Embedded Systems
- Bangalore, Karnataka
- Permanent
- Full-time
Key Responsibilities:
Contribute to the development and continuous improvement of Cybersecurity Verification & Validation (V&V) activities.
Define, tailor, and execute/facilitate grey-box and black-box penetration testing at ECU, functional, and vehicle levels.
Conduct fuzz testing on automotive interfaces and services to uncover unknown vulnerabilities.
Demonstrate compliance with automotive cybersecurity standards and regulations such as ISO/SAE 21434, UNECE R155, AIS 189, and GB 44495.
Perform penetration testing in both lab and on-site environments, with flexibility for travel.
Perform manual security code reviews to identify vulnerabilities in embedded software and connected systems.
Document test findings with detailed risk assessments and technical evidence
Share with internal and external teams recommendations on security hardening measures
Onboard and collaborate with competent external suppliers
Occasionally conduct penetration testing of web applications, APIs, and mobile applicationsRequired Qualifications:
Bachelor's or Master's degree in Electrical/Electronics Engineering, Embedded Systems, Cybersecurity or a related field.
Minimum 4 years of hands-on experience in automotive penetration testing, with 7 9 years of total experience in embedded systems or broader penetration testing domains.
Strong understanding of vehicle and ECU architecture, and automotive cybersecurity principles.
Familiarity with microcontroller platforms and software architectures (e.g., AUTOSAR, QNX, Linux, Android).
Proficiency in programming (C, CAPL etc.) and scripting (Python, Bash) for test automation.
Experience with automotive cybersecurity testing frameworks and tools.
Hands-on security testing experience with:
o Hardware-level and its interface testing (e.g., MCU, HSM, eMMC, JTAG, UART, Fault injection, Side Channel etc.)
o Automotive interface/protocols (e.g., OBD, UDS, CAN, Ethernet)
o Wireless (e.g., Bluetooth, Wi-Fi, Cellular/SDR -4G/5G etc.)
o Connected Systems (Web/Mobile app, Server, APIs, Cloud etc.)
o Vehicle and ECU security features (e.g., secure communication, secure OTA, secure boot, secure diagnostics, firewall, IDS, logging etc.)
o Fuzz testing tools and techniques for automotive systems
Proficiency in reverse engineering firmware using tools like Ghidra or IDA Pro.
Experience with restbus simulation, flashing toolchains, and diagnostic tools (e.g., CANoe, vFlash, CANoe.DiVA).
Experience conducting manual security code reviews for embedded and connected system software.
Strong documentation, communication, and presentation skills.
Strong skills in documenting work, communicating clearly, and presenting technical topics to varied audiences.
Proven stakeholder management skills, including cross-functional collaboration with engineering, compliance, and supplier teams.Nice-to-Have:
Industry certifications such as OSCP, OSCE, GIAC GPEN, or equivalent.
Experience with fault injection and side-channel attack simulations.
Background in security research or conference presentations, including vulnerability discovery, technical publications, or community contributions. Enable Skills-Based Hiring NoAdditional Details
- Planned Resource Unit : (55)IT_TRUCKS;(13)F/TC - Application Manager - 6-9 Yrs;Application Development;(Z3)6-9 Years