Oshkosh Corporation owns significant assets in the form of information. These assets could lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization. This role will support the Global Information Security Office mission by helping to appropriately preserve the confidentiality, integrity, and availability of information, helping the business understand and balance risk against business needs, and acting as the organization's mechanism to appropriately identify, select, maintain, and improve cybersecurity controls by using a risk-based approach coupled with continuous improvement. Technology is advancing, connection mechanisms are growing, and consumers and hackers are becoming more sophisticated. With increasing networking between modules and access points into the vehicle, the attack surface has increased thereby opening new potential vulnerabilities.
We are looking for a full-time IoT Cybersecurity Architect to broaden our core competency within the area of Embedded Cybersecurity in the automotive environment. We are researching and designing new enterprise-wide features and technologies, as well as providing frameworks, processes and tools to help the design process. We are exploring the role of advanced embedded computing platforms, coupled with cloud-based services, to deliver applications which will redefine the experience of owning, maintaining, driving and interacting with Oshkosh Corporation products. Security needs to be built into each of these growing technologies. Focused on providing wide variety of testing tools and services to the product development teams to harden our connected vehicles from cybersecurity threats, the IoT Cybersecurity Architect will have advanced knowledge in cybersecurity testing (e.g. fuzz testing), vehicle electrical and communication architectures and embedded systems design. The ideal candidate will have outstanding security design analytical skills and the ability to work in a fast-paced, collaborative environment.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
These duties are not meant to be all-inclusive and other duties may be assigned.
- Act as a technical liaison between customers, engineering and information technology teams and share best-practice knowledge across the company's development community.
- Support development and maintenance of business, cybersecurity, and technical artifacts that constitute the global cybersecurity architecture standards.
- Communicate cybersecurity risks and mitigation alternatives/recommendations to business partners and IT staff.
- Read, interpret, and validate architectural drawings and designs.
- Ability to tailor or create hardware and software tools to perform security assessments.
- Debugging and/or testing embedded systems for automotive applications.
- Bachelor's degree in Electrical Engineering, Computer Engineering, Computer Science or equivalent.
- Demonstrated conceptual, analytical, and innovative problem-solving and validation skills.
- Experience working with external or internal customers to implement large-scale solutions.
- Experience communicating conceptual and technical information both verbally and in writing to various audiences.
- Minimum 2 years of experience with embedded or real-time operating systems, and/or driver/kernel development.
- 1-3 years of experience learning or developing automotive electrical or electronic systems, components, or systems.
- Demonstrated ability to adapt to new technologies and learn quickly.
- Familiarity with cybersecurity concepts in automotive / embedded systems domain.
- Programming experience (C/C++) and familiarity with in-vehicle network architecture, modules, and protocols (CAN etc.).
- Knowledge of digital and wireless communication and familiarity with communication technologies such as TCP/IP, Ethernet, Bluetooth, Wi-Fi, DSRC and CAN.
- Basic interest and knowledge about geographical technologies such as GPS, maps, geofencing and POIs as well as privacy risk associated with these technologies.
- Basic understanding of vehicle serial communications and standard security mechanisms and techniques - Encryption, authentication, hashing or TRNG/PRNG.
- Familiarity with emerging standards (e.g., ISO 21434) on automotive cybersecurity as well as existing standards (SAE J3061) to help define a minimum standard for automotive cybersecurity.
- Experience with logging and monitoring including log parsers and syslog analysis, asset inventory systems, security event auditing, etc.
- Master's degree in Electrical Engineering, Computer Engineering, Computer Science or equivalent.
- Relevant industry recognized certifications (GISCP, GWAPT, GWEB, ISA/IEC 62443 Cybersecurity Certificate, CISSP, CCSP, CSSLP).
- Understanding of application, server, and network security and compliance requirements such as FedRAMP, DFARS, and NIST 800-171.
- Familiarity with vehicle systems and automotive safety and/or security standards and how those drive the design lifecycle.
- Conceptual understanding of flash programming mechanisms.
- Understanding of cryptographic hardware accelerators (Hardware Security Module, etc.).
- Understanding of cybersecurity algorithms (AES, ECC Curves, RSA, SHA, HMAC, CMAC, etc.).
- In-depth knowledge and experience with encryption including application specific network protocols, in-transit and at-rest encryption protocol implementation and validation, SSH/SSL/TLS cipher suites, etc.
Oshkosh Corporation is an Equal Opportunity and Affirmative Action Employer. This company will provide equal opportunity to all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Information collected regarding categories as provided by law will in no way affect the decision regarding an employment application.
- Experience/knowledge of upcoming embedded module security design and knowledge of modern technologies/features (Car Sharing, Autonomous Vehicle, Third party automotive devices, etc.).
Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.
Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.