Senior Cybersecurity & OTA Engineer
GILLIG · Livermore, CA · 2 wk ago
On-siteInformation Technology$75k–$180k/yrFull-time
Technical Focus
You will apply your skills & experience to provide highly customized, vehicle-based cybersecurity and over-the-air update systems through definition of on-vehicle assets (items), threats, cybersecurity goals, cybersecurity implementations and component selection. Additional consideration for legacy devices and advanced connectivity devices will also play a major factor as the GILLIG Transit Bus is both a heavy-duty industrial and automotive product. Experience with cybersecurity standards (ISO 21434) and functional safety (ISO 26262) is preferred. Experience in on-vehicle networking, OTA updates and penetration testing is a plus.
IN THIS ROLE YOU WILL
- Conduct Threat Analysis and Risk Assessment (TARA) for vehicle E/E systems
- Define cybersecurity goals, requirements, and specifications for on-vehicle assets
- Develop and maintain the vehicle cybersecurity management system (CSMS) and ensure lifecycle compliance
- Design and implement OTA update architecture including secure boot, code signing, version management, rollback mechanisms and update orchestration
- Oversee cybersecurity validation and verification activities including penetration testing and vulnerability assessments
- Collaborate with E/E and software teams to integrate cybersecurity controls into the vehicle network architecture (CAN, Ethernet)
- Support functional safety analysis and ensure cybersecurity measures do not compromise safety
- Collaborate with suppliers to ensure third-party components and subsystems meet cybersecurity requirements and compliance
- Mentor and provide technical direction for junior engineers on cybersecurity and OTA best practices
- Guide company direction for on-vehicle cybersecurity goals
- Analyze and provide feedback to customer and industry requirements and standards
BASIC QUALIFICATIONS
- Bachelor of Science (BS) in Engineering, Computer Science, or Cybersecurity.
- Minimum 5 years of experience in cybersecurity engineering, preferably in automotive, commercial, or heavy-duty vehicle systems.
- Direct experience with:
- Threat analysis and risk assessment (TARA), cybersecurity concept development, and cybersecurity lifecycle management
- Vehicle network security for CAN bus and J1939 protocols
- OTA update systems design, deployment, and validation including secure boot, firmware signing, and delta update strategies
- Familiarity with:
- Functional safety standards (ISO 26262) and their interaction with cybersecurity requirements.
- Heavy-duty vehicle E/E architectures and connected vehicle ecosystems.
- Penetration testing tools and methodologies (e.g., Wireshark, CANoe, bus analyzers) for vehicle network security assessment.
- Standard problem-solving methodologies and tools such as: 8-D, Five Whys, & Fishbone diagrams, as well as cybersecurity incident response frameworks.
- SAE vehicle communication standards such as J1939, J1939-76 (security), and automotive Ethernet protocols.
- Industry and regulatory standards such as UN R155, UN R156, NIST Cybersecurity Framework, APTA, etc.