Aurora's mission is to deliver the benefits of self-driving technology safely, quickly, and broadly. The Product Security team's mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora.
Requirements
- Foundational knowledge of Automotive Cybersecurity (ISO21434/UNECE/NHTSA)
- Foundational knowledge of operating system security for Linux
- Foundational knowledge of the CWE Top 25
- Ability to write proficiently in C++, Golang and Python
- Ability to assess software and/or hardware components with and without full knowledge
- Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
- Experience in vulnerability discovery and analysis, design review, and code-level security reviews
Responsibilities
- Provide consulting and advisory services to engineering teams heavily focused on automotive cybersecurity
- Work directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements development
- Develop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partners
- Perform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
- Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
- Conduct research to identify new and novel attack vectors against Aurora's products and services
- Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners
Other
- Ability to work well with other assessment members and engineering partners
- Ability to communicate effectively with technical and non-technical audiences
- Relevant automotive cybersecurity work experience
- Relevant work experience in offensive security, penetration testing or red teaming
- A history of giving back to the security industry via open source contributions, published papers, or conference presentations
