Senior Product Security Engineer

ResponsibilitiesProvide consulting and advisory services to engineering teams heavily focused on automotive cybersecurityWork directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements developmentDevelop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partnersPerform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changesAssess the risks across the Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilitiesConduct research to identify new and novel attack vectors against products and servicesReview, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partnersRequired QualificationsFoundational knowledge of Automotive Cybersecurity (ISO21434/UNECE/NHTSA)Foundational knowledge of operating system security for LinuxFoundational knowledge of the CWE Top 25Develop, document and execute structured processes and procedures around automotive cybersecurityAbility to write proficiently in C++, Golang and PythonAbility to assess software and/or hardware components with and without full knowledgeAbility to work well with other assessment members and engineering partnersAbility to communicate effectively with technical and non-technical audiencesExperience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and conceptsExperience in vulnerability discovery and analysis, design review, and code-level security reviewsExperience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processesDesirable QualificationsRelevant automotive cybersecurity work experienceRelevant experience with Automotive Cybersecurity Frameworks (ISO21434/UNECE/NHTSA)Relevant work experience in offensive security, penetration testing or red teamingExperience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.#J-18808-Ljbffr

ResponsibilitiesProvide consulting and advisory services to engineering teams heavily focused on automotive cybersecurityWork directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements developmentDevelop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partnersPerform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changesAssess the risks across the Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilitiesConduct research to identify new and novel attack vectors against products and servicesReview, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partnersRequired QualificationsFoundational knowledge of Automotive Cybersecurity (ISO21434/UNECE/NHTSA)Foundational knowledge of operating system security for LinuxFoundational knowledge of the CWE Top 25Develop, document and execute structured processes and procedures around automotive cybersecurityAbility to write proficiently in C++, Golang and PythonAbility to assess software and/or hardware components with and without full knowledgeAbility to work well with other assessment members and engineering partnersAbility to communicate effectively with technical and non-technical audiencesExperience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and conceptsExperience in vulnerability discovery and analysis, design review, and code-level security reviewsExperience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processesDesirable QualificationsRelevant automotive cybersecurity work experienceRelevant experience with Automotive Cybersecurity Frameworks (ISO21434/UNECE/NHTSA)Relevant work experience in offensive security, penetration testing or red teamingExperience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.#J-18808-Ljbffr

• 

• Government Careers