Engineering Lead - Product Security Architecture Team (all genders) – in Berlin (or remotely in Germany) - Berlin
- In this role, you will be working as an Engineering Lead of Product Security Architecture team.
- You will be leading a team of Cybersecurity Architects.
- You will be collaborating closely with other Team Lead(s) in the product security domain.
- You will be directly contributing to the strategic direction of security relevant components and activities that will pave the way for secure Mercedes-Benz Operating System (MBOS).
- You will drive/contribute to the selection of partners/suppliers for acquiring tools, software components, and external support with respect to product security.
- Together with the cybersecurity architects in your team:
- you will be orchestrating security design decisions across different feature verticals to ensure robust and secure posture in our products
- you will drive the design of security components and features across multiple layers of our Linux-based platform and support in cross domain alignments
- you will guide and enable your team in conducting threats and risk assessment of our system components using suitable approach (e.g. TARA, threat modeling) and suitable tooling
- recommendation of security controls/countermeasures to mitigate identified threats and risks
- support teams in security design decisions that needs to be taken to support future features maturing in the program backlog
- support teams in evaluation of security design alternatives suggested by teams
- support teams taking security design decisions and in preparing Architecture Decision Record (ADR) for critical design decisions and when decision impact more than one team
- support teams in the security related dialogue with external stakeholders that concerns security aspect in architecture, technology choices and 3rd party components
- ensure documentation of security concept & architecture and make sure it is maintained with a high level of quality
- Together with security engineers and cyber security compliance manager, work closely with process improvement team to set up the standards and processes for product security & privacy in our Product Development Life Cycle Process
- Work closely with different stakeholders to build and establish “security culture” in the organization through different activities and initiatives in order to make “Security by Design” and “Privacy by Default” principles as an integral part of our product development.
- Degree in Computer Science, Information Technology, Electrical Engineering or a comparable qualification. An MSc or PhD with Cyber Security specialization will be a huge plus.
- 3+ years of experience in leading Embedded Product Security Team or Cybersecurity Architecture team
- 5+ years of experience as Cybersecurity Architect and/or Security Engineer (preferably in embedded product development)
- Experience in performing TARA and creating security concepts for automotive ECUs (preferably infotainment ECU)
- Thorough understanding of different cryptographic algorithms, protocols and their applications
- Hands-on experience of working with Linux/Unix-like system
- Familiarity with one (or more) low level architecture (preferably ARM or RISCV)
- Familiarity with security related automotive standards like UNECE WP29 (R155, R156) and ISO 21434
- Familiarity with open source licenses and/or being a contributor to open source Projects
- Knowledge on secure coding best practices
- Good understanding of Linux security mechanisms like Discretionary Access Control, Access Control Lists, Linux Capabilities, CGROUPS, namespaces, seccomp
- Familiarity with different kernel hardening mechanisms and Linux kernel hardening projects like grsecurity, Kernel Self Protection
- Familiarity with secure boot mechanism, Trustzone in ARM-based SoC and Trusted OS
- Familiarity with low level inner-working of operating systems (preferably on Linux or Unix-like system)
- Basic understanding of privacy enhancing technologies and privacy regulations (e.g. GDPR)
- Security Certifications like OSCP, OSCE
- Proficiency in problem solving, troubleshooting technical issues and can-do attitude
- Excellent organizational, time management, prioritization and multi-tasking skills
- Ability to handle multiple competing priorities in a fast-paced environment
- Personal initiative, commitment, perseverance and resilience
- Well-developed communication and teamwork skills
- Fluent in English, proficiency in German is a plus
- A chance to work on a new generation of Infotainment Systems, which will power millions of cars
- An international, interdisciplinary software hub, which is part of the Mercedes Benz AG
- Great company values that we are passionate about and live by every day at work. Have a look for yourself at mbition.io and scroll down to "The MBition Experience
- Agile working methods and open feedback culture
- A brand new modern and fully accessible office facing the Spree
- Flexible working hours
- Transportation and health benefits, discounts on cars, free coffee, fruits and more
We look forward to receiving your complete application, including CV (in English) and relevant references with the following information:Apply online
- Job title and reference number
- Salary expectations
- Earliest start date