DTICI_Automotive_Cyber_Security_Lead_T6

• Be the SME for Vehicle & Component Security Testing requirements
• Ensure the security testing is thorough and standardize, to support CSMS & regulatory requirements
• Be the champion of Governance & Compliance from a Cybersecurity Verification & Validation perspective
• Should be able to guide, assist & work along with the team members to develop the internal Security testing capabilities
• Should be eager to conduct POC, build lab environments, upskill & develop capabilities
• Contribute to the development and continuous improvement of Cybersecurity Verification & Validation (V&V) activities
• Define, tailor, and execute/facilitate grey-box and black-box penetration testing at ECU, functional, and vehicle levels
• Conduct fuzz testing on automotive interfaces and services to uncover unknown vulnerabilities
• Demonstrate compliance with automotive cybersecurity standards and regulations such as ISO/SAE 21434, UNECE R155, AIS 189, and GB 44495
• Perform penetration testing in both lab and on-site environments, with flexibility for travel
• Perform manual security code reviews to identify vulnerabilities in embedded software and connected systems
• Document test findings with detailed risk assessments and technical evidence
• Share with internal and external teams recommendations on security hardening measures
• Onboard and collaborate with competent external suppliers
• Occasionally conduct penetration testing of web applications, APIs, and mobile applications

9–12 years of total experience in embedded systems or broader penetration testing domains. Minimum 6 years of hands-on experience in automotive penetration testing, 

• Bachelor’s or Master’s degree in Electrical/Electronics Engineering, Embedded Systems, Cybersecurity or a related field.
• Strong understanding of vehicle and ECU architecture, and automotive cybersecurity principles.
• Familiarity with microcontroller platforms and software architectures (e.g., AUTOSAR, QNX, Linux, Android).
• Proficiency in programming (C, CAPL etc.) and scripting (Python, Bash) for test automation.
• Experience with automotive cybersecurity testing frameworks and tools.
• Hands-on security testing experience with:
  • Hardware-level and its interface testing (e.g., MCU, HSM, eMMC, JTAG, UART, Fault injection, Side Channel etc.)
  • Automotive interface/protocols (e.g., OBD, UDS, CAN, Ethernet)
  • Wireless (e.g., Bluetooth, Wi-Fi, Cellular/SDR -4G/5G etc.)
  • Connected Systems  (Web/Mobile app, Server, APIs, Cloud etc.)
  • Vehicle and ECU security features (e.g., secure communication, secure OTA, secure boot, secure diagnostics, firewall, IDS, logging etc.)
  • Fuzz testing tools and techniques for automotive systems
• Proficiency in reverse engineering firmware using tools like Ghidra or IDA Pro.
• Experience with restbus simulation, flashing toolchains, and diagnostic tools (e.g., CANoe, vFlash,  CANoe.DiVA).
• Experience conducting manual security code reviews for embedded and connected system software.
• Strong documentation, communication, and presentation skills.
• Strong skills in documenting work, communicating clearly, and presenting technical topics to varied audiences. 

• Proven stakeholder management skills, including cross-functional collaboration with engineering, compliance, and supplier teams.

  Nice-to-Have:

• Industry certifications such as OSCP, OSCE, GIAC GPEN, or equivalent.
• Experience with fault injection and side-channel attack simulations.
• Background in security research or conference presentations, including vulnerability discovery, technical publications, or community contributions.