Jaguar Land Rover UK
Cyber Security Job – Penetration Test Manager
Job Description
JLR is harnessing technology to make driving smarter, safer and cleaner. You can help create a world in which responsible, sustainable vehicles revolutionise the driving experience for generations. Our vision is to leverage the incredible potential of technology to build vehicles that not only offer a premium, all-encompassing digital experience, but that also make our customers lives better.
WHAT TO EXPECT
Cybersecurity is a fast paced and dynamic area of the Automotive Industry. You will play a critical part of the team, directly supporting the development of our Autonomous, Connected, Electric and Shared future to ensure we are robust to emerging security threats and meet new international automotive regulations such as UNECE R155.
In your role as the Cyber Security Penetration Test Manager, you will be expected to take a lead role for your area of specialism and will be comfortable leading and directing squads including outsource partners and suppliers.
You will drive penetration testing across product engineering and align with other business functions on penetration testing strategy and delivery. You will manage a backlog of penetration test activities to ensure that affected vehicle lines achieve cyber security compliance and type approval on time. You will be expected to work closely with a number of key stakeholders across JLR and to adhere to standards, processes and technical regulatory requirements.
This role would suit someone who has experience of Automotive Penetration Testing and is looking for a move into a Product Owner role.
Responsibilities
- Own the vehicle, system and ECU penetration test plan and execution for all JLR vehicle lines.
- Work closely with the penetration test team within Digital (information technology) to ensure alignment on processes, methods and tools including forward strategy.
- Manage penetration testing budget for all vehicle lines that require cyber security regulatory type approval.
- Lead penetration witness testing with type approval authorities to ensure compliance against regulatory requirements.
- Define Penetration Test Strategy from the 1st line of Defence viewpoint for the governance of ECU, system and Vehicle penetration Testing.
- Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area.
- Helping project teams to liaise with preferred suppliers.
- Reviewing and agreeing Penetration Test Scopes.
- Review of Penetration Test Results and inform VSOC and Product Engineering Cyber Security Director of any high/critical risks identified via the risk governance board.
- Collect, analyse, and prepare reports required for senior management, regulators, and other relevant stakeholders.
- Work with Management to ensure product security risk findings are reviewed and solutions are implemented, and risks are properly managed.
- Lead the escalation and resolution of risk and compliance issues associated with penetration testing with appropriate stakeholders.
- Supporting any other identified security testing requirements with respect to ECU and Vehicle Penetration Testing.
- Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organisational compliance.
- Undertake any other work as directed by their line manager in connection with their job as may be requested.
WHAT YOU’LL NEED
- Management of a penetration test backlog and ability to prioritise tasks in order to drive effectively squads towards delivery of OKRs.
- Proven Penetration Testing experience and track record of delivery in a field relevant to the role, e.g In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc.
- Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc.
- Understanding of automotive cyber security principles and standards (ISO 21434, R155, etc.)
- Understanding of Systems Engineering Principals, and Requirements development.
- Qualified to degree level in a relevant discipline, or equivalent experience.
SO WHY US?
Bring all this to the home of premium innovation, and you’ll find the opportunities to further your career with a world-class team, a discounted car purchase and lease scheme for you and your family, membership of a competitive pension plan, private medical cover and performance related bonus scheme. As a manager, you’ll also be able to select one of our luxury premium vehicles to lease at a fraction of the cost. All this and more makes JLR the perfect place to continue your journey.
This role may offer the opportunity for hybrid working where you can split your time between working from home and in the office. At JLR, hybrid working is a voluntary, non-contractual arrangement providing employees with more choice and flexibility around how, when and where they work, if suitable for their role. Further details can be discussed with the Hiring Manager at interview stage.
Please be aware that we may close this vacancy for applications before the stated deadline if we receive a high volume of interest. We strongly advise you to submit your application as early as possible.