Help shape future automotive security architectures by analyzing future designs, use cases and architectures, identifying potential security gaps and suggesting appropriate solutions. Work closely with leading automotive companies and dive into the details of embedded system design, automotive networks and architectures as well as operating system security in order to design cost effective security strategies and implementations.
In your work you’ll be part of a team that consult to OEM’s and Tier#1 on how to raise the level of their cyber security. During this consultancy you will be required to:
- Perform Threat Analysis and risk assessment - TARA, mostly according to ISO-21434. Work with threat modeling tools and more.
- Create and write security requirements.
- Support organizations on their journey for compliance
- Be part of a highly professional group.
- Review and analyze complex automotive systems - in-vehicle networks and components, embedded systems, OTA update systems, and more.
- Review and analyze automotive communication protocols, security regulations and standards.
- Track and analyze cybersecurity trends, and emerging technologies.
- Perform security threat analysis and risk assessments, develop security concepts and security requirements for automotive systems and networks.
- Design secure architectures and security controls.
- Consult, present and work with OEMs and Tier-1 R&D teams on various security projects.
- Create processes and procedures to support regulation; ISO-21434, UNR-155.
- Knowledge of communication protocols.
- Knowledge of cryptographic algorithms and secure protocols.
- Experience with analyzing complex systems from a cybersecurity perspective.
- Familiarity with regulation processes.
- Experience with threat analysis and risk assessment.
- Excellent written and verbal communication in English
- High self-learning abilities and a “get-things-done” attitude.
- Offensive security background.
- Experience with embedded systems, from both a HW and SW perspective, including topics like microcontrollers, HSMs, secure boot, access control, exploit mitigation techniques, ect.
- Knowledge and experience in the following standards / methods:
- ISO 21434, UNECE R155, JASPAR
- Cyber Security Management Systems (CSMS) and related processes, e.g. ISO/IEC 27000:2018
- Risk Management Frameworks, e.g. ISO 31000, NIST Cybersecurity Framework, NIST SP 800-30 Risk Management Guidelines
- Experience in Audit methodologies - auditor/assessor credentials is a plus