Cybersecurity Engineer - Remote

APPLY NOW

The Cybersecurity Engineer specifies the cybersecurity requirements, together with success criteria, for in-vehicle ECUs (Electronic Control Units) in consistence with the cybersecurity concept provided by the cybersecurity architect and the internal standards. He continues the work of cybersecurity system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cybersecurity architect.

The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements, also providing requirements on and supporting the definition of the interface between the vehicle and the off board – when applicable.

The Cybersecurity Engineer of extended surface review the test plans and test cases of the verification team.

The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface include wireless connections but also connection to the outside of the car. Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.

The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope and identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module etc. Examples of ECUs which are not classified as Regular Surface are Telematics Control Units and Head Units.

The core tasks of the Cybersecurity Engineer of extended surface are:

• Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW)
• Write success criteria for all cyber security requirements (verification needs), review test plans and test cases
• Interact with delivery teams, mostly allocated in Tier1s component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycle
• Interact with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments)
• Perform the component follow-up and maintain up to date the component cybersecurity case sheet
• Contribute to the component pentests definition and review the results
• Specify the vehicle interface to the off board.
• Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned components
• Provide data for measurement of the activities (MAN.6).
• Contribute to improvement of processes (PIM.3)