QNX Cybersecurity Analyst

BlackBerry•Ottawa, ON

4d•Onsite

About The Position

QNX enhances the human experience and amplifies technology-driven industries, providing a trusted foundation for software-defined businesses to thrive. With a focus on reducing hardware dependency and increasing efficiency, QNX empowers organizations to unlock new possibilities in areas like high-performance computing at the edge, standards-based virtualization technologies, and cloud enablement. QNX® technology has been deployed in the world’s most critical embedded systems, including more than 275 million vehicles on the road today. QNX® software is trusted across industries including automotive, medical devices, industrial controls, robotics, commercial vehicles, rail, and aerospace and defense. The BlackBerry QNX Product Security Operations team is expanding, and we’re looking for a technically curious and detail‑driven Cybersecurity Analyst to help protect industry‑leading embedded and RTOS software used across automotive, industrial, medical, and other regulated domains. In this role, you’ll work deep in the intersection of open‑source security, embedded software, and customer‑facing product security, helping ensure QNX products meet the highest security standards in the industry.

Requirements

Hands‑on experience working in or closely with product security teams.
Experience performing vulnerability analysis and assessments.
A solid working knowledge of CVE, CWE, and CPE ecosystems, including how they are used in real‑world product security contexts.
Strong analytical skills with the ability to translate technical findings into clear, actionable insights.
Experience with embedded or systems software using C, C++, and/or Python.
Familiarity with secure software development in regulated or safety‑critical environments.
Basic understanding of industry standards such as: ASPICE ISO 26262 ISO 21434 UNECE WP.29 R155
Strong written and verbal communication skills, especially when explaining technical security topics to varied audiences.
A high level of initiative, persistence, and ownership—you take problems through to closure.
Comfortable working independently and managing your own priorities without close supervision.

Responsibilities

Perform technical analysis of open‑source vulnerabilities (CVEs) and assess their impact on embedded and RTOS‑based products.
Own incoming external vulnerability reports, triaging severity, analyzing risk, and clearly communicating findings and urgency to engineering and business stakeholders.
Maintain and manage the product security catalog, assessing CVEs flagged by automated monitoring and intelligence systems.
Review, analyze, and report on Software Composition Analysis (SCA) scan results.
Act as a product security point‑of‑contact, supporting both internal teams and external customers with security inquiries.
Produce clear, technically accurate vulnerability assessment reports for customers.
Collaborate closely with software development teams and project managers to drive security incidents through investigation, remediation, and closure.
Operate effectively in a cross‑functional, fast‑paced environment, balancing multiple issues and priorities.
Identify opportunities to improve and automate security operations processes, tooling, and workflows.