Ford Motor Company pentesting

joemc3

If you are in the metro Detroit area Ford is spinning up a pen testing team.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

OctalDump

Is it for their automotive control systems, or just standard corporate things?

joemc3

I just heard about it the other day, but it has been open for awhile. I used to work at Ford and it's a great place to work, but things move slow there.

A penetration testing / ethical hacking team is being created within Ford IT. Focus in the first year will be creation of the team, building skills and required process definition. Following the initialization of the team, as the group meets objective performance metrics, the focus will be on scaling out the team and operating penetration testing on a continuous basis. This position will be at the center of tooling and process decisions early on, and will grow into a delivery role as the team matures. The role will focus on both internal testing, and supporting third party penetration testing efforts.

Responsibilities:

Scoping of penetration tests, use cases, and timing
Development of ‘rules of engagement’ with partners
Performing ethical hacking tests within explicit bounds
Capture test findings, communicate repeatable process steps
Develop and communicate recommendations on findings remediation
Creation of testing reports and delivery of results to management
Continuous improvement of testing processes and methodologies
Coordinate and function as an SME to third-party penetration testing efforts, as needed

Job Requirements:

Basic Qualifications:

Bachelor’s Degree in Computer Science or related IT field of study
2+ years of security experience
2+ years of penetration testing experience

Preferred Qualifications:

Working knowledge of ISO27001
CISSP certification
Deep experience in IP based networking
Strong encryption background
Broad Operating System knowledge
Previous Security Experience with Cellular Carriers
Demonstrable Threat Modeling experience
This role will span both traditional IP based infrastructure as well as in-vehicle technologies - working knowledge of vehicle-based security protocols is a big plus

FillAwful

The "Previous Security Experience with Cellular Carriers" I find interesting. That's how Charlie Miller and Brett Valasek remotely took over the Jeeps last year. Through Sprint's wireless network.

botnick

This sounds very cool, while I'm not yet qualified for a position like this due to lack of experience, I have studied automotive security research and my career is aimed in that direction. I believe I saw a position pop up on LinkedIn for this team the other day.

Out of curiosity are you in touch with this team OP? It'd be interesting to hear the details of what's going on as far as this is concerned. I live in Detroit, have a lot of close connections who are loving their jobs with Ford. Would love to work with them in the future.

RoyalRaven

I get pinged weekly to work there in Dearborn. Too far of a commute for my liking. If I see the city in the recruiter emails, I know who its for

joemc3

RoyalRaven wrote: »

I get pinged weekly to work there in Dearborn. Too far of a commute for my liking. If I see the city in the recruiter emails, I know who its for

Pretty much this. If it's in dearborn it most likely is Ford. Likewise with Auburn Hills. However, many tiered suppliers...