Senior Engineer- Penetration testing (Automotive)

• Work with the technical leads in various business divisions / eMobility projects and oversee critical aspects of software, firmware and hardware cybersecurity designs and implementations.
• Internally Interface with IT and business owners to prioritize cybersecurity efforts as and when required.
• Cybersecurity Validation for different product lines and ownership of audits (if any with OEM)
• Drive the overall delivery of Cybersecurity Workpackage at each stage of the product development.
• Provide technical expertise in the selection of appropriate Hardware and Software platforms based on the Cybersecurity needs of the projects.
• Provide technical expertise into the Vendor / Supplier, Customer and other key stakeholder legal agreements to consolidate Eaton's ability to deliver on Cybersecurity requirements.
• Provide technical coaching & mentoring to the lesser experienced Cybersecurity team members.
• Presenting key Cybersecurity related updates to Eaton leadership and key stakeholders.
• Act as Point of Contact (PoC) for all the Cybersecurity related activities for the eMobility projects, customers pursuits.

Qualifications:

• Bachelor's or master's degree in computer science, Electronics Engineering, Electrical Engineering or relevant field
• 5+ years of relevant experience in Product cybersecurity & embedded systems

Skills:

1) Understanding and experience in working across multiple phases of Secure Product Development Lifecycle, performing Penetration Testing of various technologies and Threat Modeling of products, systems and solutions. With a focus on Cloud / Industrial IoT / Critical Infrastructure products
2) Must be proficient in understanding of OS like RTOS and Linux
3) Understanding of memory maps for MCU/MPU and embedded architectures like ARM Cortex M0, M3, M7, A7, A9, RISC V platforms
4) Understanding cryptographic concepts like encryption, code signing, secure boot, crypto accelerators, random number generators. Development experience on these platforms will be an added advantage.
5) Perform Threat Analysis and Risk Assessment (TARA) on Eaton products as per ISO/SAE 21434 guidelines
6) Having hands-on experience in various Cybersecurity activities including but not limited to - Cybersecurity assessments and penetration testing, Authentication and access control, security protocols, secure coding, preferably on embedded, ICS and IoT products.
7) Understanding of hardware security concepts like debug port security, serial interface security, secure storage within the devices is must.
8) Must be able to read and understand the hardware schematics and printed circuit boards.
9) Having good understanding of protocols like CAN, LIN, Ethernet, Modbus, UART, USART, I2C, SPI, TCP, UDP, MQTT and similar other industrial protocols
10) Proficiency with tools such as Metasploit, CANoe, Wireshark, Burp Suite, etc.