Lead Product Cybersecurity Engineer

Job Purpose

The Lead Product Cybersecurity Engineer is responsible for the design, development, and maintenance of technical cybersecurity control standards for use across Dana’s product platforms. You will work in collaboration with the engineers in other engineering disciplines, to lead cybersecurity activities throughout the product lifecycle, and support security control development in both hardware and software.

Job Duties and Responsibilities

• Develop and maintain a robust library of reusable, trusted security controls and associated requirements for Dana platform-based embedded systems.
• Lead cybersecurity requirements analysis and clarification with customers for reuse analysis of platform-based security controls, provide cybersecurity expertise during system architectural design reviews
• Produce and manage system requirements for cybersecurity across the product lifecycle, support cryptographic material management in manufacturing environment.
• Lead the Threat Analysis and Risks Assessment (TARA) and Cybersecurity Concept activities. Continuously update TARAs based on lessons learned from cybersecurity monitoring.
• Analyze cybersecurity events relevant to Dana products, perform vulnerability analysis and risk assessment, manage vulnerability throughout product lifecycle.
• Lead conversation related to cybersecurity vulnerabilities with customers. Support hardware and software vendors to reduce 3rd party cybersecurity vulnerabilities.
• Representing Dana in industry forums and working groups such as the Auto-ISAC.
• Support internal and external audits related to ISO/SAE 21434 work products. Support cybersecurity process improvement/execution to improve cybersecurity posture.
• Collaborate cross-functionally with systems, software, hardware, and quality engineering teams. Work closely with the software team to ensure secure coding practices.
• Assist in cybersecurity training within the business unit as required.

Required Experience

• 8+ years of experience in automotive or relevant embedded systems cybersecurity.
• Deep expertise in ISO/SAE 21434 and its practical application.
• Proficiency using TARA tooling and conducting structured risk assessments.
• Hands-on experience with automotive and embedded network protocols
• Strong knowledge with embedded security controls, secure coding practices, and security principles
• Experience with frameworks such as CVEs, CWEs, MITRE ATT&CK, and Automotive Threat Matrix (ATM)
• Familiarity with electric powertrain systems
• Excellent communication and analytical skills

• Excellent organizational skills as demonstrated through executed production programs

• Ability to work independently as required and take ownership of project deliverables
• Knowledge of ASPICE and ISO26262.

Education

• Bachelor’s degree in electrical engineering, computer engineering, computer science, cybersecurity engineering, or related discipline
• Certifications in cybersecurity, such as Certified Automotive Security Engineer (CASE), or Certified Ethical Hacker (CEH), or similar, is a plus