Cyber Security Specialist
Quess Corp Limited · Chengalpattu, Tamil Nadu, India
Quess Corp Limited · Chengalpattu, Tamil Nadu, India
**Core Responsibilities:-** **1. Risk Management & Compliance Governance:-** - TARA Process Management: Conduct comprehensive Threat Analysis and Risk Assessments (TARA) in accordance with ISO 21434 to identify attack surfaces, evaluate threat scenarios, and determine risk levels for connected platforms. - Regulatory Compliance (UNR 155 / UNR 156): Establish, audit, and maintain processes for the corporate Cybersecurity Management System (CSMS) and Software Update Management System (SUMS) to achieve vehicle type approvals and strict regulatory compliance. - Framework Mapping: Align corporate IT security practices (ISO 27001/2) with OT security baselines (IEC 62443 / ISO 21434), ensuring seamless security governance across the entire organization. **2. OT & Embedded Architecture Security:-** - Network Segmentation: Design, review, and enforce secure network zoning and boundaries using the Purdue Model for Industrial Control Systems (ICS) to safely isolate corporate IT from critical shop-floor/on-board OT domains. - Firmware & Software Integrity: Validate secure Over-the-Air (OTA) software update workflows to verify code signing, cryptography standards, and non-repudiation in compliance with UNR 156. - Vulnerability Lifecycle Management: Track, analyze, and triage software/hardware vulnerabilities (CVEs) targeting both enterprise IT systems and industrial/embedded components. **3. Incident Response & Operations:-** - Cross-Domain Monitoring: Monitor security events across both the IT enterprise environment and the Vehicle Security Operations Center (VSOC) or industrial OT monitoring tools. - Incident Handling: Develop and test incident response playbooks tailored for OT environments where uptime and physical safety are critical priorities. - Technical Skills & Qualifications - Required Framework & Standard Expertise - ISO/SAE 21434: Deep operational understanding of automotive cybersecurity engineering, lifecycle management, and work product documentation. - UNECE Regulations (UNR 155 & UNR 156): Direct experience preparing audit evidence, handling type-approval prerequisites, and maintaining compliance for CSMS and SUMS. - The Purdue Model: Absolute mastery of dividing industrial/embedded environments into logical security zones (Levels 0 through 5) to minimize lateral threat movement. - ISO/IEC 27001 / 27002: Strong foundation in corporate information security management systems, asset management, and access control policies. - Risk Methodologies: Proficiency in structured risk assessment models (e.g., E-Attack Trees, STRIDE, NIST SP 800-30). - Software & Technical Skills - Network & Protocols: Strong grasp of both IT protocols (TCP/IP, DNS, HTTP) and OT/Automotive communication paths (CAN bus, Automotive Ethernet, Unified Diagnostic Services (UDS), Modbus, Profinet). - Security Testing: Experience with vulnerability scanning, penetration testing basics, and software fuzz testing tools. - Tools: Familiarity with TARA tooling, SIEM/VSOC platforms, and configuration management databases. **4.Experience & Soft Skills:-** - Experience: 5 to 7 years of dedicated experience working in a dual IT/OT cybersecurity role, Product Security, or Automotive Cyber Engineering. - Communication: Exceptional ability to translate complex, technical OT risks into high-level business risks for IT stakeholders, and vice versa. - Problem Solving: A proven track record of resolving security challenges without disrupting production lines, critical uptime requirements, or safety protocols.