Lead Product Cybersecurity Engineer
Dana TM4
Job Purpose
This role is responsible for defining and designing product cybersecurity building blocks for automotive embedded systems to mitigate cybersecurity threats, interpreting internal and external customers’ cybersecurity requirements and translating them into system level and component level implementation requirements, providing guidance and support to cross-functional teams on implementing cybersecurity features and controls, and providing training in subject expert areas. This role is a central and global specialization uniquely adapted to aiding engineers of all walks in applying cybersecurity best practices to their engineering disciplines where applicable. This role is a subject expert in the embedded system cybersecurity domain with solid understanding of cybersecurity technologies, solutions, and best practices.
Job Duties and Responsibilities
- Recommend and support development of future product cybersecurity strategies
- Work with Lead Product Cybersecurity Architect to drive cybersecurity requirements and solutions into our products
- Lead security solution definition, design, development, and implementation
- Lead cybersecurity design review and support technical discussions with customers
- Perform threat analysis and risk assessment and communicate with internal teams and customers
- Create test plans and perform verification and validation of cybersecurity requirements
- Adopt ISO/SAE 21434 in practice and own the ISO/SAE 21434 work products
- Develop and negotiate the Cybersecurity Interface Agreements with customers and suppliers
- Document cybersecurity compliance and prepare internal and external audit
- Support cybersecurity process definition and improvements
- Collaborate with IT, Manufacturing, Engineering, Quality, Legal organizations on cybersecurity-related topics, e.g., improving Key Management System, SW delivery, etc.
- Provide cybersecurity training to team members and bring product cybersecurity awareness across the company
- Support cybersecurity technology vendor solutions reviews
Role: Lead Product Cybersecurity Engineer (4IC12)
Job Purpose
This role is responsible for defining and designing product cybersecurity building blocks for automotive embedded systems to mitigate cybersecurity threats, interpreting internal and external customers’ cybersecurity requirements and translating them into system level and component level implementation requirements, providing guidance and support to cross-functional teams on implementing cybersecurity features and controls, and providing training in subject expert areas. This role is a central and global specialization uniquely adapted to aiding engineers of all walks in applying cybersecurity best practices to their engineering disciplines where applicable. This role is a subject expert in the embedded system cybersecurity domain with solid understanding of cybersecurity technologies, solutions, and best practices.
Job Duties and Responsibilities
- Recommend and support development of future product cybersecurity strategies
- Work with Lead Product Cybersecurity Architect to drive cybersecurity requirements and solutions into our products
- Lead security solution definition, design, development, and implementation
- Lead cybersecurity design review and support technical discussions with customers
- Perform threat analysis and risk assessment and communicate with internal teams and customers
- Create test plans and perform verification and validation of cybersecurity requirements
- Adopt ISO/SAE 21434 in practice and own the ISO/SAE 21434 work products
- Develop and negotiate the Cybersecurity Interface Agreements with customers and suppliers
- Document cybersecurity compliance and prepare internal and external audit
- Support cybersecurity process definition and improvements
- Collaborate with IT, Manufacturing, Engineering, Quality, Legal organizations on cybersecurity-related topics, e.g., improving Key Management System, SW delivery, etc.
- Provide cybersecurity training to team members and bring product cybersecurity awareness across the company
- Support cybersecurity technology vendor solutions reviews
EDUCATION AND QUALIFICATIONS
- Bachelor of Science in Computer Science, Computer Engineering, Electrical Engineering, or other related fields
- Master’s degree in computer science, Computer Engineering, Electrical Engineering, or other related fields preferred
- At least 5 years of product cybersecurity experience in automotive or a relevant industry
- 10+ years of automotive cybersecurity experience highly desired
- Experience in HSM, SHE, TPM, TrustZone, etc. hardware security solutions
- Experience in secure software development lifecycle
- Experience in secure boot, secure diagnostics, secure access, ECU hardening, OS security, PKI, KMS, code signing, cryptography, SecOC, message authentication, vulnerability analysis, security validation, SW reflash, etc.
- Solid understanding of ISO/SAE 21434, UNR155/156, NIST Cybersecurity Framework
- Experience in automotive communication protocols (e.g., CAN, CAN FD, Ethernet, IP, etc.) and automotive microcontroller architectures
SKILLS AND COMPETENCIES
- Willingness to create order from ambiguity
- Creative problem solver
- Highly resourceful and efficient
- Ability to work within tight design constraints
- Flexibility in assisting where needed, when needed technically
- Able to make decisions independently with appropriate level of consultation/communication.
- Strong communication skills, both oral and written, at all levels
- Commitment to the highest standards of ethical behavior in self and others
- Commitment to inclusion and diversity
- Ability to travel domestically and internationally as required (5% of travel)
- Able to effectively interface with other disciplines in the organization to achieve results
EDUCATION AND QUALIFICATIONS
- Bachelor of Science in Computer Science, Computer Engineering, Electrical Engineering, or other related fields
- Master’s degree in computer science, Computer Engineering, Electrical Engineering, or other related fields preferred
- At least 5 years of product cybersecurity experience in automotive or a relevant industry
- 10+ years of automotive cybersecurity experience highly desired
- Experience in HSM, SHE, TPM, TrustZone, etc. hardware security solutions
- Experience in secure software development lifecycle
- Experience in secure boot, secure diagnostics, secure access, ECU hardening, OS security, PKI, KMS, code signing, cryptography, SecOC, message authentication, vulnerability analysis, security validation, SW reflash, etc.
- Solid understanding of ISO/SAE 21434, UNR155/156, NIST Cybersecurity Framework
- Experience in automotive communication protocols (e.g., CAN, CAN FD, Ethernet, IP, etc.) and automotive microcontroller architectures
SKILLS AND COMPETENCIES
- Willingness to create order from ambiguity
- Creative problem solver
- Highly resourceful and efficient
- Ability to work within tight design constraints
- Flexibility in assisting where needed, when needed technically
- Able to make decisions independently with appropriate level of consultation/communication.
- Strong communication skills, both oral and written, at all levels
- Commitment to the highest standards of ethical behavior in self and others
- Commitment to inclusion and diversity
- Ability to travel domestically and internationally as required (5% of travel)
- Able to effectively interface with other disciplines in the organization to achieve results