Purple Teaming Engineer - Embedded Security

Overview

Job Summary

Experience

Key Responsibilities

• Operationalize Purple Team and Attack Simulation exercises across embedded and cloud-connected systems.
• Develop and execute adversary simulation plans that align with threat intelligence.
• Collaborate with Red and Blue teams to identify detection gaps and improve SOC effectiveness.
• Identify relevant log sources across assets, ECUs, and infrastructure; document the type, location, and format of logs required for effective cybersecurity anomaly detection.
• Regularly review the availability, completeness, and integrity of logs; highlight gaps and work with asset/ECU owners to ensure alignment with best security logging practices.
• Share recommendations with system and asset owners on required logging improvements, event visibility, and adherence to secure logging practices.
• Support offensive testing across RTOS, Linux, Android, and MCU-based systems.
• Draft and present technical reports and summaries of Purple Team activities to technical and management stakeholders.
• Communicate findings, detecting weaknesses, meeting the logging requirements and prioritized remediation strategies. Collaborative Objectives:
• Work closely with SOC & Red teams to convert threat intel into actionable TTPs and test cases.
• Support SOC operations and help validate detection logic with real-world simulations.
• Assist in control validation, SIEM optimization, and threat modeling automation.
• Provide mentorship to junior team members on simulation workflows and embedded systems.
• Contribute to the ongoing development of the team’s offensive and defensive testing capabilities.

Required Qualifications

• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, or Information Technology and at least 5 years of professional experience.
• 3–6 years of combined experience in Red Teaming, SOC, detection engineering, or embedded security testing.
• Strong knowledge of MITRE ATT&CK, threat simulation tools, and detection principles.
• Experience working with embedded Linux, Android systems, RTOS, or MCU platforms.
• Familiarity with SIEM systems (e.g., Splunk, ELK), log analysis.
• Proficiency in scripting/automation using Python.
• Exposure to network security, including packet analysis and custom protocol fuzzing.
• Exposure with vehicle communications (CAN, UDS, DoIP, BLE, MQTT, etc.).
• Strong technical writing and communication skills for documentation and stakeholder engagement.

Preferred Qualifications

• Experience in vehicle cybersecurity/SOC or embedded threat detection.
• Familiar with tools like Burp Suite, Ghidra, Binwalk, or custom fuzzers.
• Experience simulating or detecting low-level attacks, including firmware tampering, memory corruption, and secure boot bypasses.
• Understanding of cloud security architecture related to embedded platforms.
• Working knowledge of SIEM solutions, telemetry pipelines, and threat hunting frameworks.

Additional Compensation and Benefits