Informations générales

Entité de rattachement

Nous rejoindre, c'est intégrer une entreprise d'envergure mondiale. Mû par la recherche permanente de l'innovation et de l'excellence, pionnier et leader des technologies propres et de la mobilité durable, le Groupe entend rester à la pointe des grandes tendances qui font bouger le monde.

Fort de son efficience, de son agilité et de son esprit d'équipe, le Groupe fait preuve d'exigence et d'audace pour définir la mobilité de demain.

Pour réussir ces transformations, l'entreprise a besoin de tous les talents. Rejoignez-nous !

Chez Stellantis, nous évaluons les candidats selon leurs qualifications, leurs mérites et les besoins du métier. Nous accueillons les candidatures des personnes de tout genre, âge, ethnie, nationalité, religion, orientation sexuelle, et handicap. La diversité de nos équipes nous permettra de mieux appréhender l'évolution des besoins de nos clients et de notre environnement futur.  

Référence

2024-15405  

Description du poste

Filière/Métier

ICT, Digital & Data - ICT, Digital & Data

Intitulé du poste

CYBERSECURITY ENGINEER

Contrat

CDI

Statut

Cadre

Description de la mission

The Cybersecurity Engineer specifies the cybersecurity requirements, with success criteria, for in-vehicle ECUs in consistence with the cyber concept provided by the cyber architect and the internal standards. He continues the work of cyber system requirements elicitation (ASPICE SYS.1), analysis (ASPICE SYS.2) and system architectural design (ASPICE SYS.3) started by the cyber architect
The Cybersecurity Engineer is in charge to follow the correct implementation of the cybersecurity requirements
The Cyber Engineer is also providing requirements on and supporting the definition of the interface between the vehicle and the off board – when applicable
The Cyber Engineer of extended surface review the test plans and test cases of the verification team
The mention to Extended Surface is used to identify the type of ECU (Electronic Control Units) which will be in scope. Among other criteria, it identifies the ECUs whose attack surface include wireless connections but also connection to the outside of the car.
Complex Operating Systems such as QNX or Linux-based or a hypervisor. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units
The mention to Regular Surface ECUs is used to identify the type of ECU (Electronic Control Units) which will be in scope. It identifies the ECUs whose attack surface does not include wireless connections. In most cases, these ECUs will result to be running Real Time Operating Systems such as AUTOSAR implementations with no hypervisor. Examples of Regular Surface ECUs are: engine control unit, brakes control unit, door control module. Examples of ECUs which are not classified as Regular Surface are: Telematics Control Units and Head Units
The core tasks of the Cyber Engineer of extended surface are:
Specify cybersecurity system requirements detailing the concept received in input from architects to provide adequate level of specification (system requirements, system requirements allocated to SW, system requirements allocated to HW)
Write success criteria for all cyber security requirements (verification needs), review test plans and test cases
Interact with delivery teams, mostly allocated in Tier1 component suppliers but can also be internal to Stellantis, to ensure that cybersecurity contents are implemented along the product lifecycle
Interact with HW and SW development departments to support their requirements analysis (ASPICE SWE.1) of cybersecurity requirements (for implementation by these departments)
Perform the component follow-up and maintain up to date the component cybersecurity case sheet
Contribute to the component pentests definition and review the results
Specify the vehicle interface to the off board
Support the specified level of triage in case of security findings (e.g. vulnerabilities and incidents) impacting the assigned components.
Provide data for measurement of the activities (MAN.6).
Contribute to improvement of processes (PIM.3)

Profil

EDUCATION: Master's degree in computer science engineering or computer science or equivalent.
TECHNICAL SKILLS required
• Product Requirements engineering
o Hands-on and theorical experience on definition of automotive products requirements, at system level and related success criteria
o Hands-on experience on integration with other teams implementing other parts of the development process: concept, development and validation in particular.
o Work experience with tools used to engineer products (e.g. Rational DOORS and IBM RTC)
o Understanding of ECUs (Electronic Control Unit) HW and SW architecture, functioning
o Understanding of ECUs development, manufacturing and operating functions
o Understanding of ECUs diagnostic and maintenance operations
• Basic knowledge of automotive cyber security controls, including
o SW authenticity
o Identity verification
o Firewalling
o Segregation of processes
o Memory allocation and management
o HW technologies, including EVITA HSM (Hardware Security Module), SHE (Security Hardware Extension), cryptographic accelerators, memory protection and registers settings
o Intrusion detection systems
• Specific skills
o Understanding of Real Time Operating Systems and execution of SW in real time embedded systems (e.g. AUTOSAR, ERIKA)
o Understanding of connectivity out-ECUs (e.g. CAN and LIN) and in-ECUs (e.g. SPI)
o Types of memory, usage and partitioning (e.g. boots, application SW, calibration SW)
o Good knowledge of common cybersecurity patterns (e.g., authentication, authorization, separation of privileges, sandboxing, need to know, separation of duties, …)
o Good knowledge of security protocols (e.g., IPsec, TLS, SSH, …)
o Good Knowledge of X.509 digital certificate standard and Public Key Infrastructure management;
o Good Knowledge of symmetric and asymmetric cryptographic algorithms (e.g., RSA, AES);
o Basic knowledge in C/C++ programming language;
o Basic knowledge of scripting language (e.g., JScript, bash, …);
o Basic knowledge of UML language;
o Basic knowledge of software engineering and requirements engineering.
o Basic knowledge of cryptology, including
 symmetric and asymmetric schemes
 automotive products applications (e.g. digital signature, encryption, hashing)
 in-products Keys Management
TECHNICAL SKILLS Preferred (nice to have)
● Good knowledge of ISO SAE 21434: Road Vehicle - Cybersecurity Engineering;
● Good knowledge of the Object-Oriented Programming paradigm;
● Good knowledge of Service Oriented Architecture design pattern and paradigm;
● Good knowledge of web services architectures;
SOFT SKILLS
● Ability to work in multicultural teams;
● Strong skills in technical writing and presenting;
● Good self-organization and analytical skills;
● Good proficiency in English.

At Stellantis, we assess candidates based only on qualifications, merit and business needs.

Localisation du poste

Pays

Europe, France

Ville

Critères candidat

Niveau d'expérience min. requis

5 à 10 ans

Langues

Anglais (C1 - Courant (3,5 - 4,4 Bright))