Product Security Analyst

In the role of a seasoned Product Security Incident Analyst, your primary responsibility will be to oversee and orchestrate the response efforts concerning security incidents and vulnerabilities associated with Valeo's automotive products and systems. Your expertise will be crucial in guiding the team towards detecting genuine product-impacting threats and vulnerabilities, and implementing effective mitigation strategies by delivering real-time analysis during incident handling. You will also provide advice and training to empower engineering teams in recognizing, preventing, and addressing security threats within our product lifecycle. Responsibilities: - Execute, document, and meticulously follow each stage of the Product Security Incident Response Lifecycle, starting from initial detection of a product-related vulnerability to its resolution and customer/regulator communication. - Make real-time decisions to swiftly mitigate product risks, safeguarding both Valeo and its customers from exploits in vehicle systems. - Conduct triage for automotive security incidents, product vulnerabilities, and customer-reported issues to ascertain their scope, urgency, and potential impact on vehicle security and safety. - Provide timely and clear executive updates, elucidating the identified risks to key stakeholders (internal engineering, legal, external OEMs/customers, and regulatory bodies) during and after product security incidents. - Validate customer notifications and/or provide authoritative security guidance for customers. - Perform deep-dive incident analysis on affected products, generate reports, and deliver briefings that communicate automotive threat landscape trends to enhance product design and security controls. - Develop and maintain comprehensive Incident Response Plans tailored to specific product platforms and electronic control units (ECUs). Required / Minimum Qualifications: - A minimum of three years of hands-on experience encompassing various facets of incident response, vulnerability analysis, or product security research. - Direct experience with security investigations, analysis, and response concerning embedded systems, IoT devices, or automotive electronic control units (ECUs). - Hands-on investigative experience in security incidents and vulnerabilities related to automotive software, hardware, and communication protocols (e.g., CAN, LIN, Ethernet). - Proven capability to effectively communicate complex and technical product security matters to diverse audiences, both verbally and in writing, using a clear, authoritative, and actionable approach. - Possesses a robust foundational understanding of embedded security concepts, covering operating systems (e.g., QNX, embedded Linux), hardware security modules (HSMs), vehicle networks, and basic cryptography as applied to ECUs. Additional / Preferred Qualifications: - Experience in Source Code Analysis (SAST/DAST) methodologies, and Free & Open Source Software (FOSS) security risk analysis as applied to automotive projects. - Possession of certifications such as Certified Incident Responder, GCIH, CISSP, CSSLP, or CEH/OSCP, will be a plus. - Experience handling incidents related to DDoS attacks, vehicle-to-everything (V2X) communication, telematics units, in-vehicle infotainment (IVI), or powertrain ECUs. - Familiarity with automotive industry standards and regulations such as ISO/SAE 21434 (Road vehicles - Cybersecurity engineering) and UN R155 (Cyber security and cyber security management system). In the role of a seasoned Product Security Incident Analyst, your primary responsibility will be to oversee and orchestrate the response efforts concerning security incidents and vulnerabilities associated with Valeo's automotive products and systems. Your expertise will be crucial in guiding the team towards detecting genuine product-impacting threats and vulnerabilities, and implementing effective mitigation strategies by delivering real-time analysis during incident handling. You will also provide advice and training to empower engineering teams in recognizing, preventing, and addressing security threats within our product lifecycle. Responsibilities: - Execute, document, and meticulously follow each stage of the Product Security Incident Response Lifecycle, starting from initial detection of a product-related vulnerability to its resolution and customer/regulator communication. - Make real-time decisions to swiftly mitigate product risks, safeguarding both Valeo and its customers from exploits in vehicle systems. - Conduct triage for automotive security incidents, product vulnerabilities, and customer-reported issues to ascertain their scope, urgency, and potential impact on vehicle security and safety. - Provide timely and clear executive updates, elucidating the identified risks to key stakeholders (internal engineering, legal, external OEMs/customers, and regulatory bodies) during and after product security incidents. - Validate customer n