Uploaded 02/09/2018 | Certified Ethical Hacker | Confidential

Uploaded 02/09/2018 | Certified Ethical Hacker | Confidential

ISSA's picture

Certified Ethical Hacker (CEH) performs end-to-end testing for the TBM,head units, mobile, and Web portal networks for Connected Vehicle Services. The connected services platform includes but is not limited to the following features:

Remote door lock/unlock, remote start/stop, remote horns and lights, theft alarm notification, stolen vehicle location assistance, assist, emergency call, SQDF, VHR, UAA, local search, traffic probe, notifications, registration, life cycle management, performance pages, in vehicle help, send destination to vehicle, vehicle finder, HU swap.

The CEH will be required to test the interfaces with the various system applications that support Connected Vehicle Services.

Develop SOW’s for 3rd party penetration testing,perfoerm regression/revalidation of Apps that were already pen tested by 3rd party,develop penetration testing use cases and reports that will ensure security requirements are implemented in all connectivity features, and support the following items;

·QRE engineer is to perform connectivity CONNECTIVITY security validation based of global core security system level specifications for CONNECTIVITY platform and components

·QRE to ensure reviewing 3rd party penetration testing reports and create the daily tracking dash board update frequently the reports across various platforms including Web, Back Office, Mobile and In Vehicle

· Security QRE uploads all the reports in repository and version controlled

· Responsible for performing reviews with the cyber security team for penetration testing reports that was received from the 3rd party penetration tester and create tickets

· Responsible for performing Threat & Risk Assessmnet for the identified vulnerablilties and report to the management using FCA TARA templates.

· Responsible for creating security tickets and manage the daily tracking ticket systems , make sure the tickets are updated based on the response received from 3rd party suppliers

· Setup meetings with Cyber security team to review and perform the risk assessment that was performed by the penetration tester is accurate

· Responsible in updating the correct risk assessment and share to the 3rd party suppliers and update the ticket system

· Responsible for gathering the final assessment of the Penetration test reports manage daily and update to close the open issues on time to closure

· Creation of additional CONNECTIVITY security test cases including corner cases and test cases based on Failure Mode Effect Analysis

· Perform Functional, performance, stability testing and regression testing of new and existing CONNECTIVITY security enhancements utilizing bench top testers, in-vehicles and ride and drives

· Oversee the CONNECTIVITY security testing done by CONNECTIVITY provider & 3rd party vendors. Assess the severity and priority of defects and issues written by the developing supplier and their delegates.

· Defect creation, clarification, logging, retesting, and verification producing clear, accurate and reproducible defect assessments from which a Developer Engineer can resolve defects

· Manage CONNECTIVITY 3rd party security penetration testing re-validation and regressions testing to make sure security defects are fixed.

· Report CONNECTIVITY security penetration testing validation results and work with CONNECTIVITY Providers and 3rd party vendors to fix the security vulnerabilities

· Work closely with CONNECTIVITY core security validation lead and capture the upcoming changes and send the requirements to CONNECTIVITY providers and 3rd party vendors to provide test cases and results

· Responsible in going through the CONNECTIVITY system design documentation & FMEA review each time a CONNECTIVITY security requirements are implemented..

· Work closely with CONNECTIVITY providers & 3rd party vendors to ensure they follow the Company core security requirements and ensure they support project specific CONNECTIVITY security engineering activities.

· Maintain project tracking and provide status reports to senior leadership.

· Identify and proactively resolve issues/conflicts within the project team

· Communicate project status, progress on deliverables, risks/issues to stakeholders/leadership in a timely manner.

· Collaborate with cross-functional teams including IT, Architects, Infrastructure team, Software engineers, developers, testers, technical leads, and deployment leads to ensure timely delivery of projects.

· Ensure adherence to company CONNECTIVITY software development life cycle and delivery methodologies, guidelines and policies.

· Attend company and Supplier weekly/daily meetings as required.

· Responsible for transitioning to CONNECTIVITY Operations of CONNECTIVITY design documentation and all other CONNECTIVITY security deliverables.

· Responsible for tracking and documenting all the Bug Bounty issues

· Responsible to ensure the boundaries are met for security testing

Requirements:

· Bachelor's Degree in Electrical Engineering, Computer Engineering, Computer Science

· Certifications: CEH

· A minimum of 5 years minimum experience in security IT field

· A minimum of 5 years of experience as an Security Penetration tester

· Demonstrated experience finding and exploiting vulnerabilities with Connected IoT devices, network infrastructure, web, Mobile applications and database systems.

Experience with vulnerability scanning and penetration testing tools and techniques.

Familiarity with regulatory/compliance requirements (e.g., PCI, HIPAA, SOX), information security frameworks and controls (e.g., NIST, ISO, CoBIT).

Strong attention to detail and ability to document findings and convey information.

Ability to manage project deliverables and deadlines.

Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls.

Ability to identify and evaluate risk to In Vehicle, Mobile, Web & IT systems and communicate risks to management.

Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels.

Ability to clearly communicate with co-workers, management, clients and vendors.

Excellent verbal and written communication skills

Travel and Driving Notes:

Will be required to drive a company car. A valid driver’s license is required as well as a clean driving record.

May be required to travel domestically and internationally up to 20%