Embedded Product Cybersecurity Engineer

BorgWarner PowerDrive Systems’ engineers develop and deploy innovative powertrain systems enabling the next generation of efficient, clean and intelligent drivetrain solutions. Our products must provide exceptional performance, efficiency and value in challenging safety- and security-critical environments. To accomplish this, we are looking for talented, passionate engineers who bring fresh ideas with their unique knowledge and experience to develop elegant solutions to these complex engineering problems.
The Cyber Security Engineer (CSE) works within the systems engineering function and is directly engaged with the development of secure, robust and resilient vehicle solutions for powertrain electrification (BEV, HEV, EV, etc) projects. Those solutions range across hardware and software, including but not limited to immobilizers/anti-theft devices, manipulation detection system, secure boot methods, key storage and management, secure on-board communication and secure diagnostics, hardware trust anchors (microcontroller hardware security modules). The CSE supports the development team in ensuring all aspects of the stakeholder requirements are implemented and tested according to the latest automotive cybersecurity standards and best practices.

Key responsibilities
 

• Conduct the cybersecurity activities for a given project with a collaborative team that takes into consideration customer specifications, the cybersecurity process and bring their own experience into what is needed
  • Interface with customer on technical cybersecurity requirements and issues
  • Create a cybersecurity assurance case per project and the related documentation that provides the argument for the achieved degree of cybersecurity on their project
• Perform cybersecurity risk assessments and threat modelling within a product scope
  • Analyse and determine safety, financial, operational and privacy issues identified in a risk analysis
  • Where there are safety impacts, work with the Functional Safety (ISO 26262) team to find solutions that do not compromise safety or security
  • Suggest countermeasures appropriate to the project given the technical constraints or operational limitations
  • Create and maintain a knowledge database of typical assets, threats and attack paths for our product portfolio to leverage re-use
• Create and maintain solutions to manage cybersecurity risks
  • Drive cybersecurity solution development and provide technical support for hardware and software teams
  • Engage with suppliers to evaluate cybersecurity capabilities and track reported vulnerabilities
  • Evaluate new tools (Threat Analysis tool, Software Bill of Material tool, etc.)
  • Be part of vulnerability monitoring and incident response teams
• Follow and contribute to the secure development lifecycle at BorgWarner
• Network and maintain a high-level of industry knowledge (e.g. participation in Auto-ISAC events, SAE workshops)
• Help promoting a safety and security culture
  • Support the roll-out of processes and procedures compliant with latest cybersecurity standards and regulations
  • Assist in training and raising awareness, organizing events

What we are looking for
 

• 2+ years of experience in an embedded cybersecurity position or 4+ years in an embedded systems development, preferably for ASPICE compliant projects
• Understanding of multi-core embedded microcontrollers that use HTAs (hardware trust anchors) or HSMs (hardware security modules)
• Understanding of cybersecurity specific testing such as penetration and fuzz testing
• Passionate and forward-thinking about cybersecurity and the needs of the ever-changing automotive industry
• Good understanding of formal risk assessment and management, knowledge of NIST SP-800-30 and ISO IEC 31010
• Experience in the automotive or transportation domain
• Experience with requirements engineering, ability to navigate through multiple customer specifications as well as published standards and policies (UNECE WP.29 R155 CSMS, R156 SUMS, ISO/SAE 21434)
• Familiarity with cryptography and cybersecurity concepts such as defense in depth, access control models, memory protection, secure boot, Secure Coding, public key infrastructure (PKI)
• Ability to work easily with Office software suite and engineering software (prior experience with simulation or analysis tools like Ansys Medini Analyze for instance).
• Strong communication and analytical skills
• Ability to work independently, take ownership of project deliverables, go above and beyond the task at hand
• Fluency in English is required. German and/or French would be an advantage.
• Occasional travel, domestic and international.

EEO Statement

BorgWarner is an equal employment opportunity employer such that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity/expression, national origin, disability or protected veteran status.

Internal Use Only: Salary

Global Terms of Use and Privacy Statement

Carefully read the BorgWarner Privacy Policy before using this website. Your  ability to access and use this website and apply for a job at BorgWarner are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the geographical area where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.

Career Scam Disclaimer:  BorgWarner makes no representations or guarantees regarding employment opportunities listed on any third-party website.  To protect against career scams, job applicants should take the necessary precautions when interviewing for and accepting employment positions allegedly offered by BorgWarner.  Applicants should never provide their national ID numbers, birth dates, credit card numbers, bank account information or other private information when communicating with prospective employers or responding to employment opportunities online.  Job applicants are invited to contact BorgWarner through BorgWarner’s website to verify the authenticity of any employment opportunities.