Lead Product Security Analyst

The Lead product security analyst - PSIRT is a role primarily focused on leading the daily activities for the PSIRT function. This critical role will set the daily direction and follow established procedures to perform intake, conduct initial analysis, and respond to reported product vulnerabilities and security concerns. This position will work closely with engineering to execute strategic vision for the team and assist in maturing our overall incident response plans and policies in the ever-demanding automotive industry. You will report to the US Product Cybersecurity Manager.

Job role & responsibilities:

- Being passionate and forward-thinking about cybersecurity and the needs for the ever-changing automotive industry.
- Perform daily operations for PSIRT Activities including intake, initial analysis, and execution of initial product security incident response (PSIRT) activities.
- In coordination with cybersecurity engineers, attend to inquiries from a variety of external and internal stakeholders seeking assistance from our team.
- Manages the coordination for disclosures through our vulnerability disclosure program.
- Creating, auditing, and improving PSIRT process documentation and communications deliverables to include the PSIRT plan, playbooks, procedures, and Product Security Advisory content.
- Continuously monitor and communicate realistic expectations of capabilities, to stakeholders.
- Build and maintain collaborative working relationships with various internal functional groups and other stakeholders to effectively resolve issues and remove barriers to program success.

Must have experience and skills in ALL these areas below:

- Bachelor's (BS) degree, preferably in Computer Science, or related field or equivalent experience.
- Results-driven, with the ability to drive project tasks and hold others accountable.
- Excellent facilitation, negotiation, and consensus-building skills, and the ability to influence stakeholders, and drive decisions to closure.
- Knowledge of Automotive cybersecurity/Functional Safety standards are advised but not necessary (e.g.ISO/SAE 21434, WP.29 SUMS & CSMS, ISO26262, NIST)

Automotive, Aerospace or transportation development experience is advantageous but not necessary

Desirable experience and skills:

- 2+ years of experience in a cyber security position with technical cyber security expertise (not restricted to Automotive).
- Experience or respect for working directly with engineering teams.

Proven ability to communicate technical issues to technical and non-technical audience

Motivation to share knowledge and train people

Excellent communication skills and able to deal with all levels of the organisation

Ability to work well under pressure and prioritise work accordingly

Must be able to work alone with certain level of guidance, but also be able to operate effectively as part of a team.

Flexibility to travel at the customer or engineering sites when necessary

Qualifications required:

- Bachelor or master’s degree in Ethical Hacking/Cyber Security, Computer Forensics or STEM based (science, Technology, Engineering and/or Mathematics)

It is desirable to hold a recognised security certification (e.g. CEH, CISSP, CISSM, CISA, etc).

Relevant professional experience:

- Automotive industry
- Aerospace industry

Internal Use Only: Salary

Global Terms of Use and Privacy Statement

Please access the linked document by clicking

here

,
- Career Scam Disclaimer:_
- BorgWarner makes no representations or guarantees regarding employment opportunities listed on any third-party website. To protect against career scams, job applicants should take the necessary precautions when interviewing for and accepting employment positions allegedly offered by BorgWarner. Applicants should never provide their national ID numbers, birth dates, credit card numbers, bank account information or other private information when communicating with prospective employers or responding to employment opportunities online. Job applicants are invited to contact BorgWarner through BorgWarner’s website to verify the authenticity of any employment opportunities._