Staff Product Cybersecurity Engineer - Vehicle Security

Description

The Role

GM's Product Cybersecurity Team safeguards the security and integrity of our vehicle platforms, embedded systems, and connected services across the entire product lifecycle. Our mission is to proactively defend GM products against evolving cyber threats by engineering cybersecurity into every phase - from concept and architecture through development, validation, production, and in-field operation. We seek product cybersecurity professionals with advanced expertise in secure system design, embedded and automotive security, and risk-based threat analysis, capable of driving security-by-design principles, ensuring compliance with global regulations and standards, and strengthening the resilience of GM's vehicles and mobility ecosystems.

The Staff Product Cybersecurity Engineer defines and leads cybersecurity strategy for new technologies, highly complex features, and major improvements across current and future vehicle platforms. This role provides technical leadership to execution teams for the development, integration, and validation of cybersecurity controls, ensuring alignment with GM's enterprise security architecture and standards.

This is a high-impact, hands-on technical leadership role responsible for defining secure system architectures spanning vehicle ECUs, high-performance compute platforms, ADAS system, charging infrastructure, PKI ecosystems, and external partner interfaces.

What You'll Do

Cybersecurity Architecture Ownership

• Define cybersecurity goals, concepts, and technical roadmaps for:
  
  
  • ADAS perception, cameras, radar, lidar, and compute domains.
  • On-board chargers, EVSE, and GM Energy products.
• Architect secure end-to-end systems spanning:
  
  
  • Linux-based ECUs (Yocto / AGL / Android Automotive OS).
  • Vehicle networks (CAN, Ethernet, diagnostics).
  • Define charging interfaces and backend ecosystems.
• Drive secure partitioning, privilege separation, process isolation, and access control models across high-performance compute and embedded platforms.

• Define and enforce cybersecurity requirements for:
  
  
  • ADAS ECUs, sensors, compute platforms.
  • Charging ECUs and Certificate Lifecycle Management (CLM).
  • Plug & Charge (ISO 15118) implementations.
• Lead secure implementation guidance for:
  

• ISO 15118-2 / ISO 15118-20 (certificate handling, TLS, contract management).
• Secure vehicle communications (TLS, mutual TLS).
• Ensure regulatory compliance and alignment with ISO/SAE 21434 and UNECE R155 / R156.

• Lead TARA, threat modeling, and security architecture reviews for:
  
  
  • ADAS compute and autonomy features.
  • Charging use cases (Plug & Charge, smart charging, bi-directional charging).
  • Vehicle-to-cloud and vehicle-to-charger ecosystems.
• Evaluate risks across:
  
  
  • In-vehicle networks
  • Edge devices
  • PKI infrastructure
  • Backend APIs and third-party integrations
• Provide risk-based design recommendations balancing security, safety, and
  
  product constraints.

• Define PKI architectures supporting Plug & Charge and charging ecosystems.
• Specify certificate lifecycle management, key provisioning, secure storage (HSM /
• secure elements).
• Drive secure TLS/mTLS implementations across vehicle, charger, and cloud
  
  domains.
• Oversee cryptographic controls for:
  
  
  • Contract certificates
  • Backend trust chains
  • ECU authentication mechanisms

• Design and maintain SELinux security policies for Linux-based ECUs.
• Harden OS configurations:
  
  
  • Kernel security configuration
  • System sandboxing
• Secure boot and chain-of-trust.
• Review containerization, virtualization, and hypervisor security strategies for ADAS compute platforms.

• Partner with system architects, software teams, validation, and cloud engineering.
• Review supplier security concepts and evidence packages.
• Provide clear technical guidance and design feedback.
• Translate complex risks into actionable engineering requirements.

• Support vulnerability assessments and coordinated disclosure.
• Participate in root-cause analysis and mitigation strategy definition.
• Contribute to long-term product cybersecurity strategy for ADAS and GM Energy.

• Bachelor's degree in Computer Engineering, Electrical Engineering, Computer Science, or related field.
• 7+ years of experience in automotive or embedded cybersecurity .
• Experience with ADAS / autonomy platforms .
• Strong knowledge of:
  
  
  • ISO/SAE 21434
  • UNECE R155 / R156
  • Automotive E/E architectures
• Hands-on experience with:
  
  
  • Secure communications ( TLS, mTLS, SecOC ).
  • PKI, digital certificates, and key management.
  • CAN, UDS, Ethernet , or automotive diagnostics.
• Experience securing embedded Linux platforms ( SELinux, Yocto, OS hardening ).
• Proficient in at least one of the following programming languages:
• C, C++, Python, Go , or Java .
• Experience with:
  
  
  • HSMs and secure elements.
  • Secure boot and hardware root of trust.
• Strong system-level thinking and ability to drive secure architecture decisions.