工作内容:
The specific scope of services for field monitoring includes, but is not limited to, the following市场监控具体服务范围包含但不限于如下:
1.Security monitoring and threat response. 安全监控与威胁响应。
a) Active Monitoring and Alerting: Check/monitor the Vehicle Security Operations Center (VSOC) and monitoring platform, collect real-time data from in-vehicle terminals and bus (CAN/Ethernet) traffic, monitor the overall security situation via a visual dashboard, and quickly identify abnormal alerts. 实时态势监控:运维车辆安全运营中心(VSOC)及监测平台,实时采集车载终端数据与总线(CAN/Ethernet)流量,通过可视化大屏监控全域安全态势,快速识别异常告警。
b) Threat Analysis and Handling: Conduct in-depth traceability of alert events based on connected vehicle threat intelligence (IOC), locate attack paths and impact scopes; execute emergency responses (e.g., isolating abnormal ECUs, blocking malicious connections), and recording the entire process for closed-loop management. 威胁分析与处置:结合车联网威胁情报(IOC),对告警事件开展深度溯源,定位攻击路径与影响范围;执行应急处置(如隔离异常ECU、阻断恶意连接),并记录全流程以形成闭环管理 。
c) Monitoring Strategy Optimization: Regularly review alert data, count false positives and false negatives, optimize monitoring rules and analysis models based on the operation status of the in-vehicle Intrusion Detection and Prevention System (IDPS), and improve the accuracy and real-time performance of threat identification. 监控策略优化:定期复盘告警数据,统计误报、漏报情况,结合车载入侵检测系统(IDPS)运行状态,优化监控规则与分析模型,提升威胁识别精准度与实时性。
2.Development, Implementation and Management of the cyber security monitoring process in conjunction with the internal and external process partners. 与内部和外部流程合作伙伴携手实施网络安全监控流程。
a)Create ticket and report to Cyber security manager for network attack and vulnerability and provide information for the root cause analysis process.建立并上报关于网络攻击和网络漏洞并为问题分析提供信息。
b)Development of fast, effective and sustainable cyber security monitoring process, methods and tools to resolve cyber security issue.开发快速便捷、高效且可持续的网络安全监控流程、方法和工具。
c)Monitoring the effectiveness of corrective measures/solutions for cyber security issue. 监测专为网络安全问题的解决方案开发的纠正措施/解决方案的有效性。
d)Ranking and selecting technical topics together with partners for escalation within NEV. Co.与合作伙伴一起对技术问题进行排序和选择,以便上报至新能源汽车公司。
e)Communicating with relative partners(Audi AG, Audi CN, CARIAD, CATARC) for information sharing and ensure the effectiveness of corrective actions under control. 与各合作伙伴(奥迪德国,奥迪中国,大众车辆软件,中汽研)一起,确保信息共享清晰透明,纠正措施/解决方案效果可控。