Director, Product Security

About The Position

Requirements

• 12+ years of progressive experience in cybersecurity, with at least 5 years in product security leadership at a software-defined product company (automotive, consumer electronics, aerospace, robotics, or similar).
• Deep technical expertise in application security, embedded systems security, or automotive cybersecurity with a hands-on engineering background, not purely managerial.
• Demonstrated experience building and scaling a product security or AppSec team from the ground up, including hiring, org design, and culture-setting.
• Proven ability to influence and drive security posture across engineering organizations without direct authority - the credibility to be taken seriously in a room full of elite engineers.
• Strong working knowledge of threat modeling methodologies (eg STRIDE, PASTA, TARA), secure SDLC practices, and vulnerability management programs including coordinated disclosure.
• Experience securing cloud-native architectures at scale (GCP, AWS, or Azure) including cloud-to-vehicle communication channels and data pipelines.
• Track record of operating at the executive level presenting to the board, partnering with the C-suite, and translating deeply technical risk into business-level language.
• B.S. or M.S. in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience.

Nice To Haves

• Direct experience with ISO/SAE 21434, UN Regulation No. 155, NHTSA cybersecurity best practices, or other automotive-specific cybersecurity frameworks.
• Background in embedded security, firmware security, or hardware security (e.g. HSMs, secure boot, cryptographic key management in constrained environments).
• Experience at a mission-driven, high-velocity technology company
• Familiarity with AI/ML security: adversarial robustness, model integrity, and securing inference pipelines in safety-critical systems.

Responsibilities

• Product Security Strategy & Architecture: Lead a team that will define and own the multi-year product security roadmap for Rivian and RV Tech’s joint SDV (Software Defined Vehicle) platform. Translate business objectives, threat landscapes, and regulatory requirements into a coherent, executable security strategy spanning vehicle firmware, cloud backend, mobile applications, and the OTA update pipeline.
• Secure-by-Design Engineering: Embed security across the full software development lifecycle. Partner with software, hardware, and platform engineering teams to conduct threat modeling and TARA (Threat Analysis and Risk Assessment), development of security requirements for implementation, systematic test definition and execution on SIL (software-in-loop), HIL (hardware-in-loop) and test vehicle levels. You will also establish secure coding guidelines to be used across all core engineering teams and build automated security tooling (SAST, DAST, fuzzing) into CI/CD pipelines. Champion a “security by design” culture across a global engineering org of 1,500+.
• Automotive & Connected Vehicle Security: Lead adhering to compliance and security engineering efforts for automotive cybersecurity standards including ISO/SAE 21434 and UN Regulation No. 155. Secure zonal and E/E architecture, ECU communication buses (CAN, Automotive Ethernet), telematics, V2X, and ADAS/autonomy stacks. Own security of OTA update signing and delivery infrastructure.
• Vulnerability Management & Red Team Programs: Build and operate a world-class vulnerability management program covering vehicle software, cloud services, and mobile apps. Establish and manage a bug bounty program and coordinate penetration testing across all product surfaces. Oversee triage, prioritization, and remediation tracking in partnership with engineering teams.
• Supply Chain & Third-Party Security: Define and enforce security requirements across Tier-1 and Tier-2 automotive suppliers and software vendors. Build Software Bill of Materials (SBOM) practices, oversee third-party security assessments, and ensure supply chain integrity across the full software stack shared between Rivian and Volkswagen Group brands.
• AI & Autonomy Security: Secure RV Tech’s AI and autonomy platform, including the Rivian Unified Intelligence stack and in-vehicle AI systems. Develop threat models for ML pipelines, model integrity, adversarial input attacks, and in-vehicle inference security. Stay at the forefront of AI security as a rapidly evolving attack surface in safety-critical systems.
• Incident Response & PSIRT: Build and lead the Product Security Incident Response Team (PSIRT) for RV Tech. Establish coordinated disclosure processes, incident playbooks, and executive communication frameworks. Ensure rapid and effective response to security incidents affecting vehicle or platform software.
• Team Leadership & Talent Development: Recruit, build, and inspire a high-performance product security team across Palo Alto, Irvine, Vancouver and Berlin. Create a culture of ownership, technical excellence, and continuous improvement while fostering collaboration across the RV Tech core engineering team and parent companies.
• Executive & Cross-Organizational Leadership: Report directly to the Sr. Director, Product Security, Safety and Software Quality and present to executive leadership and the board on product security posture, program maturity, and key risks. Represent RV Tech at industry forums and standards bodies (Auto-ISAC, NHTSA, UNECE WP.29). Serve as the external face of product security for the company.

Benefits

• base salary
• eligibility for an annual performance bonus
• eligibility for equity