Responsibilities
As our Security Assessment team member, you will perform security research to identify vulnerabilities in all sorts of embedded devices used in the automotive industry and beyond. Examples of our targets: cars, car control units, chargers, payment products, industrial controllers, network equipment.
We follow an offensive security approach and utilize the same tools real-world attackers would use – from hardware analysis and signal analysis (wired, wireless, RF) and reverse engineering to binary emulation and fuzzing.
Our position is a perfect match for ethical hackers advanced in finding and exploiting vulnerabilities in embedded devices.
Location: Office in Budapest, Hungary.
Relocation of foreigners is financially supported by PCAutomotive.
Employment type: Full-time with a flexible work schedule. Performance-oriented work is practiced at our company.
Main responsibilities:
We follow an offensive security approach and utilize the same tools real-world attackers would use – from hardware analysis and signal analysis (wired, wireless, RF) and reverse engineering to binary emulation and fuzzing.
Our position is a perfect match for ethical hackers advanced in finding and exploiting vulnerabilities in embedded devices.
Location: Office in Budapest, Hungary.
Relocation of foreigners is financially supported by PCAutomotive.
Employment type: Full-time with a flexible work schedule. Performance-oriented work is practiced at our company.
Main responsibilities:
- Perform commercial penetration tests on vehicles, embedded devices, OT devices in black-box, grey-box, and white-box modes
- Write penetration test reports and security advisories
- Communicate results with the customers’ security team
- Perform security research of vehicles and embedded devices
- Prepare vulnerability disclosure materials – technical slides and blog posts
- Provide valuable input for the PCAutomotive Threat Intelligence platform.
Requirements
- 3+ years of experience in security research of embedded and IoT solutions
- Knowledge of types of vulnerabilities applicable for embedded systems, methods of their search and general exploitation principles
- Experience with scripting languages: Linux shell, Python, etc.
- Experience in C/C++: development, security code review
- Knowledge of major CPU architectures: Intel X86/64, ARM/Aarch64, PPC, MIPS, ColdFire, TriCore
- Ability to read, understand, modify assembler code for different CPU architectures
- Reverse engineering firmware of embedded devices
- Experience working with disassemblers, decompilers, and debuggers (IDA Pro, Ghidra, Radare, GDB, OpenOCD)
Nice-to-have
- Experience in hardware security research:
- Good understanding of PCB (Printed Circuit Board) components
- Experience with laboratory measurement tools and logic analyzers
- Experience with soldering equipment and IC programmers
- Experience with debugging interfaces
- Good knowledge of major physical memory interfaces, dumping contents of memory chips, filesystem reconstruction
- Experience in glitching and side-channel attacks
- FPGA development experience
- Experience with RF and SDR
- Experience in web and/or mobile application security research
- Knowledge of automotive communication protocols (e.g., CAN, CAN FD, SAE J1939, LIN, FlexRay, MOST, Automotive Ethernet)
- Security analysis of RTOS (e.g., QNX, VxWorks, AUTOSAR) and proprietary OS
- Experience in emulation and fuzzing of embedded system software
- Reconstruction and understanding of complex software architectures with elements of object-oriented programming and inter-process communication
- Industry certifications such as OSCP, OSED, OSEE
- Successful participation in Bug Bounty programs, CTFs
- Conference talks
- Registered CVEs, published security advisories and feedback from customers, vendors, and manufacturers
What we offer
- Cool and challenging projects
- Competitive salary
- Ability to reserve CVEs for your findings and publish your research results
- Electronic lab & vehicle garage full of gadgets for your next great research
- Education – we support you in obtaining new certificates relevant to your work duties
- Flexible work schedule
- Comfortable office at Graphisoft Park in Budapest with terrace and coffee
- Freedom to select your work tools & OS (Mac, Linux, Win).
Workplace extras
- Canteen
- Cafe
- Shower
- Corporate events
- Company bus
- Bicycle storage
- Sports facilities
Company info
PCAutomotive specializes in integrated cybersecurity solutions and consulting services in the automotive sector.
We are participants of Pwn2Own Automotive 2024, security conference speakers, and authors of multiple CVEs in the automotive industry.
PCAutomotive is looking for a Security Researcher to be part of the Security Assessment team.
We are participants of Pwn2Own Automotive 2024, security conference speakers, and authors of multiple CVEs in the automotive industry.
PCAutomotive is looking for a Security Researcher to be part of the Security Assessment team.
How to apply
Apply by sending your English CV.