Cybersecurity Engineer (Systems)

• Private Medicover medical care for the employee and their family
• Co-financing for the sport card Multisport
• Possibility to join the PZU insurance
• Flexible working hours
• Salary adequate to skills and experience
• Co-financing for holidays
• Hard and soft training, language courses

• 2+ years of experience in an embedded cybersecurity position or 4+ years in an embedded systems development, preferably for ASPICE compliant projects
• Understanding of multi-core embedded microcontrollers that use HTAs (hardware trust anchors) or HSMs (hardware security modules)
• Understanding of cybersecurity specific testing such as penetration and fuzz testing
• Passionate and forward-thinking about cybersecurity and the needs of the ever-changing automotive industry
• Good understanding of formal risk assessment and management, knowledge of NIST SP-800-30 and ISO IEC 31010
• Experience in the automotive or transportation domain
• Experience with requirements engineering, ability to navigate through multiple customer specifications as well as published standards and policies (UNECE WP.29 R155 CSMS, R156 SUMS, ISO/SAE 21434)
• Familiarity with cryptography and cybersecurity concepts such as defense in depth, access control models, memory protection, secure boot, Secure Coding, public key infrastructure (PKI)
• Ability to work easily with Office software suite and engineering software (prior experience with simulation or analysis tools like Ansys Medini Analyze for instance)
• Strong communication and analytical skills
• Ability to work independently, take ownership of project deliverables, go above and beyond the task at hand
• Fluency in English is required. German and/or French would be an advantage
• Willingness to travel occasionally, both domestically and internationally

Responsibilities

• Conduct the cybersecurity activities for a given project with a collaborative team that takes into consideration customer specifications, the cybersecurity process and bring their own experience into what is needed
• Interface with customer on technical cybersecurity requirements and issues
• Create a cybersecurity assurance case per project and the related documentation that provides the argument for the achieved degree of cybersecurity on their project
• Perform cybersecurity risk assessments and threat modelling within a product scope
• Analyse and determine safety, financial, operational and privacy issues identified in a risk analysis
• Where there are safety impacts, work with the Functional Safety (ISO 26262) team to find solutions that do not compromise safety or security
• Suggest countermeasures appropriate to the project given the technical constraints or operational limitations
• Create and maintain a knowledge database of typical assets, threats and attack paths for our product portfolio to leverage re-use
• Create and maintain solutions to manage cybersecurity risks
• Drive cybersecurity solution development and provide technical support for hardware and software teams
• Engage with suppliers to evaluate cybersecurity capabilities and track reported vulnerabilities
• Evaluate new tools (Threat Analysis tool, Software Bill of Material tool, etc.)
• Network and maintain a high-level of industry knowledge (e.g. participation in Auto-ISAC events, SAE workshops)
• Support the roll-out of processes and procedures compliant with latest cybersecurity standards and regulations
• Assist in training and raising awareness, organizing events