Sr. Product Security Engineer

About The Position

Requirements

• B.S. in Information Security, Computer Science, Computer Engineering, or a related field.
• 2+ years carrying out testing and validation of security requirements validation in embedded device development
• 3+ years of experience in Automotive Industry or Embedded device development
• 2+ years of experience carrying out security requirements validation on ECUs (electronic control units)
• Knowledge of ISO:21434 and UN R155 and their application with regards to security validation to achieve type approval and homologation.
• Ability to work in a fast-paced development environment.
• Good team player with excellent communication skills.
• Hands-on approach, proactively identifying and filling in gaps where needed

Responsibilities

• Derivation of top-level requirements to security-related system and subsystem requirements: In collaboration with the security architecture team, you’ll decompose high-level requirements into concrete per-system security requirements. Together with the security and other domain development teams, you’ll generate concrete requirement specifications for security technologies that protect our product-related assets.
• Carrying out validation of security requirements: You will develop security tests, both positive tests and abuse tests to ensure that security requirements have been met at vehicle, system, sub-system and ECU level.
• Develop both manual and automated test cases: You will develop both functional and non-functional security tests to ensure that security requirements are met. Test cases could be developed in multiple languages, including but not limited to Python, Go, Java, C, C++, and Rust for multiple architectures. You are able to build test cases that can be run on software-in-the-loop (SIL) setups or hardware-in-the-loop (HIL) benches. You’re able to work with internally-developed sources but you can also deal with the validating of supplier parts to meet our requirements without access to source code.
• Documenting validation testing: You will develop testing reports, triage them and compile results, and share them with the product security team as well as our core JV partners for evidence to enable their documenting compliance to UN R155. You will work with the GRC team on aligning to document formats and following our CSMS processes for generating and sharing this documentation across the organization.
• Collaborating with software development teams : You will be sharing results with development teams and reviewing issues and suggesting mitigations to failed tests. This includes validating the subsequent fixes and the collaboration with other teams within the product security organization, especially the security engineering team that operate the security HILs.

Benefits

• base salary
• eligibility for an annual performance bonus
• eligibility for equity