T 03333 207 333 E info@fuelrecruitment.co.uk
IT, Consulting, Telecoms, Engineering & Marketing

Job search

Senior Cyber Security/Penetration Test Engineer

Job Title: Senior Cyber Security/Penetration Test Engineer
Location: Warwickshire
Contract Type: Permanent
Sector: IT
Salary: £50,000

Job Description

My client is a world-class, independent engineering consultancy, operating in multiple locations around the world, to support vehicle manufacturers and their supply chain with cutting-edge engineering and testing expertise.
They offer full-system design, test and integration expertise to automotive, defence, rail and transport industries and also specialise in developing low carbon and autonomous and cooperative driving technologies.
At their headquarters in the Midlands, they have access to one of the most comprehensive vehicle proving grounds which boasts 93km of test tracks and over 35 world-class test facilities and laboratories. Their facilities, combined with the engineering expertise of their 600 strong team makes their Technology Park Europe’s number one location for transport sector R&D.

Title of Job: Senior Cyber Security / Penetration Test Engineer
Department: Systems & Safety
Reason for Vacancy: Business growth
Contract Type: Permanent
Responsible To: Manager – Systems & Safety

Main Purpose of Job
• Penetration testing of cyber-physical systems
• Objective evaluation, reporting and making recommendations on system resilience

Key Functions
• Coordinating penetration testing activities within a small team
• Coaching other team members to deliver consistent and successful results
• Bringing and integrating know-how from IT and IoT domains into the automotive domain
• Executing structured attacks on cyber physical systems within a white-hat laboratory
• Executing attacks in the lab, the workshop and on the proving ground
• Building team resources (tools, team and process)
• Developing and delivering training for internal/external delivery
• Working with design-side consultants to engineer value-add security solutions
• Supporting the product groups in tendering activities

Essential Qualifications
• Good first degree (minimum 2:1) in electrical/electronic engineering, IT system, computer sciences or other relevant related discipline

Preferred Qualifications
• Higher degree (relevant M.Sc, Eng D or Ph.D)
• Corporate membership of an engineering institution including Chartered Engineer qualification
• Relevant vocational courses (certified IT professional courses for example)

Essential Experience

Competent (4+ years’ experience in):
• Commercial penetration testing in the information technology and/or internet of things domain

Experience in some combination of:
• Commercial-off-the-shelf embedded operating systems (embedded Windows, Linux, QNX, Android, IOS…)
• WiFi and Ethernet networks: monitoring and attacking
• Bluetooth, NFC or other wireless networks: monitoring and attacking
• USB subsystems and manipulation
• DAB radio services and implementation
• Deployment of over-the-air updates
• Commonplace tools such as SDR
• Writing attack code/malware
• Internet / cloud security
• Mobile security (smartphone integration, CarPlay, etc)
• Code analysis (reverse engineering binary code)
• Threat modelling
• Frameworks such as Metasploit
• Software attacks such as SQL injection

The candidate must have a strong experience in orchestrating structured attacks and recording data in a systematic way.

Preferred Experience

Some combination of:
• Penetration testing cyber-physical systems
• Knowledge of vehicle broadcast networks (CAN, LIN, Flexray, MOST) and associated security
• Knowledge of industrial control systems
• Knowledge of garage diagnostic systems
• Knowledge of calibration systems (XCP/CCP)
• Knowledge and experience of “connected vehicle” applications for example Connected Drive, OnStar, …
• Knowledge of the AUTOSAR framework
• Attack trees
• Hardware reverse engineering and manipulation (e.g. SPI/I2C)
• Social engineering
• Side channel attacks
• Clock glitching

Additional skills which could be beneficial:
• Architectural design for security
• System on a Chip (SOC) devices and implementations
• Boot-loaders: design and security
• Time Triggered Ethernet (TTE)

Other information
The candidate should:
• Be capable of delivering a high standard of technical writing
• Be capable of presenting technical information confidently to customers
• Be a self-starter and able to execute designated tasks accurately and within timing and budget constraints
• Have well-developed analytical skills – rigorous but pragmatic, being able to justify decisions with solid rationale
• Have good interpersonal skills – a consensus-builder not confrontational
• Be capable of technically coordinating a small group of engineers
• Be willing to travel and work flexibly: The job is likely to involve periods of 1 week at a time spent overseas approximately 3 or 4 times per year. The job may also involve extended placements at customer facilities requiring travel within the UK for 1 to 3 days per week
• Be willing to engage in the security clearance process and work on defence related projects

Fuel Recruitment acts as both an Employment Business and an Employment Agency.

Click here to apply for this vacancy