Security Assessment Engineer in Constanţa

C++ (regular) Java (regular) Company DescriptionDo you want beneficial technologies being shaped by your ideas? Whether in the areas of mobility solutions, consumer goods, industrial technology or energy and building technology - with us you will have the chance to improve quality of life all across the globe. Welcome to Bosch.Job DescriptionWe are looking for security engineer who love solving interesting problems and think “secure” is just a matter of perspective. The security assessment engineer is responsible for performing high end security evaluation focusing on embedded devices used in various domains such as IoT, home automation and specifically automobiles. As a senior member you are expected to serve as a technical leader in this area within organization.Tasks:Understand and execute attacks on Automotive ECUs.Reverse engineering, hardware hacking, and black-box style testing against embedded systems.Investigate possible logical attack scenarios by interpreting code review findings, and analyzing test results.Create innovative attacks tools/automations for project specific needs.Communicate complex vulnerability results to technical and non-technical audience.Perform research and contribute to open source community on new attack methodology, vulnerability findings.QualificationsRequirements4 - 8 years of relevant professional experienceExperience with ECU development from both a Hardware and Software perspective, including topics like microcontrollers, HSMs, secure boot, access control and exploit mitigation techniquesFamiliarity with automotive networks and protocols along with tools such as busmaster and Vector CAN suite.Knowledge and implementation of AutoSAR standards.Proficiency in programming languages (e.g. C, C++, Java, Python) or any other high level language.Vulnerability assessment and penetration testing experience in embedded and/or non-embedded domain.Knowledge of embedded PC architecture such as ARM and assembly programming.Reverse engineering of system binary level (POSIX, WinAPI) and source code review experience.Proficiency in usage of security testing tools such as disassemblers, flash dumper, JTAG finders.Knowledge in low level protocols such as SPI, JTAG, UART is desirable.Knowledge of cryptography is desirable.Existing contribution to open source projects, CVE reporting, conference publications are desirable but not mandatory.Soft skill requirementsAbility to work independently under minimal supervision and within a team.Willingness to learn new technical topics.Attention to details.Structured and systematic approach to projects.Additional InformationBenefits:We would like to offer you number of amenities for you and your loved ones.Work #LikeABosch:Contract of employment  and a competitive salary (together with annual bonus)Flexible working hoursReferral Bonus ProgramCopyright costs for IT employeesCanteen in the office with co-financed lunchesGrow #LikeABosch:Complex environment of working, professional support and possibility to share knowledge and best practicesOn-going development opportunities in a multinational environmentBroad access to professional trainings, conferences and webinarsLanguage coursesLive #LikeABosch:Private medical care and life insuranceMultisport card and sports teamsNumber of benefits for families (for instance summer camps for kids)Non working days on the 24th and 31st of DecemberDiscounts for Bosch products