Senior Engineer - Cyber Security (716)

Are you a seasoned Cyber Security Engineer looking for a new challenge with a renowned leader in innovative engineering? In this pivotal Senior Engineer role, you will lead the development of robust security systems from concept through to production, collaborating with cross-functional teams to ensure the highest standards of cyber security across complex vehicle systems. Leverage your expertise in ISO 21434, MBSE, and threat analysis to drive cutting-edge security measures and mentor emerging talent in a dynamic and forward-thinking environment.

Job role overview:
The Cyber Security Senior / Engineer role is responsible for development of secure systems from early concept to complete system design for production programmes. You will work closely with Functional Safety engineers, the Model Based Systems team, vehicle teams, suppliers, I.T, production, and service to ensure the Cyber Security Lifecycle is met.

Senior Engineers are expected to have significantly more experience, be capable of mentoring engineers, chair work product reviews meetings within the Company, peer review & sign off work products etc. and in some instances, as required deputise for the Lead Engineers.

Duties and Responsibilities:
• Interface with cross-functional teams on Cyber Security matters across the entire V-Model:

• Process development
• Concept design
• System Design
• Agreement and maintenance of CIA's with worldwide suppliers
• Generation of security arguments
• Continuous improvement activities
• In service support activities

• Application areas include but are not limited to engine management systems, chassis systems such as ABS, electronic suspension & body control modules, autonomous riding systems & functional safety.
• Promote Cyber Security across the Business
• Deliver Cyber Security on projects, including:

• Item Definitions
• TARA's
• Cyber Security Functional Concept (Security Goals and Functional Level Requirements)
• Cyber Security Technical Concept (Attack Trees, Security Mechanisms Technical Level requirements)
• Distributed Cyber Security activities

• Develop and follow best practice working procedures to support Cyber Security activities.
• Develop the business Cyber Security lifecycle
• Support reviews with suppliers and internal reviews
• Report project progress and timing to the Vehicle Leads
• Communicate technical issues to the Lead Engineer(s)

Qualifications:

• BEng or MEng in Electrical / Electronic engineering, Systems Engineering or Cyber Security Engineering, and proven relevant experience.
• Evidence of ISO21434 (or similar) training.

Experience:
Essential

• Evidence of understanding of the System Vlifecycle
• Evidence of the ability to write effective unambiguous requirements at both functional and technical levels
• Evidence of the ability to understand architecture designs defined using Model Based System Engineering (MBSE)
• Evidence of the ability to perform Threat Analysis & Risk Assessments
• Evidence of the ability to understand/develop embedded electrical/electronic system security architectures and work with systems team to integrate into overall systems architecture.
• Evidence of the ability to understand the different security/design measure(s) that are available to protect electrical/electronic embedded system security architectures.
• Evidence of the ability to understand at a highlevel communication protocol(s) (e.g. CAN) and to understand the security/design approaches available to protect these communications.
• Use of tools for threat identification, analyses, requirements management, change & impact management.

Desirable

• Understanding of ISO 26262 (Functional Safety Concept Phase, Parts 3 and 4).
• Knowledge of UNECE Reg 155, CRA, PSTI
• Experience in the ISO 21434 lifecycle through concept, system, hardware and software design.
• Similar experience in Aerospace (e.g. ARINC), Defence (e.g. Def Stan 05138), Energy (e.g. IEC 62443).
• Experience in developing processes(s)/Procedure(s)/Work Instructions required to create required work products to support companies Cyber Security Case.
• Experience of using tools such as Vector CANoe/CANape, Vehicle Spy3 used by an attacker to categorise the system he/she is looking to attack.
• Knowledge of Securityby Design principles
• Working with suppliers through a CIA
• Experience with PREEvision.
• Experience in an automotive environment.
• Experience of Systems Theoretic Process Analysis (STPA)