Find your next cybersecurity opportunity


Principal Security Consultant (Automotive Lead within NA Transport Assurance Practice)

NCC Group

NCC Group

United States · Remote
Posted on Wednesday, November 1, 2023

Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business… https://www.nccgroup.com

The Opportunity

Principal Security Consultants (“PSCs”) are expected to act as Technical Leaders both within and outside of the company. Within the company, PSCs should contribute to NCC tools and research. Externally, their work should be made available via presentations at top-tier security conferences and through whitepapers and other technical publications.

Customers should specifically come to NCC Group for the skills our Principal Consultants. A Principal Security Consultant will be a key contributor to project delivery at NCC. PSCs will focus primarily on projects that are technically complex, require senior resources because of unique scoping, or that are ideally suited for mentoring junior employees.

Beyond client delivery and support, PSCs are relied upon to make a difference within NCC and in our industry and are given weeks of dedicated self-directed research and management time for a PSC Project. Further as a Transport Security Consultant, you will be focused on delivering security consulting services to clients and assisting in growing the transportation practice.

You’ll deliver a wide range of consulting services (Technical and GRC) to the automotive industry to support their cyber security requirements, such as ECU design reviews and threat modelling, vehicle component security assessments, Over-the-Air update framework assessments, and full vehicle security assessments.

We are a consultancy and so, when necessary, our work is sometimes performed on client sites. That being said, we are always working with clients to deliver remote work whenever possible. We also proactively monitor travel so that no one spends too much time on the road. By and large, we are a company run by security consultants, and we have no interest in burning ourselves out.

Our Culture:

NCC Group has a casual culture, with people from diverse backgrounds who eat, drink and breathe security. We’re a social group and our various offices organize outings and events that are quite popular. We also host an annual conference for our consultants (usually somewhere warm during the cold winter months), where you can catch up with your peers and see the cool research that your friends have been working on.


Research is at the foundation of NCC Group and the work that we do. We speak at top-tier security conferences all over the world. All of our consultants receive time and resources to support their research endeavours. Research is rewarded with substantial bonuses for speaking at conferences, writing whitepapers, and creating tools.

Activities and Responsibilities:

In general, as a PSC you will have the following responsibilities:

  • Serve as the NA Transport Assurance Automotive technical lead

  • Maintain and execute the Automotive strategy in collaboration with stakeholders across the Global Transport Assurance Practice

  • Support overall Transport Assurance Practice development and maturity growth (e.g., contribute to streamlining practice operational processes, strengthening service offerings, developing marketing collateral)

  • Lead complex multi-week or multi-month client engagements

  • Participate in scoping efforts when proposing work for highly specialized projects

  • Mentor other consultants in your areas of expertise

  • Perform final review on deliverables such as reports and whitepapers

  • Advance the state of security in your areas of expertise

  • Significant and meaningful contributions in the areas of research, account management, or other organizational capabilities

  • Deliver consultancy to the highest level in the practice

  • Monitor current events and regulatory/standards environment (e.g., drivers and pain points) and share knowledge specifically to marketing and pre-sales teams and generally to community of practice and cross over services

  • Generate and support pre-sales initiatives with go-to-market campaigns supported by pre-sales, sales and account management teams

  • Write and contribute to SOWs and proposals for accounts within your mode

Required Experience / Skills:

The following qualifications and experience are important for being successful in this role.

  • Bachelor’s program in Computer Science, Engineering, Cybersecurity, or equivalent.

  • Minimum of 3 years of experience working in security.

  • Minimum of 5 years of experience in management and delivering technical results or solutions.

  • Previous experience in the automotive vertical

  • Programming skills for tool development and source code review, specifically C/C++

  • Extensive knowledge and understanding of automotive architectures, systems, and communications networks (e.g., infotainment systems, telematics control modules, gateway modules, QNX, AUTOSAR, CAN, Automotive Ethernet, C-V2X, vehicle diagnostic protocols)

  • Understanding of ISO/SAE 21434 and UNECE R155/156

  • Experience with binary reverse engineering and/or debugging

  • Experience presenting research as conference talks and/or papers at venues such as Escar, Auto-ISAC, and SAE events

Furthermore, we expect that the candidate will possess a mastery of 6+ technical security domains:

  • Significant experience in 4+ programming languages, with extensive knowledge of how vulnerabilities can manifest in code.

  • Web application security assessment

  • Network security assessment

  • Binary reverse engineering

  • Network protocol reverse engineering

  • Cryptographic analysis

  • Low-Level application security assessment (firmware, kernel)

  • Exploit research and development

  • Enterprise technologies e.g. Virtualization (VMWare or OpenStack), WSUS, etc.

  • Forensics and Incident Response

  • Secure boot-chain or hardware security review

  • Mobile application assessment (Android, iOS)

  • Threat modeling and attack surface enumeration

  • Physical security assessment

  • ICS/SCADA security assessment

  • Specific Transport domain expertise (e.g., Automotive, road infrastructure, terminals)

Personal Qualities:

  • Excellent spoken and written communication skills, because being able to explain a vulnerability is just as important as being able to find it!

  • High-level of professionalism

  • Outstanding attention to detail

  • Ability to lead teams and multi-faceted projects effectively

  • Self-motivated and a demonstrated self-starter

  • Highly dependable

  • Excellent management skills

  • Willingness to travel

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details please email cv@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage