Jobs · Information Technology · California

Senior Cybersecurity & OTA Engineer

GILLIG · Livermore, CA · 2 wk ago
On-siteInformation Technology$75k–$180k/yrFull-time

Technical Focus

You will apply your skills & experience to provide highly customized, vehicle-based cybersecurity and over-the-air update systems through definition of on-vehicle assets (items), threats, cybersecurity goals, cybersecurity implementations and component selection. Additional consideration for legacy devices and advanced connectivity devices will also play a major factor as the GILLIG Transit Bus is both a heavy-duty industrial and automotive product. Experience with cybersecurity standards (ISO 21434) and functional safety (ISO 26262) is preferred. Experience in on-vehicle networking, OTA updates and penetration testing is a plus.

IN THIS ROLE YOU WILL

  • Conduct Threat Analysis and Risk Assessment (TARA) for vehicle E/E systems
  • Define cybersecurity goals, requirements, and specifications for on-vehicle assets
  • Develop and maintain the vehicle cybersecurity management system (CSMS) and ensure lifecycle compliance
  • Design and implement OTA update architecture including secure boot, code signing, version management, rollback mechanisms and update orchestration
  • Oversee cybersecurity validation and verification activities including penetration testing and vulnerability assessments
  • Collaborate with E/E and software teams to integrate cybersecurity controls into the vehicle network architecture (CAN, Ethernet)
  • Support functional safety analysis and ensure cybersecurity measures do not compromise safety
  • Collaborate with suppliers to ensure third-party components and subsystems meet cybersecurity requirements and compliance
  • Mentor and provide technical direction for junior engineers on cybersecurity and OTA best practices
  • Guide company direction for on-vehicle cybersecurity goals
  • Analyze and provide feedback to customer and industry requirements and standards

BASIC QUALIFICATIONS

  • Bachelor of Science (BS) in Engineering, Computer Science, or Cybersecurity.
  • Minimum 5 years of experience in cybersecurity engineering, preferably in automotive, commercial, or heavy-duty vehicle systems.
  • Direct experience with:
  • Threat analysis and risk assessment (TARA), cybersecurity concept development, and cybersecurity lifecycle management
  • Vehicle network security for CAN bus and J1939 protocols
  • OTA update systems design, deployment, and validation including secure boot, firmware signing, and delta update strategies
  • Familiarity with:
  • Functional safety standards (ISO 26262) and their interaction with cybersecurity requirements.
  • Heavy-duty vehicle E/E architectures and connected vehicle ecosystems.
  • Penetration testing tools and methodologies (e.g., Wireshark, CANoe, bus analyzers) for vehicle network security assessment.
  • Standard problem-solving methodologies and tools such as: 8-D, Five Whys, & Fishbone diagrams, as well as cybersecurity incident response frameworks.
  • SAE vehicle communication standards such as J1939, J1939-76 (security), and automotive Ethernet protocols.
  • Industry and regulatory standards such as UN R155, UN R156, NIST Cybersecurity Framework, APTA, etc.

Similar jobs