Red Team Software Security Engineer (Direct Client Requirement)

Overview

Hybrid
Depends on Experience
Accepts corp to corp applications
Contract - W2

Skills

C +
C + +
embedded system
cryptography
advanced security
Product Security
penetration testing
Cybersecurity
Linux
vulnerability analysis
IDA Pro
Ghidra

Job Details

Job Title: Red Team Software Security Engineer
Location: Plano, TX - Hybrid
Job Description:
Overview:
Embedded within the Product Cybersecurity Group (PCG), the Product Security Testing Team (PSTT) performs advanced security testing engagements for pre-production automotive solutions worldwide. In this role, you will be analyzing embedded system security, developing tools and proof-of-concept exploits and reverse engineering software from bootloaders to userland applications. We are looking for candidates who are passionate about system security and understand the landscape of software security defenses and features.

Responsibilities:
  • Perform analysis of security requirements specifications against implementation
  • Execute penetration testing and reverse engineering of software and firmware
  • Communicate complex technical findings, remediation guidance and recommendations
  • Develop skills through research on new attack vectors, vulnerabilities, and exploits
Qualifications:
  • Bachelor s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired
  • Proficient in C, C++, ARM and/or Python (specifically for writing tools to help tasks)
  • Knowledge of core, fundamental security concepts (e.g., cryptography, encryption)
  • Knowledge of embedded security features and best practices (e.g., Secure Boot)
  • Experience with Linux and other embedded operating systems
  • Experience with reverse engineering and binary analysis tools (e.g., IDA Pro, Ghidra)
  • Experience evaluating system security based on standard controls (e.g., SELinux)
  • Experience with identifying software security issues and vulnerabilities
Additional Valued Attributes:
  • Knowledge of software fuzzing techniques and solutions (e.g., BAP, AFL)
  • Knowledge of symbolic execution and other advanced binary analyses (e.g. angr)
  • Experience with vulnerability analysis using CVSS scoring and CWE types
  • Experience in penetration testing and requirements verification
  • Experience in performing code audit or assessments