Automotive Cybersecurity Experts – JD(1006)
Tech Wynk IT Solutions is looking for Automotive Cybersecurity Experts for an MNC client in Bangalore.
We are looking for Automotive Cybersecurity Engineers with 5-8 years of development experience
Project Location(s): Bangalore, Bucharest, Timișoara
Must Have Skills
- Experience in the Automotive industry is a must with experience in ISO standard DIS 21434 (Road Vehicles – Cybersecurity)
- Cover cybersecurity software design and development.
- Cooperate with system and software architects and cybersecurity leaders in requirement developments.
- Defining following for Automotive ECUs: Cybersecurity Goals, Cybersecurity Concepts, System Cybersecurity requirements & architecture, Different methods of cybersecurity Assessment Methods
- Standards and Compliance coverage – Source code Audit
- CVSS 3.x evaluation of vulnerabilities and risk assessment of attacks.
- CVE/CWE validation
- OWASP Top-10
- CERT C
- The Cybersecurity Source Code Audit should include, but not be limited to, the following use cases
- Review Source Code for Cybersecurity Vulnerabilities
- Review Source Code for weaknesses according to the CVE/CWE database, CERT secure coding standards, OWASP Top 10, and similar.
- Validation of all cryptographic functionality and related algorithms, such as encryption and hashing functions, as well as random number generators regarding implementation weaknesses and misconfigurations; usage of obsolete or proprietary algorithms, weak keys, initialization vectors, and similar.
- Check Source Code for outdated versions and known vulnerabilities of services and libraries using the following technologies SAST, DAST, IAST
- Experience in Automotive Penetration testing
- ECU code dump and reverse engineering
- Upload and run to ECU of non-authentic code
- Extraction of security and cryptographic Keys
- The resilience of access regulation functionalities
- Diagnostic stack
- JTAG and SWD ports
- Resilience to brute force, swamping, spoofing, and fuzzing attacks through all following interfaces CAN
- Resilience to attacks through CAN aimed to Tamper calibration data, Data exfiltration
- HW module = HSM / HW-root-of-trust, enhanced Secure Hardware Extension (eSHE)
- Connection to ECUs resources by means of protocols and interfaces, with particular focus on XCP, Serial interfaces, USB interfaces, Ethernet interfaces