Product Security Threat Analysis and Security Standards Engineer

The Product Security Threat Analysis and Security Standards team is responsible for conducting structured security analyses of Zoox products and applying security standards judiciously throughout the System Development Life Cycle at Zoox. The ideal candidate for this team will have a robust background in systems engineering, coupled with a demonstrated passion and concrete expertise in cybersecurity.
They should possess proven skills in translating their analysis into high-quality written deliverables, such as Threat Analysis and Risk Assessments (TARA). Experience with the security analysis of complex cyber-physical systems and automotive Systems on Chips (SoCs), including on-chip security features and various onboard communication interfaces (e.g., UDS, JTAG, CAN/LIN, I2C, SPI), is essential. Additionally, the candidate should have a demonstrated ability to identify and evaluate threats across both wireless and wired communication channels in automotive systems.

Responsibilities

• You will carry out security analysis, threat modeling, and risk assessment for a complex product ecosystem consisting of a custom-designed and built vehicle fleet as well as a portfolio of cloud services.
• You will produce high-quality, readable, structured artifacts such as TARAs that reflect the security analysis performed and help guide the company’s efforts in the cybersecurity domain.
• You will interface with a multitude of engineering teams within Product Security as well as across software and hardware engineering. Build and maintain a strong understanding of the underlying engineering constraints and factor that understanding into the analysis and recommendations.
• You will analyze existing and emerging standards in cybersecurity (both general and domain-specific) and distill the analysis into a plan for adoption that is well-grounded and focused on tangible business impact.

Qualifications

• Master’s degree in CS or related engineering field (software, hardware, systems)
• Demonstrated engineer’s grasp of cybersecurity: big picture as well as details of specific vulnerabilities and attacks in the software and cyber-physical domains.
• Track record in the analysis of complex systems for cybersecurity and the delivery of impactful, actionable insights.
• Understanding of the current state as well as the evolution of cybersecurity standards as they relate to the cloud and cyber-physical systems. 
• Direct, demonstrated experience with (including the practical application of) ISO 21434, NIST CSF, SOC2 Type2 (and similar frameworks and standards) will be considered an advantage.

CompensationThere are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. The salary range for this position is $144,000 to $234,000. A sign-on bonus may be offered as part of the compensation package. Compensation will vary based on geographic location and level. Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance. The salary range listed in this posting is representative of the range of levels Zoox is considering for this position. Zoox also offers a comprehensive package of benefits including paid time off (e.g. sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.
About ZooxZoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.
Follow us on LinkedIn
AccommodationsIf you need an accommodation to participate in the application or interview process please reach out to accommodations@zoox.com or your assigned recruiter.
A Final Note:You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.