Cybersecurity Validation

Cybersecurity Validation & Verification Manager

• Experience: 7 – 9 years

• Description:

This role involves conducting and facilitating penetration testing at the vehicle, component, and functional levels. The candidate will simulate real-world attack scenarios targeting embedded systems, automotive interfaces, wireless protocols, and connected services.

• Key Responsibilities:

1. Contribute to the development and continuous improvement of Cybersecurity Verification & Validation (V&V) activities.

2. Define, tailor, and execute/facilitate grey-box and black-box penetration testing at ECU, functional, and vehicle levels

3. Conduct fuzz testing on automotive interfaces and services to uncover unknown vulnerabilities.

4. Demonstrate compliance with automotive cybersecurity standards and regulations such as ISO/SAE 21434, UNECE R155, AIS 189, and GB 44495.

5. Perform penetration testing in both lab and on-site environments, with flexibility for travel.

6. Perform manual security code reviews to identify vulnerabilities in embedded software and connected systems.

7. Document test findings with detailed risk assessments and technical evidence

8. Share with internal and external team recommendations on security hardening measures

9. Onboard and collaborate with competent external suppliers

10. Occasionally conduct penetration testing of web applications, APIs, and mobile applications

• Required Qualifications:

1. Bachelor’s or master’s degree in electrical/Electronic Engineering, Embedded Systems, Cybersecurity or a related field.

2. Minimum 4 years of hands-on experience in automotive penetration testing, with 7–9 years of total experience in embedded systems or broader penetration testing domains.

3. Strong understanding of vehicle and ECU architecture, and automotive cybersecurity principles.

4. Familiarity with microcontroller platforms and software architectures (e.g., AUTOSAR, QNX, Linux, Android). 5. Proficiency in programming (C, CAPL etc.) and scripting (Python, Bash) for test automation.

5. Experience with automotive cybersecurity testing frameworks and tools.

6. Hands-on security testing experience with:

• Hardware-level and its interface testing (e.g., MCU, HSM, eMMC, JTAG, UART, Fault injection, Side Channel etc.)
• Automotive interface/protocols (e.g., OBD, UDS, CAN, Ethernet)
• Wireless (e.g., Bluetooth, Wi-Fi, Cellular/SDR -4G/5G etc.)
• Connected Systems (Web/Mobile app, Server, APIs, Cloud etc.)
• Vehicle and ECU security features (e.g., secure communication, secure OTA, secure boot, secure diagnostics, firewall, IDS, logging etc.)
• Fuzz testing tools and techniques for automotive systems

7. Proficiency in reverse engineering firmware using tools like Ghidra or IDA Pro.

8. Experience with restbus simulation, flashing toolchains, and diagnostic tools (e.g., CANoe, vFlash, CANoe. DiVA).

9. Experience conducting manual security code reviews for embedded and connected system software.

10. Strong documentation, communication, and presentation skills.

11. Strong skills in documenting work, communicating clearly, and presenting technical topics to varied audiences.

12. Proven stakeholder management skills, including cross-functional collaboration with engineering, compliance, and supplier teams.