System & Cybersecurity Engineer (Automotive)
Project Overview This role focuses on defining, developing, and maintaining system and cybersecurity engineering work products for existing automotive projects in compliance with organizational processes and industry standards, including ASPICE, CSMS, and ISO/SAE 21434. As part of the System/Cybersecurity Engineering team, you will play a key role in performing Item Definition, conducting Threat Analysis and Risk Assessment (TARA), deriving cybersecurity goals and requirements, and ensuring cybersecurity activities are fully integrated into the development lifecycle. In addition, this role includes creating and maintaining System Diagnostics requirements across multiple products and variants, ensuring diagnostic behavior, interfaces, access levels, and serviceability requirements are clearly defined and aligned with platform and vehicle needs. This position is ideal for a structured, detail-oriented, and proactive engineer with strong experience in automotive systems engineering and cybersecurity compliance.
Key Responsibilities Define, update, and maintain cybersecurity engineering work products in alignment with internal processes, ASPICE, CSMS, and ISO/SAE 21434. Perform Item Definition, including system boundaries, interfaces, assets, dependencies, and operational scenarios. Conduct Threat Analysis and Risk Assessment (TARA):Damage scenario definition Threat scenario identification Attack path analysis Impact and feasibility assessment Risk determination Derive and maintain:Cybersecurity Goals Cybersecurity Claims Cybersecurity Requirements Ensure full traceability between cybersecurity work products, system requirements, and verification activities. Support implementation of cybersecurity concepts for existing projects, considering legacy architectures and platform constraints. Collaborate with cross-functional teams (system, software, hardware, diagnostics, validation, and project management). Prepare and maintain documentation required for audits, assessments, and release milestones. Contribute to ASPICE and CSMS compliance activities, including reviews and continuous improvement. Define and maintain System Diagnostics requirements, including:Diagnostic services (UDS) Diagnostic sessions Security access DTC handling and fault memory behavior Routines and communication behavior Service tool interactions Manage variant-specific diagnostics requirements across products and platforms. Review and align system and diagnostics specifications with cybersecurity and vehicle architecture. Support technical reviews and decision-making related to cybersecurity and diagnostics strategy. Required Qualifications Strong hands-on experience as a System Engineer and/or Cybersecurity Engineer in automotive embedded systems. Solid understanding of:Automotive E/E architectures ECU/system development lifecycle Systems engineering principles Practical experience with automotive cybersecurity in accordance with ISO/SAE 21434. Experience developing cybersecurity work products, including:Item Definition Asset identification Threat and attack analysis TARACybersecurity Goals & Requirements Good knowledge of ASPICE and CSMS compliance expectations. Experience in system requirements engineering:Requirement definition Traceability Change management Strong knowledge of automotive diagnostics:UDSDTC concepts Diagnostic sessions Security access Variant handling Experience writing System Diagnostics requirements across multiple products or variants. Familiarity with automotive communication protocols:CAN / CAN FDLINEthernet Strong analytical, documentation, and communication skills. Ability to work effectively in cross-functional teams. Preferred Qualifications Experience in ECU, domain controller, or zonal architecture development. Background in diagnostics for:Body electronics Gateway systems Infotainment ADASPowertrain Knowledge of:Secure diagnostics Authentication mechanisms Secure flashing ECU access protection Experience with requirements management tools such as:Codebeamer DOORSPolarion Understanding of interfaces between functional safety (ISO 26262) and cybersecurity (ISO/SAE 21434).