Ford’s Research and Advanced Engineering organization is broadening its core competency within the area of Embedded Cyber Security in the automotive environment. We are both researching and reviewing new enterprise-wide features and technologies, as well as providing frameworks, processes and tools to help the research.
Technology is advancing, connection mechanisms are growing, and consumers and hackers are becoming more sophisticated. With increasing networking between modules and access points into the vehicle, the attack surface has increased thereby opening up new potential vulnerabilities. Automobiles are no longer mere mechanical devices but are controlled by dozens of digital computers coordinated by internal networks. While all this technology has allowed for better personalized experiences, seamless integration into a person’s lifestyle, differential services, predictive diagnostics and safer driving conditions, the increase in complexity drives the need for advanced security and data solutions.
We are exploring the role of advanced embedded computing platforms, coupled with cloud-based services, to deliver applications which will redefine the experience of owning, maintaining, driving and interacting with Ford Motor Company vehicles. Security needs to be built into each of these growing technologies.
The ideal candidate will have outstanding security design analytical skills and the ability to work in a fast-paced, collaborative environment. We are looking for exceptionally creative, motivated and talented Cyber Security engineers to join our team to develop advanced features (specifically in the autonomous driving and vehicle to vehicle communication environments), toolkits and consult on security related architectures. We collaborate extensively within Ford and with external partners, thus we require exceptional communication and collaborative skills.
Work tasks span from the early research and development stages of ideation, experience and use case development, through development of Proof-of-Concept solutions, vehicle integration and finally delivery of features and processes to the Product Development organization.
- Research and develop concepts around related Cyber Security incidents reported in industry and research organizations.
- Understand the exploit and report back findings so new requirements, testing or processes can be updated to avoid future risk. Storyboards, use cases, proof-of-concept demonstrations, specifications and requirements development experience
- Development and maintenance of tools (e.g. Fuzzing) for use in internal vehicle penetration testing
- Threat Analysis and Risk Assessment tool/modeling
- Lead technology and security feature projects. Deliver to internal customers.
- Actively ideate and invent new security techniques or countermeasures for Vehicle to Vehicle or Vehicle to Infrastructure or in-vehicle modules/architecture
- Performing competitive analyses and comparative studies to maintain knowledge of emerging technologies in both the automotive and consumer electronics field
- Develop security roadmap (near-term, mid-term and long-term focus) as it relates to Security, Safety and Quality Features
- Actively work with Security Partners, Research and Government for information sharing, joint project development, and reporting
- Some travel expected to cover critical Cyber Security Conferences or meet with other non-local team members (e.g. England or California)
- Master’s degree
- CISSP or minimum 3 years of cyber security academic / professional experience
- Masters or higher in Computer Science, Electrical and/or Computer Engineering highly preferred
- Experience/knowledge of upcoming embedded module security, driver assistance, vehicle to vehicle communication technologies, or autonomous driving features
- Ability to present and communicate intelligently, concisely, and coherently
- Familiarization with Safety Systems such as ISO 26262
- Experience with writing requirements, test procedures and use case development
- General understanding of CAN network, Ethernet, firewalls and secure architecture development
- Knowledge with cryptographic algorithms and protocols
- Use of IDA Pro, fuzz testers, network analyzer, CAN traffic tools, threat modeling and risk management tools
- Knowledge with PKI management
- Experience with Secure Coding Techniques
- Experience with embedded hardware and software security knowledge
- Knowledge of digital and wireless communication and familiarity with communication technologies such as TCP/IP, Ethernet, Bluetooth, WiFi, DSRC and CAN
- Basic interest and knowledge about geographical technologies such as GPS, maps, geofencing and POIs as well as privacy risk associated with these technologies
- Self-motivated with the ability to manage multiple tasks. Excellent communication skills.
- A genuine passion for technology, electronics, gadgets, security of internet of things, both on a professional and personal level