Purple Teaming Engineer - Embedded Security
Job Summary:
We are seeking a Purple Teaming Engineer with hands-on experience in both offensive and defensive security, with a focus on embedded systems.
The ideal candidate will have practical experience with SOC operations, adversary simulation, detection engineering, and security testing across embedded or cloud-connected systems.
You will play a key role in executing threat emulation, automating adversary TTPs, and enhancing detection capabilities in collaboration with Red and SOC team.
Experience with vehicle SOC and security operations is a plus.
Key Responsibilities:
• Operationalize Purple Team and Attack Simulation exercises across embedded and cloud-connected systems.
• Develop and execute adversary simulation plans that align with threat intelligence.
• Collaborate with Red and Blue teams to identify detection gaps and improve SOC effectiveness.
• Identify relevant log sources across assets, ECUs, and infrastructure; document the type, location, and format of logs required for effective cybersecurity anomaly detection.
• Regularly review the availability, completeness, and integrity of logs; highlight gaps and work with asset/ECU owners to ensure alignment with best security logging practices.
• Share recommendations with system and asset owners on required logging improvements, event visibility, and adherence to secure logging practices.
• Support offensive testing across RTOS, Linux, Android, and MCU-based systems.
• Draft and present technical reports and summaries of Purple Team activities to technical and management stakeholders.
• Communicate findings, detecting weaknesses, meeting the logging requirements and prioritized remediation strategies. Collaborative Objectives:
• Work closely with SOC & Red teams to convert threat intel into actionable TTPs and test cases.
• Support SOC operations and help validate detection logic with real-world simulations.
• Assist in control validation, SIEM optimization, and threat modeling automation.
• Provide mentorship to junior team members on simulation workflows and embedded systems.
• Contribute to the ongoing development of the team’s offensive and defensive testing capabilities.
Required Qualifications:
• 3–6 years of combined experience in Red Teaming, SOC, detection engineering, or embedded security testing.
• Strong knowledge of MITRE ATT&CK, threat simulation tools, and detection principles.
• Experience working with embedded Linux, Android systems, RTOS, or MCU platforms.
• Familiarity with SIEM systems (e.g., Splunk, ELK), log analysis.
• Proficiency in scripting/automation using Python.
• Exposure to network security, including packet analysis and custom protocol fuzzing.
• Exposure with vehicle communications (CAN, UDS, DoIP, BLE, MQTT, etc.).
• Strong technical writing and communication skills for documentation and stakeholder engagement. Preferred Qualifications:
• Experience in vehicle cybersecurity/SOC or embedded threat detection.
• Familiar with tools like Burp Suite, Ghidra, Binwalk, or custom fuzzers.
• Experience simulating or detecting low-level attacks, including firmware tampering, memory corruption, and secure boot bypasses.
• Understanding of cloud security architecture related to embedded platforms.
• Working knowledge of SIEM solutions, telemetry pipelines, and threat hunting frameworks.
Additional Compensation and Benefits: Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k. The successful candidate may also be eligible to participate in Lucid’s equity program and/or a discretionary annual incentive program, subject to the rules governing such programs. (Cash or equity incentive awards, if any, will depend on various factors, including, without limitation, individual and company performance.)
By Submitting your application, you understand and agree that your personal data will be processed in accordance with our Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.
Apply for this job
*
indicates a required field