Lead Product Cybersecurity Engineer Job at Dana Corporation in Novi

Lead Product Cybersecurity Engineer

Novi, MI, US, 48377

Requisition: 60652

Job Purpose

The Lead Product Cybersecurity Engineer is responsible for the design, development, and maintenance of technical cybersecurity control standards for use across Dana's product platforms. You will work in collaboration with the engineers in other engineering disciplines, to lead cybersecurity activities throughout the product lifecycle, and support security control development in both hardware and software.

Job Duties and Responsibilities

Develop and maintain a robust library of reusable, trusted security controls and associated requirements for Dana platform-based embedded systems.

Lead cybersecurity requirements analysis and clarification with customers for reuse analysis of platform-based security controls, provide cybersecurity expertise during system architectural design reviews.

Produce and manage system requirements for cybersecurity across the product lifecycle, support cryptographic material management in manufacturing environment.

Lead the Threat Analysis and Risks Assessment (TARA) and Cybersecurity Concept activities. Continuously update TARAs based on lessons learned from cybersecurity monitoring.

Analyze cybersecurity events relevant to Dana products, perform vulnerability analysis and risk assessment, manage vulnerability throughout product lifecycle.

Lead conversation related to cybersecurity vulnerabilities with customers. Support hardware and software vendors to reduce 3rd party cybersecurity vulnerabilities.

Representing Dana in industry forums and working groups such as the Auto-ISAC.

Support internal and external audits related to ISO/SAE 21434 work products. Support cybersecurity process improvement/execution to improve cybersecurity posture.

Collaborate cross-functionally with systems, software, hardware, and quality engineering teams. Work closely with the software team to ensure secure coding practices.

Assist in cybersecurity training within the business unit as required.

Required Experience

8+ years of experience in automotive or relevant embedded systems cybersecurity.

Deep expertise in ISO/SAE 21434 and its practical application.

Proficiency using TARA tooling and conducting structured risk assessments.

Hands-on experience with automotive and embedded network protocols

Strong knowledge with embedded security controls, secure coding practices, and security principles

Experience with frameworks such as CVEs, CWEs, MITRE ATT&CK, and Automotive Threat Matrix (ATM)

Familiarity with electric powertrain systems

Excellent communication and analytical skills

Excellent organizational skills as demonstrated through executed production programs

Ability to work independently as required and take ownership of project deliverables

Knowledge of ASPICE and ISO26262.

Education

Bachelor's degree in electrical engineering, computer engineering, computer science, cybersecurity engineering, or related discipline

Certifications in cybersecurity, such as Certified Automotive Security Engineer (CASE), or Certified Ethical Hacker (CEH), or similar, is a plus

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.