Cyber Security Engineer

Who are we?
Volvo Cars is a company on a mission; to bring traditional car manufacturing into a connected, sustainable and smart future.

Cyber Security Engineer - Security

Want to drive digital change in automotive?
At Volvo Cars, we are making bold digital visions come true. We aim to lead in the automotive world by creating a digital ecosystem built around making our customers' lives less complicated. Now we are looking for curious, creative people who want to change the world through innovative thinking. Volvo Cars has an ambitious growth plan for connected functionality and autonomous driving.

What we offer
To mitigate the threats presented to a connected autonomous vehicle, we have a solid foundation of competence within our very dedicated system security team. You will become a member of an agile development team with great team spirit. Volvo Cars has a holistic approach to in-vehicle security, spanning the complete vehicle lifecycle, involving technology for protection and detection, as well as threat intelligence and incident response. Due to your contributions to the area, you will be recognized as an important player in the Security field. Volvo Cars Cyber Security group is located in both Gothenburg and Lund and this position is open for both locations.

What you’ll do
You get inspired by our mission to give our customers better car experiences every day. You will use your deep knowledge to analyze and enhance the protective measures that we install in all parts of the in-vehicle embedded system. Your main responsibilities include

• Perform vulnerability tests, security assessments, and risk analysis activities related to in-vehicle communication independently or as a part of a team
• Collaborate with concept owners to establish verification methods and work closely with the automation team that automates test cases into the Continuous Integration (CI) machinery.
• Develop security mechanisms and help receiving teams implement them. This could be by supporting or implementing a concept that the Security group owns and shares with the company. Programming environments extend from script languages like Python to C.
• Verify security requirements of different types of ECUs related to e.g. Infotainment, Gateway and Connectivity functions
• Ability to work within different test environments, i.e. real cars as well as Boxcars or similar settings.
• Ensuring proficiency and adequate level of detail in reports and test results
• Demonstrate critical thinking and creative analytical skills to for example identify
vulnerabilities/attack vectors that are difficult to detect.

Application and contact
Very welcome with your application by submitting your resume and cover letter as soon as possible.
Please note that applications by e-mail will not be accepted due to GDPR.

You and your skills
You use your skills as Cyber Security Engineer and your passion for security in embedded systems to expand your technical insights and to build and maintain a network that includes people from all areas of the company. You have experience within the field of security by design. You are curious and want to contribute to developing groundbreaking technology. Driven by customer focus you get things done. You are committed to high delivery quality and can proceed with your work without having all the facts at hand before you start. You are flexible and have excellent communication and documentation skills. You are experienced with agile development and familiar with software development best practices.

We believe that you have the following basic skills and qualifications:
• M.Sc. or B.Sc. degree in Software, Electrical or Computer engineering, or equivalent education.
• A strong understanding of the threat landscape of a connected device and the mitigation mechanisms needed for protection.
• A minimum of 5 years of relevant professional experience in developing security solutions in vehicles or other embedded environments.
• Proficient in programming languages such as C/C++ and Python/Bash/CAPL
• Fluent language skills in English, both in written and oral form.
• Ability to work constructively as an individual or in teams
• Positive attitude with a learning mindset and willingness to evolve within the given role With following preferred skills and qualifications:
• A driver’s license for motor vehicles.
• Competence to examine security from a holistic view, including threat modelling, risk, and vulnerability assessment.
• Knowledge and experience on vehicle networks and communication protocols such as CAN, TCP/IP, IEEE 802.11x, BLE, and Bluetooth
• Experience with one or several tools such as Wireshark, CANalyzer and CANoe
• Previous knowledge of automotive related standards such as UDS and SOME/IP
• Experience with reverse engineering, pen-testing for embedded devices
• Experience of Metasploit framework and Kali Linux OS.
• International Software Testing Qualifications Board (ISTQB) certification
• Other security related certifications such as CISSP and CEH.
• Code Reviews (Gerrit etc)
• Threat Modeling (Heavens)
• Static/Dynamic/Interactive Code and 3rd party analysis tools and processes
• Security in the Cloud
• Embedded systems, IoT, and Hardware-based attacks