Company DescriptionCS Group Canada, a subsidiary of CS Group and part of the Sopra Steria group, is a catalyst for functional safety and cybersecurity in companies developing critical embedded technologies (avionics, autonomous driving, transportation electrification). Our clients include original equipment manufacturers (OEMs) and Tier 1 suppliers in the aerospace, automotive, defense, and railway sectors, seeking functional safety (ISO 26262, DO-178C, DO-254, ARP-4761, ARP-4754, EN50128) and cybersecurity (DO-326A, ISO 21434, UN-R155) certifications to bring their technologies to market.Job DescriptionThe Product Security Threat Analysis and Security Standards team is responsible for the structured security analysis of customer products and the judicious application of security standards to the System Development Life Cycle at customer.The ideal candidate will have:A strong general systems engineering background along with a demonstrated passion and concrete expertise in cybersecurity.A demonstrated skill in turning the analysis into high-quality written deliverables (TARA, concept, continuous cybersecurity monitoring strategies).Prior experience with the security analysis of complex cyber-physical systems, including vehicles, avionic systems, and autonomous driving systems.Prior experience with security analysis of automotive SoCs including on-chip security features, onboard communications, and interfaces (UDS, JTAG, CAN/LIN, I2C, SPI, etc.)Demonstrated ability to enumerate and evaluate threats for wireless, and wired communication channels used in automotive systems (off the shelf or custom implementations).ResponsibilitiesCarry out security analysis, threat modeling, and risk assessment for a complex product ecosystem consisting of a custom-designed and built vehicle fleet as well as a portfolio of cloud services.Produce high-quality, readable, structured artifacts such as TARAs, CS concepts that reflect the security analysis performed and help guide the company’s efforts to build efficient security strategies.Interface with a multitude of engineering teams within Product Security as well as across software and hardware engineering. Build and maintain a strong understanding of the underlying engineering constraints and factor that understanding into the analysis and recommendations.Analyze existing and emerging standards in cybersecurity (both general and domain-specific) and distill the analysis into a plan for adoption that is well-grounded and focused on tangible business impact.Engage with suppliers and third parties service providers to understand the cybersecurity posture of each element within the vehicle architecture to build a general overview of the vehicle CS posture.Identify gaps, propose enhancements, and strategies to increase the cybersecurity resilience of the product.QualificationsMaster’s degree in Computer science or related engineering field (software, hardware, systems)Demonstrated engineer’s grasp of cybersecurity: big picture as well as details of specific vulnerabilities and attacks in the software and cyber-physical domains.Track record in the analysis of complex systems for cybersecurity and the delivery of impactful, actionable insights.Ability to adapt and adjust processes to accommodate customers strategies toward partial/ full compliance to relevant CS standards.Understanding of the current state as well as the evolution of cybersecurity standards as they relate to the cloud and cyber-physical systems.Direct, demonstrated experience with (including the practical application of) ISO 21434, NIST CSF, SOC2 Type2 (and similar frameworks and standards) will be considered an advantage.Good understanding/ experience in automotive relevant standards such as ISO26262 and Aspice is nice to have.Cybersecurity certifications such as ISO21434 and ISO 5112 are preferred.Additional InformationOnly selected candidates will be contacted.Job Type: Full-time, PermanentCS Group Canada values workplace diversity and encourages women, visible and ethnic minorities, Indigenous people, and individuals with disabilities to apply.Benefits:Hybrid work modelComprehensive health, dental, and vision insuranceAccess to telemedicine servicesRRSP programPersonal and sick leaveRecreation room with pool table and foosballFree on-site gym accessAll your information will remain confidential in accordance with EEO guidelines.Inclusive and committed employer, our company works every day to combat all forms of discrimination and promote a respectful working environment. That's why, committed to gender diversity and overall inclusivity, we encourage all applications and profiles.
