Penetration Tester

Role description

At Tata Technologies we make product development dreams a reality by designing, engineering and validating the products of tomorrow for the world’s leading manufacturers. Due to our continued growth we are now recruiting for a Penetration Tester to be based at our clients site in Woking.

Our Engineering Research and Development department (ER&D) is a fast-growing function within Tata Technologies Limited that is assembled to work on exciting projects globally for multiple customers. It comprises highly specialized engineers across Automotive, Aerospace and Industrial Heavy Machinery.

The Role:

· A unique opportunity in the Product Cybersecurity Red Team to pen-test and assess security controls on the latest and next gen vehicles.

· This is a highly technical position and requires a highly motivated individual, with ability to perform security vulnerability assessments and penetration testing.

· Responsible for performing embedded security pen-test activities, both automated and manual, to identify and exploit vulnerabilities in vehicle ECU’s, applications, and network components.

· Carry out reverse engineering on embedded devices firmware to identify and exploit vulnerabilities.

· Defining pen-test methodologies with a combination of automated and manual tools.

· Provide recommendation to mitigate security risks and fix security vulnerabilitie.

· Demonstrate creative analysis techniques in distilling test results, eliminating false positives and providing actionable recommendations for mitigation.

· Perform research on security exploits and containment approaches.

· Research emerging vulnerabilities and develop proof-of-concept (POC) as needed.

· Develop custom tools to support penetration testing as required.

· Evaluation and selection of external vendors and tools.

· Help guide 3rd party vendors with security assessments and provide coordination and support as needed.

· Document technical and logical security findings identified during the security assessments and report them in a timely manner.

Dimension of function:

Shall be part of cybersecurity team and report to cybersecurity domain manager.

Shall be in liaison with suppliers and OEM

Area of Responsibility:

· Penetration testing experience

· Hardware and embedded system hacking

· Reverse engineering embedded systems and source code review

· Proficiency in at least one of the following languages: C, C++, Java, or Python.

· Knowledge with use of JTAG/UART and on-chip Debuggers

· Experience with real-time and POSIX oriented operating systems (Linux, Android, and QNX)

· Must have strong teamwork orientation and the ability to foster collaboration within and across teams

Knowledge / Experience:

· Experience with Vulnerability assessments and penetration testing

· In-depth knowledge with wireless protocols, Wi-Fi, Bluetooth, and Zigbee

· Reverse engineering Linux and/or Android based software

· Experience with common automotive communication protocols (e.g., CAN/LIN, UDS/DoIP, Ethernet, immobilization etc.)

· Security cryptography fundamentals - PKI, certificates, encryption, signatures, authentication, and authorization.

· Experience with OS internals, virtualization, or container technologies

· Experience with network protocols: TCP/IP, HTTP, (OSI model)

· Certifications OSCP, OSEP, GPEN.

Competences:

Customer Centricity - Ensures the delivery of exceptional customer service.

Decision Making - Identifies and analyses information to make decisions and solve problems.

Teamwork & Collaboration - Fosters a sense of teamwork, leverages differences, and facilitates the effective interaction and contribution of others to achieve goals.

Developing & Managing Relationships - Develops and maintains constructive, open and honest relationships with others.

Execution Excellence - Plans, executes and improves work processes to ensure achievement of business goals.

Drive for Results - Demonstrates and fosters a sense of urgency and strong commitment to achieving goals.

Displays Global Perspective - Establishes and promotes effective business operations across multiple countries and/or regions and coordinates appropriately with the broader global business.

In return for bringing your expertise to our business we offer a competitive salary along with excellent benefits including:

· Pension Scheme – We match employee contribution up to 5% of salary

· 25 Days’ Holiday

· Private Health Care

· Tata Jaguar Land Rover Privilege Scheme - up to 20% off new JLR vehicles

· Group Income Protection

· Health Assured – Employee Assistance Program

· Group Life Assurance

· Childcare Vouchers

· Health Shield – Private Health Cash Plan

If you are passionate about bringing innovation to the projects you work on and want to join a global company, then this is the place for you.

Tata Technologies: Engineering a better world