Sr. Security Engineer, Cybersecurity Management System

Rivian and Volkswagen Group Technologies•Irvine, CA

About The Position

Rivian and Volkswagen Group Technologies is a joint venture between two industry leaders with a clear vision for automotive’s next chapter. From operating systems to zonal controllers to cloud and connectivity solutions, we’re addressing the challenges of electric vehicles through technology that will set the standards for software-defined vehicles around the world. The road to the future is uncharted. By combining our expertise across connectivity, AI, security and more, we’ll map a new way forward. Working together, we’ll create a future that’s more connected, more intelligent, more sustainable for everyone. The CSMS Security Engineer is responsible for the operational maintenance and continuous improvement of assigned Cybersecurity Management System (CSMS) domains. This scope includes governance across the entire vehicle lifecycle, encompassing development, production, and post-production (e.g., Security Operations and Vulnerability Management). The engineer must independently execute governance tasks, manage documentation, and oversee tool administration to ensure compliance with ISO/SAE 21434 and UNECE R155.

Requirements

5+ years of experience in product cybersecurity or security GRC, with a proven track record of delivering process frameworks across the full vehicle lifecycle (Development through Post-Production).
Demonstrated ability to manage complex assignments with minimal guidance, independently authoring high-quality artifacts (e.g., Work Products, TARA templates, Risk Registers) on schedule.
Experience administering or maintaining security governance tools (e.g., Jira, Jama, or specialized TARA/VM software) to ensure data integrity and team adoption.
Ability to distill complex regulatory concepts into clear, actionable performance standards for technical and non-technical stakeholders.

Responsibilities

Develop and execute plans to maintain and improve assigned CSMS processes across development, production, and post-production phases. Ensure all documentation and work instructions are accurate and audit-ready.
Act as the primary point of contact for assigned cybersecurity governance areas. Demonstrate the ability to apply regulatory standards to complex program and production scenarios independently.
Manage assignments with multiple inputs and deliverables. Deliver process designs, risk assessments, and reports reliably, seeking guidance only for significant technical or organizational blockers.
Define and report on specific performance metrics (KPIs) for assigned areas (e.g., Vulnerability Management SLAs, production security audits). Provide leadership with clear status updates regarding process adherence.
Collaborate with stakeholders across Systems Engineering, Manufacturing/Production, and Security Operations to ensure CSMS requirements are integrated and followed.
Identify gaps in current security governance or operational execution and lead the implementation of corrective actions.
Address misalignments between compliance requirements and program/production constraints by proposing technically sound, compliant solutions.

Benefits

Eligibility for an annual performance bonus
Eligibility for equity
Comprehensive benefits package designed to support the health and wellness of employees

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume