Purple Teaming Engineer - Embedded Security
Job Description
About Lucid
At Lucid, we are creating exceptional mobility experiences through innovation to drive the world forward. Built on Lucid’s proprietary technology and software-defined vehicle architecture, our award-winning vehicles bring our “Compromise Nothing™” approach to the global automotive market. That means refusing to choose between performance and sustainability, design and engineering, ambition and integrity. In Lucid Air and Lucid Gravity, we have designed and built vehicles that have redefined their segments, combining exceptional range, performance, design, and expansive space in a single experience.
We achieve this through deep vertical integration, with design, engineering, and production happening in-house across our global offices and manufacturing facilities. Our teams come from industries around the world, united by a shared commitment to excellence. By refusing to settle, you can help redefine what’s possible and shape the future of mobility.
Job Summary:
We are seeking a Purple Teaming Engineer with hands-on experience in both offensive and defensive security, with a focus on embedded systems.
The ideal candidate will have practical experience with SOC operations, adversary simulation, detection engineering, and security testing across embedded or cloud-connected systems.
You will play a key role in executing threat emulation, automating adversary TTPs, and enhancing detection capabilities in collaboration with Red and SOC team.
Experience with vehicle SOC and security operations is a plus.
Key Responsibilities:
• Operationalize Purple Team and Attack Simulation exercises across embedded and cloud-connected systems.
• Develop and execute adversary simulation plans that align with threat intelligence.
• Collaborate with Red and Blue teams to identify detection gaps and improve SOC effectiveness.
• Identify relevant log sources across assets, ECUs, and infrastructure; document the type, location, and format of logs required for effective cybersecurity anomaly detection.
• Regularly review the availability, completeness, and integrity of logs; highlight gaps and work with asset/ECU owners to ensure alignment with best security logging practices.
• Share recommendations with system and asset owners on required logging improvements, event visibility, and adherence to secure logging practices.
• Support offensive testing across RTOS, Linux, Android, and MCU-based systems.
• Draft and present technical reports and summaries of Purple Team activities to technical and management stakeholders.
• Communicate findings, detecting weaknesses, meeting the logging requirements and prioritized remediation strategies. Collaborative Objectives:
• Work closely with SOC & Red teams to convert threat intel into actionable TTPs and test cases.
• Support SOC operations and help validate detection logic with real-world simulations.
• Assist in control validation, SIEM optimization, and threat modeling automation.
• Provide mentorship to junior team members on simulation workflows and embedded systems.
• Contribute to the ongoing development of the team’s offensive and defensive testing capabilities.
Required Qualifications:
• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, or Information Technology and at least 5 years of professional experience.
3–6 years of combined experience in Red Teaming, SOC, detection engineering, or embedded security testing.
• Strong knowledge of MITRE ATT&CK, threat simulation tools, and detection principles.
• Experience working with embedded Linux, Android systems, RTOS, or MCU platforms.
• Familiarity with SIEM systems (e.g., Splunk, ELK), log analysis.
• Proficiency in scripting/automation using Python.
• Exposure to network security, including packet analysis and custom protocol fuzzing.
• Exposure with vehicle communications (CAN, UDS, DoIP, BLE, MQTT, etc.).
• Strong technical writing and communication skills for documentation and stakeholder engagement. Preferred Qualifications:
• Experience in vehicle cybersecurity/SOC or embedded threat detection.
• Familiar with tools like Burp Suite, Ghidra, Binwalk, or custom fuzzers.
• Experience simulating or detecting low-level attacks, including firmware tampering, memory corruption, and secure boot bypasses.
• Understanding of cloud security architecture related to embedded platforms.
• Working knowledge of SIEM solutions, telemetry pipelines, and threat hunting frameworks.
Compensation & Benefits: Lucid offers a comprehensive and competitive benefits package including medical, dental, and vision insurance; life and disability coverage; paid time off; paid holidays; and a 401(k) retirement plan. Eligible employees may also participate in Lucid’s equity program and/or a discretionary annual cash incentive program. Incentive and equity awards, if applicable, are determined based on individual performance, role scope, market considerations, and overall company results, in accordance with the terms of the applicable plans.
Equal Opportunity: At Lucid, we believe diversity strengthens everything we build. Lucid Motors is proud to be an equal opportunity employer and is committed to providing an inclusive workplace for all. We consider all qualified applicants without regard to race, color, national or ethnic origin, age, religion, disability, sexual orientation, gender, gender identity or expression, marital status, or any other characteristic protected by applicable state or federal laws and regulations.
Accessibility: Lucid Motors is committed to providing reasonable accommodations for qualified individuals with disabilities. If you need any accommodation to participate in the application process, please contact us at [email protected].
Candidate Data Privacy: By submitting your application, you understand and agree that your personal data will be processed in accordance with our Candidate Privacy Notice.
To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to Lucid Motors. Lucid Motors is not responsible for any fees related to unsolicited resumes.