Purple Teaming Engineer - Embedded Security

Job Summary

We are seeking a Purple Teaming Engineer with hands‑on experience in both offensive and defensive security, with a focus on embedded systems.

The ideal candidate will have practical experience with SOC operations, adversary simulation, detection engineering, and security testing across embedded or cloud‑connected systems.

You will play a key role in executing threat emulation, automating adversary TTPs, and enhancing detection capabilities in collaboration with Red and SOC team.

Experience with vehicle SOC and security operations is a plus.

• Operationalize Purple Team and Attack Simulation exercises across embedded and cloud‑connected systems.
• Develop and execute adversary simulation plans that align with threat intelligence.
• Collaborate with Red and Blue teams to identify detection gaps and improve SOC effectiveness.
• Identify relevant log sources across assets, ECUs, and infrastructure; document the type, location, and format of logs required for effective cybersecurity anomaly detection.
• Regularly review the availability, completeness, and integrity of logs; highlight gaps and work with asset/ECU owners to ensure alignment with best security logging practices.
• Share recommendations with system and asset owners on required logging improvements, event visibility, and adherence to secure logging practices.
• Support offensive testing across RTOS, Linux, Android, and MCU‑based systems.
• Draft and present technical reports and summaries of Purple Team activities to technical and management stakeholders.
• Communicate findings, detecting weaknesses, meeting the logging requirements and prioritized remediation strategies.

• Work closely with SOC & Red teams to convert threat intel into actionable TTPs and test cases.
• Support SOC operations and help validate detection logic with real‑world simulations.
• Assist in control validation, SIEM optimization, and threat modeling automation.
• Provide mentorship to junior team members on simulation workflows and embedded systems.
• Contribute to the ongoing development of the team’s offensive and defensive testing capabilities.

• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, or Information Technology and at least 5 years of professional experience.
• 3–6 years of combined experience in Red Teaming, SOC, detection engineering, or embedded security testing.
• Strong knowledge of MITRE ATT&CK, threat simulation tools, and detection principles.
• Experience working with embedded Linux, Android systems, RTOS, or MCU platforms.
• Familiarity with SIEM systems (e.g., Splunk, ELK), log analysis.
• Proficiency in scripting/automation using Python.
• Exposure to network security, including packet analysis and custom protocol fuzzing.
• Exposure with vehicle communications (CAN, UDS, DoIP, BLE, MQTT, etc.).
• Strong technical writing and communication skills for documentation and stakeholder engagement.

• Experience in vehicle cybersecurity/SOC or embedded threat detection.
• Familiar with tools like Burp Suite, Ghidra, Binwalk, or custom fuzzers.
• Experience simulating or detecting low-level attacks, including firmware tampering, memory corruption, and secure boot bypasses.
• Understanding of cloud security architecture related to embedded platforms.
• Working knowledge of SIEM solutions, telemetry pipelines, and threat hunting frameworks.