Dana is looking to improve the efficiency and performance of vehicles with both conventional and alternative-energy powertrains by designing, developing, and maintaining technical cybersecurity control standards for use across Dana’s product platforms.
Requirements
- Deep expertise in ISO/SAE 21434 and its practical application.
- Proficiency using TARA tooling and conducting structured risk assessments.
- Hands-on experience with automotive and embedded network protocols
- Strong knowledge with embedded security controls, secure coding practices, and security principles
- Experience with frameworks such as CVEs, CWEs, MITRE ATT&CK, and Automotive Threat Matrix (ATM)
- Familiarity with electric powertrain systems
- Knowledge of ASPICE and ISO26262.
Responsibilities
- Develop and maintain a robust library of reusable, trusted security controls and associated requirements for Dana platform-based embedded systems.
- Lead cybersecurity requirements analysis and clarification with customers for reuse analysis of platform-based security controls, provide cybersecurity expertise during system architectural design reviews
- Produce and manage system requirements for cybersecurity across the product lifecycle, support cryptographic material management in manufacturing environment.
- Lead the Threat Analysis and Risks Assessment (TARA) and Cybersecurity Concept activities. Continuously update TARAs based on lessons learned from cybersecurity monitoring.
- Analyze cybersecurity events relevant to Dana products, perform vulnerability analysis and risk assessment, manage vulnerability throughout product lifecycle.
- Lead conversation related to cybersecurity vulnerabilities with customers. Support hardware and software vendors to reduce 3rd party cybersecurity vulnerabilities.
- Representing Dana in industry forums and working groups such as the Auto-ISAC.
Other
- Bachelor’s degree in electrical engineering, computer engineering, computer science, cybersecurity engineering, or related discipline
- 8+ years of experience in automotive or relevant embedded systems cybersecurity.
- Excellent communication and analytical skills
- Excellent organizational skills as demonstrated through executed production programs
- Ability to work independently as required and take ownership of project deliverables
