Product Cybersecurity - Security Engineer

Description

Work Arrangement ​​:

Hybrid : Position does not require an employee to be on-site full-time but the general expectation is that the employee be onsite an average of three (3) days each week.

The Role:

This is an exciting opportunity if you are looking to grow your security skillset and contribute in shaping the future of automotive security innovation. GM is undergoing a major transformation, both in how we operate and in how we will influence the future of transportation. The Security Engineer will lead in a progressive technical position responsible for continued execution of GM's security design and its evolution through technological advancements to ensure GM remains ahead of the adversary. The Security Engineer will define feature requirements and guide the implementation across internal and external embedded software developers. The Security Engineer will engage with GM IT developers (as needed) to drive application requirements necessary for enabling vehicle security strategies. In this role, you will be given the opportunity to engage in advanced technology work to evaluate various strategies for consideration in GM's automotive security roadmap. You will also be given the opportunity to work cross-functionally with many GM business units to enable the success of vehicle development, manufacturing, and serviceability.

What You'll Do:

Lead subject matter expert for various fielded EV security strategies in the areas of battery management system, plug and charge, home/public charging infrastructure, and biometrics

Define SDV (Software Defined Vehicle) and VIP ECUs security designs, including for non-OEM ECUs.

Develop and maintain detailed security design documentation for product specifications to support system design and development

Lead design and implementation reviews of ECU security elements

Lead vulnerability threat analysis and guide remediation strategy

Review and approve the design of embedded systems from a cybersecurity perspective

Conduct SW scans, lead their analysis, and guide remediation strategy

Perform risk assessments on deviations from cybersecurity requirements

Work with development teams and penetration test engineers to risk assess and mitigate identified security vulnerabilities

Work with Service Engineering, Manufacturing Engineering, IT, and Product Development to gather requirements ensuring future changes are practical and non-disruptive

Grow technical capability and knowledge on the latest cybersecurity features, tools and embedded technologies from a security perspective

Document vulnerabilities and mitigation action plans

Occasional Local/Domestic/International travel to other GM facilities and supplier sites. 5%

Additional Description

Your Skills & Abilities (Required Qualifications) ​​:

Bachelor's Degree in Electrical Engineering, Computer Engineering, Computer Science, Systems Engineering or equivalent majors.

5+ years of professional experience with proven technical and professional skills in job-related area required, including embedded controls/software development

General knowledge of microcontroller architectures

Basic understanding of cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography, PKI)

Ability to make decisions and recommendations while taking into account appropriate tradeoffs between conflicting objectives

Strong interpersonal skills with demonstrated ability to participate in diverse/cross-functional teams, as well as educate/coach others on cybersecurity controls in the connected ecosystem ECU space.

Ability to handle ambiguity and make recommendations with limited data

Technical writing competency

What Will Give You A Competitive Edge (Preferred Qualifications) ​:

2+ years of post-graduation engineering/Cyber experience

Experience with bootloader, embedded security, controller communication, or diagnostics

Knowledge of AUTOSAR standards and methodology

Knowledge and experience with CAN, Ethernet or Bluetooth Low Energy (BLE) communications protocol

Knowledge of microprocessor architectures deployed across the automotive industry

Understanding of methods leveraged for digital signature generation and verification

Knowledge of diagnostic services (e.g., ISO 14229)

Understanding of automotive security peripherals (i.e., Secured Hardware Extension (SHE) and EVITA Hardware Security Module (HSM))

Experience with Certificate Authorities and cryptography

Experience with and/or knowledge of technologies used to secure embedded systems

Understanding of various Cybersecurity elements deployed to embedded systems

"Role subject to U.S. export control restrictions."

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us

We aspire to be the most inclusive company in the world. We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Our Work Appropriately philosophy supports our foundation of inclusion and provides employees the flexibility to work where they can have the greatest impact on achieving our goals, dependent on role needs. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.

Total Rewards Benefits Overview

From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Diversity Information

General Motors is committed to being a workplace that is not only free of discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We understand and embrace the variety through which people gain experiences whether through professional, personal, educational, or volunteer opportunities. GM is proud to be an equal opportunity employer.

We encourage interested candidates to review the key responsibilities and qualifications and apply for any positions that match your skills and capabilities.

Equal Employment Opportunity Statements

The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity (EEO) Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at [email protected] or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.