Compliance and Vulnerability Management Lead

Full Time
Mountain View, CA, USA
5 months ago
About Applied Intuition

Applied Intuition is a Tier 1 vehicle software supplier that accelerates the adoption of safe and intelligent machines worldwide. Founded in 2017, Applied Intuition delivers the definitive ADAS/AD toolchain and a world-class vehicle platform to help customers shorten time to market, build industry-leading products, and create next-generation consumer experiences. 18 of the top 20 global automakers trust Applied Intuition’s solutions to drive the production of modern vehicles. Applied Intuition serves the automotive, trucking, construction, mining, agriculture, and defense industries and is headquartered in Mountain View, CA, with offices in Ann Arbor and Detroit, MI, Washington, D.C., Munich, Stockholm, Seoul, and Tokyo. Learn more at https://appliedintuition.com.

Please note that we are an in-office company, which means the expectation is that you would come in to your Applied Intuition office 5 days a week.

About the role

Applied is seeking a highly skilled and experienced Compliance and Vulnerability Management Lead with a specialized focus on the automotive industry. As the Compliance and Vulnerability Management Lead, you will be responsible for ensuring regulatory compliance and maintaining the security and integrity of our products and systems by identifying, assessing, and mitigating potential vulnerabilities.

At Applied Intuition, you will:
  • Assess and guide security for existing and new products 
  • Develop and maintain a robust Cybersecurity Management System tailored to the unique requirements of the automotive sector, encompassing policies, procedures, controls, and governance frameworks
  • Ensure compliance with industry regulations, standards, and best practices related to automotive cybersecurity, such as ISO/SAE 21434, NIST SP 800-53, and UN Regulation No. 155
  • Conduct comprehensive Threat and Risk Assessments (TARAs) on automotive systems to identify potential security threats, vulnerabilities, and associated risks. Utilize TARA methodologies to prioritize security measures and mitigation strategies
  • Implement and manage code scanning and binary scanning tools to analyze software code and binaries for security vulnerabilities and compliance with coding standards. Collaborate with development teams to address identified issues and improve overall code quality and security
  • Establish and oversee a Secured Software Development Lifecycle (SDLC) process, integrating security best practices and controls into all stages of the software development process. Provide guidance and support to development teams to ensure that security considerations are addressed from design to deployment
  • Maintain accurate documentation of vulnerability assessments, remediation activities, security incidents, TARA results, code scanning and binary scanning findings, Secured SDLC processes, and CSMS processes. Generate regular reports for senior management and stakeholders
We're looking for someone who has:
  • 5+ years of experience in product or cybersecurity security compliance and vulnerability management role
  • Proven experience in vulnerability management, cybersecurity, or related field, with a focus on the automotive industry
  • In-depth knowledge of automotive systems, protocols, and architectures, including CAN bus, LIN bus, Ethernet, and automotive ECUs
  • Strong understanding of cybersecurity principles, threat modeling, and risk assessment methodologies.
  • Experience with code scanning, binary scanning, and other software security analysis tools
  • MS/BS degree in Computer Science, Engineering or equivalent
Nice to have:
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders
  • Experience in conducting Threat and Risk Assessments (TARAs) on automotive systems
  • Experience in developing and implementing Secured Software Development Lifecycle (SDLC) processes

The salary range for this position is $150,000 - $220,000 USD annually. This salary range is an estimate, and the actual salary may vary based on the Company's compensation practices.

Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

Applicants will be required to be fully vaccinated against COVID-19 upon commencing employment. Reasonable accommodations will be considered on a case-by-case basis for exemptions to this requirement in accordance with applicable federal and state law. Applicants should be aware that for external-facing roles that involve close contact with Company employees or other third parties on the Company's premises, accommodations that involve remaining unvaccinated against COVID-19 may not be deemed reasonable. The Company will engage in the interactive process on an individualized basis taking into account the particular position.

Applied Intuition is an equal opportunity employer and federal contractor or subcontractor. Consequently, the parties agree that, as applicable, they will abide by the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a) and 41 CFR 60-741.5(a) and that these laws are incorporated herein by reference. These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. These regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability. The parties also agree that, as applicable, they will abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.