Security Researcher

As our Security Assessment team member, you will perform security research to identify vulnerabilities in all sorts of embedded devices used in the automotive industry and beyond. Examples of our targets:
cars, car control units, chargers, payment products, industrial controllers, network equipment.We follow an offensive security approach and utilize the same tools real-world attackers would use – from hardware analysis and signal analysis wired, wireless, RF and reverse engineering to binary emulation and fuzzing.Our position is a perfect match for ethical hackers advanced in finding and exploiting vulnerabilities in embedded devices.Location:
Office in Budapest, Hungary.Relocation of foreigners is financially supported by PCAutomotive.Employment type:
Full-time with a flexible work schedule. Performance-oriented work is practiced at our company.Main responsibilities:
Perform commercial penetration tests on vehicles, embedded devices, OT devices in black-box, grey-box, and white-box modesWrite penetration test reports and security advisoriesCommunicate results with the customers’ security teamPerform security research of vehicles and embedded devicesPrepare vulnerability disclosure materials – technical slides and blog postsProvide valuable input for the PCAutomotive Threat Intelligence platform.Cool and challenging projectsCompetitive salaryAbility to reserve CVEs for your findings and publish your research resultsElectronic lab &
vehicle garage full of gadgets for your next great researchEducation – we support you in obtaining new certificates relevant to your work dutiesFlexible work scheduleComfortable office at Graphisoft Park in Budapest with terrace and coffeeFreedom to select your work tools &
OS Mac, Linux, Win.3+ years of experience in security research of embedded and IoT solutionsKnowledge of types of vulnerabilities applicable for embedded systems, methods of their search and general exploitation principlesExperience with scripting languages:
Linux shell, Python, etc.Experience in C/C++:
development, security code reviewKnowledge of major CPU architectures:
Intel X86/64, ARM/Aarch64, PPC, MIPS, ColdFire, TriCoreAbility to read, understand, modify assembler code for different CPU architecturesReverse engineering firmware of embedded devicesExperience working with disassemblers, decompilers, and debuggers IDA Pro, Ghidra, Radare, GDB, OpenOCDExperience in hardware security research:
Good understanding of PCB Printed Circuit Board componentsExperience with laboratory measurement tools and logic analyzersExperience with soldering equipment and IC programmersExperience with debugging interfacesGood knowledge of major physical memory interfaces, dumping contents of memory chips, filesystem reconstructionExperience in glitching and side-channel attacksFPGA development experienceExperience with RF and SDRExperience in web and/or mobile application security researchKnowledge of automotive communication protocols e.G., CAN, CAN FD, SAE J1939, LIN, FlexRay, MOST, Automotive EthernetSecurity analysis of RTOS e.G., QNX, VxWorks, AUTOSAR and proprietary OSExperience in emulation and fuzzing of embedded system softwareReconstruction and understanding of complex software architectures with elements of object-oriented programming and inter-process communicationIndustry certifications such as OSCP, OSED, OSEESuccessful participation in Bug Bounty programs, CTFsConference talksRegistered CVEs, published security advisories and feedback from customers, vendors, and manufacturers