Product Security Threat Analysis and Security Standards Engineer at Zoox
San Mateo, CA 94404
About the Job
Foster City, CASoftware – Product Security /Full-time /On-siteThe Product Security Threat Analysis and Security Standards team is responsible for conducting structured security analyses of Zoox products and applying security standards judiciously throughout the System Development Life Cycle at Zoox
The ideal candidate for this team will have a robust background in systems engineering, coupled with a demonstrated passion and concrete expertise in cybersecurity
They should possess proven skills in translating their analysis into high-quality written deliverables, such as Threat Analysis and Risk Assessments (TARA)
Experience with the security analysis of complex cyber-physical systems and automotive Systems on Chips (SoCs), including on-chip security features and various onboard communication interfaces (e.g., UDS, JTAG, CAN/LIN, I2C, SPI), is essential
Additionally, the candidate should have a demonstrated ability to identify and evaluate threats across both wireless and wired communication channels in automotive systems.ResponsibilitiesYou will carry out security analysis, threat modeling, and risk assessment for a complex product ecosystem consisting of a custom-designed and built vehicle fleet as well as a portfolio of cloud services.You will produce high-quality, readable, structured artifacts such as TARAs that reflect the security analysis performed and help guide the company’s efforts in the cybersecurity domain.You will interface with a multitude of engineering teams within Product Security as well as across software and hardware engineering
Build and maintain a strong understanding of the underlying engineering constraints and factor that understanding into the analysis and recommendations.You will analyze existing and emerging standards in cybersecurity (both general and domain-specific) and distill the analysis into a plan for adoption that is well-grounded and focused on tangible business impact
QualificationsMaster’s degree in CS or related engineering field (software, hardware, systems)Demonstrated engineer’s grasp of cybersecurity: big picture as well as details of specific vulnerabilities and attacks in the software and cyber-physical domains.Track record in the analysis of complex systems for cybersecurity and the delivery of impactful, actionable insights.Understanding of the current state as well as the evolution of cybersecurity standards as they relate to the cloud and cyber-physical systems. Direct, demonstrated experience with (including the practical application of) ISO 21434, NIST CSF, SOC2 Type2 (and similar frameworks and standards) will be considered an advantage.CompensationThere are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights
The salary range for this position is $144,000 to $234,000
A sign-on bonus may be offered as part of the compensation package
Compensation will vary based on geographic location and level
Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance
The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.Zoox also offers a comprehensive package of benefits including paid time off (e.g
sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.About ZooxZoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market
Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments
We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.Follow us on LinkedInAccommodationsIf you need an accommodation to participate in the application or interview process please reach out to
Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
The ideal candidate for this team will have a robust background in systems engineering, coupled with a demonstrated passion and concrete expertise in cybersecurity
They should possess proven skills in translating their analysis into high-quality written deliverables, such as Threat Analysis and Risk Assessments (TARA)
Experience with the security analysis of complex cyber-physical systems and automotive Systems on Chips (SoCs), including on-chip security features and various onboard communication interfaces (e.g., UDS, JTAG, CAN/LIN, I2C, SPI), is essential
Additionally, the candidate should have a demonstrated ability to identify and evaluate threats across both wireless and wired communication channels in automotive systems.ResponsibilitiesYou will carry out security analysis, threat modeling, and risk assessment for a complex product ecosystem consisting of a custom-designed and built vehicle fleet as well as a portfolio of cloud services.You will produce high-quality, readable, structured artifacts such as TARAs that reflect the security analysis performed and help guide the company’s efforts in the cybersecurity domain.You will interface with a multitude of engineering teams within Product Security as well as across software and hardware engineering
Build and maintain a strong understanding of the underlying engineering constraints and factor that understanding into the analysis and recommendations.You will analyze existing and emerging standards in cybersecurity (both general and domain-specific) and distill the analysis into a plan for adoption that is well-grounded and focused on tangible business impact
QualificationsMaster’s degree in CS or related engineering field (software, hardware, systems)Demonstrated engineer’s grasp of cybersecurity: big picture as well as details of specific vulnerabilities and attacks in the software and cyber-physical domains.Track record in the analysis of complex systems for cybersecurity and the delivery of impactful, actionable insights.Understanding of the current state as well as the evolution of cybersecurity standards as they relate to the cloud and cyber-physical systems. Direct, demonstrated experience with (including the practical application of) ISO 21434, NIST CSF, SOC2 Type2 (and similar frameworks and standards) will be considered an advantage.CompensationThere are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights
The salary range for this position is $144,000 to $234,000
A sign-on bonus may be offered as part of the compensation package
Compensation will vary based on geographic location and level
Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance
The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.Zoox also offers a comprehensive package of benefits including paid time off (e.g
sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.About ZooxZoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market
Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments
We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.Follow us on LinkedInAccommodationsIf you need an accommodation to participate in the application or interview process please reach out to
accommodations@zoox.com
or your assigned recruiter.A Final Note:You do not need to match every listed expectation to apply for this positionHere at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.