Product Cybersecurity Engineer | Connected Vehicles (27335)

Our client, a global powersports leader, is looking for a Product Cybersecurity Engineer for connected vehicles. The Polaris team builds world-class connected vehicle solutions for motorcycles and off-road vehicles. As a Cybersecurity Engineer, you will be responsible for developing cybersecurity requirements, designing in-vehicle cybersecurity architecture, securing vehicle to back office communication interfaces, reviewing and evaluating suppliers’ and technology vendors’ cybersecurity solutions, conducting threat analysis and risk assessment, managing key management system and public key infrastructure, and contributing to the development of further product cybersecurity strategies and technology roadmap. Interest in powersports is a plus!

Job Title: Product Cybersecurity Engineer

Contract Duration: 6-months + potential to convert

Worksite Location: Wyoming, MN or Novi, MI | hybrid

Pay: $50- $70 p/h

What you’ll do:

• Collaborate with the Chief Cybersecurity Engineer to develop, communicate, and implement an enterprise-wide cybersecurity strategy and roadmap for products.
• Provide expert guidance to stakeholders, including product owners, development teams, and system engineers, on cybersecurity concerns and recommended security controls.
• Perform threat analysis and risk assessments (TARA) on vehicle, feature, system, and component levels; mitigate identified risks by defining and implementing appropriate cybersecurity controls.
• Develop, refine, and review cybersecurity requirements, and gain approval from the Chief Cybersecurity Engineer.
• Conduct design reviews of internal and external cybersecurity solutions, identifying and mitigating vulnerabilities throughout the product lifecycle.
• Define and implement in-vehicle cybersecurity architectures, including secure boot, secure reprogramming, security access, IDS/IPS, and secure vehicle-to-back-office communication interfaces.
• Oversee and provide guidance on the key management system (KMS) and the internal use of Public Key Infrastructure (PKI). Support the use of the Polaris PKI system by suppliers and collaborate with KMS vendors to resolve issues.
• Work closely with the Ride Command team to ensure cybersecurity across the entire connected ecosystem, including product, app, web, and cloud platforms.
• Support the triage and prioritization of vulnerabilities identified during verification and validation phases, including static code analysis, OSS vulnerability scanning, fuzz testing, and penetration testing.
• Assist in the implementation of ISO/SAE 21434 processes across the organization and ensure compliance with the standards, producing ISO/SAE 21434-compliant work products.
• Support regulatory compliance initiatives related to cybersecurity standards, such as UNR 155, CRA, and Radio Equipment Directive.
• Contribute to supply chain integrity and security initiatives, such as HBOM, SBOM, etc., to secure the company's supply chain.
• Promote a strong cybersecurity culture within the organization by providing regular training to team members on best practices and emerging threats.

What you’ll bring to the Customer Experience Representative role:

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, IT Security, or a related field.
• 3+ years of experience in automotive cybersecurity, embedded system security, IoT security, or cyber-physical system security.
• Expertise in securing wireless communication protocols such as cellular, Wi-Fi, Bluetooth, BLE, satellite communications, and RF.
• Experience in setting up and managing Key Management Systems (KMS), PKI, Certificate Authorities (CA), and the lifecycle management of certificates/keys (generation, distribution, storage, renewal, revocation).
• Strong background in threat analysis and risk assessments.
• Proven ability to develop cybersecurity goals and requirement specifications.
• Hands-on experience designing cybersecurity controls (e.g., secure boot, secure reprogramming, security gateways, IDS/IPS, security hardening).
• Familiarity with security technologies such as SELinux, AppArmor, Hypervisor, Trusted Execution Environments (TEE), and Hardware Security Modules (HSM).
• Self-starter with the ability to work independently with minimal supervision.
• Excellent written and verbal communication skills.

Preferred Qualifications

• Advanced degree in Cybersecurity or a related field.
• 10+ years of experience in automotive product cybersecurity.
• In-depth knowledge of symmetric and asymmetric cryptography, digital signatures, hashing, encryption, key exchange, and message authentication.
• Experience in developing telematics, infotainment, or other connected ECUs (Electronic Control Units).
• Practical experience implementing ISO/SAE 21434 processes.
• Strong understanding of relevant cybersecurity regulations, standards, and best practices, including UNR 155, CRA, Radio Equipment Directive, ISO/SAE 21434, NIST, NHTSA, Auto-ISAC, etc.
• Familiarity with communication protocols like CAN, CAN-FD, J1939, Ethernet, USB, SPI, UART, JTAG.
• Experience working with embedded RTOS and Linux-based operating systems.
• Skilled in using tools like Jira for managing and reporting security issues.
• Proficiency in at least one modern programming language (e.g., C, C++, Python, Java).