Job Title: Cybersecurity engineer
Location: Windsor, ON
Type: Contract 12 months
- The Cybersecurity engineer will design cybersecurity measures and define cybersecurity specifications for organization’s Vehicle systems, ECU’s and Applications to reasonably protect road users from new cyber-threats arising from fast evolving vehicle functions and features.
- This position will monitor and check the compliance of cybersecurity controls implemented in the organization’s products during the entire product development lifecycle.
- This position will support suppliers to better understand and implement the organization’s cybersecurity requirements.
The core tasks of the Cybersecurity Engineer are summarized here:
● Perform threat analysis including impact and feasibility to identify gaps in cybersecurity controls for vehicle systems, ECU’s and Applications
● Capable of conceptualizing, defining, designing and implementing security systems and architectures
● Elicit cybersecurity requirements to provide system requirements in order to satisfy customers aligned with regulations and corporate cybersecurity policy.
● Review the supplier design and implementation to ensure that security controls are reasonably planned for implementation according to the organization’s requirements.
● Understand and interact with key stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services
● Provide clear risk mitigating directives for Connected vehicles, systems, and applications
● Respond to supplier inquiries about requirementsand compliance to them
● Performing assessments and analyzing threats and attacks
● Work with DRE’s and Application owners to mitigate riskand submit change requests
Remote (although if they can come to CTC in Auburn Hills, MI area on an advanced planned / pre-scheduled basis that would be great!)
*Drivers license is a must have with a clean driving record.
If a company vehicle is available for demo/testing purposes and there is a business need, we will provide it.
● Bachelors from EE, Math, Computer Science, Cybersecurity or other scientific degrees with 3 years of experience around software/firmware development and/or ECU developmentwithin the automotive industry
● Minimum of 3 years of cybersecurity related experience (e.g., security research, system exploitation, cybersecurity engineering)
● Professional security certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Automotive Security Engineer (CASE),or other similar cybersecurity related certifications
TECHNICAL SKILLS (required)
● Good knowledge of X.509 digital certificate standard and Public Key Infrastructure (PKI) management
● Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., AES, RSA, ECC)and certificate-based identity
● Good knowledge of common security patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties)
● Good knowledge ofsecurity protocols (e.g., TLS, SSH)
● Good knowledge of software vulnerability assessmentof ECU firmware and Android apps
● Good knowledge of performing cybersecurity Threat and Risk Analysis (TARA)(e.g., STRIDE) for vehicle system (e.g.,CAN bus, ethernet, Electronic Control Units (ECU), and ECU firmwareand applications)
● Good knowledge of Connected Vehicle Cybersecurity
● Good knowledge of certificate-based identity
● Good Basic knowledge of automotive operating systems (e.g., AutoSAR Classic and Adaptive, QNX, Linux, Android) and middleware
● Basic knowledge of Connected Application integrations (Legato App framework, Automotive Android, QNX)
● Basic knowledge of programming in a high-level language (e.g., C/C++, Java, Python, Kotlin)
● Basic Good knowledge of programming in a scripting language (e.g., jscript, bash)
● Good knowledge of writing clear, well-formed cybersecurity requirements
TECHNICAL SKILLS (preferred)
● Basic knowledge of security software scanning tools (e.g., Fortify by Opentext)
● Basic knowledge of Connected Vehicle experience
● Basic knowledge of vehicle application/firmware update operations over-the-air (OTA)
● Good knowledge of ISO 21434: Road Vehicle -– Cybersecurity Engineering
● Basic knowledge of ISO 15118-2–Vehicle-to-Grid Communication Interface (Plug-and-Charge onboard electric vehicle payment service)
● Good knowledge of Service Oriented Architecture design pattern and paradigm
● Basic knowledge of DOORS requirements tool, Jiraissue tracking tool
COMMUNICATION SKILLS (required)
● Ability to work collaboratively communicate using online collaboration toolsin multicultural teams
● Good self-organization and analytical skills
● Strong skills in technical writing and presenting
● Good Strongverbal and writtenproficiency in English
- Additional Information / Must Have's:
- a. Deep understanding of Cybersecurity controls applicable to Embedded Systems and Electronic Control Units (ECU’s)
- b. Threat and Risk Assessment awareness or experience (Risk = Impact X Feasibility) where Impacts are viewed from the view of the Road User on Safety, Operational, Financial and Privacy.
- c. Awareness/ability to understand vulnerabilities in SW and HW for how these affect the vehicle in Design phase and Post-Production Phase.
- d. Independent thinker and doer. Self-motivated to identify issues and find ways to solve them within the group (solutions are typically an activity for the group to address).