Cyber Security Analyst - Threat Modeling

Description :

A skilled Cyber Security Analyst is needed to ensure the security, integrity, and resilience of connected vehicle systems, embedded controllers, and in-vehicle networks.

The ideal candidate will assess vulnerabilities, implement security controls, monitor threats, and ensure compliance with automotive cybersecurity standards and regulations.

This role demands a strong technical understanding of embedded systems, automotive communication protocols, and cyber threat detection.

Key Responsibilities :

- Perform threat analysis and risk assessment for vehicle systems, ECUs, and connected components.

- Identify, analyze, and mitigate vulnerabilities in embedded automotive systems, networks, and applications.

- Develop and implement security policies, procedures, and best practices in line with ISO/SAE 21434 and UNECE WP.

- Monitor and analyze network traffic to detect anomalies and potential intrusions in CAN, LIN, FlexRay, and Ethernet communications.

- Collaborate with engineering teams to integrate security measures into the V-model development lifecycle.

- Conduct penetration testing and security validation of in-vehicle and backend automotive systems.

- Work with OEMs and Tier-1 suppliers to ensure security compliance across the supply chain.

- Investigate and respond to security incidents, conducting root cause analysis and corrective action planning.

- Stay updated with emerging automotive cybersecurity threats, vulnerabilities, and mitigation techniques.

Required Technical Skills :

- Strong knowledge of automotive communication protocols (CAN, LIN, FlexRay, Automotive Ethernet).

- Proficiency in threat modeling and risk assessment methodologies (HEAVENS, EVITA, OCTAVE).

- Hands-on experience with penetration testing tools (CANoe, CANalyzer, Wireshark, Scapy, Metasploit).

- Understanding of embedded systems security and firmware/hardware attack vectors.

- Familiarity with Public Key Infrastructure (PKI), secure boot, secure OTA updates, and cryptographic techniques.

- Knowledge of cloud-connected automotive backend security.

- Proficiency in scripting languages like Python or Bash for automation and analysis.

Preferred Qualifications :

- Bachelors or Masters degree in Computer Science, Information Security, Electronics, or related field.

- Certifications such as CEH, OSCP, CISSP, GIAC, or Automotive Cybersecurity certifications (ex : SAE/ISO).

- Experience with functional safety (ISO 26262) and integration with cybersecurity requirements.

- Exposure to AUTOSAR security modules