Senior Cybersecurity Engineer

About SteerAI

SteerAI is an autonomous mobility technology company powered by VentureOne, the commercialization arm of the Advanced Technology Research Council. SteerAI’s advanced AI-powered autonomy stack, developed by the Technology Innovation Institute, empowers the logistics and defense industries by turning industrial vehicles into autonomous powerhouses that can handle complex off-road missions, transforming operations and protecting organizations' most important assets: their workforce.

Role Overview

We are seeking a Senior Automotive Cybersecurity Engineer to support the development of connected, software-defined and (semi-)autonomous vehicle systems. The role focuses on cybersecurity engineering activities across the product lifecycle, including TARA, cybersecurity concept and requirements, secure architecture, security validation, and support for production monitoring and incident response readiness.

We are looking for an engineer with minimum 8 years of experience who can independently execute core cybersecurity work products and collaborate tightly with systems, software, E/E, cloud, and validation teams. As a growing company, we need someone proactive and resourceful—able to look up best practices, evaluate trade-offs, and help mature our cybersecurity governance as we scale, not just execute tickets.

This role aligns with automotive cybersecurity expectations in ISO/SAE 21434 (road vehicles cybersecurity engineering) and the UN R155 cybersecurity management system expectations for vehicles placed on the market

Key Responsibilities

Automotive Cybersecurity (ISO/SAE 21434)

• Own the cybersecurity engineering plan and ensure delivery of key work products across the lifecycle, consistent with ISO/SAE 21434 expectations.
• Lead cross-functional cybersecurity governance.
• Own security work products, completeness, and audit readiness.

Threat Analysis and Risk Assessment (TARA) and Cybersecurity Concept

• Lead TARA at item/system level.
• Develop and maintain the Cybersecurity Concept and allocate requirements into a Technical Cybersecurity Concept.

Secure Architecture for Vehicle, Backend, and Operations

• Lead security architecture reviews for E/E systems and connected services.
• Define security requirements for remote functions, including abuse case coverage and resilience strategies.
• Drive practical trade-offs: latency/availability vs. integrity controls, constrained ECU compute, real-world service/maintenance constraints, and manufacturability.

Security Verification, Validation, and Assurance

• Define cybersecurity verification strategy and acceptance criteria.
• Lead security issue triage with engineering judgment.

CSMS / Type Approval Readiness (UN R155)

• Own the engineering interface to CSMS expectations.
• Establish operational cybersecurity practices.

Secure Updates and Release Governance (UN R156 / ISO 24089)

• Lead secure software update governance and engineering alignment with SUMS expectations (UN R156) and software update engineering processes (ISO 24089), including update risk assessment, package integrity/authenticity, deployment controls, rollback strategy, and traceability.

Supplier and Ecosystem Security

• Flow down cybersecurity requirements to suppliers, review their security cases, manage interface threats across ECUs/sensors/actuators/TCU/cloud, and ensure evidence is usable for program sign-off and audits.

Qualifications

• Bachelor’s or Master’s degree in Computer/Electrical/Software Engineering, Systems Engineering, Cybersecurity, or similar.
• 8+ years in embedded/automotive cybersecurity or security engineering for safety-/mission-critical systems
• Demonstrated experience applying ISO/SAE 21434 on at least one real development program (OEM or Tier-1), including TARA, concept/requirements, and validation evidence.
• Strong understanding of UN R155 CSMS expectations and how to build audit-ready evidence and supplier alignment.
• Proven ability to lead security architecture for ECUs and connected systems (vehicle networks, diagnostics, OTA, cloud/mobile integration).
• Hands-on security judgment: threat modeling depth, realistic attack feasibility reasoning, cryptography fundamentals, and practical hardening/testing methods.

Nice to Have:

• Experience implementing or assessing secure update engineering aligned with UN R156 / ISO 24089 (secure OTA design, governance, and evidence).
• Experience with HSMs, PKI, secure provisioning, and manufacturing key injection flows.
• Experience aligning cybersecurity with functional safety where security threats can create safety-relevant hazardous behavior (safety/security co-engineering).

What We Offer

We provide a competitive, tax-free salary and a comprehensive benefits package in a collaborative, innovative, and inclusive work environment.

Our benefits include an education allowance, free on-site meals, annual flight allowance, health coverage, relocation support (if applicable), and access to well-being activities such as sports and recreational events.

Join us to drive innovation and shape the future of technology!