Previous Job
Previous
Certified Ethical Hacker - PSP - EC1294 (647943)
Ref No.: 18-00646
Location: Auburn Hills, Michigan
V2Soft (www.v2soft.com) is a global company, headquartered out of Bloomfield Hills, Michigan, with locations in Mexico, Italy, India, China and Germany. At V2Soft, our mission is to provide high performance technology solutions to solve real business problems. We become our customer's true partner, enabling both parties to enjoy success. We are committed to promoting diversity in the workplace, and believe it has a positive effect on our company and the customers we serve.

We have an immediate requirement for a Certified Ethical Hacker with our client in Auburn Hills, MI.

Required Skills:

Description:


Certified Ethical Hacker (CEH) performs end-to-end testing for the TBM,head units, mobile, and Web portal networks for Connected Vehicle Services. The connected services platform includes but is not limited to the following features:

Remote door lock/unlock, remote start/stop, remote horns and lights, theft alarm notification, stolen vehicle location assistance, assist, emergency call, SQDF, VHR, UAA, local search, traffic probe, notifications, registration, life cycle management, performance pages, in vehicle help, send destination to vehicle, vehicle finder, HU swap.  

The CEH will be required to test the interfaces with the various system applications that support Connected Vehicle Services.

Develop SOW’s for 3rd party penetration testing, perfoerm regression/revalidation of Apps that were already pen tested by 3rd party, develop penetration testing use cases and reports that will ensure security requirements are implemented in all connectivity features, and support the following items;
  • QRE engineer is to perform connectivity CONNECTIVITY security validation  based of  global core security system level specifications for CONNECTIVITY platform and components
  • QRE to ensure reviewing 3rd party penetration testing reports and create the daily tracking dash board update frequently the reports across various platforms including Web, Back Office, Mobile and In Vehicle
  • Security QRE uploads all the reports in repository and version controlled
  • Responsible for performing reviews with the cyber security team  for penetration testing reports that was received from the 3rd party penetration tester and create tickets
  • Responsible for performing Threat & Risk Assessmnet for the identified vulnerablilties and report to the management using client TARA templates.
  • Responsible for creating security tickets and manage the daily tracking ticket systems , make sure the tickets are updated based on the response received from 3rd party suppliers
  • Setup meetings with Cyber security team to review and perform the risk assessment that was performed by the penetration tester is accurate
  • Responsible in updating the correct risk assessment and share to the 3rd party suppliers and update the ticket system
  • Responsible for gathering the final assessment of the Penetration test reports manage daily and update to close the open issues on time to closure
  • Creation of additional CONNECTIVITY security test cases including corner cases and test cases based on Failure Mode Effect Analysis
  • Perform Functional, performance, stability testing and regression testing of new and existing  CONNECTIVITY security enhancements utilizing bench top testers, in-vehicles and ride and drives
  • Oversee the CONNECTIVITY security testing done by CONNECTIVITY provider & 3rd party vendors. Assess the severity and priority of defects and issues written by the developing supplier and their delegates.
  • Defect creation, clarification, logging, retesting, and verification producing clear, accurate and reproducible defect assessments from which a Developer Engineer can resolve defects
  • Manage CONNECTIVITY 3rd party security penetration testing re-validation and regressions testing to make sure security defects are fixed.
  • Report CONNECTIVITY security penetration testing  validation results  and work with CONNECTIVITY Providers and 3rd party vendors to fix the security vulnerabilities
  • Work closely with CONNECTIVITY core security validation lead and capture the upcoming changes and send the requirements to CONNECTIVITY providers and 3rd party vendors to provide test cases and results
  • Responsible in going through the CONNECTIVITY system design documentation & FMEA review each time a CONNECTIVITY security requirements are implemented.
  • Work closely with CONNECTIVITY providers & 3rd party vendors to ensure they follow the Company core security requirements and ensure they support project specific CONNECTIVITY security engineering activities.
  • Maintain project tracking and provide status reports to senior leadership.
  • Identify and proactively resolve issues/conflicts within the project team
  • Communicate project status, progress on deliverables, risks/issues to stakeholders/leadership in a timely manner.
  • Collaborate with cross-functional teams including IT, Architects, Infrastructure team, Software engineers, developers, testers, technical leads, and deployment leads to ensure timely delivery of projects.
  • Ensure adherence to company CONNECTIVITY software development life cycle and delivery methodologies, guidelines and policies.
  • Attend company and Supplier weekly/daily meetings as required.
  • Responsible for transitioning to CONNECTIVITY Operations of CONNECTIVITY design documentation and all other CONNECTIVITY security deliverables.
  • Responsible for tracking and documenting all the Bug Bounty issues
  • Responsible to ensure the boundaries are met for security testing
Requirements:
  • Bachelor's Degree in Electrical Engineering, Computer Engineering, Computer Science
  • Certifications: CEH
  • A minimum of 5 years minimum experience in security IT field
  • A minimum of 5 years of experience as an Security Penetration tester
  • Demonstrated experience finding and exploiting vulnerabilities with Connected IoT devices, network infrastructure, web, Mobile applications and database systems.
  • Experience with vulnerability scanning and penetration testing tools and techniques.
  • Familiarity with regulatory/compliance requirements (e.g., PCI, HIPAA, SOX), information security frameworks and controls (e.g., NIST, ISO, CoBIT).
  • Strong attention to detail and ability to document findings and convey information.
  • Ability to manage project deliverables and deadlines.
  • Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls.
  • Ability to identify and evaluate risk to In Vehicle, Mobile, Web & IT systems and communicate risks to management.
  • Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels.
  • Ability to clearly communicate with co-workers, management, clients and vendors.
  • Excellent verbal and written communication skills
Travel and Driving Notes:
  • Will be required to drive a company car.  A valid driver’s license is required as well as a clean driving record.
  • May be required to travel domestically and internationally up to 20%
V2Soft Offers market-competitive wages and excellent benefits. https://www.v2soft.com/careers/benefits
  • Medical, Dental and Vision benefits, which start immediately upon hire.        
  • 401K Retirement Savings Plan
  • 10 Paid Holidays
  • 10 Paid Vacation Days annually
  • Flexible spending
  • Long-term and Short-term disability insurance
  • Life and AD&D insurance
V2Soft is an Equal Opportunity Employer (EOE).