6 Tara Jobs

Key Responsibilities: You will consult and hands-on assist multiple teams in creating risk analyses (e.g. TARA) and performing Threat Modeling (STRIDE) You will guide, teach, and train teams on how to create secure software architectures Actively adapting the software development process to benefit from modern tools to enhance security (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks) You will drive project decisions to roll out security measures You will actively check source code and configurations for potential security issues and guide/train development teams on how to prevent identified issues Required Experience and Skills Deep technical understanding of best-practice security features and internals of Linux (SELinux, dm-verity, Secure Boot, ...) and Android (Application Sandboxing, Permission Model, Encryption, Debugging, Secure Coding Practices, Authentication and Authorization, ...) Knowledge of isolation techniques and containerization mechanisms Experience in security source code reviews and active vulnerability hunting Professional experience in Threat Modeling (STRIDE), TARA and ISO 21434 A background in modern software development in C++ / Java / Kotlin on Linux / Android

DESCRIPTION The Security Manager is responsible for the Cybersecurity tasks related to a single development project. This includes: • Analysis of Cybersecurity Requirements provided by the OEM; • Providing a first point of contact for all engineering related cybersecurity questions referred to the project; • Development of the Cybersecurity specific work products for the project (Item Definition, Threat Assessment and Risk Analysis, Cybersecurity Concept, Cybersecurity Case) according to the PDP; • Maintenance of Cybersecurity specific work products over the whole project lifecycle; • Analysis of potential threat scenarios and vulnerabilities and coordination of remediation actions for the security incident response; • Support in developing a cybersecurity fortified system- and software architecture in cooperation with the System and the SW Architect; • Support of Cybersecurity related testing issues. KEY TASKS The Security Manager is responsible for the execution of the Cybersecurity related process steps in accordance to the PDP in order to assure the product degree of security in compliance with Quality/Costs/Timings. • Development of a Cybersecurity Item Definition according to the PDP; • Evaluation of all Cybersecurity Requirements provided by the OEM; • Ensuring the traceability of all Cybersecurity Requirements; • Conducting the Threat Analysis and Risk Assessment according to the PDP; • Development of a Security Concept according to the PDP; • Creating the Cybersecurity Case document; • Participation in the Change Request Management Process; • Participation in the Configuration Management Process; • Participation in the Problem Resolution Management Process; • Participation in the Project Management Process (especially for planning issues regarding Cybersecurity). The Security Manager is reporting to the Project Manager. GRANTED POWERS The rights and granted powers to the Security Manager are: • Evaluation (Accepting and Rejecting) cybersecurity requirements in coordination with the security officer; • Assessing security risk related to the project; • Selection of security countermeasures for risk mitigation; • Request all relevant information from development departments for the development of the Cybersecurity work products as defined by PDP. TECHNICAL REQUIREMENT In order to fulfill the position appropriately, a candidate for the Security Manager has to provide the following knowledge and abilities: • Knowledge in system architecture in the field of BHTC-products. • Excellent technical knowledge and experience in the development of automotive control units, preferably on the system level. • Cross-departmental methods (hardware, software, mechanics). • Ability to give presentations on cybersecurity to internal and external audiences. • Experiences with embedded systems in the automotive industry. • Profound know-how in the field of cyber security and cryptography, preferably in the context of embedded systems. • Knowledge of cryptographic network protocols and/or IT security. • Knowledge of typical hardware and software security mechanisms preferably used in the environment of automotive ECUs as well as common cryptographic algorithms is desirable. • Knowledge of related standards (UNECE R155, ISO/SAE 21434, ISO 26262, ISO/IEC 15504) • Knowledge of change management. • Knowledge of configuration management. • Knowledge of the BHTC processes. • Special tool knowledge: o MS-Office o DOORS o Configuration management tools (preferably PTC Integrity) o Requirement management: DOORS

Very good knowledge on Automotive CYS Domain with hands on expertise in ISO21434. Hand on experience on TARA. Development experience with Debugging on C++. Should have 5+ years of experience. Key Responsibilities: Automotive Cyber Security: Apply deep knowledge of the Automotive CYS Domain to develop, implement, and manage robust cybersecurity measures for automotive systems. ISO 21434 Compliance: Ensure all cybersecurity practices adhere to ISO 21434 standards. Develop and maintain processes and documentation to support compliance. Threat Analysis and Risk Assessment (TARA): Conduct comprehensive threat analysis and risk assessments. Identify, analyze, and mitigate potential security risks and vulnerabilities. Development and Debugging: Utilize C++ for the development and debugging of secure automotive software systems. Ensure software is resilient against cyber threats.

1. Certification Activities in the DHU ( certified candidate ) not mandatory. 2. Test reports for self-test items (i.e. FMVSS / KMVSS ) 3. Support the DHU Engineer with Cyber Security and stakeholder engagement (Knowledge)

Hands on experience in embedded C Programming, AUTOSAR SecOC configurations, Crypto stack configuration Automotive Security concepts, Hardware Security Manager (HSM) Working experience in AutoSAR BSW, ASW and RTE configuration, Generation and Testing. Strong working experience with tools : DNG, Rhapsody/Enterprise Architect and understanding of System Architecture for ADAS products ASPICE processes Tools experience: Vector CANoe, Vector Davinci tool chain, Lauterbach Good debugging skills, Python is good to have

Role & responsibilities Management & Competency Manage his team of engineers and technicians (yearly reviews, meetings, missions, objectives) Define the necessary qualifications and training plan for his team with the support of his management Develop a Cybersecurity expertise in automotive embedded, wireless communications and cloud interfaces and usage. Support Privacy engineering expertise development. Allocate his team staff in the projects activities Propose trainings and career evolutions with the support of his management Contribute to the recruitment of the members of his department Domain Skills: Must have worked in Automotive Embedded ECU development projects Work with all project stakeholders including Internal and External Monitor Project Progress including ( Effort, Budget, project milestones) Provide leadership and guidance to coach, motivate, and lead team members to their optimum Performance levels and career development. Perform appraisals interviews for direct reports and plan career path development. Handle technical responsibility for the project (quality and correct functionality of deliverables). Train and coach team members. Follow up with Team members on open actions. Responsible for Quality audit & compliance findings. Identify project specific training. Follow up on the projects as per defined project reporting mechanisms. Responsible for improving project team members efficiency." Technical Qualification : Autonomous in development methodologies and testing techniques Excellent Experience in handling the experience as cyber security lead/Manager Strong knowledge in ISO21434 and cybersecurity controls ( Secure, Boot, Debug, communication, Download ,etc.,) From 7 to 10 years of relevant experience Process, Methodology, Tools, Equipment Deploy the Engineering process, methodology and tools defined by / together with the Engineering discipline Mngr / Dir Provide inputs to the definition of processes, methods and the tools necessary to properly handle projects Ensure the full deployment of Quality Systems and Product Development methodology Deploy the improvement of the standards, methods & tools of his Engineering discipline Standardization & Robust Design Support Standards team by ensuring knowledge, training and implementation of the standards Identify and propose Destandardizations requests before release Ensure that each single design is achieving the highest level of Robust design.