CYBERSECURITY ENGINEER

ICT, Digital & Data - ICT, Digital & Data

Contrat

Statut

Cadre

The Cybersecurity Engineer specifies the cybersecurity requirements, with success criteria, for in-vehicle ECUs in consistence with the cyber concept provided by the cyber architect and the internal standards. He continues the work of cyber system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cyber architect.

The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements.

The Cyber Engineer is also providing requirements on and supporting the definition of the interface between the vehicle and the off board – when applicable.

The Cyber Engineer of extended surface reviews the test plans and test cases of the verification team.

The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface includes wireless connections but also connection to the outside of the car.

Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.

The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope. It identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.

1. Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW).
2. Write success criteria for all cyber security requirements (verification needs), review test plans and test cases.
3. Interact with delivery teams, mostly allocated in Tier1 component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycle.
4. Interact with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments).
5. Perform the component follow-up and maintain up to date the component cybersecurity case sheet.
6. Contribute to the component pentests definition and review the results.
7. Specify the vehicle interface to the off board.
8. Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned components.
9. Provide data for measurement of the activities (MAN.6).
10. Contribute to improvement of processes (PIM.3).

EDUCATION: Master's degree in computer science engineering or computer science or equivalent.

1. Hands-on and theoretical experience on definition of automotive products requirements, at system level and related success criteria.
2. Hands-on experience on integration with other teams implementing other parts of the development process: concept, development and validation in particular.
3. Work experience with tools used to engineer products (e.g. Rational DOORS and IBM RTC).
4. Understanding of ECUs (Electronic Control Unit) HW and SW architecture, functioning.
5. Understanding of ECUs development, manufacturing and operating functions.
6. Understanding of ECUs diagnostic and maintenance operations.
7. Basic knowledge of automotive cyber security controls, including:

• SW authenticity
• Identity verification
• Firewalling
• Segregation of processes

• Understanding of Real Time Operating Systems and execution of SW in real time embedded systems (e.g. AUTOSAR, ERIKA).
• Understanding of connectivity out-ECUs (e.g. CAN and LIN) and in-ECUs (e.g. SPI).
• Types of memory, usage and partitioning (e.g. boots, application SW, calibration SW).
• Good knowledge of common cybersecurity patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, …).
• Good knowledge of security protocols (e.g., IPsec, TLS, SSH, …).
• Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management.
• Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., RSA, AES).
• Basic knowledge in C / C++ programming language.
• Basic knowledge of scripting language (e.g., JScript, bash, …).
• Basic knowledge of UML language.

• symmetric and asymmetric schemes.
• automotive products applications (e.g. digital signature, encryption, hashing).
• in-products Keys Management.

• Good knowledge of ISO SAE 21434: Road Vehicle - Cybersecurity Engineering.
• Good knowledge of the Object-Oriented Programming paradigm.
• Good knowledge of Service Oriented Architecture design pattern and paradigm.
• Good knowledge of web services architectures.

• Ability to work in multicultural teams.
• Strong skills in technical writing and presenting.
• Good self-organization and analytical skills.
• Good proficiency in English.

Pays

Europe, France

Langues