Sr. Product Security Engineer

Rivian and Volkswagen Group Technologies

$120K — $150K *
Manufacturing & Automotive
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • B.S. in Information Security, Computer Science, Computer Engineering, or a related field.
  • 2+ years in security testing and validation for embedded devices.
  • 3+ years in the Automotive Industry or embedded device development.
  • 2+ years validating security requirements for ECUs (electronic control units).
  • Knowledge of ISO:21434 and UN R155 regulations relevant to security validation.

Responsibilities

  • Derive top-level security requirements for systems and subsystems in collaboration with security architecture and domain development teams.
  • Develop and conduct both positive and negative security validation tests at various levels (vehicle, system, subsystem, ECU).
  • Create both manual and automated security test cases in multiple programming languages suitable for SIL and HIL setups.
  • Document validation tests, compile results, and prepare reports for compliance with UN R155 requirements.
  • Share test results and collaborate with development teams to address and mitigate identified security issues.

Benefits

  • Comprehensive health and wellness package for employees.
  • Eligibility for an annual performance bonus.
  • Equity options for team members.
Full Job Description
Role Summary

As the Product Security Engineer, you will work closely with the product security organization, the vehicle software development teams, and cloud engineering teams to create and validate security requirements throughout the vehicles' development lifecycles. You will play a critical role in ensuring security and resilience of RVT's products, providing technical leadership in securing vehicles and related infrastructure.

Responsibilities
  • Derivation of top-level requirements to security-related system and subsystem requirements: In collaboration with the security architecture team, you'll decompose high-level requirements into concrete per-system security requirements. Together with the security and other domain development teams, you'll generate concrete requirement specifications for security technologies that protect our product-related assets.
  • Carrying out validation of security requirements: You will develop security tests, both positive tests and abuse tests to ensure that security requirements have been met at vehicle, system, sub-system and ECU level.
  • Develop both manual and automated test cases: You will develop both functional and non-functional security tests to ensure that security requirements are met. Test cases could be developed in multiple languages, including but not limited to Python, Go, Java, C, C++, and Rust for multiple architectures. You are able to build test cases that can be run on software-in-the-loop (SIL) setups or hardware-in-the-loop (HIL) benches. You're able to work with internally-developed sources but you can also deal with the validating of supplier parts to meet our requirements without access to source code.
  • Documenting validation testing: You will develop testing reports, triage them and compile results, and share them with the product security team as well as our core JV partners for evidence to enable their documenting compliance to UN R155. You will work with the GRC team on aligning to document formats and following our CSMS processes for generating and sharing this documentation across the organization.
  • Collaborating with software development teams: You will be sharing results with development teams and reviewing issues and suggesting mitigations to failed tests. This includes validating the subsequent fixes and the collaboration with other teams within the product security organization, especially the security engineering team that operate the security HILs.


Qualifications
  • B.S. in Information Security, Computer Science, Computer Engineering, or a related field.
  • 2+ years carrying out testing and validation of security requirements validation in embedded device development
  • 3+ years of experience in Automotive Industry or Embedded device development
  • 2+ years of experience carrying out security requirements validation on ECUs (electronic control units)
  • Knowledge of ISO:21434 and UN R155 and their application with regards to security validation to achieve type approval and homologation.
  • Ability to work in a fast-paced development environment.
  • Good team player with excellent communication skills.
  • Hands-on approach, proactively identifying and filling in gaps where needed
Total Rewards

Total compensation packages for full-time positions include base salary, eligibility for an annual performance bonus, and eligibility for equity.

In addition, our benefits package has been designed to support the health and wellness of our employees. For more information on RV Tech's comprehensive benefits package for full-time employees, check out our Global Benefits Site.

External candidates can apply for this role through the RV Tech Careers site (https://rivianvw.tech/#careers). If you are a current employee, please apply through our internal job board.

Similar Jobs

More Jobs at Rivian and Volkswagen Group Technologies

More Manufacturing & Automotive Jobs

Find similar Sr. Product Security Engineer jobs: