Warning message

This job ad is no longer active. Search for new jobs.

Product Cybersecurity Compliance Engineer

About Fisker Inc.

California-based Fisker Inc. is revolutionizing the automotive industry by developing the most emotionally desirable and eco-friendly electric vehicles on Earth. Passionately driven by a vision of a clean future for all, the company is on a mission to become the No. 1 e-mobility service provider with the world’s most sustainable vehicles. To learn more, visit www.FiskerInc.com – and enjoy exclusive content across Fisker’s social media channels: Facebook, Instagram, Twitter, YouTube and LinkedIn. Download the revolutionary new Fisker mobile app from the App Store or Google Play store.

The Product Cybersecurity Compliance Engineer is a critical role within the Fisker Cybersecurity Management System (CSMS) and a primary contributor for product security compliance requirements within the concept, development, and post production phases of the vehicle development lifecycle. The Product Cybersecurity Compliance Engineer performs design reviews, threat analysis, risk assessment, drives cybersecurity testing requirements, and supports postproduction activities such as product security incident response and product vulnerability management.

The Product Cybersecurity Compliance Engineer is a trusted advisor and domain expert who partners with engineering and service provider teams in the enforcement of vehicle cybersecurity risk and compliance. This role serves to ensure cybersecurity is integrated across the product cybersecurity lifecycle and ecosystem, while ensuring product cybersecurity goals and specifications are met.

Role Overview

Collaborate across engineering and developer teams to provide cybersecurity compliance and risk assessment advisory and support.
Support cybersecurity leadership team in maintaining compliance to ISO21434, WP.29 Regulation 155 (CSMS), ISO24089, and UNCEC WP.29 Regulation 156 (SUMS) as well as ongoing approval authority reviews and audit assessments.
Liaise with suppliers to ensure cybersecurity roles, responsibilities, and their deliverables (Cybersecurity Interface Agreement) are agreed to during supplier nomination, and delivered within critical vehicle project timelines.
Provide technical guidance to project teams to develop the item definition, cybersecurity goals, cybersecurity concept for the cybersecurity product development. Support and coordinate Threat Analysis and Risk Assessment (TARA) methodologies and activities.
Liaise with vehicle, cloud, and connectivity architecture teams to ensure policy, standards, and guidelines for cybersecurity management are integrated within - vehicle security and backend IT architecture - design, implementation, and operation
Support product cybersecurity testing of application, API, and cloud, including penetration testing, vulnerability scanning of source code and binaries, and functional security testing. Troubleshoot technical issues preventing successful completion of testing engagements within the allotted time for the engagement project.
Support continuous cybersecurity activities and cybersecurity post development phases of the Fisker CSMS including the product security incident response program, vehicle and vehicle app/cloud vulnerability management processes, and the Fisker Vehicle Security Operations function (VSOC).
Support continuous threat monitoring and assessment of product security controls and defenses to mitigate cybersecurity and data privacy risk, in mobile, cloud, and vehicle software/hardware architectures.
Support analysis, prioritization, and reporting of product security threats and vulnerabilities arising from vulnerability scanning, penetration testing, or reported by external sources
Frequently break down complex threats and vulnerabilities to product, identify impacted items and components, engage the appropriate engineering resources in mitigation planning, and clearly document and/or explain root cause of product vulnerabilities in order to support engineering remediation processes.
Works effectively across a matrixed team of engineers and developers to drive product security risk management and compliance processes.
Monitor public sources for product vulnerability, support awareness of emerging vulnerabilities in automotive, support remediating planning for reported vulnerabilities, support communication planning when reports of vulnerabilities arrive, and ensure effective communication to internal stakeholders of any potential impact to company products and/or services.
Remains current on emerging cybersecurity and privacy threats to ensure continuous protection of Fisker product and company/customer information.

Knowledge /Skill Requirements:

Ability to communicate cybersecurity and relative product security risk concepts succinctly, clearly, and professionally, to technical and non-technical audiences, at any level within the organization.
Excellent analytical skills, with the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic, cybersecurity and product focused environment
Must be a critical thinker with strong problem-solving skills and be able to perform in a high paced environment.
Familiarity with technical cybersecurity best practices, secure development, as well as auditing and assessment procedures.
Knowledge of technological trends and developments in the area of embedded and IoT security and privacy risk management.
Ability to collaborate in cross-functional, geographically dispersed, interdisciplinary teams to achieve cybersecurity goals for vehicle systems, software, and data protection
Knowledge of security governance and control standards e.g. NIST CSF/800-53, ISO/IEC 27001/27002, ISO/SAE 21434, PCI DSS.
Knowledge of relevant legal, regulatory requirements, such as: UNECE WP29 R.155, UNECE WP29 R.156, Sarbanes-Oxley (SOX), General Data Protection Requirement (GDPR), Chinese Personal Information Protection Laws (PIPL), California Consumer Privacy Act (CCPA)
Knowledge of threat modeling, security architecture principles, technical risk assessment, and best practices
High degree of initiative, dependability, and ability to work both collaboratively and independently.
Demonstrates high level of discretion and confidentiality in practice.

Education/Experience requirements

BA/BS in an engineering or cybersecurity discipline, or 4+ years of relevant experience.
3+ years of relevant experience in the mobility i.e., automotive, aviation industry.
Strong security background with recent experience in either product security, system security engineering, vehicle security operations, or product security vulnerability incident response.
Experience evaluating security vulnerabilities, developing mitigation strategies, and implementing remediation.
Experience with Threat Analysis and Risk Assessment (TARA) methodologies and processes.
Ability to analyze cybersecurity documentation including security concept, policies, plans, and procedures.

Experience with ongoing security research of embedded systems, IoT, cloud, Android, iOS and ability to apply that knowledge to perform product security threat and vulnerability analysis and writeups.
Experience with Linux, Android, and Embedded operating systems.
Experience with Product Development Lifecycle (Systems, Software).
Knowledge of requirements management tools (e.g., JAMA, DOORS).
Experience working as a resource for several project portfolios.
Ability to collaborate in a very fast paced environment.
Ability to work effectively in fluid environments.
Ability to engage with and influence people at all levels.
Ability to interface and coordinate with many teams simultaneously.
Ability to evaluate processes to see where changes can be made or improved.
Ability to build relationships and influence individuals at all levels, as well as external security.
Willingness to bring new ideas and processes to a growing team.

#LI-Hybrid

Organization:

Fisker Inc

More about company

Bookmark job