Job Header

返回目录

Senior Product CyberSecurity Engineer

2021 年 4 月 21 日

R2020-1439


Job Description

The product cybersecurity engineer (CSE) is directly engaged with the development of secure, robust and resilient vehicle solutions for xEV projects. The CSE works within the systems engineering function ensuring all aspects of the customer requirements are implemented and tested according to the latest automotive cybersecurity standards and best practices.

Responsibilities
 

  • Being passionate and forward-thinking about cybersecurity and the needs for the ever-changing automotive industry.
  • Plans and implements the cybersecurity activities with a given project with a collaborative team that takes into consideration customer specifications, the cybersecurity process and can bring their own experience into what is needed
  • Performs cybersecurity risk assessments and threat modelling within a product scope and suggests countermeasures appropriate to the project given the technical constraints or operational limitations
  • Can analyse and determine safety, financial, operational and privacy issues identified in a risk analysis. Where there are safety impacts, can work with the Functional Safety team to find solutions that do not compromise safety or security.
  • Designs and leads the cybersecurity technical solutions as required by the project working with hardware and software teams as needed for the best solutions. Follows and contributes to the secure development lifecycle at BorgWarner
  • For a project that has been deemed cyber-relevant, they will create a cybersecurity assurance case that provides the argument for the achieved degree of cybersecurity on their project
  • Drives feature development and provides technical support for hardware and software teams, including but not limited to:
    • Immobilisers/anti-theft devices
    • Manipulation Detection Watchdogs (software or hardware)
    • Secure/Authenticated/Trusted Boot methods
    • Key management best practices within products
    • Secure on-board communication (SecOC or similar)
    • Secure diagnostics (token-based or other methods)
    • Understanding hardware trust anchors (microcontroller HSMs, HTAs etc)
  • Active/Passive Side Channel attacks and countermeasures
  • Interfaces with customer on technical cybersecurity issues. 
  • Follows and keeps up to date with vulnerabilities of our suppliers/customers
  • Networks and maintains a high-level of industry knowledge
  • Works directly with Cybersecurity Managers to provide cybersecurity support on projects

Basic Qualifications
 

  • 2+ years of experience in a product cybersecurity position or 5+ years in an embedded systems/software competency with a strong interest in cybersecurity
  • Knowledge of Automotive cybersecurity/Functional Safety standards are strongly advised but not required (e.g.ISO/SAE 21434, WP.29 SUMS & CSMS, ISO26262, NIST)
  • Automotive, Aerospace or transportation development experience
     

Preferred Qualifications
 

  • Understanding of public key infrastructure (PKI) in medium to large environments to include key management, digital certificates and digital signatures as these impacts the systems we build.
  • Familiarity with automotive network architecture, modules, and protocols (CAN, Flexray etc.) is desired but can be transferrable if there is knowledge of ethernet and or the OSI model.
  • Understanding of multi-core embedded microcontrollers that use HTAs (hardware trust anchors).
  • Familiarity of module-based architectures such as AUTOSAR.
  • Strong communication and analytical skills
  • Ability to work independently, take ownership of project deliverables, go above and beyond the task at hand
  • Familiarity with Secure Coding practices, processes and methods. This can include some understanding of the dangers of using C, MISRA and CertC if possible.
  • Understanding of different types of penetration and fuzz testing and the tools to do this effectively for our products. An idea of which methods to apply in each project is needed.
  • Holding cybersecurity certifications such as CISSP, CEH or SANS GMOB/GPEN is advantageous but not necessary because passion is more important.

Global Terms of Use and Privacy Statement


Carefully read the BorgWarner Privacy Policy before using this website. Your  ability to access and use this website and apply for a job at BorgWarner are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the geographical area where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.

Overlay Title

关闭导航的图标