Job Information
Eaton Corporation Senior Engineer - Cybersecurity (Mobility) in Hadapsar, India
What you’ll do:
The Senior Cybersecurity Engineer will be part of a global team of security experts driving ‘Security by Design’ philosophy in Eaton product, solutions & services.
Senior Cybersecurity Engineer will be part of a global team of Cybersecurity experts driving ‘Security by Design’ philosophy in Eaton product and solutions.
He/she will be responsible for:
Performing Vulnerability Assessment & Penetration Testing on existing and upcoming Eaton products, solutions & services spanning a wide range of technologies including Automotive ECUs, Gateway Devices, IoT devices, systems & solutions, web applications, mobile applications, thick clients, wireless devices, embedded systems deployed across industries such as eMobility, vehicle and aerospace systems.
Driving Threat Modeling and Risk Assessment (TARA) exercise with product teams early in the design and development phase to identify applicable cybersecurity requirements across a variety of Mobility related products, systems & solutions.
Driving certifications of Eaton and Eaton brand labeled products under schemes like ISO 21434, UN ECE R155, R156, IEC 62443, UL 2900 and other emerging standards.
Providing hands-on guidance to product engineering / development teams as they implement complex cybersecurity features and requirements in their products & fix the issues discovered through Vulnerability assessment & Penetration testing.
Building tools and automation frameworks around security to achieve Eaton-scale impact.
Evangelizing and providing technical security trainings to software developers and test engineers across the organization and evangelizing the importance of cybersecurity in other functions like sales, services and product & project management.
Monitoring evolving threat landscape, cybersecurity technologies, standards, frameworks and drive continuous improvement in Eaton’s cybersecurity requirements, frameworks and processes.
Support Cybersecurity Project management & OpEX processes to help drive efficiencies, optimizations & continuous improvements in CCoE's various processes & engagements.
Qualifications:
Bachelor’s or master’s degree in Computer Science, Electronics Engineering, Electrical Engineering.
5+ years of relevant experience in Product cybersecurity
Bachelor’s or master’s degree in Computer Science, Electronics Engineering, Electrical Engineering, Automotive Engineering.
5+ years of relevant experience in Embedded/Automotive product cybersecurity.
Familiarity with AutoSAR Framework and ISO 21434 standards.
Ability to work in and with diverse & multi-cultural and geographically dispersed teams
Ability to collaborate across multi-disciplinary teams (legal, IT, product management, project management)
Ability to present to various levels of engineering and business leadership globally.
Be a technical mentor to other members of the team and beyond
Good to have experience in embedded system software secure architecture (e.g. TrustZone, OpenSSL, OP-TEE, Crypto engines)
Familiarity with device security concepts such as Secure boot (using HSM, SHE, TPM, TEE etc.)
Familiarity with debug tools(e.g. Lauter Bach/ JTAG Trace 32)
Understanding of threats/vulnerabilities of various ECUs and their impact on vehicle security (Gateway, Telematics, Inverter, ADAS, etc. ).
Skills:
Good understanding of Secure Development Lifecycle as it relates to Vehicle Cybersecurity and aligned to SAE/ISO 21434.
Hands on experience in Vulnerability Analysis and Penetration testing of TCP/IP supported Automotive and embedded products.
Experience in performing Threat Analysis and Risk Assessment (TARA) of a variety of Automotive and embedded products.
Experience in Embedded and Automotive system communication protocols like Automotive Ethernet, CAN, UDS, XCP, J1939, LIN over JTAG, UART, SPI, I2C.
Understanding of Device identity and integrity controls - On-Board/Off-Board key generation, secure boot, codesigning, OTA/FOTA Software Update, SecOC, Secure Diagnostics, device life-cycle management (enrollment, provisioning, activation, suspend, revoke, re-provision/terminate)
Understanding of secure libraries (e.g. bootloader etc.), Embedded Linux and RTOS
Experience in firmware reverse engineering and device security hardening
Understanding in executing vehicle level cyber security attacks - Grey box testing (Command injection, data corruption, back doors, Man in the middle attack, sensor manipulation, network overloading/etc.)
Good to have understanding of Data and system security - application whitelisting, run-time system integrity check, anomaly detection, message signing, dynamic access control
Good to have understanding of cryptography & PKI technology - Hash, Symmetric / Asymmetric encryption | RSA-X509, SSL, TLS/DTLS, PKCS, key management, certificate implementation
Good to have Hands on Experience with Linux and Python scripting
Good to have experience in Fuzz testing Over CAN/UDS and other automotive protocols. Preferably using Synopsys Defensics, Python Scripting, CAPL Scripting, BeStorm etc.)
Good Hands on experience in Penetration testing tools(Wireshark, CANalyzer, CANoe, CAPL Scripting, Nmap, etc.)
Good to have experience in C and in secure C/C++ code review using of Static Analysis tools.
Eaton Corporation
- Eaton Corporation Jobs