职位描述

Position Overview
1. The Software Cyber Security Engineer role is mainly responsible for cyber security related technical leadership and the development of software engineering processes in line with ASPICE and cyber security standards defined for Magna CMS/DMS/Lighting products.
2. Based in Shanghai Hongqiao, 5min walk to Rail Station, or Suzhou SIP 2.5 Park.
3. We offer you a flexible, open, and friendly working environment.

Job Responsibility
1. Technical Leadership: Lead and guide the software team in the development and testing of cybersecurity measures at the software level, ensuring alignment with system security requirements.
2. Cybersecurity Planning: Formulate software-level cybersecurity plans and define necessary documentation throughout the development process.
3. Requirement Formulation: Develop comprehensive software security requirements, encompassing both underlying-layer and application-layer security elements.
4. Architecture & Strategy: Design robust software security architecture and define strategic security approaches.
5. Security Analysis: Conduct in-depth cybersecurity analyses, including threat modeling, vulnerability assessments, and penetration testing.
6. Security Testing: Perform rigorous software security testing such as static code analysis, dynamic analysis, and embedded software testing.
7. Security Integration: Analyze security manuals for key chips and support the implementation and configuration of applicable security mechanisms.
8. Customer Engagement: Contribute to RFI/RFQ activities concerning customer programs from a cybersecurity perspective.

Qualifications
1. Bachelor’s degree and above, majoring in computer science, software engineering, electronics, automotive, or equivalent
2. Proficiency in ISO/SAE 21434, ISO 2700X, and other relevant cybersecurity standards.
3. Familiarity with ASPICE standards, practical ASPICE project implementation experience is an added advantage.
4. MCU or SoC software development expertise, including various toolchains and techniques, familiar with mainstream automotive controller hardware.
5. Proficient in C/C++, with experience in real-time embedded system development, real-time operating systems, Linux, Android, and related tools.
6. Familiar with digital certificate management (X.509, PKI), common encryption algorithms (ECC, RSA, MD5, SHA1, AES), firewall architectures, and network filters.
7. Familiar with automotive technologies like OTA, FBL, CAN/LIN/Ethernet communication, UDS diagnostics and etc.
8. Familiar with HSM and network security architecture design principles.
9. Familiar with secure boot and secure communication for ECUs.
10. Familiar with common vulnerabilities like CVE and CWE.
11. Familiar with Fuzzing testing tools like ASL.
12. Minimum 8 years of experience in embedded software development and testing within the automotive industry.
13. At least 3 years of experience in cybersecurity roles, with successful cybersecurity implementation in at least one full customer project.
14. AUTOSAR experience is considered beneficial.
15. Good interpersonal understanding & communication skills
16. Strong result and customer oriented.
17. Ability to work initiative, independent propulsion, **itive communication.
18. Proficient in oral and written English
19. Good technical leadership