Cybersecurity Engineer

Job Description

Build your brand. Tell your story. Take advantage of a rare opportunity to start from the ground up and build something new and original. At Stellantis we are breaking with the past and launching a new software organization built from the ground up. The Stellantis Software Organization (SWx) was established in 2021 with an entirely new vision for the driver experience, and our mission to build the most captivating experiences in the latest frontier of Automotive Technology. We are seeking technology game changers to lead the digital transformation to this new world of automotive technology with a focus on the customer experience. If you're ready to help lead this automotive technology transformation, we want to hear from you.

Visithttps://careers.fcagroup.com/nextgen/ to learn more.

The Cybersecurity Engineer specifies the cybersecurity requirements, together with success criteria, for in-vehicle ECUs (Electronic Control Units) in consistence with the cybersecurity concept provided by the cybersecurity architect and the internal standards. He continues the work of cybersecurity system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cybersecurity architect.

The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements, also providing requirements on and supporting the definition of the interface between the vehicle and the off board - when applicable.

The Cybersecurity Engineer of extended surface review the test plans and test cases of the verification team.

The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface include wireless connections but also connection to the outside of the car. Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units.

The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope and identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module etc. Examples of ECUs which are not classified as Regular Surface are Telematics Control Units and Head Units.

The core tasks of the Cybersecurity Engineer of extended surface are:

 

• Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW)
• Write success criteria for all cyber security requirements (verification needs), review test plans and test cases
• Interact with delivery teams, mostly allocated in Tier1s component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycle
• Interact with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments)
• Perform the component follow-up and maintain up to date the component cybersecurity case sheet
• Contribute to the component pentests definition and review the results
• Specify the vehicle interface to the off board.
• Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned components
• Provide data for measurement of the activities (MAN.6).
• Contribute to improvement of processes (PIM.3)

FCA Canada Inc. is committed to providing accommodation for people with accessibility needs due to disabilities in all aspects of the hiring process. If you request an accommodation, we will work with you to meet your accessibility needs due to disability.

Requirements

Basic Qualifications:

 

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or related degree field
• Minimum THREE (3) years related experience
• Product Requirements engineering
• Hands-on and theorical experience on definition of automotive products requirements, at system level and related success criteria
• Hands-on experience on integration with other teams implementing other parts of the development process: concept, development and validation in particular.
• Work experience with tools used to engineer products (e.g. Rational DOORS and IBM RTC)
• Understanding of ECUs (Electronic Control Unit) HW and SW architecture, functioning
• Understanding of ECUs development, manufacturing and operating functions
• Understanding of ECUs diagnostic and maintenance operations
• Basic knowledge of automotive cyber security controls, including
  
  • SW authenticity
  • Identity verification
  • Firewalling
  • Segregation of processes
  • Memory allocation and management
  • HW technologies, including EVITA HSM (Hardware Security Module), SHE (Security Hardware Extension), cryptographic accelerators, memory protection and registers settings
  • Intrusion detection systems
• Specific skills
  
  • symmetric and asymmetric schemes
  • automotive products applications (e.g. digital signature, encryption, hashing)
  • in-products Keys Management
  • Understanding of Real Time Operating Systems and execution of SW in real time embedded systems (e.g. AUTOSAR, ERIKA)
  • Understanding of connectivity out-ECUs (e.g. CAN and LIN) and in-ECUs (e.g. SPI)
  • Types of memory, usage and partitioning (e.g. boots, application SW, calibration SW)
  • Good knowledge of common cybersecurity patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, ...)
  • Good knowledge of security protocols (e.g., IPsec, TLS, SSH, ...)
  • Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management
  • Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., RSA, AES)
  • Basic knowledge in C/C++ programming language
  • Basic knowledge of scripting language (e.g., JScript, bash, ...)
  • Basic knowledge of UML language
  • Basic knowledge of software engineering and requirements engineering
  • Basic knowledge of cryptology, including
• Legally authorized to work in Canada

Preferred Qualifications:

 

• Master's degree in Engineering
• Good knowledge of ISO SAE 21434: Road Vehicle - Cybersecurity Engineering
• Good knowledge of the Object-Oriented Programming paradigm
• Good knowledge of Service Oriented Architecture design pattern and paradigm
• Good knowledge of web services architectures
• Ability to work in multicultural teams
• Strong skills in technical writing and presenting
• Good self-organization and analytical skills
• Good proficiency in English

At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future.