ASPICE Cybersecurity Engineer (ISO/SAE 21434)

at  CS Group

COMPANY DESCRIPTION

CS Group Canada, a subsidiary of CS Group, a company within the Sopra Steria Group, is an accelerator of Functional Safety and Cybersecurity for companies developing critical embedded technologies (Avionics, Autonomous Driving, Transport Electrification). Our clients are OEMs and Tier 1 suppliers in the aerospace, automotive, defense, and rail sectors, seeking to obtain Functional Safety (ISO 26262, DO-178C, DO-254, ARP-4761, ARP-4754, EN50128) and cybersecurity certifications (DO-326A, ISO 21434, UN-R155) to market their technologies.

JOB DESCRIPTION

Today, we are looking for a Automotive SPICE Cybersecurity Engineer to provide training, deployment plans, coaching and expertise services to companies regarding the cyber security standards applicable to their domain, such as ISO 21434 for automotive or IEC 62443 for IACS.

QUALIFICATIONS

• Bachelor or Master’s degree in Cybersecurity and relevant disciplines
• Minimum of 3 years experience in systems engineering in domains such as automotive, aerospace, medical, nuclear.
• Experienced on ASPICE / QMS with strong knowledge on Cybersecurity.
• Knowledge of the J3061 and ISO21434, IEC 62443 or other similar cybersecurity standards
• Experience in a position requiring excellent understanding of hardware and embedded software as well as the larger system picture.
• Full system, hardware, or software V development lifecycle and ASPICE experience (requirements, design, implementation, verification, and testing).
• Knowledge of implementing cybersecurity solution in embedded system such as HSM, secure boot, secure diagnostic, secure on-board communication and secure end-to-end architecture and secure OTA update (according to UN R156 SUMS)
• Knowledge and experience in testing system and software in the context of cybersecurity threats
• Curiosity, autonomy, pro-activity and ability to find innovative solutions and compromises.
• Strong communication skills

• Experience in developing cybersecurity frameworks and cybersecurity management systems (CSMS), as per UN R155
• As a coach, provide training and guidance to the automotive system & software development teams to reach their quality targets and apply their competences into the processes/methods development and improvement.
• Perform gap analysis regarding the client current development process and the applicable cybersecurity standard requirements.
• Conduct reviews of processes, tools and methods to ensure compliance with QMS & ASPICE requirements.
• Prepare risk analysis in accordance with ISO 21434 (TARA), IEC 62443, for complex systems, HW and SW in view of improving the design proposing secure implementations (Optional)
• Participate in technical discussion as part of business development efforts.
• Give guidance on how to perform cybersecurity testing related activities.
• Participate in the elaboration of test plans and their execution for cybersecurity aspects such as but not limited to:
• Penetration testing
• Fuzz testing
• Vulnerability Analysis