Careers

Job description:

Key Responsibilities

• Open-source and non-open-source software analysis: Analyze various software packages and create pattern signatures to enable our vulnerability scanning engine to detect these components in automotive firmware images.
• Operating system research: Investigate a broad range of operating systems (e.g., Linux distributions, Android Automotive, QNX, real-time operating systems) and develop recognition patterns that identify software packages and components from these operating systems in automotive firmware.
• AI-powered problem solving: Apply artificial intelligence (AI) and machine learning (ML) techniques to solve complex cybersecurity and reverse-engineering challenges. Use AI-driven approaches to improve pattern recognition, anomaly detection, or automation in the firmware analysis process.
• Automotive stack investigation: Research software stacks, frameworks, and components commonly used in automotive electronic control unit (ECU) development (e.g., infotainment systems, telematics, AUTOSAR components, communication protocols). Leverage this knowledge to enhance our scanning engine’s ability to recognize and assess those components in firmware.
• Innovative threat research: Tackle novel and undefined challenges in automotive cybersecurity through independent research and innovation. Experiment with new methods to analyze firmware, discover vulnerabilities, and contribute findings that shape our product’s capabilities.
• Tool development and automation: Write and maintain Python tools and scripts to automate the above tasks. Develop supporting utilities for firmware unpacking, data parsing, pattern generation, and other research needs to streamline our vulnerability scanning and analysis workflow.
• Team culture and mindset: Embrace a spirit of openness, take initiative, and approach challenges with positivity and enthusiasm. Foster collaboration and contribute to a supportive and innovative engineering environment.

Qualifications

• Bachelor’s or master’s degree in computer science, electrical engineering, or a related field.
• 3+ years of experience in cybersecurity research, software vulnerability analysis, or reverse engineering. Automotive or embedded systems experience is preferred but not required.
• Proficiency in Python programming for scripting and tool development. Experience building automation tools or data analysis scripts to aid research efforts.
• Understanding of cybersecurity fundamentals and familiarity with reverse-engineering techniques. Hands-on experience with static and dynamic analysis tools (e.g., IDA Pro, Ghidra, Radare2) and debugging or disassembling software is highly beneficial.
• Knowledge of multiple operating systems and their internals, especially Linux/Unix-based systems. Familiarity with open-source software components and libraries (e.g., OpenSSL, BusyBox, embedded Linux utilities) and experience identifying them in firmware or binary images.
• Proactive initiative and self-driven learning. Ownership of tasks, continuous skill development, active pursuit of new knowledge, and engagement with a learning-focused culture.
• Collaboration and team adaptability. Effective teamwork, cross-functional communication, flexibility in dynamic environments, and resilience in fast-paced conditions.
• Innovation and creative problem-solving: Generation of new ideas, proactive identification of improvement opportunities, enhancement of research processes, and development of forward-thinking solutions.
• AI/ML aptitude (preferred but not required). Exposure to or experience with artificial intelligence (AI) and machine learning (ML) techniques in the context of security or data analysis. Willingness to learn and apply AI/ML models to pattern recognition or anomaly detection problems.
• Domain familiarity (preferred but not required): Understanding of automotive systems or protocols (e.g., CAN bus, OTA updates, ECU development processes) and knowledge of automotive industry standards. Experience with vulnerability scanners, software composition analysis tools, or writing signature rules (e.g., YARA).