Description: Our client is currently seeking a Senior Product Cybersecurity GRC Engineer
This job will have the following responsibilities:
Here is the job description for your review:
Role:Product Cybersecurity Engineer
Job Type: Contract
Location: Wyoming, MN or Novi, MI or Remote
Job Description:
TOP SKILLS/REQUIREMENTS:
Must Haves:
Experience conducting Threat Analysis and Risk Assessment (TARA). This team will complete both internal and external requests for feature and architectural level requests to the interface. Their team is backlogged on this currently.
Understanding of cybersecurity architecture, controls, and programming
3+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas. This person will work with the team to define strategy and security architecture for connected vehicle security- using the above skills to secure interfaces.
Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.
Experience or knowledge setting up and managing Key Management systems. They have others on the team who can assist with this, but the purpose behind it is that this team works with their service providers to issue security certificates which enable secure communication between the physical vehicle and their back office.
Nice to haves:
Experience with Itemis Secure (or similar) to perform (TARAs). This would be a huge plus for the team, but is not required.
Prior automotive experience, prior powersports experience is even better!
Understanding of cybersecurity architecture, controls, and programming
Experience conducting Threat Analysis and Risk Assessment (TARA)
Experience with Itemis Secure (or similar) to perform (TARAs)
ESSENTIAL DUTIES & RESPONSIBLITIES
Support the Chief Cybersecurity Engineer in developing, communicating, and implementing client's enterprise-wide product cybersecurity strategy & roadmap
Provide guidance to stakeholders (product owners, development teams, system engineers) on security concerns and recommended controls
Execute threat analysis and risk assessment (TARA) on vehicle, feature, system and component levels and mitigate identified risks by defining appropriate cybersecurity controls to the risks
Develop, refine, and review cybersecurity requirements and gain approval from Chief Cybersecurity Engineer
Perform design reviews over internal and external cybersecurity solutions and mitigate cybersecurity weaknesses or vulnerabilities throughout of product life cycle
Define in-vehicle cybersecurity architectures, develop cybersecurity controls, e.g., secure boot, secure reprogramming, security access, IDS/IPS, etc. and secure vehicle to back-office communication interfaces
Manage and provide guidance on key management system and internal use of PKI, support supplier usage of client PKI system, collaborate with the KMS vendor to resolve issues quickly
Collaborate with Ride Command team to ensure a robust overall connected ecosystem cybersecurity from a product, app, web, and cloud standpoint
Support triage and prioritization of vulnerabilities identified during verification and validation phases, e.g., static code analysis, OSS vulnerability scanning, fuzz testing, penetration testing
Support institutionalization of ISO/SAE 21434 processes across client and produce ISO/SAE 21434 compliant work products
Support regulatory compliance such as UNR 155, CRA, Radio Equipment Directive
Support supply chain integrity and security initiatives to secure client's supply chain, e.g., HBOM, SBOM, etc.
Promote cybersecurity culture by providing cybersecurity training to team members on a regular basis
Additionally, you may:
Support internal and external connected device penetration testing execution
Support cybersecurity validation engineer in root cause analysis
Participate in and support Auto-ISAC working group
Investigate new cybersecurity technologies and recommend appropriate technologies to adopt in vehicles
Analyze connected vehicles related cybersecurity intelligence and share with broader team
Adopt product cybersecurity industry best practices for continuous improvement
SKILLS & KNOWLEDGE
Minimum Qualifications:
Bachelor's degree in computer science, computer engineering, software engineering, electrical engineering, IT security or other relevant domains
3+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas
Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.
Experience with setting up and managing KMS, PKI, CA, certificate/key generation, distribution, storage, renewal, revocation, etc.
Experience with conducting threat analysis and risk assessment
Experience with developing cybersecurity goals and requirement specifications
Experience with designing cybersecurity controls, such as secure boot, secure reprogramming, security access, security gateway, IDS, IPS, security hardening, etc.
Experience with SELinux, App Armor, Hypervisor, TEE, HSM, etc.
A self-starter with minimum supervision
Excellent written and verbal communication skills
Preferred Qualifications:
Advanced degree in cybersecurity
10+ years of experience in automotive product cybersecurity
Experience with symmetric and asymmetric cryptography, digital signature, hash, message authentication, encryption, key exchange
Experience with developing telematics, infotainment, or other connected ECUs
Experience with implementing and executing ISO/SAE 21434 processes
Understanding of cybersecurity regulations, standards and best practices, e.g., UNR 155, CRA, Radio Equipment Directive, Machinery Regulation, ISO/SAE 21434, NIST/NHTSA/Auto-ISAC best practices, etc.
Experience with CAN, CAN-FD, J1939, Ethernet, USB, SPI, UART, JTAG, etc.
Understanding of embedded RTOS and Linux based operating systems
Experience with reporting, managing, and closing security issues in tools such as Jira
Experience with at least one modern software programming language (C, C++, C#, Python, Java, etc.)
Experience with Itemis Secure to perform TARAs
Contact: bpant@judge.com
This job and many more are available through The Judge Group. Find us on the web at www.judge.com
