Product Cybersecurity Engineer – Vehicle Security

About The Position

Requirements

• Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, or a related technical field.
• 5+ years of experience in automotive, embedded, or product cybersecurity engineering.
• Strong understanding of vehicle E/E architectures, embedded systems, and in‑vehicle communications (e.g., CAN, Ethernet, UDS ).
• Proficiency in at least one: C, C++, Python, Go, or Java .
• Expertise with ISO 15118 Plug & Charge , PKI, certificates , and secure communications in charging ecosystems .
• Experience with embedded Linux security (e.g., SELinux, Yocto/AGL/AAOS hardening ), secure boot, HSM/secure elements .
• Strong communication, documentation, and cross-functional collaboration skills; comfortable making recommendations with limited data.

Responsibilities

• Security Requirements & Architecture Define and enforce security requirements for Plug & Charge implementations, including ISO 15118-2 / ISO 15118-20 certificate handling, TLS, and contract management.
• Architect and evolve PKI and certificate lifecycle management (CLM) for vehicle-to-charger-to-cloud ecosystems, including key provisioning and secure storage approaches (e.g., HSM/secure elements).
• Drive secure communications patterns (e.g., TLS/mTLS) and trust chain strategy across vehicle, EVSE, backend APIs, and partner integrations.
• Execute and support cybersecurity activities across the full ISO/SAE 21434 lifecycle (Concept, Product Development, Production, Operation, and Decommissioning).
• Define cybersecurity requirements and design constraints for ECUs, vehicle networks, diagnostics, and connected features.
• Translate threat scenarios into concrete security controls (e.g., authentication, authorization, secure communications, logging, monitoring).
• Review and influence system and software architectures to ensure defense‑in‑depth and least‑privilege principles are applied.
• Contribute to hardening strategies for embedded platforms (e.g., secure boot/chain-of-trust, OS hardening, SELinux policy where applicable).
• Implementation & Validation Support Partner with development teams and suppliers during implementation to ensure security requirements are correctly interpreted and delivered.
• Support cybersecurity verification and validation planning, including test strategy reviews and evidence assessment.
• Participate in design reviews, vulnerability assessments, and security readiness evaluations.
• Provide hands-on technical leadership to execution teams and suppliers, review concepts, evidence packages, and integration plans; drive clarity from ambiguity.

Benefits

• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
• Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources .