Product Cybersecurity Engineer - Intermediate

Product Cybersecurity Engineer - Intermediate

Windsor, ON, CANADA    |
Job Description:
  • The Cybersecurity engineer will design cybersecurity measures and define cybersecurity specifications for organization’s Vehicle systems, ECU’s and Applications to reasonably protect road users from new cyber-threats arising from fast evolving vehicle functions and features.
  • This position will monitor and check the compliance of cybersecurity controls implemented in the organization’s products during the entire product development lifecycle.
  • This position will support suppliers to better understand and implement the organization’s cybersecurity requirements.
  • The core tasks of the Cybersecurity Engineer are summarized here:
    • Perform threat analysis including impact and feasibility to identify gaps in cybersecurity controls for vehicle systems, ECU’s and Applications
    • Capable of conceptualizing, defining, designing and implementing security systems and architectures
    • Elicit cybersecurity requirements to provide system requirements in order to satisfy customers aligned with regulations and corporate cybersecurity policy.
    • Review the supplier design and implementation to ensure that security controls are reasonably planned for implementation according to the organization’s requirements.
    • Understand and interact with key stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services
    • Provide clear risk mitigating directives for Connected vehicles, systems, and applications
    • Respond to supplier inquiries about requirements
    • Performing assessments and analyzing threats and attacks
    • Work with DRE’s and Application owners to mitigate risk
Requirements:
  • Bachelors from EE, Math, Computer Science or other scientific degrees with 3 years of experience around software development or ECU development
  • Minimum of 3 years of related experience (Such as: security research, system exploitation, cybersecurity engineering); Position level will be dependent on level of education, years of experience, knowledge, skills and abilities
  • Professional security certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or other similar security related certifications
  • TECHNICAL SKILLS required
    • Good knowledge of Connected Vehicle Cybersecurity
    • Good knowledge of common security patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, …)
    • Good knowledge of security protocols (e.g., , TLS, SSH, …)
    • Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management;
    • Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., AES, RSA, ECC);
    • Good knowledge of automotive operating systems (AutoSAR Classic and Adaptive, QNX, Linux, Android, others) and middleware
    • Basic knowledge of Connected Application integrations (Legato App framework, Automotive Android,QNX)
    • Basic knowledge of,C/C++, Java, Python, Kotlin programming language.
    • Basic knowledge of scripting language (e.g., jscript, bash, …);
    • Basic knowledge of UML language;
    • Basic knowledge of DOORs
    • Basic knowledge of software engineering
  • TECHNICAL SKILLS Preferred (minimum)
    • Basic knowledge of Connected Vehicle experience
    • Basic knowledge of Firmware Over-the-Air (FOTA) operations
    • Good knowledge of ISO 21434: Road Vehicle - Cybersecurity Engineering.
    • Good knowledge of Service Oriented Architecture design pattern and paradigm.
    • Ability to work collaboratively in multicultural teams;
    • Strong skills in technical writing and presenting;
    • Good self-organization and analytical skills;
    • Good proficiency in English.
  • a. Deep understanding of Cybersecurity controls applicable to Embedded Systems and Electronic Control Units (ECU’s) b. Threat and Risk Assessment awareness or experience (Risk = Impact X Feasibility) where Impacts are viewed from the view of the Road User on Safety, Operational, Financial and Privacy. c. Awareness/ability to understand vulnerabilities in SW and HW for how these affect the vehicle in Design phase and Post-Production Phase. d. Independent thinker and doer. Self-motivated to identify issues and find ways to solve them within the group (solutions are typically an activity for the group to address).
  • Remote (although if they can come to CTC in Auburn Hills, MI area on an advanced planned / pre-scheduled basis that would be great!)
  • *Drivers license is a must have. Driving a company Vehicle is not required. a. If a company vehicle is available for demo/testing purposes and there is a business need, we will provide it.
  • No Traveling Required
  • Additional Feedback (6/24/)
  • Adjust the focus on the candidates they are sending through.
    • 1. Automotive or “Internet of Things” Engineers that are experienced in Requirements, and Design a. Ideally, the person will have strong Cyber experience, but maybe we can train them in this area (if the candidate is interested).