Polaris - Novi, MI
posted about 14 hours ago
Full-time - Mid Level
Novi, MI
Transportation Equipment Manufacturing
About the position
Polaris, a global powersports leader, is looking for a Product Cybersecurity Engineer for connected vehicles. The Polaris team builds world-class connected vehicle solutions for motorcycles and off-road vehicles. As a Cybersecurity Engineer, you will be responsible for developing cybersecurity requirements, designing in-vehicle cybersecurity architecture, securing vehicle to back office communication interfaces, reviewing and evaluating suppliers' and technology vendors' cybersecurity solutions, conducting threat analysis and risk assessment, managing key management system and public key infrastructure, and contributing to the development of further product cybersecurity strategies and technology roadmap. Interest in powersports is a plus!
Responsibilities
- Support the Chief Cybersecurity Engineer in developing, communicating, and implementing Polaris' enterprise-wide product cybersecurity strategy & roadmap
- Provide guidance to stakeholders (product owners, development teams, system engineers) on security concerns and recommended controls
- Execute threat analysis and risk assessment (TARA) on vehicle, feature, system and component levels and mitigate identified risks by defining appropriate cybersecurity controls to the risks
- Develop, refine, and review cybersecurity requirements and gain approval from Chief Cybersecurity Engineer
- Perform design reviews over internal and external cybersecurity solutions and mitigate cybersecurity weaknesses or vulnerabilities throughout of product life cycle
- Define in-vehicle cybersecurity architectures, develop cybersecurity controls, e.g., secure boot, secure reprogramming, security access, IDS/IPS, etc. and secure vehicle to back-office communication interfaces
- Manage and provide guidance on key management system and internal use of PKI, support supplier usage of Polaris PKI system, collaborate with the KMS vendor to resolve issues quickly
- Collaborate with Ride Commend team to ensure a robust overall connected ecosystem cybersecurity from a product, app, web, and cloud standpoint
- Support triage and prioritization of vulnerabilities identified during verification and validation phases, e.g., static code analysis, OSS vulnerability scanning, fuzz testing, penetration testing
- Support institutionalization of ISO/SAE 21434 processes across Polaris and produce ISO/SAE 21434 compliant work products
- Support regulatory compliance such as UNR 155, CRA, Radio Equipment Directive
- Support supply chain integrity and security initiatives to secure Polaris' supply chain, e.g., HBOM, SBOM, etc.
- Promote cybersecurity culture by providing cybersecurity training to team members on a regular basis
Requirements
- Bachelor's degree in computer science, computer engineering, software engineering, electrical engineering, IT security or other relevant domains
- 5+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas
- Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.
- Experience with setting up and managing KMS, PKI, CA, certificate/key generation, distribution, storage, renewal, revocation, etc.
- Experience with conducting threat analysis and risk assessment
- Experience with developing cybersecurity goals and requirement specifications
- Experience with designing cybersecurity controls, such as secure boot, secure reprogramming, security access, security gateway, IDS, IPS, security hardening, etc.
- Experience with SELinux, App Armor, Hypervisor, TEE, HSM, etc.
- A self-starter with minimum supervision
- Excellent written and verbal communication skills
Nice-to-haves
- Advanced degree in cybersecurity
- 10+ years of experience in automotive product cybersecurity
- Experience with symmetric and asymmetric cryptography, digital signature, hash, message authentication, encryption, key exchange
- Experience with developing telematics, infotainment, or other connected ECUs
- Experience with implementing and executing ISO/SAE 21434 processes
- Understanding of cybersecurity regulations, standards and best practices, e.g., UNR 155, CRA, Radio Equipment Directive, Machinery Regulation, ISO/SAE 21434, NIST/NHTSA/Auto-ISAC best practices, etc.
- Experience with CAN, CAN-FD, J1939, Ethernet, USB, SPI, UART, JTAG, etc.
- Understanding of embedded RTOS and Linux based operating systems
- Experience with reporting, managing, and closing security issues in tools such as Jira
- Experience with at least one modern software programming language (C, C++, C#, Python, Java, etc.)
Benefits
- Competitive compensation including a market-leading profit-sharing plan
- Employee Stock Ownership Plan and discounted employee stock purchases plan
- Generous matching contribution to 401(k)
- Financial wellness education and consultation
- Comprehensive suite of benefits including health, dental, and vision insurance
- Wellness programs
- Paid time off
- Gym & personal training reimbursement
- Life insurance and disability offerings
- Paid volunteer time off through Polaris Foundation
