This position acts as the internal expert in and is responsible for the assessment of products designed in North America to ensure that they meet all company, customer and inherent Cyber Security requirements. Discovers these risks through penetration testing, specification, code review, and interpreting Security Bulletins published by various security organizations such as the FBI, Department of Homeland Security, Auto-ISAC, etc.
Programming knowledge and hacking is important. This role will assess products and find out if there’s a way for a hacker to get in and take the product over. The products are communicating to the vehicle and internet.
This position will analyze customer requirements and assess from those requirements what threats are out there and develop a security plan for the products.
Documentation is important. Will work and train with the design engineers who are developing the product.
Specific responsibilities include:
- Cyber assessment of ECU products designed in North America to identify potential security risk to be compromised by hackers
- Development of Security by Design Training for Design teams.
- Primary contact for all Product Security Incident Response team (PSIRT) activity
- Delivery of Security by Design Training
- Collaborates with the Quality division and DENSO Japan to continually improve the PSIRT process and capabilities
- Cyber security consulting for design teams and production personnel in the plants
- Exercises wide latitude in establishing and implementing internal Cyber Security policies and procedures
- Trains or mentors other associates in gaining and/or increasing skill level in cyber security compliance.
- BS in Computer Science or Software Engineering from an ABET accredited university
- Minimum of 5+ years’ experience in cyber security related fields as a researcher or as a security specialist
- Knowledge of and experience in the use of common tools used by hackers to identify cyber vulnerabilities and exploit them (i.e. Metasploit)
- Understanding of the terminology used in cyber security related bulletins specifically related to what the terms mean functionally and how they can be used to exploit weaknesses in our products or environments
- Interpersonal communications skills to translate cyber security language for non-cyber security professionals, particularly design engineers
- Documentation skills for reporting on assessment results, vulnerabilities, and tracking remediation efforts and resolution
- Ability to deliver formal training sessions on Security By Design, as well as the ability to deliver presentations at industry related meetings and conferences
- Demonstrates excellent judgment and decision making skills
- Project management skills, including identifying and scheduling process steps, determining resources and staff required to successfully complete assigned projects or project steps and reporting on project
- Ability to apply process improvement planning to assist self and others with identifying gaps in work results
- Proficiency in Microsoft Office products such as Word, Excel and PowerPoint
- MS in Computer Science, Computer Engineering, Software Engineering from an ABET accredited university
- History or background in corporate and/or classroom training (security by design)
- Professional certifications in Cyber Security