Cyber Security Engineer - Security

Who are we?
Volvo Cars is a company on a mission; to bring traditional car manufacturing into a connected, sustainable and smart future.Since 1927, we have been a brand known for our commitment to safety, creating innovative cars that make life less complicated for our consumers. In 2010, we decided to transform our business, resulting in a totally new generation of cars and technologies, as well as steady growth and record sales. Today, we’re expanding our global footprint in Europe, China and the US, and we’re on the lookout for new talent. We are constantly pushing our own skills and abilities to drive change in the automobile industry like never before. We are looking for innovative, committed people to join us in this endeavour and create safe, sustainable and connected cars. We believe in the power of people and will challenge and support you to reach your full potential. Join us and be part of Volvo Cars’ journey into the future.

What we offer
To mitigate the threats presented to a connected autonomous vehicle, we have a solid foundation of competence within our very dedicated system security team. You will become a member of an agile development team with great team spirit. Volvo Cars have a holistic approach to in-vehicle security, spanning the complete vehicle lifecycle, involving technology for protection and detection, as well as threat intelligence and incident response. Due to your contributions to the area you will be recognized as an important player in the Security field. Volvo Cars Cyber Security group is located in both Gothenburg and Lund and this position is open for both locations.

What you’ll do
You get inspired by our mission to give our customers a better car experiences every day. You will use your deep knowledge to analyse and enhance the protective measures that we install in all parts of the in-vehicle embedded system. 
Your main responsibilities include:Perform vulnerability tests, security assessments and risk analysis activities related to in vehicle communication independently or as a part of a team. Collaborate with concept owners to establish verification methods and work closely with the automation team who automates test cases into the Continuous Integration (CI) machinery. Develop security mechanisms and help receiving teams implement them. Could be by support or implementing a concept that Security group owns and share with the company. Programming environments extends from script languages like Python to C. Verify security requirements of different types of ECUs related to e.g. Infotainment, Gateway and Connectivity functions.  • Ability to work within different test environments, i.e. real cars as well as Boxcars or similar settings. Ensuring proficiency and adequate level of details in reports and test results.  Demonstrate critical thinking and creative analytical skills to for example identify vulnerabilities/attack vectors that are difficult to detect.

You and your skills
You use your skills as Cyber Security Engineer and your passion for security in embedded systems to expand your technical insights and to build and maintain a network that includes people from all areas in the company. You have experience within the field of security by design. You are curious and want to contribute to develop ground breaking technology. Driven by customer focus you get things done. You are committed to high delivery quality and have the ability to proceed your work without having all facts at hand before you start. You are flexible and have excellent communication and documentation skills. You are experienced with agile development and familiar with software development best practices.
 We believe that you have a M.Sc. or B.Sc. degree in Software, Electrical or Computer engineering, or equivalent education. A minimum of 5 years relevant professional experience of developing security solutions in vehicle or other embedded environments. You are proficient in programming languages such as C/C++ and Python. Fluent language skills in English, both in written and oral form.
Good to have
A driver’s license for motor vehicles. A strong understanding for the threat landscape of a connected device and the mitigation mechanisms needed for protection. Competence to examine security from a holistic view, including threat modelling, risk, and vulnerability assessment. Knowledge and experience on vehicle networks and communication protocols such as CAN, TCP/IP, IEEE 802.11x, BLE, and Bluetooth. Experience of one or several tools such as Wireshark, CANalyzer and CANoe. Previous knowledge of automotive related standards such as UDS and SOME/IP. Proficient in programming languages such as Bash/CAPL. Experience with reverse engineering, pen-testing for embedded devices. Experience of Metasploit framework and Kali Linux OS. International Software Testing Qualifications Board (ISTQB) certification. Other security related certifications such as CISSP and CEH. Code Reviews (Gerrit etc). Threat Modeling (Heavens). Static/Dynamic/Interactive Code and 3rd party analysis tools and processes. Security in the Cloud. Embedded systems, IoT and Hardware based attacks
How to learn more and apply
For questions about the position, please contact team manager Maria Cristina Cristescu Dalmasso at [email protected].  Note that selections will be running continuously. Please note that applications via email will not be accepted. Interviews will be held continuously. #LI-CS1