Product Security Threat Analysis and Security Standards Engineer
Foster City, CA
Zoox
Zoox is reinventing personal transportation with an all-electric, fully autonomous ride-hail vehicle, built for riders, not drivers.
The Product Security Threat Analysis and Security Standards team is responsible for conducting structured security analyses of Zoox products and applying security standards judiciously throughout the System Development Life Cycle at Zoox. The ideal candidate for this team will have a robust background in systems engineering, coupled with a demonstrated passion and concrete expertise in cybersecurity.
They should possess proven skills in translating their analysis into high-quality written deliverables, such as Threat Analysis and Risk Assessments (TARA). Experience with the security analysis of complex cyber-physical systems and automotive Systems on Chips (SoCs), including on-chip security features and various onboard communication interfaces (e.g., UDS, JTAG, CAN/LIN, I2C, SPI), is essential. Additionally, the candidate should have a demonstrated ability to identify and evaluate threats across both wireless and wired communication channels in automotive systems.
About ZooxZoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.
Follow us on LinkedIn
AccommodationsIf you need an accommodation to participate in the application or interview process please reach out to accommodations@zoox.com or your assigned recruiter.
A Final Note:You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
They should possess proven skills in translating their analysis into high-quality written deliverables, such as Threat Analysis and Risk Assessments (TARA). Experience with the security analysis of complex cyber-physical systems and automotive Systems on Chips (SoCs), including on-chip security features and various onboard communication interfaces (e.g., UDS, JTAG, CAN/LIN, I2C, SPI), is essential. Additionally, the candidate should have a demonstrated ability to identify and evaluate threats across both wireless and wired communication channels in automotive systems.
Responsibilities
- You will carry out security analysis, threat modeling, and risk assessment for a complex product ecosystem consisting of a custom-designed and built vehicle fleet as well as a portfolio of cloud services.
- You will produce high-quality, readable, structured artifacts such as TARAs that reflect the security analysis performed and help guide the company’s efforts in the cybersecurity domain.
- You will interface with a multitude of engineering teams within Product Security as well as across software and hardware engineering. Build and maintain a strong understanding of the underlying engineering constraints and factor that understanding into the analysis and recommendations.
- You will analyze existing and emerging standards in cybersecurity (both general and domain-specific) and distill the analysis into a plan for adoption that is well-grounded and focused on tangible business impact.
Qualifications
- Master’s degree in CS or related engineering field (software, hardware, systems)
- Demonstrated engineer’s grasp of cybersecurity: big picture as well as details of specific vulnerabilities and attacks in the software and cyber-physical domains.
- Track record in the analysis of complex systems for cybersecurity and the delivery of impactful, actionable insights.
- Understanding of the current state as well as the evolution of cybersecurity standards as they relate to the cloud and cyber-physical systems.
- Direct, demonstrated experience with (including the practical application of) ISO 21434, NIST CSF, SOC2 Type2 (and similar frameworks and standards) will be considered an advantage.
About ZooxZoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.
Follow us on LinkedIn
AccommodationsIf you need an accommodation to participate in the application or interview process please reach out to accommodations@zoox.com or your assigned recruiter.
A Final Note:You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
Job stats:
0
0
0
Categories:
Analyst Jobs
Security Engineering Jobs
Threat Intel Jobs
Tags: Cloud ISO/SAE 21434 Machine Learning NIST Product security Risk assessment Security analysis SOC 2 Vulnerabilities
Perks/benefits: Career development Equity / stock options Health care Insurance Salary bonus Signing bonus
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Cloud Security Engineer jobsInformation System Security Officer jobsInformation Security Manager jobsInformation Security Specialist jobsInformation Security Officer jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Information Security Analyst jobsSystems Engineer jobsSystems Administrator jobsSecurity Consultant jobsSecurity Specialist jobsIT Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsSenior Penetration Tester jobsThreat Intelligence Analyst jobsStaff Security Engineer jobsSecurity Operations Analyst jobsCyber Threat Intelligence Analyst jobsSenior Product Security Engineer jobs
Encryption jobsJava jobsMalware jobsGDPR jobsSplunk jobsEDR jobsSaaS jobsRMF jobsForensics jobsIDS jobsSDLC jobsSQL jobsBash jobsDoDD 8570 jobsIPS jobsIntrusion detection jobsActive Directory jobsThreat detection jobsFinance jobsGIAC jobsCompTIA jobsCRISC jobsITIL jobsTerraform jobsDocker jobs
OWASP jobsClearance Required jobsSANS jobsHIPAA jobsIndustrial jobsPolygraph jobsCCSP jobsSOC 2 jobsVPN jobsUNIX jobsBanking jobsOSCP jobsAnsible jobsSAP jobsTCP/IP jobsData Analytics jobsDNS jobsIT infrastructure jobsJavaScript jobsSOX jobsNIST 800-53 jobsCISO jobsJira jobsMITRE ATT&CK jobsMachine Learning jobs