Cyber Security Penetration Test Engineer – Automotive
Indexed description
Cyber Security is one of the fastest-moving and most critical areas within the automotive industry. As vehicles become increasingly connected, software-defined and data-driven, ensuring product security from concept through to type approval is essential.
We are looking for a Cyber Security Penetration Test Engineer to support the delivery of secure automotive products across ECUs, systems and full vehicle platforms. This 12 Month role will be part of the Product Engineering team and will focus on improving the cyber security posture of our products, responding to emerging threats and ensuring penetration testing activities are delivered in line with CSMS and ISO/SAE 21434 requirements.
The successful candidate will be responsible for developing and supporting the cyber security penetration test lab, creating and reviewing penetration test scopes, test plans and test reports, executing penetration testing activities, and supporting vulnerability management and related CSMS artefacts.
Key Responsibilities:
- You will manage the delivery of penetration testing activities in line with CSMS requirements, ensuring scope, time, budget and quality expectations are met.
- You will create and review penetration test scopes and plans for ECUs, systems and vehicles, as well as assess and review penetration test reports and vulnerability findings.
- You will execute penetration tests against ECUs, systems and vehicles according to agreed test scopes, while also supporting vulnerability resolution activities through technical demonstrations, attack PoCs and clear reporting. The role will also involve maintaining and developing penetration testing scripts, tools and fuzz testing capabilities.
- You will work closely with Product Engineering teams, external penetration testing suppliers, cyber security specialists and VSOC teams to support vulnerability investigation, resolution and sign-off of penetration testing artefacts. You will also support cyber security evidence generation for type approval and regulatory compliance activities.
Key Accountabilities:
- Deliver penetration testing activities in accordance with CSMS and ISO/SAE 21434.
- Create, review and assess penetration test scopes, plans and reports for ECUs, systems and vehicles.
- Execute penetration tests and fuzz testing activities across automotive systems.
- Build and review vulnerability reports and support vulnerability resolution.
- Lead and manage external penetration testing suppliers and their deliverables.
- Develop and maintain penetration testing scripts, tools and test automation capabilities.
- Demonstrate vulnerabilities, attacks and proof-of-concepts to engineering and VSOC teams.
- Support sign-off of penetration testing artefacts and type approval evidence.
Required Skills and Experience:
- The ideal candidate will have experience or strong knowledge of scripting languages such as Python, CAPL or similar, alongside an understanding of TARA, security concepts and cyber security artefacts referenced within ISO/SAE 21434.
- You should have knowledge of at least two automotive technology areas, such as in-vehicle networks, safety-critical embedded software and hardware, low-level debug interfaces, complex onboard computers, vehicle connectivity or embedded control systems.
- A strong understanding of high-integrity systems, secure software and/or hardware design principles in embedded environments is essential. You should also be comfortable working in a standards-driven engineering environment where compliance, traceability and technical evidence are critical.
What We’re Looking For:
We are looking for someone with excellent technical judgement, strong collaboration skills and the ability to work across engineering, cyber security and supplier teams. You should be proactive, detail-oriented and capable of translating technical vulnerabilities into clear engineering actions and compliance evidence.
This is an exciting opportunity to contribute to the cyber security of next-generation automotive products and play a key role in strengthening the security posture of connected, software-defined vehicles.
Note:
No Visa Sponsorship provided as part of this role, therefore, candidates who do not have rights to work in the UK, please do not apply.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search