Position Title: Lead of Cyber Security
Location: London/Slovenia or Austria (Hybrid)
As a Lead of Cyber Security, you will be responsible for the integration of cybersecurity across the entire business; developing and implementing robust tools, processes & strategies to protect the business and products from potential threats.
- Champion cybersecurity
- Implement cybersecurity activities within the business.
- Collaborate closely with internal stakeholders to Develop/Integrate Tools and Process relating to cybersecurity within the Business
- Support the development and implementation of comprehensive vehicle cybersecurity strategies.
- Implement cybersecurity management activities, such as cybersecurity risk management, integration and verification plans, vulnerability management, and cybersecurity incident response plans.
- Support existing and new vehicle product development, conducting cybersecurity risk assessments and vulnerability analyses of vehicle systems, identifying potential threats and weaknesses.
- Conduct cybersecurity verification and validation activities, including the development of test methodologies, such as functional testing, pen-testing, and fuzz testing.
- Lead incident response efforts, investigating and mitigating cybersecurity breaches or incidents.
- Collaborate closely with external stakeholders, including industry partners and suppliers, to establish a secure ecosystem.
- Stay up to date with emerging cybersecurity threats and industry trends, providing proactive guidance and recommendations to enhance cybersecurity countermeasures.
- Conduct regular audits and assessments to ensure compliance with industry standards and regulations.
SKILLS AND EXPERIENCE
- Experience working on embedded systems and associated disciplines, diagnostics, e.g., automotive networks, UDS, AUTOSAR
- Experience in diagnostics, testing, and calibration, using tools such as CANalyzer, CANoe, CANape, NI LabVIEW HILL, etc.
- Experience in system definition, system architecture review, requirement capture, and system integration
- Hands-on experience in conducting Threat Analysis and Risk Assessment (TARA), vulnerability scanning, and penetration testing on automotive systems.
- Hands-on experience with industry-standard cybersecurity frameworks and regulations (UNECE WP.29 R155 and R156, GSRII, ISO 21434, ISO 24089, NHTSA guidelines, etc.)
- Experience with incident response and forensic analysis in the context of cybersecurity incidents is preferred.
- IT Toolchain (Microsoft Teams, Office, Task Management/Knowledge Management Software (JIRA/Confluence Etc))
- The principal accountability of the cybersecurity function is to manage vehicle cybersecurity risk from concept through to destruction by performing security risk analysis, risk mitigation, verification and validation throughout the vehicle lifetime.
- This will involve the development of cybersecurity design solutions with considerations of implementation feasibility and ease of vehicle servicing, together with analysis and mitigation of potential attacks.
- Also supporting the development and continuous improvement of cybersecurity processes.
- Work under supervision of the Chief Engineer - Functional Safety and cybersecurity to establish a cybersecurity Management System (CSMS) in accordance with the requirements of UNECE Regulation 155 and ISO 21434.
- Functional Safety and cybersecurity to generate documentation including, but not limited to TARAs, cybersecurity Concepts, Vulnerability Analysis, Architecture Design, design verification and validation plans
- Identify and highlight any areas for continuous improvement.
- Initiate sub-system design reviews as necessary to resolve cybersecurity issues
- Maintain pro-active liaison between vehicle stakeholders to ensure effective project
Nice to Have Criteria:
- Demonstrable understanding of Governance, Requirements, Compliance (GRC) and mitigation design, preferably in the automotive domain.
- cybersecurity degree or equivalent experience, ideally working towards CISSP qualification.
- Articulate, self-motivated, inspiring individual who can work well under pressure. Demonstrates resilience and fosters good working relationships at all levels of the organisation.
- Experience working within an ISO21434 or J3061 compliant cybersecurity Management Systems (CSMS).
- Good understanding of software development methodologies.
- Automotive or ICS experience is preferable.
- Senior Engineer: over 5 years
- Degree in cybersecurity, Computer Science, Electrical Engineering, or a related field (Postgraduate degree preferred). Expertise in Automotive Networks, including Ethernet, CAN, and LIN