Cybersecurity Penetration Testing Lead (m/f/d)

For our offices in Bolzano we are looking for a Cybersecurity Penetration Testing Lead (m/f/d)

YOUR RESPONSIBILITIES

• Leading a dedicated Red Team performing the following tasks:
  • Penetration tests on chargers, embedded controllers, vehicles and backend infrastructures using a variety of techniques such as brute force, code injection, malformed data, fuzzing, hardware hacking
  • Perform open ports, binary and FW images scanning
  • Attack implemented security mitigations to bypass them (either via SW or with HW techniques such as fault injection, glitches, side channel attacks)
  • Identify weaknesses and vulnerabilities in charging protocols associated with EV and with CPO
  • Report any findings and support the team in assessing the identified vulnerabilities, possibly providing remediation requirements
  • Entering into CTF and Bug Bounty competitions at global security conferences
• Speaking at security and industry conferences and publishing new and innovative research
• Support the establishment of a hardware pentest lab, including the selection of tools and their programming languages and scripts, capable of performing full vehicle tests including 2G/3G/4G MITM, Bluetooth and other RF tests
• Collaborating with our customer’s Red Teams and running workshops and hackathons
• Supporting 3rd party pentests and overseeing and verifying remediations
• Managing Red/Blue Team exercises, war games, playbook creation etc

YOUR QUALIFICATIONS & SKILLS

• Master Degree in electronic/information engineering, computer science, mathematics, physics or equivalent
• Professional experience in cybersecurity, including published research and talks at well known cybersecurity/hacker conferences
• Familiarity with cryptographic algorithms and knowledge of basic security mechanisms such as secure boot, authenticated SW updates, access control
• Experience of working in Linux environments
• Previous team leading experience like coordinating the team, reporting to middle/senior management, creating and running training courses, etc.
• Knowledge of scanning techniques and of SW/HW fault injection mechanisms
• Familiarity with reverse engineering techniques, µProcessors and µControllers debugging and control, HW security devices and mechanisms and their programming (e.g. HW Security Modules, Arm TrustZone, Trusted Platform Module)
• Independent and meticulous working style with an analytical mindset
• Fluent in English, Italian and/or German would be an advantage

OUR COMMITMENT

• Innovative work environment in a young, dynamic team
• High-tech projects in the future-proof sector of e-mobility
• Opportunities for advancement in a growing company
• A wide range of further training opportunities
• Attractive bonus system and performance-related pay
• Additional company benefits