Cybersecurity Specialist

Description:

Job Description: 

We are looking for an experienced and highly motivated Cybersecurity Specialist to join our growing System Engineering discipline and provide subject matter expertise and guidance throughout the product cybersecurity engineering lifecycle (Requirements, Design, Implementation, V&V, Monitoring and QA).

This new role will be shaped by the right candidate and is related to software-intensive mechatronic and software-only products (embedded, mobile, cloud) not IT.

You will be dealing directly with customers, understanding security needs, and then designing technical security solutions, working closely with Engineering, PMO, Product, Industrialization and Operation functions.

The Role:

Security-related requirements elicitation.

Create, review, and approve architecture, design, delivery and test documentation and other artefacts used in the design and delivery lifecycle by CEL and its partners.

Conduct and moderate security analysis using TARA methodology according to ISO 21434 (System Driven or Component Driven).

Actively represent the security domain within business project initiatives, providing technical security leadership to ensure that security requirements and outcomes are defined and considered throughout the lifecycle of projects and products from conception to operation.

Act as an SME for security requirements and design input across several projects or technologies.

Cybersecurity monitoring planning and coordination along with vulnerability management.

Cybersecurity process improvement and quality assurance.

Provide effective governance and assurance of security deliverables by our partners and internal teams.

Coordinate with Group IT Security on areas of synergy between product engineering and IT.

Support the Programme and Project Managers in project planning, risk and issue management and the budgeting process.

Consider the health and safety, environmental and energy impact of all activities.

Support the Company’s compliance with the Data Protection Act 2018, following policy and best practice.
Candidate Profile: 

Proven experience of Implementation of cybersecurity engineering following ISO/SAE 21434, Automotive SPICE for cybersecurity and UNECE R.156 and R1.155.

Applying cybersecurity to automotive ECUs (Telematics or Infotainment unit) and off-board connected services.

Must have a strong knowledge of system architectures and be able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and how easy or difficult it will be to exploit these vulnerabilities.

Experience in Securing and containing Legacy Systems, such as Micro Segmentation, Hardening etc.

Knowledge of encryption standards, technologies, and key/certificate management.

Experience in requirements engineering, design in UML and traceability according to V-Model and ASPICE.

Experience with developing and implementing comprehensive IAM strategies and policies.

Experience in documenting and implementing processes, procedures, and architecture/design/decision templates is vital.

Must be able to work at multiple levels within the organisation from technical delivery to senior management.

Must be well versed in the application of security policies and standards, governance, compliance, risk management and technical assurance practices.

Experience of Security Management Plan (SMP), Security Case / Security Case Report Generation.

Cybersecurity certified (e.g. CISSP, CISM, CEH etc)
Desirable Experience:

Working knowledge of multiple software platforms: e.g., AUTOSAR, Embedded Linux, Android, AWS/Azure.

Experience in several regulated industries in addition to Automotive.

System, Hardware, and Software Engineering hands-on experience in various capacity.
Soft Skills:

Comfortable working with limited supervision.

Team player with tested social skills.

Solution minded.

Structured way of working.

Very good communicator at both technical and business levels