in the automotive space are a bonus.
- The salary range for this position is $90-175k annually
- USA benefits package includes PTO, Holiday, Medical, Dental, Vision, 401(k) match, Long and Short-Term Disability, Life Insurance, and Employee Assistance Program (EAP), and Business Travel Insurance
-
IT-Security Consultant
1 week ago
Apex Innovations Redmond, United StatesAbout aramido GmbH: · We have been ensuring information security in companies through security checks, consulting, and incident response. We take a holistic approach to information security, including conducting commissioned hacking tests on IT systems, providing awareness traini ...
-
Consultant Information Security
1 week ago
Atlas Dynamics Tacoma, United StatesWe are · a family-owned company north of Munich with a passion for the functional interaction between IT and humans. · For almost two decades, we have been supporting our clients throughout Europe with the complex task of securing their virtual assets. Our consulting focuses on I ...
-
Azure Security Consultant
6 days ago
Omni Inclusive Seattle, United StatesSeasoned cloud security expert with in-depth knowledge on comprehensive security design, implementation and management across all Azure security technologies and services. · Key Responsibilities - · Design and implement extensive Microsoft Security related activities that inclu ...
-
Principal Information Security Consultant
5 days ago
First Information Technology Services Bellevue, United StatesJob Description · Job DescriptionFirst Information Technology Services (FITS) has been providing Information Security, Cloud Computing Security, and IT consulting services since 2000. FITS consultants perform comprehensive assessments from beginning to end to produce meaningful, ...
-
Principal Information Security Consultant
5 days ago
First Information Technology Services Bellevue, United StatesFirst Information Technology Services (FITS) has been providing Information Security, Cloud Computing Security, and IT consulting services since 2000. FITS consultants perform comprehensive assessments from beginning to end to produce meaningful, actionable reports that fit withi ...
-
Virtual Behavioral Health Therapist
4 days ago
One Medical Seattle, United States Full timeAbout Us · One Medical is a primary care solution challenging the industry status quo by making quality care more affordable, accessible and enjoyable. But this isn't your average doctor's office. We're on a mission to transform healthcare, which means improving the experience fo ...
-
Health Unit Coordinator
1 week ago
Banner Health Sun City, United States**Primary City/State**: · Sun City, Arizona · **Department Name**: · PCU 6th Floor · **Work Shift**: · Day · **Job Category**: · Administrative Services · - Additional Job Description · The future is full of possibilities. At Banner Health, we're excited about what the future hol ...
-
BlueWave Solutions Sun City, United StatesOur work has never been more important than it is today. As the largest state-owned IT company, Dataport ensures the IT security and digital sovereignty of the state. We fight against cybercrime, enable online government transactions, and create customized IT solutions for societ ...
-
Sales Consultant Customer Service
3 weeks ago
Redwood Ventures Pacific, WA, United States Freelance**Sales Consultant Customer Service (m/f/d) in Pacific, WA**: · **Responsibilities**: · - Continuous development of sales and marketing strategies · - Support and advice for existing customers · - Creation of customer offers and sale of premium products · **Profile**: · - A posit ...
-
Electrical Engineer
4 days ago
Harrison Consulting Solutions Seattle, United StatesA multi-discipline engineering firm with over 50 years in business is looking for an Electrical Engineer for their Seattle team This position may be worked remotely. · Responsibilities:Work with a multi-disciplined team of Engineering and Architecture professionals · Building pr ...
-
Consulting Employee with Security Clearance
2 weeks ago
Leidos Poulsbo, United StatesR Description The Maritime Solution Systems Portfolio within the Maritime Systems Division (MSD) is seeking an experienced, dynamic, and highly capable Program Manager to join the Leidos team in Poulsbo, WA to support a multidisciplined team in the support of the development of i ...
-
Crimson Solutions Renton, United StatesCan technology make the world a better place? That's what TQ and each of our 1,700 employees stand for. As one of the largest electronics specialists in Germany, we develop and produce customized and innovative solutions for renowned customers from various industries. In addition ...
-
Omega Enterprises SeaTac, United StatesAbout WT Energiesysteme GmbH: · Energy conversion, that is the topic of our company. We are a medium-sized company based in Riesa and Dresden. Our core competence lies in the construction, maintenance and modernization of substations or grid feed-ins - in the range of 10 to 380kV ...
-
Designer - Telecommunications & Security
1 week ago
Blue Lake Consulting Group Seattle, United StatesOn behalf of our client, a leading engineering consulting firm, we are seeking several Telecom and Security Designers proficient in Revit. As a Telecom and Security Designer, you will play a crucial role in designing cutting-edge telecommunications and security systems for client ...
-
Dual Study Program in Business Informatics
1 week ago
Apex Innovations Normandy Park, United StatesWe are mindsquare. And with you, we want to change the digital world forever. That's why we are more than a multi-award winning IT consulting company. mindsquare is a place for personal development and growth, entrepreneurial freedom, and digital excellence. A community where you ...
-
Regional Sales Manager
1 week ago
Dahua Technology USA Seattle, United StatesWho we are: · Dahua Technology USA Inc. is a leader of video security equipment manufacturing, according to an Omdia 2020 report. Dahua's expertise in designing and manufacturing video security products for professional applications spans over 20 years - with over 1,700 patents f ...
-
Peoplesoft Administrator
1 week ago
Tata Consultancy Services Seattle, United StatesRole: PeopleSoft Admin Consultant · Job Type: Fulltime · Location: Seattle, WA (Onsite) · Job Description: · Must have skills: · 1) PeopleSoft Upgrade Experience · 2) PeopleSoft PUM Update · 3) Archival · 4) PeopleSoft Data Masking - must have relevant experience in at least 2 ...
-
Peoplesoft Administrator
1 week ago
Tata Consultancy Services Seattle, United StatesRole: PeopleSoft Admin Consultant · Job Type: Fulltime · Location: Seattle, WA (Onsite) · Relevant Experience: 10 Years · Job Description: · Must have skills: · 1) PeopleSoft Upgrade Experience · 2) PeopleSoft PUM Update · 3) Archival · 4) PeopleSoft Data Masking - must have re ...
-
Amazon Seattle, United States· AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we're the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipme ...
-
Substance Use Disorder Professional
1 week ago
Downtown Emergency Service Center Pioneer Square, United States:Days Off: Thursday, Friday, Saturday · Shift: Day · Insurance Benefits: Dental, Life, Long-term Disability, Medical (no premiums/payroll deductions for employee coverage) · Other Benefits: Employee Assistance Program (EAP), Flexible Spending Account (FSA), ORCA card subsidy, Pai ...
Senior Automotive Security Consultant - Seattle, United States - IOActive
Description
Senior Automotive Security Consultant - Seattle, WA or Remote US
About IOActive:
Founded in 1998, IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker's perspective to every client engagement to maximize security investments and improve client's overall security posture and business resiliency.
What you'll do:
Senior Automotive Security Consultants are responsible for performing high-end security evaluations including penetration testing, Threat Analysis and Risk Assessment (TARA) and research for our clients, focused on a range of automotive areas. In this role, you will work with other team members to deliver high-quality results to IOActive's clients throughout the world. This position is located in Seattle, WA, but a remote work arrangement may be considered for well-qualified candidates throughout the US.
Our consultants maintain a high level of expertise regarding known threats and technical advances in automotive security. This position requires expert knowledge in the end-to-end automotive technology ecosystem, including both in-vehicle and offboard systems such as E/E architecture, ECUs and connectivity.
The Senior Automotive Security Consultant will undertake advanced level security evaluation tasks and duties to meet customer requirements and project deadlines. This includes:
Required Technical Skills
The IOActive mission is to make the world a safer, more secure place from cyber threats with research and services that focuses on security that has real-world impact. Join a team committed to making a difference.
Join us
IOActive is proud to be an Equal Opportunity Employer