Security Analyst II

Thales is a global technology leader trusted by governments institutions and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space cybersecurity and digital identity were driven by a mission to build a future we can all trust.

We are looking for an Automotive Embedded Penetration Tester with strong hands-on experience in ECU in-vehicle networks and automotive protocols. The role involves performing security assessments on automotive ECUs vehicle architectures and connected components in line with ISO/SAE 21434 and UNECE R155.

Key Responsibilities

• Perform penetration testing and security assessments on automotive ECUs
• Conduct embedded and hardware security testing including:
  • UART SPI I2C JTAG SWD
  • Debug interface analysis and secure boot validation
• Assess in-vehicle communication protocols:
  • CAN CAN-FD LIN FlexRay Automotive Ethernet
• Perform UDS security testing:
  • Security Access (Seed-Key)
  • Diagnostic session abuse
  • NRC analysis and fuzzing
• Analyze ECU firmware:
  • Firmware extraction reverse engineering
  • Static & dynamic analysis
• Execute threat modeling and risk assessments (TARA)
• Validate security controls for:
  • Secure boot secure flashing
  • Key management and crypto usage
• Document findings with clear risk impact and remediation guidance
• Support compliance activities for ISO 21434 UNECE R155/R156

Mandatory Skills

• Strong knowledge of embedded systems and automotive ECUs
• Hands-on experience with automotive pentesting tools:
  • CANoe / CANalyzer
  • BusMaster
  • UDS tools Scapy-CAN
  • Ghidra / IDA (basic to intermediate)
• Solid understanding of:
  • Cryptography fundamentals (AES RSA ECC HMAC)
  • Secure boot and firmware update mechanisms
• Experience with Linux-based testing environments
• Ability to read and understand Embedded C / C code

Good to Have

• Experience in hardware fault injection (voltage glitching clock glitching)
• BLE / UWB / Digital Key security testing
• Python scripting for automation and fuzzing
• Experience auditing labs or processes against ISO 27001
• Automotive cybersecurity certifications (e.g. ISO 21434 Lead Implementer)

At Thales were committed to fostering a workplace where respect trust collaboration and passion drive everything we do. Here youll feel empowered to bring your best self thrive in a supportive culture and love the work you do. Join us and be part of a team reimagining technology to create solutions that truly make a difference for a safer greener and more inclusive world.