Cyber Security Consultant

Description

Who are we?

PlaxidityX is a global leader in the automotive cybersecurity industry. We protect drivers and manufacturers from cyber-attacks on their vehicles. We use top-notch technology and have several products for inside and outside the car. Our growing team is built of talented thinkers, and we are always looking for more!

Why PlaxidityX?

• You can be part of a leading company in the automotive industry
• You can help save lives
• You can work with cool challenging technology
• You can make an impact and help change the world

Role overview:

Help shape future automotive security architectures by analyzing future designs, use cases and architectures, identifying potential security gaps and suggesting appropriate solutions. Work closely with leading automotive companies and dive into the details of embedded system design, automotive networks and architectures as well as operating system security in order to design cost effective security strategies and implementations.

In your work you’ll be part of a team that consult to OEM’s and Tier#1 on how to raise the level of their cyber security. During this consultancy you will be required to:

• Perform Threat Analysis and risk assessment - TARA, mostly according to ISO-21434. Work with threat modeling tools and more.
• Create and write security requirements.
• Support organizations on their journey for compliance
• Be part of a highly professional group.

Key Responsibilities:

• Create processes and procedures to support customers to comply for the regulation; ISO-21434, UNR-155.
• Consult, present and work with OEMs and Tier-1 R&D teams on various security projects.
• Support on Automotive setup for ECU's
• Perform tests, scripts and pentesting for ECU's and Systems  

Requirements

• Regulation processes ISO 21434, UNR155, UNR 156.
• Experience with embedded systems, from both a HW and SW perspective, including topics like microcontrollers, HSMs, secure boot, access control, exploit mitigation techniques, ect.
• Knowledge of communication protocols. 
• Experience with analyzing complex systems from a cybersecurity perspective.
• Familiarity with regulation processes.
• Experience with threat analysis and risk assessment.
• Excellent written and verbal communication in English
• High self-learning abilities and a “get-things-done” attitude.

Advantages

• Offensive security background.
• Knowledge and experience in the following standards / methods:

1. A-SPICE
2. Cyber Security Management Systems (CSMS) and related processes, e.g. ISO/IEC 27000:2018
3. Risk Management Frameworks, e.g. ISO 31000, NIST Cybersecurity Framework, NIST SP 800-30 Risk Management Guidelines
4. Experience in Audit methodologies - auditor/assessor credentials is a plus
5. Knowledge of cryptographic algorithms and secure protocols.