Stellantis
Cybersecurity Engineer
Stellantis, Michigan Center, Michigan, United States, 49254
Job Description
Build your brand. Tell your story. Take advantage of a rare opportunity to start from the ground up and build something new and original. At Stellantis we are breaking with the past and launching a new software organization built from the ground up. The Stellantis Software Organization (SWx) was established in 2021 with an entirely new vision for the driver experience, and our mission to build the most captivating experiences in the latest frontier of Automotive Technology. We are seeking technology game changers to lead the digital transformation to this new world of automotive technology with a focus on the customer experience. If you're ready to help lead this automotive technology transformation, we want to hear from you. Visit https://careers.fcagroup.com/nextgen/ to learn more.
The Cybersecurity Engineer specifies the cybersecurity requirements, together with success criteria, for in-vehicle ECUs (Electronic Control Units) in consistence with the cybersecurity concept provided by the cybersecurity architect and the internal standards. He continues the work of cybersecurity system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cybersecurity architect.
The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements, also providing requirements on and supporting the definition of the interface between the vehicle and the off board – when applicable.
The Cybersecurity Engineer of extended surface review the test plans and test cases of the verification team.
The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface include wireless connections but also connection to the outside of the car. Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.
The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope and identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module etc. Examples of ECUs which are not classified as Regular Surface are Telematics Control Units and Head Units.
The core tasks of the Cybersecurity Engineer of extended surface are:
Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW)Write success criteria for all cyber security requirements (verification needs), review test plans and test casesInteract with delivery teams, mostly allocated in Tier1s component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycleInteract with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments)Perform the component follow-up and maintain up to date the component cybersecurity case sheetContribute to the component pentests definition and review the resultsSpecify the vehicle interface to the off board.Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned componentsProvide data for measurement of the activities (MAN.6).Contribute to improvement of processes (PIM.3)Requirements
Basic Qualifications:
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or related degree fieldProduct Requirements engineeringHands-on and theorical experience on definition of automotive products requirements, at system level and related success criteriaHands-on experience on integration with other teams implementing other parts of the development process: concept, development and validation in particular.Work experience with tools used to engineer products (e.g. Rational DOORS and IBM RTC)Understanding of ECUs (Electronic Control Unit) HW and SW architecture, functioningUnderstanding of ECUs development, manufacturing and operating functionsUnderstanding of ECUs diagnostic and maintenance operationsBasic knowledge of automotive cyber security controls, including
SW authenticityIdentity verificationFirewallingSegregation of processesMemory allocation and managementHW technologies, including EVITA HSM (Hardware Security Module), SHE (Security Hardware Extension), cryptographic accelerators, memory protection and registers settingsIntrusion detection systemsSpecific skills
symmetric and asymmetric schemesautomotive products applications (e.g. digital signature, encryption, hashing)in-products Keys Management
Understanding of Real Time Operating Systems and execution of SW in real time embedded systems (e.g. AUTOSAR, ERIKA)Understanding of connectivity out-ECUs (e.g. CAN and LIN) and in-ECUs (e.g. SPI)Types of memory, usage and partitioning (e.g. boots, application SW, calibration SW)Good knowledge of common cybersecurity patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, …)Good knowledge of security protocols (e.g., IPsec, TLS, SSH, …)Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management;Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., RSA, AES);Basic knowledge in C/C++ programming language;Basic knowledge of scripting language (e.g., JScript, bash, …);Basic knowledge of UML language;Basic knowledge of software engineering and requirements engineering.Basic knowledge of cryptology, includingPreferred Qualifications:
Master's degree in EngineeringGood knowledge of ISO SAE 21434: Road Vehicle - Cybersecurity EngineeringGood knowledge of the Object-Oriented Programming paradigmGood knowledge of Service Oriented Architecture design pattern and paradigmGood knowledge of web services architecturesAbility to work in multicultural teamsStrong skills in technical writing and presentingGood self-organization and analytical skillsGood proficiency in English
At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future.
Build your brand. Tell your story. Take advantage of a rare opportunity to start from the ground up and build something new and original. At Stellantis we are breaking with the past and launching a new software organization built from the ground up. The Stellantis Software Organization (SWx) was established in 2021 with an entirely new vision for the driver experience, and our mission to build the most captivating experiences in the latest frontier of Automotive Technology. We are seeking technology game changers to lead the digital transformation to this new world of automotive technology with a focus on the customer experience. If you're ready to help lead this automotive technology transformation, we want to hear from you. Visit https://careers.fcagroup.com/nextgen/ to learn more.
The Cybersecurity Engineer specifies the cybersecurity requirements, together with success criteria, for in-vehicle ECUs (Electronic Control Units) in consistence with the cybersecurity concept provided by the cybersecurity architect and the internal standards. He continues the work of cybersecurity system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cybersecurity architect.
The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements, also providing requirements on and supporting the definition of the interface between the vehicle and the off board – when applicable.
The Cybersecurity Engineer of extended surface review the test plans and test cases of the verification team.
The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface include wireless connections but also connection to the outside of the car. Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.
The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope and identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module etc. Examples of ECUs which are not classified as Regular Surface are Telematics Control Units and Head Units.
The core tasks of the Cybersecurity Engineer of extended surface are:
Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW)Write success criteria for all cyber security requirements (verification needs), review test plans and test casesInteract with delivery teams, mostly allocated in Tier1s component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycleInteract with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments)Perform the component follow-up and maintain up to date the component cybersecurity case sheetContribute to the component pentests definition and review the resultsSpecify the vehicle interface to the off board.Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned componentsProvide data for measurement of the activities (MAN.6).Contribute to improvement of processes (PIM.3)Requirements
Basic Qualifications:
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or related degree fieldProduct Requirements engineeringHands-on and theorical experience on definition of automotive products requirements, at system level and related success criteriaHands-on experience on integration with other teams implementing other parts of the development process: concept, development and validation in particular.Work experience with tools used to engineer products (e.g. Rational DOORS and IBM RTC)Understanding of ECUs (Electronic Control Unit) HW and SW architecture, functioningUnderstanding of ECUs development, manufacturing and operating functionsUnderstanding of ECUs diagnostic and maintenance operationsBasic knowledge of automotive cyber security controls, including
SW authenticityIdentity verificationFirewallingSegregation of processesMemory allocation and managementHW technologies, including EVITA HSM (Hardware Security Module), SHE (Security Hardware Extension), cryptographic accelerators, memory protection and registers settingsIntrusion detection systemsSpecific skills
symmetric and asymmetric schemesautomotive products applications (e.g. digital signature, encryption, hashing)in-products Keys Management
Understanding of Real Time Operating Systems and execution of SW in real time embedded systems (e.g. AUTOSAR, ERIKA)Understanding of connectivity out-ECUs (e.g. CAN and LIN) and in-ECUs (e.g. SPI)Types of memory, usage and partitioning (e.g. boots, application SW, calibration SW)Good knowledge of common cybersecurity patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, …)Good knowledge of security protocols (e.g., IPsec, TLS, SSH, …)Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management;Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., RSA, AES);Basic knowledge in C/C++ programming language;Basic knowledge of scripting language (e.g., JScript, bash, …);Basic knowledge of UML language;Basic knowledge of software engineering and requirements engineering.Basic knowledge of cryptology, includingPreferred Qualifications:
Master's degree in EngineeringGood knowledge of ISO SAE 21434: Road Vehicle - Cybersecurity EngineeringGood knowledge of the Object-Oriented Programming paradigmGood knowledge of Service Oriented Architecture design pattern and paradigmGood knowledge of web services architecturesAbility to work in multicultural teamsStrong skills in technical writing and presentingGood self-organization and analytical skillsGood proficiency in English
At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future.