Security Analyst II

Location: Noida, India

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Gurugram, Bengaluru and Mumbai, among others. Over 2200 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India’s growth story by sharing its technologies and expertise in Defence, Aerospace and Cyber & Digital sectors. Thales has two engineering competence centres in India - one in Noida focused on Cyber & Digital business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs. The Group has also established an MRO (Maintenance, Repair & Overhaul) facility in Gurugram to provide comprehensive avionics maintenance and repair services to Indian airlines and support the growth of the local aviation industry.

We are looking for an Automotive Embedded Penetration Tester with strong hands-on experience in ECU, in-vehicle networks, and automotive protocols. The role involves performing security assessments on automotive ECUs, vehicle architectures, and connected components in line with ISO/SAE 21434 and UNECE R155.

Key Responsibilities

• Perform penetration testing and security assessments on automotive ECUs
• Conduct embedded and hardware security testing, including:
  • UART, SPI, I2C, JTAG, SWD
  • Debug interface analysis and secure boot validation
• Assess in-vehicle communication protocols:
  • CAN, CAN-FD, LIN, FlexRay, Automotive Ethernet
• Perform UDS security testing:
  • Security Access (Seed-Key)
  • Diagnostic session abuse
  • NRC analysis and fuzzing
• Analyze ECU firmware:
  • Firmware extraction, reverse engineering
  • Static & dynamic analysis
• Execute threat modeling and risk assessments (TARA)
• Validate security controls for:
  • Secure boot, secure flashing
  • Key management and crypto usage
• Document findings with clear risk impact and remediation guidance
• Support compliance activities for ISO 21434, UNECE R155/R156

Mandatory Skills

• Strong knowledge of embedded systems and automotive ECUs
• Hands-on experience with automotive pentesting tools:
  • CANoe / CANalyzer
  • BusMaster
  • UDS tools, Scapy-CAN
  • Ghidra / IDA (basic to intermediate)
• Solid understanding of:
  • Cryptography fundamentals (AES, RSA, ECC, HMAC)
  • Secure boot and firmware update mechanisms
• Experience with Linux-based testing environments
• Ability to read and understand Embedded C / C++ code

Good to Have

• Experience in hardware fault injection (voltage glitching, clock glitching)
• BLE / UWB / Digital Key security testing
• Python scripting for automation and fuzzing
• Experience auditing labs or processes against ISO 27001
• Automotive cybersecurity certifications (e.g., ISO 21434 Lead Implementer)

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.