Charging & Charging Infrastructure - Cybersecurity

Embark on a fulfilling journey at koda Auto Volkswagen India (SAVWIPL), where were powering ahead into the future of mobility with unwavering determination. Headquartered in Pune, SAVWIPL manages the India region of the Volkswagen Groups five prestigious brands koda, Volkswagen, Audi, Porsche, and Lamborghini. As a leading European car maker in India, we offer a promising career growth, constant innovation, and a balanced work-life environment. Our consistent pursuit of workplace excellence has garnered us numerous accolades including Great Place to Work, Top Employer, and HR Asias Best Companies to Work for in Asia in 2023. At the forefront of automotive innovation, we operate two cutting-edge manufacturing facilities in India - at Chakan, Pune, and Shendra, Chhatrapati Sambhajinagar (formerly known as Aurangabad). With a rich legacy spanning over two decades, SAVWIPL boasts a wide spectrum of cars in its portfolio, ranging from conventional ICE range to electrifying BEV models.

Open the door to boundless opportunities and learn more about SAVWIPL by visiting www.skoda-vw.co.in. Regardless of your background, age, or identity, we welcome all talents to join us on this exciting journey towards shaping the future of mobility.

Position Name: Charging + Charging Infrastructure - Cybersecurity

Department: Research and Development

Functional Area: Electric and Electronics

Location: Chakan, Pune

Years of Experience: Min 10 - 12 years

Qualification: B.E/B. Tech/Post Graduate Electrical & Electronics

Purpose of the Position

• Performs the role of Security Owner for parts from the cluster energy management and charging (48V batteries, HV-batteries, chargers, charging control units, DC/DC converters).
• Ensures a security development of control units from cluster energy management and charging from the point of view of cyber security, their testing, implementation control from the supplier.
• Assigns and ensures the creation of documentation for cyber security within its scope (analysis of cyber security risks, concept and specification of cyber security, concept and specification of cyber security tests, report on cyber security tests).

Authority

• Authorize cybersecurity concept and threat analysis deliverables for EV charging and infrastructure systems.
• Approve supplier cybersecurity compliance documents (TARA, CS Concept, CS Cases, etc.).
• Validate and sign off cybersecurity test results and penetration testing reports for charger components and backend interfaces.
• Decide on deviations, mitigations, or corrective actions related to identified cybersecurity risks and vulnerabilities.

Skills Required

• Communication in English
• Analytical & problem solving skills
• Good knowledge about automobile technics
• Product development knowledge for ICE BEV components including charging systems
• Good administrative skills : ability to plan , develop and structure

Responsibilities and Tasks

• Cybersecurity Concept Development

Define and maintain cybersecurity concepts for EV charging systems (OBC, EVCC, CMS, HMI, communication interfaces).

• Threat Analysis and Risk Assessment (TARA)

Conduct and update TARA as per ISO/SAE 21434 to identify threats, vulnerabilities, and mitigation strategies.

• Cybersecurity Requirements Engineering

Derive system, hardware, and software cybersecurity requirements and ensure traceability to identified risks.

• Supplier Cybersecurity Management

Evaluate supplier compliance to cybersecurity requirements, work products, and security validation results.

• Secure Communication & Protocol Implementation

Ensure security of communication protocols (ISO 15118, OCPP, TLS, MQTT, IEC 61851, IEC 63110).

• Penetration & Vulnerability Testing Oversight

Plan, monitor, and evaluate results of penetration testing, fuzzing, and code vulnerability scans.

• Incident Detection & Response Planning

Develop procedures for cybersecurity event detection, reporting, and post-incident remediation.

• Compliance to Standards & Regulations

Ensure conformance to ISO/SAE 21434, UNECE R155/R156, and relevant data protection laws.

• Interface Security Management

Evaluate chargervehicle, chargercloud, and internal bus (CAN/Ethernet) interfaces for attack surface reduction.

• Security Testing Documentation

Create, review, and maintain cybersecurity validation test cases, reports, and evidences.

• Configuration & Patch Management

Define secure software update (SOTA/FOTA) and patch management processes for chargers and backend systems.

• Cross-Domain Collaboration

Collaborate with system, software, network, and functional safety teams for integrated security implementation.

• Security Audits & Assessments Support

Prepare and support internal/external cybersecurity audits, assessments, and customer reviews.

• Training & Awareness Programs

Conduct cybersecurity awareness and technical training sessions for development and field teams.

• Continuous Improvement & Lessons Learned

Capture lessons from incidents, audits, and test results to improve cybersecurity processes.