Key skills
Automotive Cybersecurity TARACyber Security Management SystemVulnerability ManagementSecure Coding PracticesSecurity EngineeringCybersecurity Standards ComplianceMentoring Non-Security EngineersInternal Security AuditsReverse EngineeringFuzzing TechniquesStaticDynamic AnalysisKey Management SystemsCWE Top 25 KnowledgeISO/SAE 21434 FamiliarityNIST Standards KnowledgeUS Data Protection CCPAPCI-DSS KnowledgeIEC 62443 StandardsUNR Regulations KnowledgeAuthentication ProtocolsWiredWireless SecuritySecure Boot ConceptsSecuring OT SystemsCommunicationNetwork Security
About this role
Glydways is reimagining public transit to enhance accessibility and sustainability. The Cybersecurity Engineer will design, implement, and maintain security architecture for Operational Technology networks, ensuring compliance with cybersecurity standards and practices.
Responsibilities:
- Demonstrated knowledge on Cyber Security Management System (CSMS) compliance certification process
- Must have experience in performing Automotive Cybersecurity Threat Analysis and Risk Assessment (TARA) of an ECU or system both at product and project level
- Demonstrated ability to maintain robust cybersecurity practices aligned with OT and automotive cybersecurity standards and regulations
- Ability to perform security code reviews of source code by following secure coding practices and advise developers on remediating vulnerabilities
- Employ techniques including reverse engineering, fuzzing, and static and/or dynamic analysis
- Experience in managing vulnerability management process (Pen tests) by finding, prioritizing, tracking, remediation and validation of vulnerabilities for each component
- Analyze product/project cybersecurity requirements, technical specifications and develop cybersecurity test cases and test plans
- Advocate, guide and mentor non-security engineers to instill security best practices through secure architecture, design, and development
- Experience in securing Key Management system with certificates needed for components in wayside and vehicle
- Performing internal security audits and coordinate with external security auditors as needed
Requirements:
- Demonstrated knowledge on Cyber Security Management System (CSMS) compliance certification process
- Must have experience in performing Automotive Cybersecurity Threat Analysis and Risk Assessment (TARA) of an ECU or system both at product and project level
- Demonstrated ability to maintain robust cybersecurity practices aligned with OT and automotive cybersecurity standards and regulations
- Ability to perform security code reviews of source code by following secure coding practices and advise developers on remediating vulnerabilities
- Employ techniques including reverse engineering, fuzzing, and static and/or dynamic analysis
- Experience in managing vulnerability management process (Pen tests) by finding, prioritizing, tracking, remediation and validation of vulnerabilities for each component
- Analyze product/project cybersecurity requirements, technical specifications and develop cybersecurity test cases and test plans
- Advocate, guide and mentor non-security engineers to instill security best practices through secure architecture, design, and development
- Experience in securing Key Management system with certificates needed for components in wayside and vehicle
- Performing internal security audits and coordinate with external security auditors as needed
- Bachelor's or master's degree in Computer Science or Cybersecurity or Electrical Engineering or related field with equivalent experience
- Foundational knowledge of the CWE Top 25
- Familiar with Automotive Cybersecurity ISO/SAE 21434, NIST, US data protection CCPA, PCI-DSS, IEC 62443 standards and UNR 155, UNR 156 and WP.29 regulations
- Sound technical knowledge of security engineering, computer and network security, authentication and security protocols for both wired and wireless communication
- Experience with security concepts such as Secure Boot and secure storage
- Strong understanding of securing OT systems in automotive/rail industries is a plus