Beschreibung
Purpose:Ensures that infotainment products are satisfying from IT Security point of view to go to market.
Duties:
- Understands customer requirements for IT Security and explains to development. If necessary clarifies with the customer personally.
- Negotiates customer requirements with customer’s IT Security team if they are not feasible or unrealistic.
- Reviews development process, SW architecture and ensures that it’s state of the art from IT Security point of view and satisfies customer requirements.
- Organizes and participates source code reviews with customer’s IT Security team on our development center (US or Europe).
- Designs and executes penetration tests on each sample of the product. Raises tickets with technical analysis and discusses with development how to fix properly.
- Analyzes IT Security claims from customer and discusses with development how to solve them. Confirms the solution before delivery to customer.
- Tracks and follows up IT Security risks found in 3rd party SW components (e.g. WebKit).
- Reports possible security weaknesses pro-actively internally and to the customer.
Skills:
- Owns related Msc. in the field.
- Solid, proven background in IT Security. Preferred: background in IT Security with some embedded product. Not necessary: automotive background.
- Threat analysis and related tools (e.g. Microsoft SDL Threat Modeling tool or equivivalent)
- Established know-how in the security aspects of VPN (especially certificate, private/public key based identification / authentication / encryption)
- Established know-how in the security aspects of web technologies like HTML5 / JavaScript (cross-site scripting, SQL injections, code injection techniques)
- Established knowledge of QNX or Linux security features (user management, process management, memory management).
- Experience with random number tests (e.g. NIST SP800-22 or similar)
Sonstiges
Sprache: Englisch und Deutsch (Im Büro wird fast ausschließlich English gesprochen. Der Kontakt zum Kunden ist auf Deutsch)
Tarif: best can
Beginn
nach Verfügbarkeit
Dauer
nach Absprache
Ort
Stuttgart
Hinweis
Bitte senden Sie uns einen aussagekräftigen WORD-CV in Anlehnung an die geforderten Skills der Projektvakanz, die konkrete und zugesicherte Verfügbarkeit und den Stundensatz (allin) zzgl. Ust. an