Job Description
In the role of a seasoned Product Security Incident Analyst, your primary responsibility will be to oversee and orchestrate the response efforts concerning security incidents and vulnerabilities associated with Valeo's automotive products and systems (including ECUs, telematics units, and in-vehicle software). Your expertise will be crucial in guiding the team towards detecting genuine product-impacting threats and vulnerabilities, and implementing effective mitigation strategies by delivering real-time analysis during incident handling. You will also provide advice and training to empower engineering teams in recognizing, preventing, and addressing security threats within our product lifecycle.
Responsibilities:
● Execute, document, and meticulously follow each stage of the Product Security Incident
Response Lifecycle, starting from initial detection of a product-related vulnerability to its
resolution and customer/regulator communication.
● Make real-time decisions to swiftly mitigate product risks, safeguarding both Valeo and its
customers from exploits in vehicle systems.
● Conduct triage for automotive security incidents, product vulnerabilities, and customer-reported
issues to ascertain their scope, urgency, and potential impact on vehicle security and safety.
● Provide timely and clear executive updates, elucidating the identified risks to key stakeholders
(internal engineering, legal, external OEMs/customers, and regulatory bodies) during and after
product security incidents.
● Validate customer notifications and/or provide authoritative security guidance for customers.
● Perform deep-dive incident analysis on affected products, generate reports, and deliver briefings
that communicate automotive threat landscape trends to enhance product design and security
controls.
● Develop and maintain comprehensive Incident Response Plans tailored to specific product
platforms and electronic control units (ECUs).
Required / Minimum Qualifications:
● A minimum of three years of hands-on experience encompassing various facets of incident
response, vulnerability analysis, or product security research.
● Direct experience with security investigations, analysis, and response concerning embedded
systems, Io T devices, or automotive electronic control units (ECUs).
● Hands-on investigative experience in security incidents and vulnerabilities related to automotive
software, hardware, and communication protocols (e.g., CAN, LIN, Ethernet).
● Proven capability to effectively communicate complex and technical product security matters to
diverse audiences, both verbally and in writing, using a clear, authoritative, and actionable
approach.
● Possesses a robust foundational understanding of embedded security concepts, covering
operating systems (e.g., QNX, embedded Linux), hardware security modules (HSMs), vehicle
networks, and basic cryptography as applied to ECUs.
Additional / Preferred Qualifications:
● Experience in Source Code Analysis (SAST/DAST) methodologies, and Free & Open Source
Software (FOSS) security risk analysis as applied to automotive projects.
● Possession of certifications such as Certified Incident Responder, GCIH, CISSP, CSSLP, or
CEH/OSCP, will be a plus.
● Experience handling incidents related to DDo S attacks, vehicle-to-everything (V2 X)
communication, telematics units, in-vehicle infotainment (IVI), or powertrain ECUs.
● Familiarity with automotive industry standards and regulations such as ISO/SAE 21434 (Road
vehicles - Cybersecurity engineering) and UN R155 (Cyber security and cyber security
management system).
Responsibilities:
● Execute, document, and meticulously follow each stage of the Product Security Incident
Response Lifecycle, starting from initial detection of a product-related vulnerability to its
resolution and customer/regulator communication.
● Make real-time decisions to swiftly mitigate product risks, safeguarding both Valeo and its
customers from exploits in vehicle systems.
● Conduct triage for automotive security incidents, product vulnerabilities, and customer-reported
issues to ascertain their scope, urgency, and potential impact on vehicle security and safety.
● Provide timely and clear executive updates, elucidating the identified risks to key stakeholders
(internal engineering, legal, external OEMs/customers, and regulatory bodies) during and after
product security incidents.
● Validate customer notifications and/or provide authoritative security guidance for customers.
● Perform deep-dive incident analysis on affected products, generate reports, and deliver briefings
that communicate automotive threat landscape trends to enhance product design and security
controls.
● Develop and maintain comprehensive Incident Response Plans tailored to specific product
platforms and electronic control units (ECUs).
Required / Minimum Qualifications:
● A minimum of three years of hands-on experience encompassing various facets of incident
response, vulnerability analysis, or product security research.
● Direct experience with security investigations, analysis, and response concerning embedded
systems, Io T devices, or automotive electronic control units (ECUs).
● Hands-on investigative experience in security incidents and vulnerabilities related to automotive
software, hardware, and communication protocols (e.g., CAN, LIN, Ethernet).
● Proven capability to effectively communicate complex and technical product security matters to
diverse audiences, both verbally and in writing, using a clear, authoritative, and actionable
approach.
● Possesses a robust foundational understanding of embedded security concepts, covering
operating systems (e.g., QNX, embedded Linux), hardware security modules (HSMs), vehicle
networks, and basic cryptography as applied to ECUs.
Additional / Preferred Qualifications:
● Experience in Source Code Analysis (SAST/DAST) methodologies, and Free & Open Source
Software (FOSS) security risk analysis as applied to automotive projects.
● Possession of certifications such as Certified Incident Responder, GCIH, CISSP, CSSLP, or
CEH/OSCP, will be a plus.
● Experience handling incidents related to DDo S attacks, vehicle-to-everything (V2 X)
communication, telematics units, in-vehicle infotainment (IVI), or powertrain ECUs.
● Familiarity with automotive industry standards and regulations such as ISO/SAE 21434 (Road
vehicles - Cybersecurity engineering) and UN R155 (Cyber security and cyber security
management system).
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application