Job Description

Societe
RNTBCI PL
Descriptif du poste
: Connected Cars IoT/Mobile Application Penetration Tester
CSMS Mobile Application Penetration Tester / IOT Tester
We are seeking a skilled Application Penetration Tester to join our team and contribute to the security assessment of next generation connected vehicles. As a Connected Cars IoT/Mobile Application Penetration Tester, you will play a crucial role in identifying and mitigating security vulnerabilities in in-vehicle infotainment (IVI), telematics, key fob systems, mobile applications and, enhancing the security of IoT-enabled vehicles.
Key Responsibilities• Conduct penetration tests on connected car components, including ECUs (Electronic Control Units), communication modules, and mobile apps.
• Analyse firmware and software for vulnerabilities.
• Evaluate the security of in-vehicle apps, telematics systems, and mobile interfaces.
• Perform penetration testing on in-vehicle communication protocols (CAN, LIN, Ethernet) and wireless interfaces (Bluetooth, Wi-Fi, cellular).
• Define custom security test cases and scripts to assess interfaces such as OBD-2 ports, USB ports, etc.
• Utilize open-source tools (e.g., Hack-RF, CANAlyzer, rubber-ducky, Ubertooth, IDA-Pro) to simulate attacks.
• Perform grey box assessments on mobile applications, and vehicle management applications.
• Identify vulnerabilities in IVI systems, telematics units, and mobile apps.
• Collaborate with cross-functional teams to remediate security issues.
• Develop custom scripts and tools for testing and exploitation.
• Stay up to date with the latest security threats and vulnerabilities specific to connected cars, mobile apps and IoT ecosystems.


Qualifications• Bachelor's degree in computer science, Cybersecurity, or a related field.
• Proven experience in mobile application security testing.
• Familiarity with mobile platforms (iOS, Android) and, with automotive communication protocols (CAN, UDS, etc.).
• Understanding of the vehicle architecture and CAN (Controller Area Network) bus communication.
• Hands-on experience with security tools (Burp Suite, Wireshark, Metasploit, etc.).
• Hands on knowledge in Reverse engineering of mobile apps both (android and iOS).
• Binary analysis using Ghidra and IDaPro.
• Strong knowledge in developing custom frida scripts for process hooking.
• Certifications such as CEH, OSCP, or OSCE, eMAPT are a plus.
• Proficiency in operating systems (Linux, Windows), networks, and Active Directory.
• Strong analytical skills and attention to detail.
• Ability to think like an attacker and anticipate potential threats.
• Passion for automotive security and a desire to make a positive impact.
• Excellent communication skills to convey findings and recommendations.


If you are passionate about automotive security and want to contribute to the safety of connected vehicles, we encourage you to apply!
Metier
Technologies & Systemes D'information
Renault Group s'engage a creer un environnement de travail inclusif et les conditions permettant a chacun de nous d'apporter sa passion, donner le meilleur de lui-meme et s'epanouir, tout en etant lui-meme.



Nous trouvons notre force dans notre diversite et nous nous engageons a garantir l'egalite des chances en matiere d'emploi, independamment de la couleur, de l'ascendance, de la religion, du sexe, de l'origine nationale, de l'orientation sexuelle, de l'age, de la citoyennete, de l'etat civil, du handicap, de l'identite de genre, etc. Si vous avez un handicap ou un besoin particulier necessitant l'amenagement du poste de travail ou de l'horaire de travail, merci de nous le faire savoir en remplissant ce formulaire.
Afin de pouvoir suivre en temps reel l'evolution de vos candidatures et pouvoir rester en contact avec nous, nous vous invitons a creer un compte candidat. Cela ne vous prendra pas plus d'une minute et vous permettra egalement de faciliter vos prochaines candidatures.



En soumettant votre CV ou votre candidature, vous autorisez Renault Group a utiliser et stocker des informations vous concernant a des fins de suivi de votre candidature ou de futurs emplois. Ces informations ne seront utilisees que par les societes de Renault Group tel que mentionne dans la Politique Groupe de protection des donnees personnelles.