Senior Product Security Engineer

About The Position

Requirements

• Foundational knowledge of Automotive Cybersecurity (ISO21434/UNECE/NHTSA)
• Foundational knowledge of operating system security for Linux
• Foundational knowledge of the CWE Top 25
• Develop, document and execute structured processes and procedures around automotive cybersecurity
• Ability to write proficiently in C++, Golang and Python
• Ability to assess software and/or hardware components with and without full knowledge
• Ability to work well with other assessment members and engineering partners
• Ability to communicate effectively with technical and non-technical audiences
• Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
• Experience in vulnerability discovery and analysis, design review, and code-level security reviews
• Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.
• Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes

Nice To Haves

• Relevant automotive cybersecurity work experience
• Relevant experience with Automotive Cybersecurity Frameworks (ISO21434/UNECE/NHTSA)
• Relevant work experience in offensive security, penetration testing or red teaming
• Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.
• Ability and desire to write production-quality code in C++, Golang, or Python
• Experience evaluating the security of software, hardware and services
• Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space
• Familiarity with cloud security (AWS) and infrastructure-as-code
• Familiarity with Trusted Platform Modules, HSMs, and trusted boot
• A history of giving back to the security industry via open source contributions, published papers, or conference presentations

Responsibilities

• Provide consulting and advisory services to engineering teams heavily focused on automotive cybersecurity
• Work directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements development
• Develop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partners
• Perform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
• Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
• Conduct research to identify new and novel attack vectors against Aurora’s products and services
• Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners

Benefits

• annual bonus
• equity compensation
• benefits