Principal Security Consultant (Automotive Lead within NA Transport Assurance Practice)
Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission.
Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business… https://www.nccgroup.com
Principal Security Consultants (“PSCs”) are expected to act as Technical Leaders both within and outside of the company. Within the company, PSCs should contribute to NCC tools and research. Externally, their work should be made available via presentations at top-tier security conferences and through whitepapers and other technical publications.
Customers should specifically come to NCC Group for the skills our Principal Consultants. A Principal Security Consultant will be a key contributor to project delivery at NCC. PSCs will focus primarily on projects that are technically complex, require senior resources because of unique scoping, or that are ideally suited for mentoring junior employees.
Beyond client delivery and support, PSCs are relied upon to make a difference within NCC and in our industry and are given weeks of dedicated self-directed research and management time for a PSC Project. Further as a Transport Security Consultant, you will be focused on delivering security consulting services to clients and assisting in growing the transportation practice.
You’ll deliver a wide range of consulting services (Technical and GRC) to the automotive industry to support their cyber security requirements, such as ECU design reviews and threat modelling, vehicle component security assessments, Over-the-Air update framework assessments, and full vehicle security assessments.
We are a consultancy and so, when necessary, our work is sometimes performed on client sites. That being said, we are always working with clients to deliver remote work whenever possible. We also proactively monitor travel so that no one spends too much time on the road. By and large, we are a company run by security consultants, and we have no interest in burning ourselves out.
NCC Group has a casual culture, with people from diverse backgrounds who eat, drink and breathe security. We’re a social group and our various offices organize outings and events that are quite popular. We also host an annual conference for our consultants (usually somewhere warm during the cold winter months), where you can catch up with your peers and see the cool research that your friends have been working on.
Research is at the foundation of NCC Group and the work that we do. We speak at top-tier security conferences all over the world. All of our consultants receive time and resources to support their research endeavours. Research is rewarded with substantial bonuses for speaking at conferences, writing whitepapers, and creating tools.
Activities and Responsibilities:
In general, as a PSC you will have the following responsibilities:
Serve as the NA Transport Assurance Automotive technical lead
Maintain and execute the Automotive strategy in collaboration with stakeholders across the Global Transport Assurance Practice
Support overall Transport Assurance Practice development and maturity growth (e.g., contribute to streamlining practice operational processes, strengthening service offerings, developing marketing collateral)
Lead complex multi-week or multi-month client engagements
Participate in scoping efforts when proposing work for highly specialized projects
Mentor other consultants in your areas of expertise
Perform final review on deliverables such as reports and whitepapers
Advance the state of security in your areas of expertise
Significant and meaningful contributions in the areas of research, account management, or other organizational capabilities
Deliver consultancy to the highest level in the practice
Monitor current events and regulatory/standards environment (e.g., drivers and pain points) and share knowledge specifically to marketing and pre-sales teams and generally to community of practice and cross over services
Generate and support pre-sales initiatives with go-to-market campaigns supported by pre-sales, sales and account management teams
Write and contribute to SOWs and proposals for accounts within your mode
Required Experience / Skills:
The following qualifications and experience are important for being successful in this role.
Bachelor’s program in Computer Science, Engineering, Cybersecurity, or equivalent.
Minimum of 3 years of experience working in security.
Minimum of 5 years of experience in management and delivering technical results or solutions.
Previous experience in the automotive vertical
Programming skills for tool development and source code review, specifically C/C++
Extensive knowledge and understanding of automotive architectures, systems, and communications networks (e.g., infotainment systems, telematics control modules, gateway modules, QNX, AUTOSAR, CAN, Automotive Ethernet, C-V2X, vehicle diagnostic protocols)
Understanding of ISO/SAE 21434 and UNECE R155/156
Experience with binary reverse engineering and/or debugging
Experience presenting research as conference talks and/or papers at venues such as Escar, Auto-ISAC, and SAE events
Furthermore, we expect that the candidate will possess a mastery of 6+ technical security domains:
Significant experience in 4+ programming languages, with extensive knowledge of how vulnerabilities can manifest in code.
Web application security assessment
Network security assessment
Binary reverse engineering
Network protocol reverse engineering
Low-Level application security assessment (firmware, kernel)
Exploit research and development
Enterprise technologies e.g. Virtualization (VMWare or OpenStack), WSUS, etc.
Forensics and Incident Response
Secure boot-chain or hardware security review
Mobile application assessment (Android, iOS)
Threat modeling and attack surface enumeration
Physical security assessment
ICS/SCADA security assessment
Specific Transport domain expertise (e.g., Automotive, road infrastructure, terminals)
Excellent spoken and written communication skills, because being able to explain a vulnerability is just as important as being able to find it!
High-level of professionalism
Outstanding attention to detail
Ability to lead teams and multi-faceted projects effectively
Self-motivated and a demonstrated self-starter
Excellent management skills
Willingness to travel
About your application
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.