OBS! Ansökningsperioden för denna annonsen har
passerat.
Arbetsbeskrivning
We are looking for a Security Officer to lead our Threat Watch & Pen Testing competence area. We are exploring a Red Team-based approach and are looking for someone that follows the threat landscape closely and is a skilled penetration tester. We are looking for someone that can continuously try to hack and prove attack paths in the Polestar IT landscape and take responsibility for this more practical security testing.
If you are reading this, you probably already know that Polestar is an electric performance car brand. We work hard to create a unique experience for the customer, owner, and driver. The thrill of driving the car, the digital experience of buying, owning, and controlling a Polestar require us to push the limits of technology and software development. Sustainability has been there from the beginning, and we have set a moonshot goal for climate-neutral cars in 2030. There is an ocean of opportunities in this for talented IT professionals who want to dive in and make a difference.
The Information Security Department
The Information Security department in Polestar is expanding as the company is growing. Polestar is active in many countries and more markets will come at a rapid pace. The IT landscape complexity is growing and in Information Security we need to keep the company safe from a diverse set of threats. The main threats are cybersecurity-related and to protect against that a solid foundation of security practices are needed.
The department is organized in several areas. This role will be to take the lead in the Threat Watch & Pen Testing area that is supporting the Polestar organization with penetration and real-life attack threat knowledge skills. The idea is to continuously try to attack Polestar’s systems and also take help in that process by relevant third parties. Mainly you will attack the Polestar developed digital cloud-based systems but the Enterprise IT landscape is also on your radar. The car itself is penetration tested by other teams and you will connect with them, but competence in car hacking is more a nice to have.
The other areas in the InfoSec department will provide other specialized skills, like cryptography, Security Architecture and Privacy to name a few. People that are interested in security sometimes have a somewhat diverse background and skill base. So will your colleagues and we will all complement each other.
About the role
The role will have as a main mission to take lead for Polestar’s approach to penetration testing and assess if a Red Team setup will work for us. You monitor the threat landscape and that showcase attacks that we should worry about. In the Security Development Life Cycle, you assist in the Threat Modeling by assessing if attack paths are feasible and understand if a previously low-risk vector now has changed in risk level.
In Polestar we are still a new company. You will need to be able to both work with many different things and also chip in and bring your superpowers to use in other areas. You will report to the CISO of Polestar.
What you will do
- Define and rollout an approach to penetration testing and investigate Red Teaming. You will also actively do penetration tests continuously.
- Monitor threat landscape and perform attacks on Polestar digital ecosystem. There is an infinite number of good practices out there, but the real risks based on a real threat agent using a vulnerability is a different thing. So, you need to master the difference between risks and vulnerability. Your work can help us to understand if an attack path has become industrialized and thereby help in attack vectors risk assessment in a very concrete way.
- Showcase attacks to Polestar employees or as training videos so people understand threat actors capabilities
- Assist in the training of users and InfoSec staff in current threats by using workshops or short training sessions to give groups of developers’ new insights
Personal Qualities
- At Polestar we are building a new company. That requires that you are a shaper, i.e., you can create a process where the is none today and you are the one that proposes a solution.
- You want to create the best and most efficient protection for the company
- Open-minded. While you shape and create, the reflection on how security is adapted to the
- You can express what people must or need to do in a clear and convincing way
- Manage workshops and working through others
Skills
- Penetration testing (web and cloud technologies and infrastructure. Penetration testing of the car is not in scope yet). Hacking of AWS cloud systems (lambda microservices-based) with web frontends is the main skill we are looking for, but Azure and Google cloud is also in scope.
- Fast learner, there are many systems to try to hack and many attacks to try out
- Good scoping skills of work ahead
- Risk management and Threat Modeling is a big plus
Polestar - the guiding star
Polestar is an electric performance brand, determined to improve the society we live in by catalyzing the change to sustainable mobility. We are a global team of highly talented individuals who share a passion to change the world. We challenge conventions and we challenge ourselves for the purpose of innovation. We believe innovation is a team effort and that just like each component is critical to the performance of our cars each person working at Polestar is as important to the team and its performance. We work in close collaboration across empowered global teams that don’t settle for anything less than excellence.
Is this you? If you are interested in joining the Polestar family, don't wait with submitting your application. We apply a continuous selection process and the job post will be open until the position is filled.
Questions?
If you have any questions, contact:
John Karman
Head of Information Security (CISO)
46 734340612 john.karman@polestar.com