Staff Product Cybersecurity Engineer - Vehicle Security

General Motors • Full-time • United States • 2w ago

The Role

GM’s Product Cybersecurity Team safeguards the security and integrity of our vehicle platforms, embedded systems, and connected services across the entire product lifecycle. Our mission is to proactively defend GM products against evolving cyber threats by engineering cybersecurity into every phase — from concept and architecture through development, validation, production, and in-field operation. We seek product cybersecurity professionals with advanced expertise in secure system design, embedded and automotive security, and risk-based threat analysis, capable of driving security-by-design principles, ensuring compliance with global regulations and standards, and strengthening the resilience of GM’s vehicles and mobility ecosystems.

The Staff Product Cybersecurity Engineer defines and leads cybersecurity strategy for new technologies, highly complex features, and major improvements across current and future vehicle platforms. This role provides technical leadership to execution teams for the development, integration, and validation of cybersecurity controls, ensuring alignment with GM’s enterprise security architecture and standards.

This is a high-impact, hands-on technical leadership role responsible for defining secure system architectures spanning vehicle ECUs, high-performance compute platforms, ADAS system, charging infrastructure, PKI ecosystems, and external partner interfaces.

What You'll Do

Cybersecurity Architecture Ownership

Define cybersecurity goals, concepts, and technical roadmaps for:
- ADAS perception, cameras, radar, lidar, and compute domains.
- On-board chargers, EVSE, and GM Energy products.
Architect secure end-to-end systems spanning:
- Linux-based ECUs (Yocto / AGL / Android Automotive OS).
- Vehicle networks (CAN, Ethernet, diagnostics).
- Define charging interfaces and backend ecosystems.
Drive secure partitioning, privilege separation, process isolation, and access control models across high-performance compute and embedded platforms.

Security Requirements

Define and enforce cybersecurity requirements for:
- ADAS ECUs, sensors, compute platforms.
- Charging ECUs and Certificate Lifecycle Management (CLM).
- Plug & Charge (ISO 15118) implementations.
Lead secure implementation guidance for:
- ISO 15118-2 / ISO 15118-20 (certificate handling, TLS, contract management).
- Secure vehicle communications (TLS, mutual TLS).
- Ensure regulatory compliance and alignment with ISO/SAE 21434 and UNECE R155 / R156.

Threat Modeling & Risk Management

Lead TARA, threat modeling, and security architecture reviews for:
- ADAS compute and autonomy features.
- Charging use cases (Plug & Charge, smart charging, bi-directional charging).
- Vehicle-to-cloud and vehicle-to-charger ecosystems.
Evaluate risks across:
- In-vehicle networks
- Edge devices
- PKI infrastructure
- Backend APIs and third-party integrations
Provide risk-based design recommendations balancing security, safety, and

product constraints.

PKI, Cryptography & Secure Communications

Define PKI architectures supporting Plug & Charge and charging ecosystems.
Specify certificate lifecycle management, key provisioning, secure storage (HSM /
secure elements).
Drive secure TLS/mTLS implementations across vehicle, charger, and cloud

domains.
Oversee cryptographic controls for:
- Contract certificates
- Backend trust chains
- ECU authentication mechanisms

Secure Linux & Platform Hardening (ADAS Compute)

Design and maintain SELinux security policies for Linux-based ECUs.
Harden OS configurations:
- Kernel security configuration
- System sandboxing
Secure boot and chain-of-trust.
Review containerization, virtualization, and hypervisor security strategies for ADAS compute platforms.

Cross-Functional & Supplier Leadership

Partner with system architects, software teams, validation, and cloud engineering.
Review supplier security concepts and evidence packages.
Provide clear technical guidance and design feedback.
Translate complex risks into actionable engineering requirements.

Incident Response & Post-Launch Security

Support vulnerability assessments and coordinated disclosure.
Participate in root-cause analysis and mitigation strategy definition.
Contribute to long-term product cybersecurity strategy for ADAS and GM Energy.

Your Skills & Abilities (Required Qualifications) 

Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, or related field.
7+ years of experience in automotive or embedded cybersecurity .
Experience with ADAS / autonomy platforms .
Strong knowledge of:
- ISO/SAE 21434
- UNECE R155 / R156
- Automotive E/E architectures
Hands-on experience with:
- Secure communications ( TLS, mTLS, SecOC ).
- PKI, digital certificates, and key management.
- CAN, UDS, Ethernet , or automotive diagnostics.
Experience securing embedded Linux platforms ( SELinux, Yocto, OS hardening ).
Proficient in at least one of the following programming languages:
C, C++, Python, Go , or Java .
Experience with:
- HSMs and secure elements.
- Secure boot and hardware root of trust.
Strong system-level thinking and ability to drive secure architecture decisions.