Staff Product Cybersecurity Engineer - Vehicle Security

About The Position

Requirements

• Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, or related field.
• 7+ years of experience in automotive or embedded cybersecurity .
• Experience with ADAS / autonomy platforms .
• Strong knowledge of: ISO/SAE 21434 UNECE R155 / R156 Automotive E/E architectures
• Hands-on experience with: Secure communications ( TLS, mTLS, SecOC ). PKI, digital certificates, and key management. CAN, UDS, Ethernet , or automotive diagnostics.
• Experience securing embedded Linux platforms ( SELinux, Yocto, OS hardening ).
• Proficient in at least one of the following programming languages: C, C++, Python, Go , or Java .
• Experience with: HSMs and secure elements. Secure boot and hardware root of trust.
• Strong system-level thinking and ability to drive secure architecture decisions.

Responsibilities

• Cybersecurity Architecture Ownership Define cybersecurity goals, concepts, and technical roadmaps for: ADAS perception, cameras, radar, lidar, and compute domains. On-board chargers, EVSE, and GM Energy products. Architect secure end-to-end systems spanning: Linux-based ECUs (Yocto / AGL / Android Automotive OS). Vehicle networks (CAN, Ethernet, diagnostics). Define charging interfaces and backend ecosystems. Drive secure partitioning, privilege separation, process isolation, and access control models across high-performance compute and embedded platforms.
• Security Requirements Define and enforce cybersecurity requirements for: ADAS ECUs, sensors, compute platforms. Charging ECUs and Certificate Lifecycle Management (CLM). Plug & Charge (ISO 15118) implementations. Lead secure implementation guidance for: ISO 15118-2 / ISO 15118-20 (certificate handling, TLS, contract management). Secure vehicle communications (TLS, mutual TLS). Ensure regulatory compliance and alignment with ISO/SAE 21434 and UNECE R155 / R156.
• Threat Modeling & Risk Management Lead TARA, threat modeling, and security architecture reviews for: ADAS compute and autonomy features. Charging use cases (Plug & Charge, smart charging, bi-directional charging). Vehicle-to-cloud and vehicle-to-charger ecosystems. Evaluate risks across: In-vehicle networks Edge devices PKI infrastructure Backend APIs and third-party integrations Provide risk-based design recommendations balancing security, safety, and product constraints.
• PKI, Cryptography & Secure Communications Define PKI architectures supporting Plug & Charge and charging ecosystems. Specify certificate lifecycle management, key provisioning, secure storage (HSM / secure elements). Drive secure TLS/mTLS implementations across vehicle, charger, and cloud domains. Oversee cryptographic controls for: Contract certificates Backend trust chains ECU authentication mechanisms
• Secure Linux & Platform Hardening (ADAS Compute) Design and maintain SELinux security policies for Linux-based ECUs. Harden OS configurations: Kernel security configuration System sandboxing Secure boot and chain-of-trust. Review containerization, virtualization, and hypervisor security strategies for ADAS compute platforms.
• Cross-Functional & Supplier Leadership Partner with system architects, software teams, validation, and cloud engineering. Review supplier security concepts and evidence packages. Provide clear technical guidance and design feedback. Translate complex risks into actionable engineering requirements.
• Incident Response & Post-Launch Security Support vulnerability assessments and coordinated disclosure. Participate in root-cause analysis and mitigation strategy definition. Contribute to long-term product cybersecurity strategy for ADAS and GM Energy.