Many safety critical systems are integrating more and more software based systems and are becoming increasingly connected. Such Cyber-Physical Systems require high assurance both on safety and security but also on how such properties affect each other. This covers not only design time aspects but also the run-time : as cyber-security threats evolve constantly, it is necessary to consider how to perform updates of the software without breaking any safety properties. This paper proposes a method to co-engineer them based on sound techniques taken from goal-oriented requirements engineering. The approach is illustrated on a case study from the automotive domain. The case study illustrates the challenges to safety and security co-engineering created by the trend of growing connectivity and the evolution towards more autonomous vehicles in the transportation domain.