We are looking for a Security Officer – Penetration tester to join us as we expand. We are exploring a Red Team based approach and are looking for someone that follows the threat landscape closely and is a skilled penetration tester. We are looking for someone that can continuously try to hack and prove attack paths in the Polestar IT landscape and take responsibility for this more practical security testing.
Let us describe the challenge we offer
The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more markets will come at a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cyber security related and to protect against that a solid foundation of security practices are needed.
The department is organized in several areas. This role’s responsibilities will be to help us with Threat Watch & Pen Testing area that is supporting the Polestar organization with penetration and real-life attack threat knowledge skills. The idea is to continuously try to attack Polestar’s systems and also take help in that process by relevant third parties. Mainly you will attack the Polestar developed digital cloud-based systems but the Enterprise IT landscape is also on your radar. The car itself is penetration tested by other teams and you will connect with them, but competence in car hacking is more of a nice to have.
The other areas in the InfoSec department will provide other specialized skills, like cryptography, Security Architecture and Privacy to name a few.
People that are interested in security sometimes have a somewhat diverse background and skill base. So will your colleagues and we will all complement each other.
What you’ll do
The role will have as a main mission to take lead for Polestar’s approach to penetration testing and setup Red Team processes for us. You monitor the threat landscape and by that showcase attacks that we should worry about. In the Security Development Life Cycle, you assist in the Threat Modeling by assessing if attack paths are feasible and can understand if a previously low risk vector now has changed in risk level.
In Polestar we are still a new company. You will need to be able to both work with many different things and also chip in and bring your superpowers to use in other areas. You will report to the CISO of Polestar.
Tasks you will be accountable for:
- Perform internal penetration tests (web, network, mobile and others)
- Planning, executing, and managing Simulated Attack / including techniques described within the MITRE ATT&CK framework
- Manage projects through to completion, acting as a project lead, and clearly document and communicate findings with Polestar’s Cybersecurity Operations team and Polestar’s business units
- Showcase attacks to Polestar employees or as training videos so people understand threat actor’s capabilities
- Assist in the training of users and InfoSec staff in current threats by using workshops or short training sessions to give groups of developers new insights
Who you are
At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution. You are open-minded and while you shape and create you reflect on how that affects the other departments to create the best and most efficient protection for the company.
To be a great fit for this position we believe you have:
- 5+ years experience in either Red Teaming, Penetration Testing, Vulnerability Research, or Application Security (conducting formal security reviews)
- Experience translating technical concepts into language that is understood by software engineers, business and technical leaders
- Experience with common testing frameworks, such as the MITRE ATT&CK framework
- Proficiency in cloud security including reviewing cloud configurations and exploiting
- Experience in coding open source tools, contribute to security blogs, and participate in CTFs is a plus
- Experience of manage workshops and working through others
- Ability to learn new things fast, there are many systems to try to hack and many attacks to try out
- Good scoping skills of work ahead
- You can express what people must or need to do in a clear and convincing way
At Polestar, you will be part of a cross-functional and international team, with English as a natural language for written and spoken communication. Since Polestar’s in a scale up phase you thrive by working in a fast-paced environment.
People at Polestar
We know that a change is needed. We also know that each one of us can help bring about that change. Our commitment to becoming climate-neutral by 2040 is just as important to us as being inclusive, diverse, and innovative. Together, we are creating, collaborating and experimenting to usher in a new era of sustainable mobility.
We are an electric performance brand, determined to improve the society we live in.
Is this you? If you are interested in joining the Polestar family, don’t wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.
Are you ready for the journey? Which is electric by the way…