[LTA-T&ID] PRINCIPAL / SENIOR / EXECUTIVE CYBERSECURITY ENGINEER, AV CYBERSECURITY

[What the role is]

[What you will be working on]

Centre for Autonomous Mobility (CAM) leads Singapore’s national effort to deploy autonomous vehicles (AVs) at scale. As AVs move onto public roads, their cybersecurity becomes a matter of public safety: a compromised vehicle is not just a data breach but a physical risk. You will be part of the cybersecurity team responsible for developing the cybersecurity assurance regime for AVs, to ensure autonomous vehicles are deployed safely and securely in Singapore. You will drive to grow into AV cybersecurity. You will help build the function from the ground up  assuring the cybersecurity of AVs themselves, and securing the systems CAM builds to oversee them.

Your responsibilities:

● Drive the development of the regulatory framework for AVs, such as establishing requirements for a Cyber Security Management System (CSMS) that covers the vehicle’s lifecycle — development, production and deployment.

● Assess AV developers’ cybersecurity submissions against our assurance criteria, applying Threat Analysis and Risk Assessment (TARA) and the R155 Annex 5 threats and controls, as well as standards such as ISO/SAE 21434.

● Define expectations for secure over-the-air software updates in line with the intent of UN R156 (a Software Update Management System), and for managing cyber risk across the AV supply chain.

● Establish monitoring, detection and incident response requirements for AVs, including analysing threats, vulnerabilities and mitigations to contribute to collective knowledge for the AV ecosystem.

● Maintain the policies, standards and playbooks for AV cybersecurity, and support engagement with local partners and international fora (e.g. UNECE WP.29 / GRVA).

The other part of the team’s remit is making sure the systems CAM builds to regulate and monitor AVs — such as the Autonomous Vehicle Monitoring System — are themselves secure by design.

● Work with the Systems team to build security into the software development lifecycle, from design through CI/CD to production.

● Conduct security architecture and design reviews and risk assessments of CAM’s systems, and provide and implement remediation recommendations.

● Support security reviews of application code and architecture, and help design secure-by-default components.

● Set up automated security testing — SAST/DAST, dependency and secrets scanning, and infrastructure-as-code checks — in the delivery pipeline.

● Assist with breach detection and incident response for these products.

● As you grow into the role, you will naturally spot gaps and suggest tools, processes and improvements as the team and its remit grow.

● Evaluate emerging security technologies and recommend tools and approaches for the team to adopt.

● Provide security advice to CAM project teams on design and architecture decisions, and help build a security-minded culture across CAM, working alongside engineers, AV developers and agency partners.

For more senior hire, you will:

[What we are looking for]

● Knowledge preferably in Computer Science, Cybersecurity or a related field

● Thinks analytically about risk — can reason about threats, weigh trade-offs, and understand the limits of a cybersecurity control on safety outcomes.

● Eager to learn vehicle regulations — genuinely interested in standards and frameworks like R155, and able to pick them up quickly.

● Communicates clearly — can explain security issues to both technical and non-technical people.

● Takes initiative and cares about the public good — this is new ground, so you will help shape the standards rather than inherit them.

● Familiarity with automotive / vehicle cybersecurity standards and regulation — UN R155 and R156, ISO/SAE 21434, CSMS and TARA — or a track record of picking up new regulatory frameworks quickly.

● Exposure to automotive, operational-technology (OT) or embedded / safety-critical systems security, including security architecture of cloud-native applications and/or OT systems.

● Hands-on DevSecOps experience: secure SDLC, CI/CD pipeline security, cloud security (e.g. AWS), and SAST/DAST tooling.

● Hands-on experience with security tools such as SIEM, WAF, IPS, privileged access management (PAM), or data loss prevention (DLP).

● Professional accreditations such as CISSP, CISM, CRISC, GICSP, GCIH or OSCP.

● A strong interest in autonomous vehicles, emerging mobility technology and overall vehicular safety.