Penetration Testing Specialist

Company Overview

At Daimler Truck, we change today’s transportation and create real impact together. We take responsibility around the globe and work together on making our vision become reality: Leading Sustainable Transportation. As one global team, we drive our progress and success together – everyone at Daimler Truck makes the difference. Together, we want to achieve a sustainable transportation, reduce our carbon footprint, increase safety on and off the track, develop smarter technology, and attractive financial solutions. All essential, to fulfill our purpose - for all who keep the world moving.

Job Summary

This role involves conducting and facilitating penetration (security) testing at the vehicle, component, and functional levels. The candidate will simulate real-world attack scenarios targeting embedded systems, automotive interfaces, wireless protocols, and connected services. A key responsibility includes supporting homologation and type approval audits at Daimler Truck AG manufacturing units.

Responsibilities

• Serve as the Subject Matter Expert (SME) for Vehicle & Component Security Testing requirements.
• Ensure that security testing is thorough and standardized to support Cybersecurity Management System (CSMS) and regulatory requirements.
• Champion Governance & Compliance from a Cybersecurity Verification & Validation perspective.
• Guide and assist team members in developing internal Security testing capabilities.
• Initiate and conduct Proof of Concept (POC), build lab environments, and enhance skills and capabilities.
• Contribute to the development and continuous improvement of Cybersecurity Verification & Validation (V&V) activities.
• Define, tailor, and execute/facilitate grey-box and black-box penetration testing at ECU, functional, and vehicle levels.
• Conduct fuzz testing on automotive interfaces and services to uncover unknown vulnerabilities.
• Ensure compliance with automotive cybersecurity standards and regulations such as ISO/SAE 21434, UNECE R155, AIS 189, and GB 44495.
• Perform penetration testing in both lab and on-site environments, with flexibility for travel.
• Conduct manual security code reviews to identify vulnerabilities in embedded software and connected systems.
• Document test findings with detailed risk assessments and technical evidence.
• Share recommendations on security hardening measures with internal and external teams.
• Onboard and collaborate with competent external suppliers.
• Occasionally conduct penetration testing of web applications, APIs, and mobile applications.

Qualifications

• 9–12 years of total experience in embedded systems or broader penetration testing domains.
• Minimum 6 years of hands-on experience in automotive penetration testing.
• Bachelor’s or Master’s degree in Electrical/Electronics Engineering, Embedded Systems, Cybersecurity, or a related field.
• Strong understanding of vehicle and ECU architecture, and automotive cybersecurity principles.
• Familiarity with microcontroller platforms and software architectures (e.g., AUTOSAR, QNX, Linux, Android).
• Proficiency in programming (C, CAPL, etc.) and scripting (Python, Bash) for test automation.
• Experience with automotive cybersecurity testing frameworks and tools.
• Hands-on security testing experience with:
  • Hardware-level interface testing (e.g., MCU, HSM, eMMC, JTAG, UART, Fault injection, Side Channel, etc.).
  • Automotive interfaces/protocols (e.g., OBD, UDS, CAN, Ethernet).
  • Wireless technologies (e.g., Bluetooth, Wi-Fi, Cellular/SDR - 4G/5G, etc.).
  • Connected Systems (Web/Mobile app, Server, APIs, Cloud, etc.).
  • Vehicle and ECU security features (e.g., secure communication, secure OTA, secure boot, secure diagnostics, firewall, IDS, logging, etc.).
  • Fuzz testing tools and techniques for automotive systems.
• Proficiency in reverse engineering firmware using tools like Ghidra or IDA Pro.
• Experience with rest bus simulation, flashing toolchains, and diagnostic tools (e.g., CANoe, vFlash, CANoe.DiVA).
• Experience conducting manual security code reviews for embedded and connected system software.
• Strong documentation, communication, and presentation skills.
• Proven stakeholder management skills, including cross-functional collaboration with engineering, compliance, and supplier teams.

Preferred Skills

• Industry certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester (GPEN), or equivalent.
• Experience with fault injection and side-channel attack simulations.
• Background in security research or conference presentations, including vulnerability discovery, technical publications, or community contributions.

Experience

• Minimum 9–12 years of experience in embedded systems or broader penetration testing domains. At least 6 years of hands-on experience specifically in automotive penetration testing.

Environment

Flexibility for travel is required as penetration testing may occur in both lab and on-site environments.

Salary

Estimated salary range is not specified.

Growth Opportunities

Potential career advancement opportunities within the cybersecurity domain at Daimler Truck may exist but are not explicitly outlined.

Benefits

• List of offered benefits is not specified.