-vehicle & Mobility Cybersecurity Engineer

We are seeking a highly accomplished and technically capable Senior In-Vehicle & Mobility Cybersecurity Engineer to drive our efforts in securing cutting-edge vehicle platforms and mobility solutions. This pivotal role demands a deep blend of hands-on technical expertise strategic foresight in cybersecurity and a proven ability to lead complex security assessments and design initiatives. The ideal candidate will be a recognized authority in automotive cybersecurity capable of navigating both technical intricacies and regulatory demands to ensure the highest level of vehicle security.

1. Serve as a Subject Matter Expert in Vehicle Type Approval technical assessment testing and validation processes ensuring our products meet and exceed global cybersecurity regulations and standards.
2. Provide expert-level guidance and leadership on in-vehicle communication protocols such as CAN CAN-FD Automotive Ethernet and LIN including deep analysis of their security vulnerabilities and the design and implementation of robust countermeasures.
3. Lead and conduct advanced threat modeling exercises (e.g. STRIDE Attack Trees HEAVENS) specifically for both connected and non-connected vehicle components identifying potential attack surfaces and guiding the development of proactive security mitigations.
4. Lead and perform hands-on penetration testing against in-vehicle networks and diagnostic systems uncovering vulnerabilities and guiding remediation efforts to harden critical vehicle functions.
5. Apply practical experience with Public Key Infrastructure (PKI) to design implement and secure advanced cryptographic solutions for critical functions such as in-vehicle communication secure software over-the-air (SOTA) updates and sensitive data protection.
6. Contribute significantly to the secure design and architecture of new vehicle features and platforms ensuring security is architected into the core from concept through deployment.
7. Provide expert technical guidance and mentorship to junior engineers fostering a culture of security awareness and continuous learning within the team and across engineering disciplines.
   

Education Qualification

Bachelors Degree in Computer Science Software Engineering or Electronics/Electrical Engineering.

Number of Years of Experience

Over 4 years of experience in automotive product cybersecurity including a minimum of 2 years specializing in in-vehicle and mobility cybersecurity.

Leadership Skills

• Ability to define and articulate a clear forward-looking cybersecurity strategy and roadmap for vehicle platforms anticipating future threats regulatory changes and technological advancements in the automotive and mobility space.
• Leading the development and enforcement of secure architectural patterns for complex vehicle systems ensuring security is inherent in design rather than an afterthought particularly for in-vehicle networks and connected components.
• Guiding critical security decisions by effectively balancing technical risk assessments (including those from advanced threat models and penetration tests) with business objectives regulatory requirements and resource constraints.
• Leveraging deep expertise in areas like Vehicle Type Approval in-vehicle protocols and advanced penetration testing to provide authoritative guidance resolve complex technical challenges and set technical direction for the team and broader engineering organization.
• Proactively developing and empowering junior and mid-level engineers sharing advanced technical knowledge best practices and fostering their growth in specialized cybersecurity domains.
• Leading the interpretation and practical application of complex automotive cybersecurity regulations (e.g. UNECE R155/R156 ISO/SAE 21434 GB44495) and Type Approval requirements guiding product development to ensure compliance.
• Effectively communicating complex cybersecurity risks findings from penetration tests and threat models and proposed solutions to diverse stakeholders (e.g. product management hardware engineering software development legal external partners) securing buy-in and driving action.

Functional/Technical Skills

• Subject Matter Expert in Vehicle Type Approval technical assessment testing and validation processes for cybersecurity ensuring compliance with China regulations (GB44495/44496).
• Ability to interpret complex regulatory texts translate them into actionable engineering requirements and lead teams through the compliance and homologation process.
• Lead and conduct advanced threat modeling methodologies (e.g. STRIDE Attack Trees HEAVENS) specifically for both connected and non-connected vehicle components systems and end-to-end architectures.
• Hands-on experience in leading and performing sophisticated penetration tests against in-vehicle networks diagnostic systems and connected vehicle components (e.g. telematics units infotainment ADAS sensors).
• Lead the secure architectural design and review of complex automotive systems ensuring security is built-in from concept phase for in-vehicle networks ECUs and connected services.
• Expert in in-vehicle communication protocols such as CAN CAN-FD Automotive Ethernet and LIN with an in-depth understanding of their specifications security vulnerabilities (e.g. message injection spoofing DoS replay attacks) and advanced countermeasures.
• Strong understanding of cryptographic primitives key management hardware security modules and trusted platform modules.
• Hands-on experience in network analysis/fuzzing reverse engineering Static/Dynamic analysis and penetration test.
• Knowledge of various embedded operating systems (e.g. AUTOSAR QNX Android Embedded Linux) and their security hardening.
• High proficiency in multiple programming languages (e.g. Python JS) for low-level embedded development security tool creation scripting and automation of security tasks.