Lead Cyber Security Engineer- Penetration Tester

Required Qualifications - Engineering Degree in CS, E&TC, EE, Cybersecurity—or equivalent - experience - 7-12 years - Industry - Automotive, Information Technology, Mechatronics, Automation - Strong hands-on with embedded/automotive protocols (CAN, UDS, DoIP, SOME/IP) and industrial/IoT protocols (Modbus, OPC UA, PROFINET, EtherNet/IP; plus wired/wireless Fieldbus/LoRa/WirelessHART). Proficiency in tools: CANoe/CANalyzer/SocketCAN; Burp, Metasploit, Nmap, Wireshark. Key Responsibilities - Plan and perform end-to-end penetration tests on ECUs, gateways, TCUs, infotainment, ADAS-related ECUs, IoT and medical/industrial devices. Assess in-vehicle networks (CAN, LIN, FlexRay, Automotive Ethernet) and design realistic attack chains across vehicle, mobile, cloud/back-end - Align methods with ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443. - Collaborate with firmware, hardware, cloud, DevOps, and systems teams; present risks and remediation to customers and stakeholders. Drive architecture reviews, threat modeling (TARA) and attack surface analysis; contribute to work products and reports - Conduct firmware/boot-chain testing (secure boot, OTA) and embedded Linux/RTOS security reviews. - Execute hardware-level testing (JTAG/UART/SPI/I²C, flash extraction, debug interface analysis) and support SDR/RF assessments. - Lead security architecture reviews, threat modeling (TARA), and attack-surface reduction across platforms. Set and evolve methodologies aligned to ISO/SAE 21434, UNECE R155/R156, NIST SP 800, OWASP/ASVS/MAS/MASTG, ISA/IEC 62443; ensure audit-readiness - Build/extend tools, scripts, and exploits to validate real-world attacks; leverage AI/ML tools where beneficial. - Mentor junior testers; improve team practices, tooling, and reporting quality.