Cybersecurity Engineer

Who are we?
Volvo Cars is a company on a mission; to bring traditional car manufacturing into a connected, sustainable and smart future.
Since 1927, we have been a brand known for our commitment to safety, creating innovative cars that make life less complicated for our consumers. In 2010, we decided to transform our business, resulting in a totally new generation of cars and technologies, as well as steady growth and record sales. Today, we’re expanding our global footprint in Europe, China and the US, and we’re on the lookout for new talent.
We are constantly pushing our own skills and abilities to drive change in the automobile industry like never before. We are looking for innovative, committed people to join us in this endeavour and create safe, sustainable and connected cars. We believe in the power of people and will challenge and support you to reach your full potential. Join us and be part of Volvo Cars’ journey into the future.

What we offer
Volvo Cars have an ambitious growth plan for connected functionality and autonomous drive. To mitigate the threats presented to a connected autonomous vehicle, we have a solid foundation of competence within our very dedicated Cybersecurity Team. To be able to meet the future needs, are we now expanding the team. Are you a passionated Cybersecurity Engineer who likes to become a member of an agile development team with great team spirit? Then this is the opportunity for you!

Volvo Cars have a holistic approach to in-vehicle security, spanning the complete vehicle lifecycle, involving technology for protection and detection, as well as threat intelligence and incident response.  Volvo Cars Cyber Security Group is located in both Gothenburg and Lund and this position is open for both locations.

What you’ll do
You get inspired by our mission to give our customers “Freedom to move”. You will use your deep knowledge to analyse and enhance the protective measures that we install in all parts of the in-vehicle embedded system. You will be a part of vulnerability tests, security assessments and risk analysis activities related to in-vehicle communication independently or as a part of a team. You will collaborate with concept owners to establish verification methods and work closely with the automation team who automates test cases into the Continuous Integration (CI) machinery.

You will develop security mechanisms and help receiving teams implement them by supporting or implementing a concept that Security Group owns and share with the company. You will get the chance to work within different test environments, i.e. real cars as well as Boxcars or similar settings and are excepted to demonstrate critical thinking and creative analytical skills to for example identify vulnerabilities/attack vectors that are difficult to detect.

You and your skills
We believe that you have a strong interest for Cybersecurity and have a M.Sc. degree in Software, Electrical or Computer engineering, equivalent education or relevant experience. You are proficient in programming languages such as C/C++ and Python/Bash/CAPL and in the English language. You are committed to high delivery quality and have the ability to proceed your work without having all facts at hand before you start. You are experienced with agile development and you will need a couple of years of relevant professional experience of developing security solutions in vehicle or other embedded environments.

Meritorious
Competence to examine security from a holistic view, including threat modelling, risk, and vulnerability assessment. Knowledge and experience on vehicle networks and communication protocols such as CAN, TCP/IP, IEEE 802.11x, BLE, and Bluetooth. Experience of one or several tools such as Wireshark, CANalyzer and CANoe. Previous knowledge of automotive related standards such as UDS and SOME/IP. Experience with reverse engineering, pen-testing for embedded devices and of Metasploit framework and Kali Linux OS. International Software Testing Qualifications Board (ISTQB) certification. Other security related certifications such as CISSP and CEH. Code Reviews (Gerrit etc). Threat Modeling (Heavens).  Static/Dynamic/Interactive Code and 3rd party analysis tools and processes. Security in the Cloud. Embedded systems, IoT and Hardware based attacks. 

How to learn more and apply
Please apply as soon as possible, note that  selection will be running continuously.  Please note that we do not accept applications via e-mails.
#LI-CS1