Senior Expert in Embedded Software Security and Security Architectures
This role is responsible for leading security‑by‑design practices throughout the software lifecycle for the RFOC subgroup products across automotive and non‑automotive markets. The ideal candidate combines deep expertise in embedded software development, cybersecurity standards, secure coding, and security architecture, with the ability to guide engineering teams and collaborate effectively with quality, project management, and product stakeholders.
The position requires a strong background in automotive quality processes such as ASPICE, knowledge of ISO/SAE 21434 and cybersecurity requirements for automotive products as well as Common Criteria and SESIP for IT and IoT applications. It includes supporting internal and external audits related to security, quality, and process compliance, preparing documentation, and participating in reviews and audits.
Responsibilities
Define and supervise the software security strategy for RFOC subgroup products; lead the design of secure embedded software architectures for automotive and non‑automotive applications.
Establish security requirements, controls, and architectural principles aligned with product and market needs; review and approve security‑related design decisions ensuring compliance with internal standards and external regulations.
Support threat analysis, risk assessment, and security concept activities for embedded systems.
Drive software security activities across the full development lifecycle: requirements management, architecture and detailed design, implementation, integration, verification, and testing.
Ensure security features are implemented consistently; guide engineering teams in adopting secure development practices and maintaining traceability from security requirements to validation evidence.
Promote and enforce secure coding practices across embedded software teams; conduct secure code reviews, vulnerability assessments, and remediation planning.
Collaborate with project management, quality assurance, product management, system engineering, and other stakeholders to make practical, risk‑based decisions.
Adapt to changing priorities, evolving planning, and shifting technical constraints; manage trade‑offs while preserving security integrity.
Stay current with emerging trends; champion innovation in development workflows, including AI‑driven tools; identify opportunities to simplify processes.
Required Skills & Experience
Extensive experience in embedded software design and development.
Proven experience in software security, security architecture, or cybersecurity engineering for embedded products.
Experience working in automotive development environments and applying ASPICE‑based processes.
Hands‑on knowledge of ISO/SAE 21434, automotive cybersecurity engineering practices, Common Criteria and SESIP.
Demonstrated experience with secure coding, code review, and security vulnerability mitigation.
Experience supporting technical audits, quality reviews, and customer‑facing security assessments.
Technical Skills
Strong understanding of embedded software architecture, real‑time constraints, and system integration.
Solid knowledge of software security concepts, including:
Secure boot and trust chains
Authentication and authorization
Cryptography fundamentals and secure key handling
Firmware integrity protection
Secure update mechanisms
Attack surface reduction
Secure communication principles
Understanding of testing and validation approaches for security functions.
Familiarity with security analysis techniques such as threat modeling and risk assessment.
Behavioral and Leadership Skills
Strong ability to work collaboratively in a multidisciplinary team.
Ability to influence and guide engineering teams without direct line management authority.
Excellent communication skills, able to explain complex security topics clearly to technical and non‑technical audiences.
High adaptability and resilience in dynamic project environments.
Strong sense of ownership, accountability, and initiative.
Open‑minded, innovation‑oriented, and comfortable using modern tools and AI‑assisted methodologies.
Equality, Diversity and Inclusion
At ST, we endeavor to foster a diverse and inclusive workplace and we do not tolerate discrimination. We aim to recruit and retain a diverse workforce that reflects the societies around us. We strive for equity in career development, career opportunities, and equal remuneration. Diversity, equity and inclusion are woven into our company culture.
This position is open to all qualified candidates, irrespective of gender, race, religion, sexual orientation, age, disability, or any other protected characteristic.
#J-18808-Ljbffr