Senior Product Cybersecurity GRC Engineer at The Judge Group Inc. in Novi, Michigan

Posted in Other about 5 hours ago.




Job Description:

Location: Novi, MI

Description: Our client is currently seeking a Senior Product Cybersecurity GRC Engineer



This job will have the following responsibilities:




Here is the job description for your review:



Role: Product Cybersecurity Engineer



Job Type: Contract



Location: Wyoming, MN or Novi, MI or Remote




Job Description:




TOP SKILLS/REQUIREMENTS:


Must Haves:
  • Experience conducting Threat Analysis and Risk Assessment (TARA). This team will complete both internal and external requests for feature and architectural level requests to the interface. Their team is backlogged on this currently.
  • Understanding of cybersecurity architecture, controls, and programming
  • 3+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas. This person will work with the team to define strategy and security architecture for connected vehicle security- using the above skills to secure interfaces.
  • Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.
  • Experience or knowledge setting up and managing Key Management systems. They have others on the team who can assist with this, but the purpose behind it is that this team works with their service providers to issue security certificates which enable secure communication between the physical vehicle and their back office.

    • Nice to haves:
  • Experience with Itemis Secure (or similar) to perform (TARAs). This would be a huge plus for the team, but is not required.
  • Prior automotive experience, prior powersports experience is even better!



    • Understanding of cybersecurity architecture, controls, and programming

    Experience conducting Threat Analysis and Risk Assessment (TARA)

    Experience with Itemis Secure (or similar) to perform (TARAs)


    ESSENTIAL DUTIES & RESPONSIBLITIES


    Support the Chief Cybersecurity Engineer in developing, communicating, and implementing client's enterprise-wide product cybersecurity strategy & roadmap

    Provide guidance to stakeholders (product owners, development teams, system engineers) on security concerns and recommended controls

    Execute threat analysis and risk assessment (TARA) on vehicle, feature, system and component levels and mitigate identified risks by defining appropriate cybersecurity controls to the risks

    Develop, refine, and review cybersecurity requirements and gain approval from Chief Cybersecurity Engineer

    Perform design reviews over internal and external cybersecurity solutions and mitigate cybersecurity weaknesses or vulnerabilities throughout of product life cycle

    Define in-vehicle cybersecurity architectures, develop cybersecurity controls, e.g., secure boot, secure reprogramming, security access, IDS/IPS, etc. and secure vehicle to back-office communication interfaces

    Manage and provide guidance on key management system and internal use of PKI, support supplier usage of client PKI system, collaborate with the KMS vendor to resolve issues quickly

    Collaborate with Ride Command team to ensure a robust overall connected ecosystem cybersecurity from a product, app, web, and cloud standpoint

    Support triage and prioritization of vulnerabilities identified during verification and validation phases, e.g., static code analysis, OSS vulnerability scanning, fuzz testing, penetration testing

    Support institutionalization of ISO/SAE 21434 processes across client and produce ISO/SAE 21434 compliant work products

    Support regulatory compliance such as UNR 155, CRA, Radio Equipment Directive

    Support supply chain integrity and security initiatives to secure client's supply chain, e.g., HBOM, SBOM, etc.

    Promote cybersecurity culture by providing cybersecurity training to team members on a regular basis

    Additionally, you may:


    Support internal and external connected device penetration testing execution

    Support cybersecurity validation engineer in root cause analysis

    Participate in and support Auto-ISAC working group

    Investigate new cybersecurity technologies and recommend appropriate technologies to adopt in vehicles

    Analyze connected vehicles related cybersecurity intelligence and share with broader team

    Adopt product cybersecurity industry best practices for continuous improvement

    SKILLS & KNOWLEDGE

    Minimum Qualifications:


    Bachelor's degree in computer science, computer engineering, software engineering, electrical engineering, IT security or other relevant domains

    3+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas

    Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.

    Experience with setting up and managing KMS, PKI, CA, certificate/key generation, distribution, storage, renewal, revocation, etc.

    Experience with conducting threat analysis and risk assessment

    Experience with developing cybersecurity goals and requirement specifications

    Experience with designing cybersecurity controls, such as secure boot, secure reprogramming, security access, security gateway, IDS, IPS, security hardening, etc.

    Experience with SELinux, App Armor, Hypervisor, TEE, HSM, etc.

    A self-starter with minimum supervision

    Excellent written and verbal communication skills

    Preferred Qualifications:


    Advanced degree in cybersecurity

    10+ years of experience in automotive product cybersecurity

    Experience with symmetric and asymmetric cryptography, digital signature, hash, message authentication, encryption, key exchange

    Experience with developing telematics, infotainment, or other connected ECUs

    Experience with implementing and executing ISO/SAE 21434 processes

    Understanding of cybersecurity regulations, standards and best practices, e.g., UNR 155, CRA, Radio Equipment Directive, Machinery Regulation, ISO/SAE 21434, NIST/NHTSA/Auto-ISAC best practices, etc.

    Experience with CAN, CAN-FD, J1939, Ethernet, USB, SPI, UART, JTAG, etc.

    Understanding of embedded RTOS and Linux based operating systems

    Experience with reporting, managing, and closing security issues in tools such as Jira

    Experience with at least one modern software programming language (C, C++, C#, Python, Java, etc.)

    Experience with Itemis Secure to perform TARAs



    Contact: bpant@judge.com


    This job and many more are available through The Judge Group. Find us on the web at www.judge.com
    More jobs in Novi, Michigan
    General Business
    about 1 hour ago
    Online Grocery Pick-Up Clerk

    Kroger
    Novi, Michigan
    Other
    about 6 hours ago
    Auto Care Center

    Walmart
    Novi, Michigan
    More jobs in Other
    Other
    1 minute ago
    Director, Discovery Chemistry

    ModernaTX, Inc.
    Cambridge, Massachusetts
    Other
    1 minute ago
    2025 Co-Op, Clinical Operations, Global Public Health Programs

    ModernaTX, Inc.
    Bethesda, Maryland
    Other
    1 minute ago
    Associate Director, eCommerce Strategy

    ModernaTX, Inc.
    Princeton, New Jersey

    • About
    • disABLEDperson, Inc. is a 501(c)3 non-profit organization whose mission is to reduce the high unemployment rate of individuals with disabilities.
    • "We are simply here to serve."
    © 1999 - 2025 Disabled Person, Inc. | Terms and Privacy Policy