Ford Motor Company pentesting

joemc3joemc3 Member Posts: 141 ■■■□□□□□□□
If you are in the metro Detroit area Ford is spinning up a pen testing team.

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    Is it for their automotive control systems, or just standard corporate things?
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • joemc3joemc3 Member Posts: 141 ■■■□□□□□□□
    I just heard about it the other day, but it has been open for awhile. I used to work at Ford and it's a great place to work, but things move slow there.

    A penetration testing / ethical hacking team is being created within Ford IT. Focus in the first year will be creation of the team, building skills and required process definition. Following the initialization of the team, as the group meets objective performance metrics, the focus will be on scaling out the team and operating penetration testing on a continuous basis. This position will be at the center of tooling and process decisions early on, and will grow into a delivery role as the team matures. The role will focus on both internal testing, and supporting third party penetration testing efforts.

    Responsibilities:
    • Scoping of penetration tests, use cases, and timing
    • Development of ‘rules of engagement’ with partners
    • Performing ethical hacking tests within explicit bounds
    • Capture test findings, communicate repeatable process steps
    • Develop and communicate recommendations on findings remediation
    • Creation of testing reports and delivery of results to management
    • Continuous improvement of testing processes and methodologies
    • Coordinate and function as an SME to third-party penetration testing efforts, as needed
    Job Requirements:

    Basic Qualifications:
    • Bachelor’s Degree in Computer Science or related IT field of study
    • 2+ years of security experience
    • 2+ years of penetration testing experience

    Preferred Qualifications:
    • Working knowledge of ISO27001
    • CISSP certification
    • Deep experience in IP based networking
    • Strong encryption background
    • Broad Operating System knowledge
    • Previous Security Experience with Cellular Carriers
    • Demonstrable Threat Modeling experience
    • This role will span both traditional IP based infrastructure as well as in-vehicle technologies - working knowledge of vehicle-based security protocols is a big plus
  • FillAwfulFillAwful Member Posts: 119 ■■■□□□□□□□
    The "Previous Security Experience with Cellular Carriers" I find interesting. That's how Charlie Miller and Brett Valasek remotely took over the Jeeps last year. Through Sprint's wireless network.
  • botnickbotnick Member Posts: 13 ■□□□□□□□□□
    This sounds very cool, while I'm not yet qualified for a position like this due to lack of experience, I have studied automotive security research and my career is aimed in that direction. I believe I saw a position pop up on LinkedIn for this team the other day.

    Out of curiosity are you in touch with this team OP? It'd be interesting to hear the details of what's going on as far as this is concerned. I live in Detroit, have a lot of close connections who are loving their jobs with Ford. Would love to work with them in the future.
  • RoyalRavenRoyalRaven Member Posts: 142 ■■■□□□□□□□
    I get pinged weekly to work there in Dearborn. Too far of a commute for my liking. If I see the city in the recruiter emails, I know who its for :)
  • joemc3joemc3 Member Posts: 141 ■■■□□□□□□□
    RoyalRaven wrote: »
    I get pinged weekly to work there in Dearborn. Too far of a commute for my liking. If I see the city in the recruiter emails, I know who its for :)
    Pretty much this. If it's in dearborn it most likely is Ford. Likewise with Auburn Hills. However, many tiered suppliers...
Sign In or Register to comment.