Cybersecurity Engineer

• The Cybersecurity Engineer develops expertise around Cyber Security in order to feed BusinessGroup system standards, methodology and tool strategy in relation with CDA worldwide organization,worldwide Business Group R&D entities and international ecosystem.
  
• He/She communicates across company, and outside the Group in order to build international recognition andmeet the high customer s expectations in that domain.
  
• He/She is responsible for cybersecurity content and compliance for each project.
  

• Develop a Cybersecurity expertise in the automotive domain, in embedded, wireless communications or
  cloud interfaces and usage, for CJP. Personal data protection expertise is a plus.
  
• Develop high-level automotive product expertise. Understand products from all operational entities.
  Acquire a good knowledge on OEM requirements and be able to identify critical items from the initial stage
  of a project.
  
• Contribute to the Business Groups Strategic Product Plans within his/her domain of expertise.
  
• For each allocated project, identify the full product life cycle and plan the related actions.
  
• Ensure correct deliveries to projects w.r.t. cybersecurity, cost and delay. Create project deliverables as per
  the project requirements, the automotive cybersecurity standards and regulation, mainly ISO/SAE 21434
  and UNECE WP.29 R155: risk assessments, security by design (product system architecture refined into
  
• SW and HW security controls), security test plans or execution, production cybersecurity requirements
  (interface with IT/IS teams), post-production security maintenance plan including the vulnerability & incident
  management process, and regular reporting to the project manager.
  
• Ensure the cybersecurity interface with the customers and the suppliers.
  
• Understand the ecosystem, the customer requirements, and use its knowledge to select appropriate key
  suppliers.
  
• Participate in reviews and assessments on project deliverables, and ensure consistency between projects.
  
• Participate in the Group Vehicle & Product cybersecurity standards, methodology and tool strategy.
  
• Support cybersecurity audits.
  
• Participate on demand in automotive cyber security working groups and events.
  
• Projects may include the collaboration with research institutes and schools of engineering s research chairs.
  
• Management follow up
  
• Provide regular communication to his/her management.
  

Requirements

• Proven knowledge in cybersecurity
  
• risk analysis, specification of security controls
  
• operating system hardening
  
• security of data at rest or in transit (including wired and wireless communication protocols)
  
• secure coding C/C++, including the development of security mechanisms (e.g. boot sequence, OTA
  
• updating, access control, IDS, firewall)
  
• HW security: ARM Trust Zone, Renesas, Qualcomm, NXP, Infineon
  
• PKI, HSM usage
  
• Significant knowledge in software development
  
• Knowledge in either automotive, embedded systems or industrial systems
  

• The Cybersecurity Engineer develops expertise around Cyber Security in order to feed BusinessGroup system standards, methodology and tool strategy in relation with CDA worldwide organization,worldwide Business Group R&D entities and international ecosystem.
  
• He/She communicates across company, and outside the Group in order to build international recognition andmeet the high customer s expectations in that domain.
  
• He/She is responsible for cybersecurity content and compliance for each project.
  

• Develop a Cybersecurity expertise in the automotive domain, in embedded, wireless communications or
  cloud interfaces and usage, for CJP. Personal data protection expertise is a plus.
  
• Develop high-level automotive product expertise. Understand products from all operational entities.
  Acquire a good knowledge on OEM requirements and be able to identify critical items from the initial stage
  of a project.
  
• Contribute to the Business Groups Strategic Product Plans within his/her domain of expertise.
  
• For each allocated project, identify the full product life cycle and plan the related actions.
  
• Ensure correct deliveries to projects w.r.t. cybersecurity, cost and delay. Create project deliverables as per
  the project requirements, the automotive cybersecurity standards and regulation, mainly ISO/SAE 21434
  and UNECE WP.29 R155: risk assessments, security by design (product system architecture refined into
  
• SW and HW security controls), security test plans or execution, production cybersecurity requirements
  (interface with IT/IS teams), post-production security maintenance plan including the vulnerability & incident
  management process, and regular reporting to the project manager.
  
• Ensure the cybersecurity interface with the customers and the suppliers.
  
• Understand the ecosystem, the customer requirements, and use its knowledge to select appropriate key
  suppliers.
  
• Participate in reviews and assessments on project deliverables, and ensure consistency between projects.
  
• Participate in the Group Vehicle & Product cybersecurity standards, methodology and tool strategy.
  
• Support cybersecurity audits.
  
• Participate on demand in automotive cyber security working groups and events.
  
• Projects may include the collaboration with research institutes and schools of engineering s research chairs.
  
• Management follow up
  
• Provide regular communication to his/her management.
  

Requirements

• Proven knowledge in cybersecurity
  
• risk analysis, specification of security controls
  
• operating system hardening
  
• security of data at rest or in transit (including wired and wireless communication protocols)
  
• secure coding C/C++, including the development of security mechanisms (e.g. boot sequence, OTA
  
• updating, access control, IDS, firewall)
  
• HW security: ARM Trust Zone, Renesas, Qualcomm, NXP, Infineon
  
• PKI, HSM usage
  
• Significant knowledge in software development
  
• Knowledge in either automotive, embedded systems or industrial systems