Job Title

In the role of a seasoned Product Security Incident Analyst, your primary responsibility will be to oversee and orchestrate the response efforts concerning security incidents and vulnerabilities associated with Valeo's automotive products and systems (including ECUs, telematics units, and in-vehicle software).Your expertise will be crucial in guiding the team towards detecting genuine product-impacting threats and vulnerabilities, and implementing effective mitigation strategies by delivering real-time analysis during incident handling. You will also provide advice and training to empower engineering teams in recognizing, preventing, and addressing security threats within our product lifecycle.Responsibilities:● Execute, document, and meticulously follow each stage of the Product Security IncidentResponse Lifecycle, starting from initial detection of a product-related vulnerability to itsresolution and customer/regulator communication.● Make real-time decisions to swiftly mitigate product risks, safeguarding both Valeo and itscustomers from exploits in vehicle systems.● Conduct triage for automotive security incidents, product vulnerabilities, and customer-reportedissues to ascertain their scope, urgency, and potential impact on vehicle security and safety.● Provide timely and clear executive updates, elucidating the identified risks to key stakeholders(internal engineering, legal, external OEMs/customers, and regulatory bodies) during and afterproduct security incidents.● Validate customer notifications and/or provide authoritative security guidance for customers.● Perform deep-dive incident analysis on affected products, generate reports, and deliver briefingsthat communicate automotive threat landscape trends to enhance product design and securitycontrols.● Develop and maintain comprehensive Incident Response Plans tailored to specific productplatforms and electronic control units (ECUs).Required / Minimum Qualifications:● A minimum of three years of hands-on experience encompassing various facets of incidentresponse, vulnerability analysis, or product security research.● Direct experience with security investigations, analysis, and response concerning embeddedsystems, IoT devices, or automotive electronic control units (ECUs).● Hands-on investigative experience in security incidents and vulnerabilities related to automotivesoftware, hardware, and communication protocols (e.g., CAN, LIN, Ethernet).● Proven capability to effectively communicate complex and technical product security matters todiverse audiences, both verbally and in writing, using a clear, authoritative, and actionableapproach.● Possesses a robust foundational understanding of embedded security concepts, coveringoperating systems (e.g., QNX, embedded Linux), hardware security modules (HSMs), vehiclenetworks, and basic cryptography as applied to ECUs.Additional / Preferred Qualifications:● Experience in Source Code Analysis (SAST/DAST) methodologies, and Free & Open SourceSoftware (FOSS) security risk analysis as applied to automotive projects.● Possession of certifications such as Certified Incident Responder, GCIH, CISSP, CSSLP, orCEH/OSCP, will be a plus.● Experience handling incidents related to DDoS attacks, vehicle-to-everything (V2X)communication, telematics units, in-vehicle infotainment (IVI), or powertrain ECUs.● Familiarity with automotive industry standards and regulations such as ISO/SAE 21434 (Roadvehicles - Cybersecurity engineering) and UN R155 (Cyber security and cyber securitymanagement system).