- Lead and manage product cyber security in high-complexity development projects from acquisition to start of production (SOP), ensuring compliance with ISO/SAE 21434 and UNECE R-155 standards.

- Ensure seamless integration of cyber security requirements across the complete product lifecycle.

Planning & Development:

- Develop and implement comprehensive cyber security activities, including threat modeling, security requirements definition, cryptographic concepts, and secure design practices.

- Assist the development team in selecting and integrating security-compliant technologies and cryptographic procedures.

- Evaluate development activities to ensure adherence to defined security standards and best practices.

Verification Methods:

- Define, implement, and oversee verification methods such as fuzzing, vulnerability scanning, penetration testing, and static/dynamic code analysis.

- Develop and execute security test plans to validate the effectiveness of implemented security controls.

Evaluation & Approval:

- Review and approve cyber security concepts, architectures, and strategies throughout all development phases.

- Conduct security reviews, audits, and compliance checks to ensure alignment with internal security policies and external standards.

Risk Analysis:

- Perform detailed cyber security risk analysis across the product scope, identifying and mitigating risks based on known vulnerabilities and threat intelligence.

- Apply industry-standard methodologies and tools such as STRIDE, DREAD, and CVSS for structured risk assessment.

QCT Targets:

- Ensure achievement of Quality, Cost, and Time (QCT) targets related to cyber security work products, delivering efficient and effective security implementations.

Coordination & Communication:

- Define and implement a holistic product cyber security concept aligned with overall product and business strategy.

- Coordinate with customers, suppliers, and subcontractors to ensure fulfillment of cyber security requirements.

- Report cyber security status to customers and collect necessary security inputs from subcontractors..

Risk Analysis:

- Perform detailed cyber security risk analysis across the product scope, identifying and mitigating risks based on known vulnerabilities and threat intelligence.

- Apply industry-standard methodologies and tools such as STRIDE, DREAD, and CVSS for structured risk assessment.

QCT Targets:

- Ensure achievement of Quality, Cost, and Time (QCT) targets related to cyber security work products, delivering efficient and effective security implementations.

Coordination & Communication:

- Define and implement a holistic product cyber security concept aligned with overall product and business strategy.

- Coordinate with customers, suppliers, and subcontractors to ensure fulfillment of cyber security requirements.

- Report cyber security status to customers and collect necessary security inputs from subcontractors.