VSOC Analyst - Security Tools Developer

Job Title: VSOC Analyst , Security Tools Developer

Overview:

We are seeking a mid-level security professional to join our Vehicle Security Operations Center (VSOC) team and focus on designing, building, and improving security tools. In this role, you will help detect and respond to threats targeting connected vehicles and related infrastructure while creating and maintaining specialized tools for threat detection, firmware analysis, network enumeration, and security assessments. A successful candidate will have intermediate-level cybersecurity experience, strong development skills in Python/C, and a passion for building solutions that protect modern automotive ecosystems.

Key Responsibilities:

1. Security Tool Development

• Automated Threat Detection: Develop and maintain scripts, modules, or full-fledged applications (in Python, C, etc.) to identify malicious behavior in real time.
• Firmware Analysis & Data Gathering: Create tools to extract, parse, and analyze firmware images, identifying potential vulnerabilities or indicators of compromise.
• Network Enumeration: Implement enumeration capabilities for connected devices, scanning for open ports, services, and known vulnerabilities in automotive or supporting networks.
• Threat Modeling: Collaborate with security architects and engineering teams to design tools that simulate potential attack vectors on vehicle electronics, wireless interfaces, back-end systems, and applications.
• Security Assessment Tools: Build or integrate solutions for testing wireless protocols, OS, and applications used in the automotive ecosystem (e.g., Wi-Fi, Bluetooth, cellular, infotainment).

• Monitor security events across in-vehicle networks, embedded systems, and supporting infrastructure.
• Perform initial triage and investigation of alerts before escalating complex incidents to Tier 2 or Tier 3 analysts.
• Use custom-built tooling and threat intelligence to quickly identify and prioritize threats.

• Coordinate event logging and alerting from multiple data sources, including vehicle telemetry, SIEM platforms, and cloud services.
• Conduct deep-dive analyses of security events and recommend improvements to detection logic and correlation rules.
• Continuously refine detection capabilities by incorporating lessons learned from security research or real-world incidents.

• Integrate new data sources (e.g., firmware scans, network enumerations, wireless assessments) into SIEM platforms (Splunk etc.).
• Develop custom dashboards, rules, and queries to filter noise, highlight anomalies, and surface critical threats.
• Ensure scalability and efficiency of data ingestion processes, working closely with DevOps and infrastructure teams.

• Apply basic UX best practices to design intuitive interfaces, streamlined workflows, and clear visualizations for both custom tools and SIEM dashboards.
• Gather feedback from VSOC analysts to improve usability, effectiveness, and speed of security tools.

• Adhere to established SOPs, Incident Response Plans, and automotive security regulations (e.g., ISO/SAE 21434, UNECE WP.29).
• Contribute to the creation and continuous improvement of SOPs by integrating insights from tool development and incident handling.

• Work closely with cross-functional teams (vehicle engineering, software development, IT operations) to align tool functionality with broader security requirements.
• Thoroughly document new tools, libraries, processes, and code repositories to ensure consistent use and ongoing maintainability.
• Communicate findings, metrics, and recommendations to both technical and non-technical stakeholders.

Qualifications:

• Education & Experience
• Bachelor’s degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field (or equivalent practical experience).
• 3+ years of v, or a related role.
• Familiarity with automotive security or embedded systems (ISO/SAE 21434, UNECE WP.29) is a plus, but not mandatory.
• Technical Skills
• Proficiency in Python and C for automated tooling (e.g., firmware analysis, network enumeration, threat modeling).
• Experience with standard SOC tools and processes (SIEM platforms, IDS/IPS, EDR, log management, etc.).
• Strong understanding of networking fundamentals (TCP/IP, DNS, firewalls) and experience analyzing network traffic.
• Basic knowledge of wireless technologies (Wi-Fi, Bluetooth, cellular) and cloud platforms (AWS, Azure, GCP).
• Familiarity with containerization (Docker, Kubernetes), CI/CD pipelines, and DevSecOps principles is beneficial.
• Soft Skills
• Strong analytical and problem-solving skills, with attention to detail.
• Effective communication, able to convey complex security concerns to diverse audiences.
• Proactive mindset, collaborating well in a fast-paced, evolving security environment.
• Certifications (Nice-to-Have)
• CompTIA Security+, GIAC (e.g., GCIH, GCDA), or other relevant security certifications.
• Automotive cybersecurity training or credentials.