T 03333 207 333 E info@fuelrecruitment.co.uk
IT, Consulting, Telecoms, Engineering & Marketing

Job search

Penetration Test Engineer

Job Title: Penetration Test Engineer
Location: Warwickshire
Contract Type: Permanent
Sector: IT
Salary: £40,000

Job Description

My client is a world-class, independent engineering consultancy, operating in multiple locations around the world, to support vehicle manufacturers and their supply chain with cutting-edge engineering and testing expertise.
They offer full-system design, test and integration expertise to automotive, defence, rail and transport industries and also specialise in developing low carbon and autonomous and cooperative driving technologies.
At their headquarters in the Midlands, they have access to one of the most comprehensive vehicle proving grounds which boasts 93km of test tracks and over 35 world-class test facilities and laboratories. Their facilities, combined with the engineering expertise of their 600 strong team makes their Technology Park Europe’s number one location for transport sector R&D.

Title of Job: Cyber Security / Penetration Test Engineer
Department: Systems & Safety
Reason for Vacancy: Business growth
Contract Type: Permanent

Main Purpose of Job
• Penetration testing of cyber-physical systems
• Objective evaluation, reporting and making recommendations on system resilience

Key Functions
• Coordinating penetration testing activities within a small team
• Bringing and integrating know-how from IT and IoT domains into the automotive domain
• Executing structured attacks on cyber physical systems within a white-hat laboratory
• Executing attacks in the lab, the workshop and on the proving ground
• Working with design-side consultants to engineer value-add security solutions
• Supporting the product groups in tendering activities

Essential Qualifications
• Good first degree (minimum 2:1) in electrical/electronic engineering, IT system, computer sciences or other relevant related discipline

Preferred Qualifications
• Higher degree (relevant M.Sc, Eng D or Ph.D)
• Corporate membership of an engineering institution including Chartered Engineer qualification
• Relevant vocational courses (certified IT professional courses for example)

Essential Experience

Competent (2+ years’ experience in):
• Commercial penetration testing in the information technology and/or internet of things domain

Experience in some combination of:
• Commercial-off-the-shelf embedded operating systems (embedded Windows, Linux, QNX, Android, IOS…)
• WiFi and Ethernet networks: monitoring and attacking
• Bluetooth, NFC or other wireless networks: monitoring and attacking
• USB subsystems and manipulation
• Deployment of over-the-air updates
• Commonplace tools such as SDR
• Writing attack code/malware
• Internet / cloud security
• Mobile security (smartphone integration, CarPlay, etc)
• Code analysis (reverse engineering binary code)
• Threat modelling
• Frameworks such as Metasploit
• Software attacks such as SQL injection

The candidate must have a strong experience in orchestrating structured attacks and recording data in a systematic way.

Preferred Experience

Some combination of:
• Penetration testing cyber-physical systems
• Knowledge of vehicle broadcast networks (CAN, LIN, Flexray, MOST) and associated security
• Knowledge of industrial control systems
• Knowledge of garage diagnostic systems
• Knowledge of calibration systems (XCP/CCP)
• Knowledge and experience of “connected vehicle” applications for example Connected Drive, OnStar, …
• Knowledge of the AUTOSAR framework
• Attack trees
• Hardware reverse engineering and manipulation (e.g. SPI/I2C)
• Social engineering
• Side channel attacks
• Clock glitching

Additional skills which could be beneficial:
• Architectural design for security
• System on a Chip (SOC) devices and implementations
• Boot-loaders: design and security
• Time Triggered Ethernet (TTE)

Fuel Recruitment acts as both an Employment Business and an Employment Agency.

Click here to apply for this vacancy