Forensic Analysis & Offensive Security for Product Cybersecurity This role supports shift left forensic and offensive security evaluations for embedded and connected products across on highway and off highway platforms. The role is focused on hands on technical execution, including early vulnerability discovery, exploit feasibility analysis, architecture reviews, reverse engineering, and pre certification penetration testing, to provide actionable technical findings ahead of external certification testing. This role does not own security capability strategy, tooling ownership, or organizational maturity and does not replace external penetration testing or certification mandated evaluations.
KEY RESPONSIBILITIES
Vulnerability Scanning & Analysis
Perform firmware, binary, and configuration vulnerability scanning, side channel attacks on embedded products.
Identify known weaknesses such as insecure configurations, outdated components, and cryptographic issues.
Assess vulnerabilities based on practical exploitability and product context, in addition to standard severity scoring.
Document findings clearly with technical evidence and reproducible observations. B. Product & ECU Penetration Testing
Execute pre certification penetration testing activities early in the product lifecycle.
Perform attacker perspective testing to identify realistic product weaknesses prior to engagement with external labs.
Conduct hands on testing using defined test setups for: o ECU level penetration testing o System level penetration testing o CAN / UDS / J1939 / Ethernet / MODBUS and related protocol fuzzing
Provide test results, observations, and technical inputs that complement external penetration testing efforts.
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.
Perform shift left architecture reviews focused on identifying implementation weaknesses related to, Trust boundaries o Cryptographic usage and key handling o Secure boot and firmware integrity o OTA mechanisms o Secure communication paths
Correlate architectural weaknesses with observed attack paths and test results from internal assessments.
Provide specific, actionable technical recommendations to improve product robustness prior to external testing.
Reverse Engineering & Firmware Analysis
Extract firmware using available interfaces such as JTAG/SWD, memory access techniques, and OTA packages.
Perform static and dynamic binary analysis using reverse engineering tools.
Support protocol analysis, secure boot evaluation, and proof of concept exploit development where required to validate findings.
Capture technical artefacts, evidence, and analysis results in a structured and traceable manner.
Forensic Analysis & Post Incident Support
Support collection and analysis of logs, traces, firmware artefacts, and memory dumps following security events.
Assist in reconstructing attack sequences using forensic evidence and technical analysis.
Correlate forensic findings with observed product behavior and known attack techniques. • Provide technical inputs to strengthen product design and implementation before subsequent test cycles.
TECHNICAL COMPETENCIES
Embedded and product cybersecurity fundamentals • Firmware extraction and binary analysis