Sr. Product Cybersecurity Engineer

Posted:
10/3/2024, 5:00:00 PM

Location(s):
Novi, Michigan, United States ⋅ Michigan, United States

Experience Level(s):
Senior

Field(s):
IT & Security

At Polaris Inc., we have fun doing what we love by driving change and innovation. We empower employees to take on challenging assignments and roles with an elevated level of responsibility in our agile working environment. Our people make us who we are, and we create incredible products and experiences that empower us to THINK OUTSIDE.

JOB SUMMARY:

Polaris, a global powersports leader, is looking for a Product Cybersecurity  Engineer for connected vehicles. The Polaris team builds world-class connected vehicle solutions for motorcycles and off-road vehicles.  As a Cybersecurity Engineer, you will be responsible for developing cybersecurity requirements, designing in-vehicle cybersecurity architecture, securing vehicle to back office communication interfaces, reviewing and evaluating suppliers’ and technology vendors’ cybersecurity solutions, conducting threat analysis and risk assessment, managing key management system and public key infrastructure, and contributing to the development of further product cybersecurity strategies and technology roadmap. Interest in powersports is a plus!

ESSENTIAL DUTIES & RESPONSIBILITIES

  • Support the Chief Cybersecurity Engineer in developing, communicating, and implementing Polaris’ enterprise-wide product cybersecurity strategy & roadmap
  • Provide guidance to stakeholders (product owners, development teams, system engineers) on security concerns and recommended controls
  • Execute threat analysis and risk assessment (TARA) on vehicle, feature, system and component levels and mitigate identified risks by defining appropriate cybersecurity controls to the risks
  • Develop, refine, and review cybersecurity requirements and gain approval from Chief Cybersecurity Engineer
  • Perform design reviews over internal and external cybersecurity solutions and mitigate cybersecurity weaknesses or vulnerabilities throughout of product life cycle  
  • Define in-vehicle cybersecurity architectures, develop cybersecurity controls, e.g., secure boot, secure reprogramming, security access, IDS/IPS, etc. and secure vehicle to back-office communication interfaces
  • Manage and provide guidance on key management system and internal use of PKI, support supplier usage of Polaris PKI system, collaborate with the KMS vendor to resolve issues quickly
  • Collaborate with Ride Commend team to ensure a robust overall connected ecosystem cybersecurity from a product, app, web, and cloud standpoint
  • Support triage and prioritization of vulnerabilities identified during verification and validation phases, e.g., static code analysis, OSS vulnerability scanning, fuzz testing, penetration testing
  • Support institutionalization of ISO/SAE 21434 processes across Polaris and produce ISO/SAE 21434 compliant work products
  • Support regulatory compliance such as UNR 155, CRA, Radio Equipment Directive
  • Support supply chain integrity and security initiatives to secure Polaris’ supply chain, e.g., HBOM, SBOM, etc.  
  • Promote cybersecurity culture by providing cybersecurity training to team members on a regular basis

Additionally, you may:

  • Support internal and external connected device penetration testing execution
  • Support cybersecurity validation engineer in root cause analysis
  • Participate in and support Auto-ISAC working group
  • Investigate new cybersecurity technologies and recommend appropriate technologies to adopt in vehicles
  • Analyze connected vehicles related cybersecurity intelligence and share with broader team
  • Adopt product cybersecurity industry best practices for continuous improvement

SKILLS & KNOWLEDGE

Minimum Qualifications:

  • Bachelor’s degree in computer science, computer engineering, software engineering, electrical engineering, IT security or other relevant domains
  • 5+ years of experience in automotive cybersecurity, embedded system security, IoT security, cyber-physical system security, or a combination of these areas
  • Experience with securing wireless communication protocols, e.g., cellular, Wi-Fi, Bluetooth, BLE, satellite communications, RF, etc.
  • Experience with setting up and managing KMS, PKI, CA, certificate/key generation, distribution, storage, renewal, revocation, etc.  
  • Experience with conducting threat analysis and risk assessment
  • Experience with developing cybersecurity goals and requirement specifications
  • Experience with designing cybersecurity controls, such as secure boot, secure reprogramming, security access, security gateway, IDS, IPS, security hardening, etc.
  • Experience with SELinux, App Armor, Hypervisor, TEE, HSM, etc.
  • A self-starter with minimum supervision
  • Excellent written and verbal communication skills

Preferred Qualifications:

  • Advanced degree in cybersecurity
  • 10+ years of experience in automotive product cybersecurity
  • Experience with symmetric and asymmetric cryptography, digital signature, hash, message authentication, encryption, key exchange
  • Experience with developing telematics, infotainment, or other connected ECUs
  • Experience with implementing and executing ISO/SAE 21434 processes
  • Understanding of cybersecurity regulations, standards and best practices, e.g., UNR 155, CRA, Radio Equipment Directive, Machinery Regulation, ISO/SAE 21434, NIST/NHTSA/Auto-ISAC best practices, etc.
  • Experience with CAN, CAN-FD, J1939, Ethernet, USB, SPI, UART, JTAG, etc.
  • Understanding of embedded RTOS and Linux based operating systems
  • Experience with reporting, managing, and closing security issues in tools such as Jira  
  • Experience with at least one modern software programming language (C, C++, C#, Python, Java, etc.)

#LI-CS99

We are an ambitious, resourceful, and driven workforce, which empowers us to THINK OUTSIDE.  Apply today!

At Polaris we put our employees first, by offering a holistic approach to their health and financial wellbeing.  Polaris is proud to offer competitive compensation, including a market-leading profit-sharing plan that is fundamental to our pay-for-performance culture. At Polaris, employees are owners of the company through company contributions to our Employee Stock Ownership Plan and discounted employee stock purchases plan. Employees receive a generous matching contribution to 401(k), financial wellness education and consultation to plan for their financial future. In addition to competitive pay, Polaris provides a comprehensive suite of benefits, including health, dental, and vision insurance, wellness programs, paid time off, gym & personal training reimbursement, life insurance and disability offerings.  Through the Polaris Foundation and our Polaris Gives paid volunteer time off, we support employees who actively volunteer their time, efforts, and passions to improve the health and wellbeing of the communities in which they live, play and work. Employees at Polaris drive our success and are rewarded for their commitment.

About Polaris

As the global leader in powersports, Polaris Inc. (NYSE: PII) pioneers product breakthroughs and enriching experiences and services that have invited people to discover the joy of being outdoors since our founding in 1954. Polaris' high-quality product line-up includes the Polaris RANGER®, RZR® and Polaris GENERAL™ side-by-side off-road vehicles; Sportsman® all-terrain off-road vehicles; military and commercial off-road vehicles; snowmobiles; Indian Motorcycle® mid-size and heavyweight motorcycles; Slingshot® moto-roadsters; Aixam quadricycles; Goupil electric vehicles; and pontoon and deck boats, including industry-leading Bennington pontoons. Polaris enhances the riding experience with a robust portfolio of parts, garments, and accessories. Proudly headquartered in Minnesota, Polaris serves more than 100 countries across the globe.  www.polaris.com  

EEO Statement


Polaris is an Equal Opportunity Employer and will make all employment-related decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, marital status, familial status, status with regard to public assistance, membership or activity in a local commission, protected veteran status, or any other status protected by applicable law.