Senior Engineer - Cybersecurity (Mobility)

Job Description

If you desire to be part of something special, to be part of a winning team, to be part of a fun team winning is fun. We are looking forward to a Senior Engineer - Cybersecurity (eMobility) in EATON India Innovation Centre, based in Pune, India. In Eaton, making our work exciting, engaging, meaningful; ensuring safety, health, wellness; and being a model of inclusion & diversity are already embedded in who we are - it s in our values, part of our vision, and our clearly defined aspirational goals. Your essential responsibilities include:
• Performing Vulnerability Assessment & Penetration Testing on existing and upcoming Eaton products, solutions & services spanning a wide range of technologies including Automotive ECUs, IoT devices, systems & solutions, web applications, mobile applications, thick clients, wireless devices, embedded systems deployed across industries such as eMobility, vehicle, hydraulics, and aerospace & electrical systems.
• Driving Threat Modeling and Risk Assessment (TARA) exercise with product teams early in the design and development phase to identify applicable cybersecurity requirements across a variety of Mobility related products, systems & solutions.
• Driving certifications of Eaton and Eaton brand labeled products under schemes like ISO 21434, IEC 62443, UL 2900 and other emerging standards.
• Providing hands-on guidance to product teams as they implement complex cybersecurity features and requirements in their products.
• Building tools and automation frameworks around security to achieve Eaton-scale impact.
• Evangelizing and providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like sales, services and product & project management.
• Monitoring evolving threat landscape, cybersecurity technologies, standards, frameworks and drive continuous improvement in Eaton s cybersecurity requirements, frameworks and processes.
• Support Cybersecurity Project management & OpEX processes to help drive efficiencies, optimizations & continuous improvements in CCoEs various processes & engagements
Qualifications
• Bachelor s or master s degree in Computer Science, Electronics Engineering, Electrical Engineering, Automotive Engineering.
• 5+ years of relevant experience in Embedded/Automotive product cybersecurity.
• Good understanding of Secure Development Lifecycle as it relates to Vehicle Cybersecurity and aligned to SAE/ISO 21434.
• Hands on experience in Vulnerability Analysis and Penetration testing of TCP/IP supported Automotive and embedded products.
• Experience in performing Threat Analysis and Risk Assessment (TARA) of a variety of Automotive and embedded products.
• Experience in Embedded and Automotive system communication protocols - JTAG, UART, SPI, I2C, CAN, UDS, XCP, J1939, LIN.
• Understanding of Device identity and integrity controls - On-Board/Off-Board key generation, secure boot, codesigning, OTA/FOTA Software Update, device life-cycle management (enrollment, provisioning, activation, suspend, revoke, re-provision/terminate)
• Understanding of secure libraries (e.g. bootloader etc.), Embedded Linux and RTOS
• Experience in firmware reverse engineering and device security hardening
• Understanding in executing vehicle level cyber security attacks - Grey box testing (Command injection, data corruption, back doors, Man in the middle attack, sensor manipulation, network overloading/etc.)
• Good to have understanding of Data and system security - application whitelisting, run-time system integrity check, anomaly detection, message signing, dynamic access control
• Good to have understanding of cryptography & PKI technology - Hash, Symmetric / Asymmetric encryption | RSA-X509, SSL, TLS/DTLS, PKCS, key management, certificate implementation
• Good to have experience in C and in secure C/C++ code review using of Static Analysis tools.
• Good to have experience in embedded system software secure architecture (e.g. TrustZone, OpenSSL, OP-TEE, Crypto engines)
• Familiarity with device security concepts such as Secure boot (using HSM, SHE, TPM, TEE etc.)
• Familiarity with AutoSAR Framework and ISO 21434 standards.
• Ability to work in and with diverse & multi-cultural and geographically dispersed teams
• Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management)
• Ability to present to various levels of engineering and business leadership globally.
• Be a technical mentor to other members of the team and beyond
,

Keyskills :
safetycommissioningsiteinspectiontroubleshooting