- Company Name
- Valeo
- Job Title
- CIFRE - Cybersecurity Engineer
- Job Description
-
**Job title:** CIFRE – Cybersecurity Engineer (Post‑Quantum Cryptography)
**Role summary:**
The role is a PhD‑level research and development position focused on designing, evaluating, and implementing post‑quantum cryptography (PQC) solutions for automotive embedded systems and electric vehicle (EV) charging infrastructures. The candidate will develop transition strategies, hybrid classical/PQC schemes, crypto‑agility mechanisms, lightweight implementations for constrained ECUs, and security countermeasures against physical attacks. The research will also address production‑line security, charging‑station interoperability, and global regulatory compliance, producing a framework for PQC adoption in automotive products and infrastructure.
**Expectations:**
- Conduct advanced research on hybrid and PQC algorithms, assessing feasibility on heterogeneous automotive platforms.
- Design crypto‑agility mechanisms for secure boot, OTA updates, debugging, diagnostics, and onboard communication.
- Develop lightweight PQC implementations for resource‑constrained ECUs.
- Analyse physical attack vectors and propose countermeasures.
- Map automotive standards (UNECE WP.29, ISO/SAE 21434) and international PQC guidance (NIST, ANSSI, etc.) to practical use cases.
- Produce actionable recommendations and a secure, cost‑efficient PQC deployment framework.
- Publish findings and collaborate with industry partners to validate solutions.
**Key responsibilities:**
1. Research and prototype PQC cryptographic primitives and hybrid schemes for automotive constraints.
2. Engineer crypto‑agility modules enabling smooth algorithm transitions throughout vehicle life cycles.
3. Design secure embedded functions (boot, OTA, debug, diagnostics, communications) with PQC.
4. Implement and test lightweight PQC applications on microcontrollers and SoCs used in ECUs.
5. Analyze and mitigate side‑channel, fault, and firmware tampering threats.
6. Evaluate production line security workflows (HSM provisioning, certificate management) for PQC readiness.
7. Assess and ensure compliance with UNECE, ISO/SAE 21434, NIST PQC drafts, ANSSI guidelines, and other regional regulations.
8. Draft a comprehensive PQC transition framework and industry‑ready implementation roadmap.
9. Disseminate results through technical reports, peer‑reviewed papers, and stakeholder workshops.
**Required skills:**
- Deep knowledge of cryptography, especially post‑quantum algorithms and security theory.
- Experience with hybrid classical/PQC integration and crypto‑agility design.
- Proficiency in embedded systems programming (C/C++, Rust).
- Understanding of automotive cybersecurity architecture and relevant standards (UNECE WP.29, ISO/SAE 21434).
- Knowledge of hardware security concepts (HSMs, secure boot, OTA update mechanisms).
- Familiarity with side‑channel, fault, and tampering attack analysis.
- Strong analytical, problem‑solving, and research‑writing abilities.
- Ability to translate regulatory requirements into technical specifications and design decisions.
**Required education & certifications:**
- PhD or equivalent in Computer Science, Electrical Engineering, Cybersecurity, or a related field, with a focus on cryptography or embedded systems.
- Coursework or certifications in cryptography, automotive security (e.g., ISO/SAE 21434), and embedded systems design.
- Proven track record of research publications or patents in cryptographic or cybersecurity domains preferred.