Job
Description
Unit and team Overview The infotainment system, with its many external interfaces (e.g., LTE, WiFi, Bluetooth, USB) and high software complexity, has a large attack surface. As automotive security architects / security practice experts, we work passionately to protect our cars from attackers. Our team is a defensive cybersecurity team responsible for driving all development teams in the company to follow security best practices, understand and use Threat Modeling and provide security trainings. We also actively look for potential security issues, create automatic security tests inside our CI systems and guide teams on how to prevent identified security issues. Our job is an interesting mix of security evaluation, software development, and security consulting. We need your help to secure the infotainment systems against attacks, whether they come over the air or from attackers with physical access to the vehicle. Job Description As part of our Security Practice team, you will solve challenging security architecture/consulting problems to shape the future of automotive security and make BMW products even more secure. Due to the high complexity of modern connected cars, you can apply your knowledge in application security, cryptography, network security, threat modeling, Android security, and other security domains. Key Responsibilities: You will consult and hands-on assist multiple teams in creating risk analyses (e.g. TARA) and performing Threat Modeling (STRIDE) You will guide, teach, and train teams on how to create secure software architectures Actively adapting the software development process to benefit from modern tools to enhance security (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks) You will drive project decisions to roll out security measures You will actively check source code and configurations for potential security issues and guide/train development teams on how to prevent identified issues Qualifications Basic requirements and Education University degree in computer science or a comparable field of study, ideally with a security focus Business fluent English Required Experience and Skills Deep technical understanding of best-practice security features and internals of Linux (SELinux, dm-verity, Secure Boot, ...) and Android (Application Sandboxing, Permission Model, Encryption, Debugging, Secure Coding Practices, Authentication and Authorization, ...) Knowledge of isolation techniques and containerization mechanisms Experience in security source code reviews and active vulnerability hunting Professional experience in Threat Modeling (STRIDE), TARA and ISO 21434 A background in modern software development in C++ / Java / Kotlin on Linux / Android Keywords Automotive Security Cyber Security Android Linux Secure Coding Threat Modeling
