Automotive Penetration Tester II

Full Time

Job Description

Job Description

One of the most critical aspects of vehicle cybersecurity is ensuring controls are implemented as they were designed. At Block Harbor, we’re relentlessly focused on ensuring testing is effective and efficient through automation – it makes vehicles safer and lets us all focus on what we’re interested in.

As an Automotive Penetration Tester II, you’re ready to take on the critical role of testing hardware and software components to ensure vehicle cybersecurity. From functional testing, to penetration testing, fuzz testing, to internal hacking research projects, your role will be to execute that testing in components, systems, and full vehicle environments. You’ll not only use our tools in our vehicle cybersecurity labs to perform testing, but you will also provide critical feedback into the development of those tools.

Automotive Penetration Testers are experts in automotive cybersecurity related testing. You will understand our lab spaces, how to use them, and you will build new vehicle cybersecurity labs at customer locations around the globe.

In this technical, problem-solving role, you must be prepared to dive into the details, research new technologies, learn new tools, write code, and set up embedded systems. Then, you must be able to identify cybersecurity flaws or non-conformance and communicate those findings clearly and effectively through writing reports.



  • Work on a team of ethical hackers to conduct penetration testing and vulnerability assessments on ECUs, automotive systems, and vehicles according to Block Harbors six step penetration testing methodology.


  • Act as an interface with customers to proactively engage with them, navigate gatekeepers, provide project status in weekly meetings, and solve any technical roadblocks in project execution while obtaining technical details and support from the customer to drive results in test execution.


  • Develop detailed attack plans and project roadmap of technical tasks for the various attack surfaces of vehicle products.


  • Design and build technical prototypes of products and services that solve challenges in automotive cybersecurity.


  • Propose new solutions, products, and technologies that solve big-picture customer pain points.


  • Develop proof-of-concept exploits to demonstrate the impact of identified vulnerabilities.


  • Write reports that provide insight into discovered vulnerabilities, recommended remediation steps, and overall risk posture.


  • Take responsibility for the final quality of penetration reports delivered to customers.


  • Take successes and lessons learned from penetration testing projects and produce scripts for repeated success in future projects.


  • Work cross-functionally with business development to pair software/solution requirements with customer needs.


  • Understand project technical scope and proposals and execute labs testing projects per in-scope definitions.


  • Be responsible for your individual duties in a project’s execution, from beginning to end, including managing your own timelines and the desire to help manage others.


  • Demonstrate your work to the community (host customer presentations, demonstrations, presentations at conferences, delivering talks, publishing blogs, etc) by working cross-functionally with Business Development to amplify your voice.


  • Use your creativity, drive, and knowledge to be a thought leader in the space of automotive cybersecurity.


  • Make recommendations on the best equipment for vehicle testing and travel to customer sites to build new lab environments for testing.


  • Excel at listening to current and future customers to understand true market needs.


  • Be responsible for how customers feel throughout a project and deliver an excellent customer experience that keeps customers motivated to work with Block Harbor over competitors and market leaders.


  • Perform necessary research to understand optimal technical solutions as to prevent technical debt (do the job right the first time).


  • Work with partner companies towards building jointly offered solutions and products with a shared revenue stream.


  • Reflect on lessons learned from customer projects and how to make service deliverables, customer experiences, and Block Harbor products better.


  • Write code to help automate cybersecurity testing and apply findings from one project to a new project.

Experience & Qualifications

Required Experience

  • 2-6 years of experience in automotive cybersecurity, embedded systems, offensive security, product security, software development, IT security or similar relevant roles.


  • Use of common hacker and automotive engineering tool kits such as Kali Linux tools, nmap, vehicle spy, vehicle diagnostic and tuning tools, ghidra, CAN tools, burp suite, vulnerability scanners, static and dynamic code analysis tools, fuzzing tools, etc.

  • Bachelor’s degree in relevant field (such as computer engineer or electrical engineer) OR relevant industry-certifications (such as: OSCP, CompTIA security+, CEH) OR ability to demonstrate independently pursued capabilities (e.g. founder, researcher, etc.).
  • Knowledge of relevant industry standards & regulations (e.g. ISO/SAE 21434, UNECE WP.29 UN R 155) and understanding of their impact on the automotive industry.

  • Eagerness to learn and develop one’s skills independently.

  • Excellent communication and interpersonal skills.

  • Robust analytical and problem-solving skills.


Preferred Experience

  • Deep Experience and understanding of the following interfaces: V2X, Bluetooth, WiFi, and Ethernet


  • Experience in fuzz test execution and tools


  • Software and hardware reverse engineering

  • An expertise in one or more of the following automotive technologies: CAN, Wi-Fi, Bluetooth, BLE, Automotive Ethernet, V2X, USB, Flex Ray, cellular technologies, mobile applications, cloud infrastructure, etc.

  • Knowledge of risk-driven cybersecurity methodologies.


  • Knowledge of attacker tactics and techniques such as the MITRE ATT&CK framework