The Role
Cyber Security is a fast paced and dynamic area within the Automotive Industry. You will be an elemental part of the Product Engineering teams delivering JLR products in a secure way always looking at improving the Cyber Security posture and responding to emergent threats.
In your role as a Cyber Security Technical Lead Engineer you will be responsible to guide the delivery engineering teams through the different technical steps to onboard the build processes into the JLR PKI, integrate with the different Cyber security tools in and off the CI/CD pipeline and make sure their operations run uneventfully. You will make sure the Product Engineering teams are set and ready within the right timeframes to ensure Vehicle Programme delivery.
Key Performance indicators
- Number of subsystems applicable to PKI and CI/CD per domain and per vehicle programme.
- % completion of ECUs onboarded in PKI QA by programme.
- % completion of ECUs successfully integrated signing service in the build chain by programme.
- % completion of Signing SW and Secure Boot assurance by programme.
- % completion of ECUs onboarded in PKI Production by programme.
- % completion of Subsystems onboarded into Cyber scanning tool.
Key accountabilities and responsibilities
- Support and onboard the engineering teams into the JLR PKI to enable signed SW.
- Support and define with the JLR Crypto Centre of Excellence special JLR HSM use cases.
- Lead the maintenance of the SW signing tool strategy.
- Work with the JLR Cyber Centre of Excellence to define, develop and integrate technical roadmap in Production.
- Support the business in any capacity related to the JLR HSM to guarantee Product Delivery.
- Support and onboard the SW and ECU engineering teams into the Cyber security scanning tool/s.
- Support the deployment and integration of SW and ECU teams into the CI/CD pipelines to ensure cyber services are fully integrated in the pipeline.
- Support the CSMS Compliance teams in topics related to PKIs, Signing service, CI/CD pipelines and Vulnerability analysis.
- Contribute to the FOSS compliance process.
- Support discussions around Distributed Interface Agreements with Tier 1s.
- Build/review Vulnerability reports.
- Report Risks and define a proper Risk management path for those.
- Support the Review/sign off subsystem Production Control Plan and Post development Release agreements.
- Support VSOC to triage and resolve incidents/vulnerabilities.
- Support type approval activities.
Key interactions
- Product engineering technology centres.
- JLR Crypto Centre of Excellence.
- JLR Security Operations Centre.
- Digital.
- Procurement.
- Industrial Operation and Service.
- Vehicle Programmes.
- Product Compliance.
- Corporate Strategy.
Knowledge, Skills and Experience
Essential
- Knowledge of Cryptography, specially in the embedded context.
- Knowledge of safety critical embedded SW, design, coding and build.
- Knowledge of python.
- High level knowledge of CI/CD and some level of YAML scripting.
- Experience working with suppliers.
- A demonstrable knowledge of high integrity systems, and secure software and / or hardware design principles, in an embedded environment.
- Knowledge of Cyber Security technologies used to protect embedded systems.
- Practical experience performing TARA, security concepts and other Cyber security artefacts mentioned in ISO 21434.
- An academic qualification in cyber security or equivalent experience. The ability to engineer in a way that is demonstrably compliant with standards and technical specifications.
- Excellent collaborative skills.
- An enthusiastic can-do attitude.
Desirable
- Knowledge of SW development around AUTOSAR environment, especially for Crypto services.
- Automotive experience preferred, but strong candidates from similar industries will also be considered (e. G. defence, aerospace, medical, Io T, rail).
- Knowledge of automotive architectures, communication protocols, and technologies
- Experience working and delivering in an agile team.
- Project management skills.