Required Skills (Must Have)
1. Hands-on TARA experience (created and completed TARA artifacts; not just participated).
2. Strong cybersecurity engineering fundamentals (threat modeling, risk assessment, security requirements, secure architecture concepts).
3. Working knowledge of ISO/SAE 21434 structure, work products, and lifecycle expectations.
4. Cloud security/architecture awareness including typical entry points and attack surfaces (APIs, IAM, device onboarding, data ingestion, IoT pathways).
5. Proven ability to lead cross-functional reviews (facilitation, conflict resolution, clear documentation, driving closure).
---
Preferred Skills (Nice to Have)
1. Recent project experience producing ISO/SAE 21434 work products using a structured/template-driven approach.
2. Recent experience leading TARA end-to-end for a connected product (IoT/Telematics).
3. COSMOS system familiarity.
4. Telematics device knowledge (hardware/software architecture, provisioning, OTA, comm stacks, diagnostics).
1. ISO/SAE 21434 Cybersecurity Assessment (Edge Analytics)
o Perform a gap assessment of the Edge Analytics solution (device, cloud, data/ML components) against ISO/SAE 21434.
o Identify certification/release readiness requirements, required work products, and ownership.
o Deliver: assessment report, gap/risk register, prioritized remediation plan, and evidence/work-product mapping.
2. Threat Analysis and Risk Assessment (TARA) per ISO/SAE 21434
o Develop and complete the TARA for Edge Analytics, including threat scenarios, impact ratings, attack feasibility, and risk treatment recommendations.
o Deliver: TARA workbook/artifacts, assumptions, traceability to system architecture and interfaces, and risk treatment plan.
3. Close Cybersecurity Requirements Identified During 21434 Assessment
o Lead completion of cybersecurity requirements/work products identified through the assessment and TARA (e.g., security goals/claims, requirements, architecture considerations, validation/verification evidence).
o Deliver: updated cybersecurity work-product set, tracked actions to closure, and review-ready evidence package.
4. Lead Stakeholder Reviews and Approvals
o Plan and facilitate reviews for the ISO 21434 assessment and TARA with key stakeholders (PCRA, BU Cybersecurity, Product Cybersecurity, and engineering leads).