Our client is in search of an automotive offensive pentester or at least someone with IoT experience. They will therefore join the Cyberlab team to conduct tests on ECU projects and internal initiatives for skill development.
First and foremost, they will need to carry out the following activities:
To bolster the Cyberlab team, we are seeking an automotive pentester who combines expertise in both offensive and proactive cybersecurity. This individual’s mission will be to strengthen the resilience of Valeo’s products.
Essential Skills:
- Pentesting : Ability to conduct penetration tests, especially through fuzzing, to uncover vulnerabilities.
- Code and Configuration Analysis: Proficiency in scrutinizing source code and assessing operating system configurations to enhance security.
Embedded Software Expertise:
- Embedded Linux: Essential proficiency in managing flexible and robust embedded systems.
- AUTOSAR: Understanding of this automotive industry standard for software architecture.
- QNX Hypervisors: Knowledge of BlackBerry systems for managing embedded devices.
In summary, the ideal candidate will combine specific technical skills and a proactive vision to enhance the security of Valeo’s products in the automotive sector.
Your Challenges:
- First and foremost, conduct penetration testing missions covering a variety of techniques, tactics, and procedures.
- Identify and exploit vulnerabilities in automotive systems and applications, including (but not limited to) ECUs, embedded networks, telematics, and connected services.
- Continuously develop and execute penetration testing methodologies, tools, and techniques to uncover potential security issues and simulate real attack scenarios.
- Prepare detailed reports outlining vulnerabilities, exploitation methods, and recommend remediation strategies to key stakeholders.
- Stay informed and conduct research on the latest cybersecurity threats, attack vectors, and penetration testing techniques, especially within the automotive industry.
- Contribute to blogs, articles, and presentations for both internal and external audiences to establish CyberLab as a recognized center of excellence.
- Finally, conduct training sessions and knowledge-sharing with internal teams, thereby enhancing their understanding of best practices in automotive cybersecurity.
Let’s talk about you… With a Master’s degree level of education, furthermore you are a graduate from an engineering school or a university specialized in cybersecurity, embedded systems, or IoT, at a Master’s degree level. additionallyyou possess at least 5 years of experience in offensive security and Red Teaming, with exposure to automotive or hardware penetration testing. Holding certifications such as OffSec, SANS, etc., is a plus.
Technical Skills:
- Firmware and PCB reverse engineering; proficiency in debugging interface concepts; fault injection; side-channel and covert-channel attacks ;
- Proficiency in identifying, analyzing, and developing exploits for vulnerabilities in both hardware and software systems, especially within automotive systems
- Ability to perform secure code and configuration reviews, system and architecture hardening reviews (hardening of operating systems like AUTOSAR, embedded hypervisors).
- Practical expertise with enumeration and exploitation tools and frameworks such as Wireshark, Metasploit, and CAN bus tools (CANoe, Vtest studio, etc.).
- Knowledge of implementing cryptographic controls such as secure boot, secure update, secure communication protocols (like VPN technologies, MACSec, IPSEC, TLS, and SecOC).
- Experience with network protocols (Ethernet, CAN, WiFi, BLE) and telecommunications standards (3G/4G/5G), as well as protocols such as SPI, I2C, UART, JTAG.
Comfortable with communication and rigorous, you demonstrate a synthesis mindset. Projects in an international context require a proficient level of English.
Benefits:
- Employee share ownership plan, holiday vouchers, housing assistance.
- Presence of a social and economic committee (CSE) – offering travel opportunities, cultural activities, and more.
- Partial remote work possible
Why Valeo?
- Participate in innovative projects alongside our experts.
- Be part of an inclusive and multicultural company.
- For career opportunities at both national and international levels.
- Be an engaged link in favor of green mobility.
- Find meaning in your commitment.
=> Our recruitment process involves multiple stages: an initial discussion with the talent acquisition specialist, followed by interviews with your future management, and finally with the HR department of the site.
Position :
R&D
Engineer Departement
Cyber
Schedule:
Full time
ChatGPT Employee Status: Permanent Contract
contact : https://www.linkedin.com/in/zinebmasmoud/ zineb.m@sonrysa.com
You have a question ?
