What you'd actually do

Provide consulting and advisory services to engineering teams heavily focused on automotive cybersecurity

Work directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements development

Develop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partners

Perform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes

Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities

Skills

Required

Automotive Cybersecurity (ISO21434/UNECE/NHTSA)
Linux operating system security
CWE Top 25
structured processes and procedures around automotive cybersecurity
C++
Golang
Python
software and/or hardware component assessment
risk assessment
threat modeling
incident and emergency response
OS hardening
vulnerability management
pentesting
offensive security
cryptographic protocols and concepts
vulnerability discovery and analysis
design review
code-level security reviews
security engineering
computer and network security
authentication and security protocols
applied cryptography
security technologies and processes

Nice to have

Relevant automotive cybersecurity work experience
Relevant experience with Automotive Cybersecurity Frameworks (ISO21434/UNECE/NHTSA)
Relevant work experience in offensive security, penetration testing or red teaming
Defense in Depth Strategies
production-quality code in C++, Golang, or Python
security of software, hardware and services evaluation
embedded firmware security
hardware security
robotics or automotive space security
cloud security (AWS)
infrastructure-as-code
Trusted Platform Modules
HSMs
trusted boot
open source contributions
published papers
conference presentations

Who we are

Aurora’s mission is to deliver the benefits of self-driving technology safely, quickly, and broadly.

The Aurora Driver will create a new era in mobility and logistics, one that will bring a safer, more efficient, and more accessible future to everyone.

At Aurora, you will tackle massively complex problems alongside other passionate, intelligent individuals, growing as an expert while expanding your knowledge. For the latest news from Aurora, visit aurora.tech or follow us on LinkedIn.

Aurora’s Product Security team’s mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora.

Our team is responsible for ensuring the secure design and implementation of secure technologies used by the Aurora Driver as well as continually improving the assurance levels of security across all of Aurora’s Products. This team is also responsible for developing, contributing and documenting security engineering processes and the resulting product security requirements used by the company. Additionally team members support and perform technical security assessments, threat modeling, security code reviews and vulnerability testing to highlight and document risks. This team works closely with engineers across Aurora as well as 3rd party partners to design and proactively integrate initiatives to enhance security across a wide variety of software or hardware domains and technology stacks.

In this role you will:

Provide consulting and advisory services to engineering teams heavily focused on automotive cybersecurity
Work directly with engineering and non-engineering teams to drive improvements in internal processes, procedures and technical fundamentals through threat modeling and requirements development
Develop, document, improve, implement and execute cybersecurity best practices and processes for autonomous vehicles across internal and external engineering partners
Perform technical automotive cybersecurity assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
Assess the risks across the Aurora Driver Platform and prioritize high value components (software and/or hardware) for critical and high security vulnerabilities
Conduct research to identify new and novel attack vectors against Aurora’s products and services
Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners

Required Qualifications:

Foundational knowledge of Automotive Cybersecurity (ISO21434/UNECE/NHTSA)
Foundational knowledge of operating system security for Linux
Foundational knowledge of the CWE Top 25
Develop, document and execute structured processes and procedures around automotive cybersecurity
Ability to write proficiently in C++, Golang and Python
Ability to assess software and/or hardware components with and without full knowledge
Ability to work well with other assessment members and engineering partners
Ability to communicate effectively with technical and non-technical audiences
Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts
Experience in vulnerability discovery and analysis, design review, and code-level security reviews
Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.
Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes

Desirable Qualifications:

Relevant automotive cybersecurity work experience
Relevant experience with Automotive Cybersecurity Frameworks (ISO21434/UNECE/NHTSA)
Relevant work experience in offensive security, penetration testing or red teaming
Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.
Ability and desire to write production-quality code in C++, Golang, or Python
Experience evaluating the security of software, hardware and services
Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space
Familiarity with cloud security (AWS) and infrastructure-as-code
Familiarity with Trusted Platform Modules, HSMs, and trusted boot
A history of giving back to the security industry via open source contributions, published papers, or conference presentations

The base salary range for this position is $189,000 - $280,000 per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

Working at Aurora** **At Aurora, we bring together extraordinarily talented and experienced people united by the strength of our values. We operate with integrity, set outrageous goals, and build a culture where we win together — all without any jerks.

We believe in-person work increases collaboration, empathy and our ability to lead effectively. As a result, we operate in a hybrid work environment where Aurorans are in office at least 3 days per week.

OurCareers page provides insight into what it is like to work at Aurora, and you can find all the latest updates in our Newsroom.

Our commitment to safety

At the core of everything we do is our commitment to safety. Building best-in-class self-driving technology will take time, and we believe that each employee at Aurora has a role in contributing to safety, every step of the way. Aurora expects commitment to our safety policies from every employee, and seeks candidates who take an active responsibility, can contribute to building an atmosphere of trust, and invest in the organization’s long-term success by prioritizing working safely, no matter what.

Our commitment to inclusion

Aurora considers candidates without regard to their race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, pregnancy status, parent or caregiver status, ancestry, political affiliation, veteran and/or military status, physical or mental disability, or any other status protected by federal or state law. Aurora considers qualified applicants with criminal histories, consistent with applicable federal, state, and local law. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at careersiteaccommodations@aurora.tech.

For California applicants, information collected and processed as part of your application and any job applications you choose to submit is subject to Aurora’s California Employment Privacy Policy.