Automotive Cybersecurity Engineer (Charging Systems) (India)

Embark on a fulfilling journey at Škoda Auto Volkswagen India (SAVWIPL), where were powering ahead into the future of mobility with unwavering determination. Headquartered in Pune, SAVWIPL manages the India region of the Volkswagen Groups five prestigious brands Škoda, Volkswagen, Audi, Porsche, and Lamborghini. As a leading European car maker in India, we offer a promising career growth, constant innovation, and a balanced work-life environment. Our consistent pursuit of workplace excellence has garnered us numerous accolades including ‘Great Place to Work’, ‘Top Employer’, and HR Asia’s ‘Best Companies to Work for in Asia’ in 2023. At the forefront of automotive innovation, we operate two cutting-edge manufacturing facilities in India - at Chakan, Pune, and Shendra, Chhatrapati Sambhajinagar (formerly known as Aurangabad). With a rich legacy spanning over two decades, SAVWIPL boasts a wide spectrum of cars in its portfolio, ranging from conventional ICE range to electrifying BEV models. Open the door to boundless opportunities and learn more about SAVWIPL by visiting www.Skoda-vw.Co.In. Regardless of your background, age, or identity, we welcome all talents to join us on this exciting journey towards shaping the future of mobility. Position Name: Charging + Charging Infrastructure - Cybersecurity Department: Research and Development Functional Area: Electric and Electronics Location: Chakan, Pune Years of Experience: Min 10 - 12 years Qualification: B.E/B. Tech/Post Graduate Electrical & Electronics Purpose of the Position - Performs the role of Security Owner for parts from the cluster energy management and charging (48V batteries, HV-batteries, chargers, charging control units, DC/DC converters). - Ensures a security development of control units from cluster energy management and charging from the point of view of cyber security, their testing, implementation control from the supplier. - Assigns and ensures the creation of documentation for cyber security within its scope (analysis of cyber security risks, concept and specification of cyber security, concept and specification of cyber security tests, report on cyber security tests). Authority - Authorize cybersecurity concept and threat analysis deliverables for EV charging and infrastructure systems. - Approve supplier cybersecurity compliance documents (TARA, CS Concept, CS Cases, etc.). - Validate and sign off cybersecurity test results and penetration testing reports for charger components and backend interfaces. - Decide on deviations, mitigations, or corrective actions related to identified cybersecurity risks and vulnerabilities. Skills Required - Communication in English - Analytical & problem solving skills - Good knowledge about automobile technics - Product development knowledge for ICE BEV components including charging systems - Valuable administrative skills : ability to plan, develop and structure Responsibilities and Tasks - Cybersecurity Concept Development Define and maintain cybersecurity concepts for EV charging systems (OBC, EVCC, CMS, HMI, communication interfaces). - Threat Analysis and Risk Assessment (TARA) Conduct and update TARA as per ISO/SAE 21434 to identify threats, vulnerabilities, and mitigation strategies. - Cybersecurity Requirements Engineering Derive system, hardware, and software cybersecurity requirements and ensure traceability to identified risks. - Supplier Cybersecurity Management Evaluate supplier compliance to cybersecurity requirements, work products, and security validation results. - Secure Communication & Protocol Implementation Ensure security of communication protocols (ISO 15118, OCPP, TLS, MQTT, IEC 61851, IEC 63110). - Penetration & Vulnerability Testing Oversight Plan, monitor, and evaluate results of penetration testing, fuzzing, and code vulnerability scans. - Incident Detection & Response Planning Develop procedures for cybersecurity event detection, reporting, and post-incident remediation. - Compliance to Standards & Regulations Ensure conformance to ISO/SAE 21434, UNECE R155/R156, and relevant data protection laws. - Interface Security Management Evaluate charger–vehicle, charger–cloud, and internal bus (CAN/Ethernet) interfaces for attack surface reduction. - Security Testing Documentation Create, review, and maintain cybersecurity validation test cases, reports, and evidences. - Configuration & Patch Management Define secure software update (SOTA/FOTA) and patch management processes for chargers and backend systems. - Cross-Domain Collaboration Collaborate with system, software, network, and functional safety teams for integrated security implementation. - Security Audits & Assessments Support Prepare and support internal/external cybersecurity audits, assessments, and customer reviews. - Training & Awareness Programs Conduct cybersecurity awareness and technical training sessions for development and field teams. - Continuous Improvement & Lessons Learned Capture lessons from incidents, audits, and test results to improve cybersecurity processes.