As the Cybersecurity Management System (CSMS) Security Engineer, you will work closely with CSMS Lead, along with Vehicle Software Development Org and both JV Parent brands to ensure the company’s alignment with ISO/SAE 21434 and ISO/SAE 24089 in the Security Engineering Process. You will play a critical role in ensuring that security by design principles are part of the core business of the company. Supporting the building out a compliant security

program, and translating product security requirements into the architecture and both software and hardware security requirements. This role will be located at one of our locations in Palo Alto, CA, Irvine, CA, or Normal, IL. and report directly to the Red Team Lead, Vehicles.

● Alignment to ISO 21434 and 24089: Building out processes, procedures, security goals

and requirements to ensure the company aligns to these standards. Partnering with

stakeholders across the company to document requirements and working with the

security validation testing team to ensure all requirements are met.

● Building out Governance, Risk and Compliance Program: Building out a program

that documents the company’s and individual vehicle programs' security risks and

compliance to compliment the overall company GRC program. Ensuring continuous

improvement on the overall Security Engineering process that aligns to 21434.●

● Continuing to enhance the Threat Assessment and Risk Analysis Program :

Improving on current TARA process and documentation. Supporting the Product Security

team and vehicle software teams in documenting risks and security requirements to

mitigate them.

● Support Secure Development Lifecycle: Collaborate with other Product Security

teams around SDLC and ensure alignment to the vulnerability management process.

Reporting up quarterly metrics to software org leadership.

● Documenting Security requirements based on Risk: Collaborate with other Product

Security teams, Vehicle Software development org, and vehicle architecture teams in

documenting requirements in JAMA that are developed within the Security Engineering

process. So that those requirements can be validated by the Product Security Validation

team. And evidence can be shared with our JV parent brands.

● B.S. in Information Security, Computer Science, Computer Engineering, or a related

field.

● 2+ years of experience in Automotive Industry and carrying out GRC (Governance, Risk,

Compliance) activities.

● Knowledge of embedded systems development

● Experience in carrying out TARAs (Threat Assessment and Risk Analysis) and Security

Reviews

● Experience with compliance with ISO 21434, EU R155 and R156

● Experience operating with Confluence, JIRA, and JAMA applications

● Experience working with cross functional teams both internal and external organizations

● Ability to work in a fast-paced development environment.

● Good team player with excellent communication skills.

● Hands-on approach, proactively identifying and filling in gaps where needed.