Technical lead for security of vehicle electrical/electronic/software systems.
- Perform threat modeling and risk assessments for current and forward-model vehicle systems
- Assess technology proposals from external suppliers for their potential to meet risk management design objectives
- Define security controls for system level design requirements
- Coordinate with distributed teams for managing security scope during software development activities
- Perform system level verification testing of implemented security controls
- Consult with EE system architects to achieve continuous improvement in vehicle security with each future update
- Collaborate with non-security professionals for supply chain risk management
- Liaise with Enterprise IT Security to align goals and strategy
- Maintain professional relationships with security communities in the transportation sector
- Develop and deliver awareness training to enhance embedded cyber-security knowledge and skill throughout the company.
- Bachelor’s degree in Engineering, Computer Science or equivalent
- Proficiency with at least one compiled and one interpreted programming language
- Familiarity with a security management framework such at ISO 21434, ISO 27001, NIST CSF, etc.
- Ability to work in a highly-distributed, lean, collaborative team environment
- Excellent communication and interpersonal skills, good planning/tracking skills
- Competency with standard office software (word processing, spreadsheets, presentation tools, etc)
- Able to design new processes and resourcefully solve complex technical issues
- Determined commitment to reliability, value, quality, and safety in all aspects of work
- Willingness to grow continuously, both personally and professionally and a strong results orientation
- 7 or more years of experience in two or more roles: real-time software development, vehicle electronics and controls, embedded systems design, application security, penetration testing, incident response, or compliance
- Ability to travel for scheduled meetings less than 20% to domestic and international locations
- Ability to maintain/obtain within 6 months a security certification: CompTIA CAP or CASP, ISC2 CISM or CISSP, GIAC GSLC, EC-Council CCISO.
Additional Valued Attributes:
- Knowledge of applied cryptography for provisioning secure hardware
- Knowledge of secure development techniques using static and dynamic analysis
- Practical experience with security controls for POSIX type operating systems
- Experience managing vulnerability disclosure programs
- Familiarity with AGILE software development processes
- Familiarity with requirements tracking and software test/validation tools
- Proficiency using Requirements Capture, Simulation, Software Configuration, Defect Tracking/Reporting tools.
- Awareness of heavy duty commercial truck regulations, especially affecting instrumentation, emissions, safety, On Board Diagnostics, and other areas that impact electrical and electronic design, architecture, and functionality
- Experience with structured product development processes
- Automotive electronic systems engineering skills including multiplex communication systems (especially CAN/J1939), architecture, and control system design and analysis.