Jobs · Management · California

Automotive Security Product Lead

Necessary Ventures · Sunnyvale, CA · 4 days ago
ManagementFull-time

About the role

The Automotive Product Security Lead at Wayve will define, mature, and operate the product security framework for Wayve’s automotive software activities. This includes ensuring Wayve can develop, assure, and supply automotive software that meets appropriate cybersecurity expectations from internal governance, customers, regulators, and external assessors.

Responsibilities

  • Define and maintain Wayve's automotive product security framework, aligned to ISO 21434, ASPICE for Cybersecurity, and customer assurance expectations.

  • Establish practical processes, templates, guidance, and minimum control expectations for automotive cybersecurity activities across R&D fleet, robotaxi, and customer software programmes.

  • Coordinate product security activity across security, product, engineering, safety, and customer-facing teams to ensure dependencies, risks, and assurance needs are understood early.

  • Provide independent review of required work products, traceability and completeness, residual risk statements, and the overall credibility of the cybersecurity case.

  • Assess whether the cybersecurity case provides a defensible argument that the relevant system or software is acceptably secure for its intended context.

  • Establish mechanisms for product cybersecurity risk visibility, challenge, escalation, and decision-making across automotive programmes.

  • Partner with risk owners to ensure residual product cybersecurity risks are clearly documented, treatment options are understood, remediation is tracked, and acceptance decisions are made by the appropriate accountable owners.

  • Challenge and escalate where risk, evidence, or delivery gaps are not being addressed appropriately.

  • Translate automotive cybersecurity regulatory, standards, and customer expectations into practical internal requirements and assurance activities.

  • Support preparation for external audits, customer assessments, and OEM reviews where product cybersecurity evidence is required.

  • Represent Wayve credibly in product security discussions with customers, partners, and external assessors.

  • Secure Development Enablement:

    • Advising and upskilling product and engineering teams on automotive cybersecurity practices, including TARA, cybersecurity requirements, secure architecture, implementation evidence, verification, validation, and security testing expectations.

    • Building reusable guidance and playbooks that help teams integrate product security into existing development processes without duplicative or unnecessary process overhead.

  • Metrics, Reporting & Continuous Improvement:

    • Developing meaningful metrics that demonstrate automotive product security maturity, assurance readiness, evidence quality, risk treatment progress, and recurring areas of weakness.

    • Providing clear reporting to security, product, engineering, and other senior stakeholders, using evidence and judgement to drive continuous improvement in Wayve's product security capability.

Qualifications

  • Proven experience in a senior product security, automotive cybersecurity, embedded systems security, or security assurance role, with accountability for influencing security outcomes across complex technical programmes.

  • Strong knowledge of automotive cybersecurity expectations, particularly ISO 21434 and UNECE R155.

  • Experience defining, applying, or assessing cybersecurity lifecycle activities and work products, including TARA, cybersecurity goals, cybersecurity requirements, verification and validation evidence, and residual risk treatment.

  • Strong technical judgement across software security, embedded or vehicle systems, secure architecture, threat modelling, security testing, and risk assessment.

  • Experience reviewing or contributing to cybersecurity cases, assurance cases, technical evidence packs, or comparable structured security arguments.

  • Excellent judgement and independence, with confidence challenging issues while maintaining constructive working relationships.

  • Experience partnering with product, engineering, delivery, safety, legal, security, supplier, or customer-facing teams to deliver proportionate and effective security outcomes.

  • Strong written and verbal communication skills, able to translate standards, risks, and assurance expectations into clear, practical guidance for technical and non-technical stakeholders.

  • Comfort operating with high autonomy in a fast-moving, ambiguous environment where the right level of process needs to be designed, not simply inherited.

Desired Qualifications

  • Experience establishing or scaling a product security or automotive cybersecurity capability in a growing or fast-moving organisation.

  • Experience with OEM customer assurance, external audits, cybersecurity certification, type approval, or independent assessment activity.

  • Familiarity with ASPICE, ISO 26262, ISO 21448 / SOTIF, or safety-security interface management.

  • Experience with autonomous vehicles, ADAS, robotics, safety-critical software, automotive software platforms, vehicle networks, OTA update systems, or fleet operations.

  • Experience managing product-security-relevant supplier assurance, supplier evidence, or third-party cybersecurity risk in an automotive context.

  • Relevant certifications or training, such as ISO 21434, CISSP, CSSLP, GICSP, or automotive cybersecurity training.

Similar jobs