Vulnerability Management Product Cyber Specialist
Job Summary
Forensic Analysis & Offensive Security for Product Cybersecurity This role supports shift left forensic and offensive security evaluations for embedded and connected products across on highway and off highway platforms. The role is focused on hands on technical execution, including early vulnerability discovery, exploit feasibility analysis, architecture reviews, reverse engineering, and pre certification penetration testing, to provide actionable technical findings ahead of external certification testing. This role does not own security capability strategy, tooling ownership, or organizational maturity and does not replace external penetration testing or certification mandated evaluations.
KEY RESPONSIBILITIES
- Vulnerability Scanning & Analysis
- Perform firmware, binary, and configuration vulnerability scanning, side channel attacks on embedded products.
- Identify known weaknesses such as insecure configurations, outdated components, and cryptographic issues.
- Assess vulnerabilities based on practical exploitability and product context, in addition to standard severity scoring.
- Document findings clearly with technical evidence and reproducible observations. B. Product & ECU Penetration Testing
- Execute pre certification penetration testing activities early in the product lifecycle.
- Perform attacker perspective testing to identify realistic product weaknesses prior to engagement with external labs.
- Conduct hands on testing using defined test setups for: o ECU level penetration testing o System level penetration testing o CAN / UDS / J1939 / Ethernet / MODBUS and related protocol fuzzing
- Provide test results, observations, and technical inputs that complement external penetration testing efforts.
- Architecture & Threat Assessments
- Perform shift left architecture reviews focused on identifying implementation weaknesses related to, Trust boundaries o Cryptographic usage and key handling o Secure boot and firmware integrity o OTA mechanisms o Secure communication paths
- Correlate architectural weaknesses with observed attack paths and test results from internal assessments.
- Provide specific, actionable technical recommendations to improve product robustness prior to external testing.
- Reverse Engineering & Firmware Analysis
- Extract firmware using available interfaces such as JTAG/SWD, memory access techniques, and OTA packages.
- Perform static and dynamic binary analysis using reverse engineering tools.
- Support protocol analysis, secure boot evaluation, and proof of concept exploit development where required to validate findings.
- Capture technical artefacts, evidence, and analysis results in a structured and traceable manner.
- Forensic Analysis & Post Incident Support
- Support collection and analysis of logs, traces, firmware artefacts, and memory dumps following security events.
- Assist in reconstructing attack sequences using forensic evidence and technical analysis.
- Correlate forensic findings with observed product behavior and known attack techniques. • Provide technical inputs to strengthen product design and implementation before subsequent test cycles.
TECHNICAL COMPETENCIES
• Embedded and product cybersecurity fundamentals • Firmware extraction and binary analysis
• Reverse engineering tools (e.g., Ghidra, IDA, Binary Ninja) • Structured problem solving
• CAN / UDS / J1939 / Ethernet security concepts
• Fuzzing frameworks and protocol testing tools
• Debug interfaces (JTAG/SWD), logic analyzers, and bus sniffers
• Strong analytical skills with attention to technical detail
• Clear documentation and cross functional technical communication .
EXPERIENCE •
6–7 years of experience in product or embedded cybersecurity or related technical domains
• Hands on exposure to penetration testing or security assessment of automotive or industrial devices
• Experience working with embedded architectures (e.g., ARM, PowerPC, microcontrollers, IoT)
• Practical experience with reverse engineering and protocol analysis
5. EDUCATION
• Bachelor’s or Master’s degree in Cybersecurity, Electronics, Computer Engineering, or related fields
• Exposure to ISO/SAE 21434, embedded security, or offensive security practices preferred
• Demonstrated hands on technical assessment experience
Technical Skills
- Embedded cybersecurity and secure product development.
- Firmware extraction and analysis techniques.
- Static and dynamic binary analysis.
- Reverse engineering tools such as Ghidra, IDA Pro, Binary Ninja, or equivalent.
- ECU and embedded device penetration testing.
- Protocol analysis and security testing.
- CAN, UDS, J1939, Ethernet, MODBUS, and related communication protocols.
- Fuzzing frameworks and protocol testing tools.
- Secure boot, cryptographic implementation, and OTA security assessment.
- Debug interfaces including JTAG, SWD, logic analyzers, and bus sniffers.
- Security vulnerability analysis and exploit validation.
- Technical documentation and reporting.
Professional Skills
- Strong analytical and investigative skills.
- Excellent problem-solving capability.
- Effective stakeholder communication and technical presentation skills.
- Ability to work independently while collaborating across global teams.
- Attention to detail and evidence-based decision making.
- Project coordination and technical leadership capabilities.