Security Researcher

SHAPE THE FUTURE OF MOBILITY FROM DAY ONE.

This position is part of our Corporate Functions.

Summary:

Join Aptiv and help lead the automotive industry into a more resilient and assured cybersecurity future. Our team protects our customers from the most advanced threats affecting the automotive industry. Aptiv’s Automotive Red Team is working to protect Aptiv products by executing offensive cybersecurity research and development activities.

As our Cyber Research Engineer, you will focus primarily on proposing and executing novel cyber research into areas such as reverse engineering, hardware and software exploitation, and offensive cyber analysis. Additionally, you will work to validate vulnerability reports and mitigations impacting embedded systems. You will be interfacing with the product security operations center, production engineering teams, experimenting with state-of-the-art technologies, and much more. Your contributions will ensure vehicles on the streets are protected from grave threats posed by criminals and terrorists.

Responsibilities:

• Validate vulnerability reports and mitigations impacting embedded system hardware and software
• Assist product engineers in understanding impact of vulnerability on component and system level, providing guidance on risk analysis and mitigation strategy
• Provide technical cybersecurity support to vulnerability management and incident response activities
• Perform research into discovering 0-days, developing reverse engineering and assessment tools, and conducting assessments and offensive cyber analysis against automotive products in order to outsmart the adversary
• Create implementation strategies for development of assessment technologies
• Work with other team members to responsibly transition research findings to production engineering teams around the world
• Conduct experiments testing the limits of state-of-the-art software and embedded systems technologies to uncover weaknesses and vulnerabilities
• Generate intellectual property (e.g., patents) to secure future cybersecurity dominance in the automotive space
• Maintain an up-to-date awareness of offensive and defensive cybersecurity activities in the public/commercial domain and working with the team to accelerate cyber operations as appropriate
• Dissect longer projects and efforts into sub-tasks that can demonstrate incremental progress on a bi-monthly to monthly basis
• Guide product teams through integration of new cybersecurity system designs and validation methodologies
• Defend research viewpoints to senior and executive leadership by providing compelling information and evidence

Required Qualifications:

• Experience in vulnerability research, reverse engineering, or exploit development
• Experience with C, assembly (MIPS, RISC-V, Intel x86_64, proprietary architectures, etc.), or similar low-level development
• Experience with: 1) host-based virtualization (VMware workstation, QEMU-KVM, Xen, etc.) and emulation technologies (QEMU, Simics, etc.); 2) conducting offensive cyber research such as vulnerability research and exploit development against embedded systems; and 3)
• Experience working with disassemblers such as IDA Pro, Ghidra, or radare2
• scripting languages like Python in a Linux-like environment
• Familiarity with embedded systems development and use of cryptography and/or communications implementations
• Good organization, communication, collaboration and interpersonal skills
• A go-getter that is passionate to learn about new security vulnerabilities and develop assessment automation solutions
• Interest and/or experience with bug bounties, capture-the-flag competitions, etc.
• Experience proposing and executing independent research and development tasks and writing conference-level technical reports

• High level of interpersonal skills to work independently and effectively with others

Preferred Qualifications:

• Bachelor’s Degree or Master’s Degree in Computer Science, Computer Engineering, Electrical Engineering or similar discipline
• Familiarity with automotive communication systems (CAN, CAN-FD, automotive Ethernet, etc.)
• Familiarity with automotive operating systems such as SROS2 and software communications middleware DDS
• Familiarity with Bluetooth, NFC, and/or Wi-Fi implementations and communications
• Familiarity with version control systems and code review processes
• General understanding of circuit schematics, hardware data sheets, and/or logic design
• Experience working as part of a cross-functional team to implement diverse solutions
• Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions
• High level of oral and written communication skills
• Ability to communicate and present complex issues and ideas with precision and clarity, adjusting appropriately for the audience; ability to communicate effectively up to the Vice President level
• Strong ability for successfully working independently primarily in a remote setting

Aptiv Rewards and Advantages

• Competitive compensation with bonus potential
• Competitive health benefits
• 401K with matching contribution
• Learning and development opportunities
• Discount programs with various manufacturers and retailers
• Recognition for innovation and excellence
• Opportunities to give back to the community
• Meaningful work that makes a difference in the world

Privacy Notice - Active Candidates: https://www.aptiv.com/privacy-notice-active-candidates

Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.