Automotive Cybersecurity Engineer & Consultant ? ISO/SAE 21434, TARA, SDV Security
Aktualisiert am 04.05.2026
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.05.2026
Verfügbar zu: 100%
davon vor Ort: 50%
Automotive Cybersecurity
IEC 62443
ISO/SAE 21434
TARA (Threat Analysis and Risk Assessment)
UNECE R155 / R156
Cybersecurity Management System (CSMS)
SDV (Software-Defined Vehicle) Security
AUTOSAR Adaptive
SOME/IP Security
Cybersecurity Requirements Engineering
Penetration Testing (Automotive)
UDS / CAN / CAN FD / LIN
Secure Development Lifecycle
Risk Assessment & Threat Modeling
Cybersecurity Concept & Goals
English
Spanish
French
Romanian

Einsatzorte

Einsatzorte

Barcelona (+500km)
Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

1,5 YEARS: COMFORTSEATING

Customer: Porsche

Tasks:
  • Deployed as the lead technical authority to rescue a critically delayed and high-risk comfort seat project for the new Porsche Cayenne, following severe execution issues at the Tier-2 supplier.
  • Took full ownership of the Vibe ECU on behalf of P3 and Porsche, acting as the central technical interface between Porsche, Forvia and Idneo.
  • Performed comprehensive end-to-end supplier monitoring and technical governance, including in-depth reviews of all software architecture, cybersecurity artifacts, requirements, implementation, testing and integration activities.
  • Conducted rigorous technical audits, architecture reviews, and risk assessments, identifying critical gaps and defining corrective actions that brought the project back on track.
  • Established structured feedback loops, escalation paths, and transparent reporting to senior stakeholders at Porsche and Forvia, while providing hands-on technical leadership and on-site support at key integration and vehicle testing phases in Weissach.
  • Successfully coordinated a complex multi-party environment (OEM ? Tier-1 ? Tier-2), bridging communication gaps and aligning all parties toward common deliverables.
  • Outcome: Turned around a project that was on the verge of failure into a successful series production launch. The seat system is now part of the new Porsche Cayenne, reaching customers in 2026.
2 YEARS: RENAULT DUO SDV

Customer: RENAULT

Tasks:
  • Served as the OEM-side Cybersecurity Responsible for Renault?s first Software Defined Vehicle (SDV) program, overseeing cybersecurity for the complete vehicle architecture, including the high-performance central PCU and the safety-critical PIU ECUs (braking, chassis, etc.).
  • Acted as the primary cybersecurity interface between Renault and the Tier-1 supplier (Continental Automotive), managing all technical and process cybersecurity topics.
  • Led the negotiation and implementation of the full set of ISO/SAE 21434 deliverables
  • Conducted in-depth evaluation of technical solutions and ISO 21434 work products delivered by Continental, ensuring they met Renault?s stringent cybersecurity and functional safety requirements.
  • Performed comprehensive technical acceptance of the PCU and PIU platforms, validating the secure integration of the complex Linuxbased layered architecture with classic safety-relevant ECUs.
  • Developed and delivered clear technical presentations and status reports to senior management and the cybersecurity steering committee, supporting key program decisions and gate reviews.
  • Played a key role in aligning cybersecurity activities with the overall SDV architecture, ensuring secure communication, secure OTA capabilities and proper segregation between the high-performance computing domain and safety-critical domains.
2, 5 YEARS: MIRROR EYE PROJECT

Customer: VOLVO

Tasks:
  • Owned the complete cybersecurity scope for the MirrorEye digital mirror replacement system, a safety-critical embedded platform developed for Volvo Trucks
  • Negotiated the Cybersecurity Interface Agreement and Compliance Matrix directly with Volvo, establishing clear boundaries and deliverables between organizations.
  • Authored and delivered all key ISO/SAE 21434 artifacts, including TARA, Technical Security Concept and Cybersecurity Case, ensuring full compliance with OEM expectations.
  • Designed a robust Technical Security Concept that effectively mitigated identified risks while maintaining compliance with ISO 26262 functional safety requirements.
  • Led cybersecurity activities across system and software levels, successfully directing a cross-functional team that included offshore software development resources in India.
  • Directed requirements engineering, testing strategy, and validation activities, achieving smooth OEM reviews and acceptance.
  • Acted as the primary cybersecurity interface, managing all technical communication, risk escalation, and decision-making with senior stakeholders.
6 MONTHS: EU7 CYBERSECURITY

Customer: Porsche

Tasks:
  • Contracted by P3 Group to support Porsche in strengthening the cybersecurity posture of an existing vehicle platform (MQB/MLBevo architecture) to meet upcoming EU7 regulatory requirements.
  • Led the development of an updated Technical Security Concept for a legacy platform featuring weaker ECUs and limited Hardware Security Module (HSM) coverage, ensuring compatibility with both current production and future stringent cybersecurity standards.
  • Designed and delivered a comprehensive updated SecOC (Secure Onboard Communication) concept and a complete Key Management concept, including cryptographic key lifecycle, distribution, and storage strategies adapted to the platform?s constraints.
  • Performed detailed gap analysis between the existing architecture and EU7 cybersecurity expectations, defining feasible mitigation measures and architectural improvements without requiring full platform redesign.
  • Collaborated closely with Porsche?s cybersecurity and platform teams to align the new security concept with functional safety, performance and cost constraints.
  • Delivered high-quality security documentation and technical recommendations that enabled the platform to achieve internal compliance readiness ahead of regulatory timelines.
  • Outcome: Successfully future-proofed the cybersecurity architecture of a major vehicle platform, providing Porsche with a clear upgrade path that balanced legacy limitations with evolving regulatory demands.
2015 - 2021: Software Development Experience

Customer: various

Tasks:
I bring strong hands-on embedded software development experience across complex, safety-critical, and connected systems. This technical foundation enables me to create realistic and effective cybersecurity concepts, requirements and architectures that are truly implementable in real products. Key experiences include:
  • Designed and developed embedded C++ applications on Linux (Ubuntu) and STM32MP1 platforms for robotic lawnmowers (STIHL iMow), including D-Bus IPC integration, Bluetooth (BlueZ), and a custom Rauc-based update mechanism.
  • Led the migration of legacy Qt-based applications to a non-Qt architecture, significantly improving performance and maintainability.
  • Worked on AUTOSAR 4.x platforms at Vitesco Technologies, implementing secure boot, signature validation, hashing algorithms and Hardware Security Module (HSM) integration for BMW and Daimler projects.
  • Served as Software Engineer, Requirements Engineer, and Software Project Leader for Porsche?s On-Board Charger program (Audi e-tron, Porsche Cayenne & Taycan), delivering full SOP software within one year and achieving A-SPICE Level 1 certification.
  • Consistently combined deep software implementation knowledge with requirements engineering and team leadership in distributed, multi-supplier environments.
  • This solid embedded software background allows me to bridge the gap between theoretical security concepts and practical, efficient implementation ? a critical advantage when developing cybersecurity solutions for complex embedded systems.

Aus- und Weiterbildung

Aus- und Weiterbildung

2022
Post Graduate Program in Cybersecurity
University of Texas at Austin

2007 - 2012
Studie - Systems Automation
Technical University of Cluj-Napoca
Degree: Bachelor of Science

QUALIFICATION
  • Automotive Cybersecurity Engineer
  • ChipWhisperer ? Power Analysis 101 (Penetration Testing training)

Position

Position

Senior Cybersecurity Consultant

Kompetenzen

Kompetenzen

Top-Skills

Automotive Cybersecurity IEC 62443 ISO/SAE 21434 TARA (Threat Analysis and Risk Assessment) UNECE R155 / R156 Cybersecurity Management System (CSMS) SDV (Software-Defined Vehicle) Security AUTOSAR Adaptive SOME/IP Security Cybersecurity Requirements Engineering Penetration Testing (Automotive) UDS / CAN / CAN FD / LIN Secure Development Lifecycle Risk Assessment & Threat Modeling Cybersecurity Concept & Goals

Schwerpunkte

  • Embedded Systems Cybersecurity ? End-to-end security for safetycritical embedded platforms in automotive, rail, medtech and industrial sectors
  • Cybersecurity Compliance & Certification ? ISO/SAE 21434, UN R155/R156, IEC 62443, EU Cyber Resilience Act (CRA) and ISO 27000 series
  • Secure-by-Design Architecture & Product Security Engineering ? Designing secure systems from concept through certification and into production
  • Threat Analysis & Risk Assessment (TARA) ? Comprehensive risk identification, evaluation, and treatment strategies Security Concept Development & Requirements Engineering ? Creating clear, actionable, and negotiable security requirements for OEMs and suppliers
  • Technical Leadership & Team Enablement ? Leading and upskilling engineering teams (25?30+ people) in secure development practices
  • Secure Development Lifecycle ? Integrating cybersecurity into VModel, ASPICE, Agile and hybrid processes
  • Secure OTA & Update Management ? End-to-end secure update strategies for connected embedded systems

Produkte / Standards / Erfahrungen / Methoden

Profile
I am a cybersecurity consultant and technical leader specializing in embedded systems security for highly regulated industries. I partner with OEMs and technology companies to design and implement comprehensive security solutions across the full product lifecycle ? from threat modeling and secure architecture to certification and long-term maintenance. I'm proficient in ISO/SAE 21434, UN R155/R156, IEC 62443, the EU Cyber Resilience Act and related standards. I bring deep technical expertise and proven leadership in building and guiding security-conscious engineering teams.

Einsatzorte

Einsatzorte

Barcelona (+500km)
Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

1,5 YEARS: COMFORTSEATING

Customer: Porsche

Tasks:
  • Deployed as the lead technical authority to rescue a critically delayed and high-risk comfort seat project for the new Porsche Cayenne, following severe execution issues at the Tier-2 supplier.
  • Took full ownership of the Vibe ECU on behalf of P3 and Porsche, acting as the central technical interface between Porsche, Forvia and Idneo.
  • Performed comprehensive end-to-end supplier monitoring and technical governance, including in-depth reviews of all software architecture, cybersecurity artifacts, requirements, implementation, testing and integration activities.
  • Conducted rigorous technical audits, architecture reviews, and risk assessments, identifying critical gaps and defining corrective actions that brought the project back on track.
  • Established structured feedback loops, escalation paths, and transparent reporting to senior stakeholders at Porsche and Forvia, while providing hands-on technical leadership and on-site support at key integration and vehicle testing phases in Weissach.
  • Successfully coordinated a complex multi-party environment (OEM ? Tier-1 ? Tier-2), bridging communication gaps and aligning all parties toward common deliverables.
  • Outcome: Turned around a project that was on the verge of failure into a successful series production launch. The seat system is now part of the new Porsche Cayenne, reaching customers in 2026.
2 YEARS: RENAULT DUO SDV

Customer: RENAULT

Tasks:
  • Served as the OEM-side Cybersecurity Responsible for Renault?s first Software Defined Vehicle (SDV) program, overseeing cybersecurity for the complete vehicle architecture, including the high-performance central PCU and the safety-critical PIU ECUs (braking, chassis, etc.).
  • Acted as the primary cybersecurity interface between Renault and the Tier-1 supplier (Continental Automotive), managing all technical and process cybersecurity topics.
  • Led the negotiation and implementation of the full set of ISO/SAE 21434 deliverables
  • Conducted in-depth evaluation of technical solutions and ISO 21434 work products delivered by Continental, ensuring they met Renault?s stringent cybersecurity and functional safety requirements.
  • Performed comprehensive technical acceptance of the PCU and PIU platforms, validating the secure integration of the complex Linuxbased layered architecture with classic safety-relevant ECUs.
  • Developed and delivered clear technical presentations and status reports to senior management and the cybersecurity steering committee, supporting key program decisions and gate reviews.
  • Played a key role in aligning cybersecurity activities with the overall SDV architecture, ensuring secure communication, secure OTA capabilities and proper segregation between the high-performance computing domain and safety-critical domains.
2, 5 YEARS: MIRROR EYE PROJECT

Customer: VOLVO

Tasks:
  • Owned the complete cybersecurity scope for the MirrorEye digital mirror replacement system, a safety-critical embedded platform developed for Volvo Trucks
  • Negotiated the Cybersecurity Interface Agreement and Compliance Matrix directly with Volvo, establishing clear boundaries and deliverables between organizations.
  • Authored and delivered all key ISO/SAE 21434 artifacts, including TARA, Technical Security Concept and Cybersecurity Case, ensuring full compliance with OEM expectations.
  • Designed a robust Technical Security Concept that effectively mitigated identified risks while maintaining compliance with ISO 26262 functional safety requirements.
  • Led cybersecurity activities across system and software levels, successfully directing a cross-functional team that included offshore software development resources in India.
  • Directed requirements engineering, testing strategy, and validation activities, achieving smooth OEM reviews and acceptance.
  • Acted as the primary cybersecurity interface, managing all technical communication, risk escalation, and decision-making with senior stakeholders.
6 MONTHS: EU7 CYBERSECURITY

Customer: Porsche

Tasks:
  • Contracted by P3 Group to support Porsche in strengthening the cybersecurity posture of an existing vehicle platform (MQB/MLBevo architecture) to meet upcoming EU7 regulatory requirements.
  • Led the development of an updated Technical Security Concept for a legacy platform featuring weaker ECUs and limited Hardware Security Module (HSM) coverage, ensuring compatibility with both current production and future stringent cybersecurity standards.
  • Designed and delivered a comprehensive updated SecOC (Secure Onboard Communication) concept and a complete Key Management concept, including cryptographic key lifecycle, distribution, and storage strategies adapted to the platform?s constraints.
  • Performed detailed gap analysis between the existing architecture and EU7 cybersecurity expectations, defining feasible mitigation measures and architectural improvements without requiring full platform redesign.
  • Collaborated closely with Porsche?s cybersecurity and platform teams to align the new security concept with functional safety, performance and cost constraints.
  • Delivered high-quality security documentation and technical recommendations that enabled the platform to achieve internal compliance readiness ahead of regulatory timelines.
  • Outcome: Successfully future-proofed the cybersecurity architecture of a major vehicle platform, providing Porsche with a clear upgrade path that balanced legacy limitations with evolving regulatory demands.
2015 - 2021: Software Development Experience

Customer: various

Tasks:
I bring strong hands-on embedded software development experience across complex, safety-critical, and connected systems. This technical foundation enables me to create realistic and effective cybersecurity concepts, requirements and architectures that are truly implementable in real products. Key experiences include:
  • Designed and developed embedded C++ applications on Linux (Ubuntu) and STM32MP1 platforms for robotic lawnmowers (STIHL iMow), including D-Bus IPC integration, Bluetooth (BlueZ), and a custom Rauc-based update mechanism.
  • Led the migration of legacy Qt-based applications to a non-Qt architecture, significantly improving performance and maintainability.
  • Worked on AUTOSAR 4.x platforms at Vitesco Technologies, implementing secure boot, signature validation, hashing algorithms and Hardware Security Module (HSM) integration for BMW and Daimler projects.
  • Served as Software Engineer, Requirements Engineer, and Software Project Leader for Porsche?s On-Board Charger program (Audi e-tron, Porsche Cayenne & Taycan), delivering full SOP software within one year and achieving A-SPICE Level 1 certification.
  • Consistently combined deep software implementation knowledge with requirements engineering and team leadership in distributed, multi-supplier environments.
  • This solid embedded software background allows me to bridge the gap between theoretical security concepts and practical, efficient implementation ? a critical advantage when developing cybersecurity solutions for complex embedded systems.

Aus- und Weiterbildung

Aus- und Weiterbildung

2022
Post Graduate Program in Cybersecurity
University of Texas at Austin

2007 - 2012
Studie - Systems Automation
Technical University of Cluj-Napoca
Degree: Bachelor of Science

QUALIFICATION
  • Automotive Cybersecurity Engineer
  • ChipWhisperer ? Power Analysis 101 (Penetration Testing training)

Position

Position

Senior Cybersecurity Consultant

Kompetenzen

Kompetenzen

Top-Skills

Automotive Cybersecurity IEC 62443 ISO/SAE 21434 TARA (Threat Analysis and Risk Assessment) UNECE R155 / R156 Cybersecurity Management System (CSMS) SDV (Software-Defined Vehicle) Security AUTOSAR Adaptive SOME/IP Security Cybersecurity Requirements Engineering Penetration Testing (Automotive) UDS / CAN / CAN FD / LIN Secure Development Lifecycle Risk Assessment & Threat Modeling Cybersecurity Concept & Goals

Schwerpunkte

  • Embedded Systems Cybersecurity ? End-to-end security for safetycritical embedded platforms in automotive, rail, medtech and industrial sectors
  • Cybersecurity Compliance & Certification ? ISO/SAE 21434, UN R155/R156, IEC 62443, EU Cyber Resilience Act (CRA) and ISO 27000 series
  • Secure-by-Design Architecture & Product Security Engineering ? Designing secure systems from concept through certification and into production
  • Threat Analysis & Risk Assessment (TARA) ? Comprehensive risk identification, evaluation, and treatment strategies Security Concept Development & Requirements Engineering ? Creating clear, actionable, and negotiable security requirements for OEMs and suppliers
  • Technical Leadership & Team Enablement ? Leading and upskilling engineering teams (25?30+ people) in secure development practices
  • Secure Development Lifecycle ? Integrating cybersecurity into VModel, ASPICE, Agile and hybrid processes
  • Secure OTA & Update Management ? End-to-end secure update strategies for connected embedded systems

Produkte / Standards / Erfahrungen / Methoden

Profile
I am a cybersecurity consultant and technical leader specializing in embedded systems security for highly regulated industries. I partner with OEMs and technology companies to design and implement comprehensive security solutions across the full product lifecycle ? from threat modeling and secure architecture to certification and long-term maintenance. I'm proficient in ISO/SAE 21434, UN R155/R156, IEC 62443, the EU Cyber Resilience Act and related standards. I bring deep technical expertise and proven leadership in building and guiding security-conscious engineering teams.

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.