Compliance and Vulnerability Management Lead
Mountain View, CA, United States
About the role
Applied is seeking a highly skilled and experienced Compliance and Vulnerability Management Lead with a specialized focus on the automotive industry. As the Compliance and Vulnerability Management Lead, you will be responsible for ensuring regulatory compliance and maintaining the security and integrity of our products and systems by identifying, assessing, and mitigating potential vulnerabilities.
At Applied Intuition, you will:
Assess and guide security for existing and new products
Develop and maintain a robust Cybersecurity Management System tailored to the unique requirements of the automotive sector, encompassing policies, procedures, controls, and governance frameworks
Ensure compliance with industry regulations, standards, and best practices related to automotive cybersecurity, such as ISO/SAE 21434, NIST SP 800-53, and UN Regulation No. 155
Conduct comprehensive Threat and Risk Assessments (TARAs) on automotive systems to identify potential security threats, vulnerabilities, and associated risks. Utilize TARA methodologies to prioritize security measures and mitigation strategies
Implement and manage code scanning and binary scanning tools to analyze software code and binaries for security vulnerabilities and compliance with coding standards. Collaborate with development teams to address identified issues and improve overall code quality and security
Establish and oversee a Secured Software Development Lifecycle (SDLC) process, integrating security best practices and controls into all stages of the software development process. Provide guidance and support to development teams to ensure that security considerations are addressed from design to deployment
Maintain accurate documentation of vulnerability assessments, remediation activities, security incidents, TARA results, code scanning and binary scanning findings, Secured SDLC processes, and CSMS processes. Generate regular reports for senior management and stakeholders
We're looking for someone who has:
5+ years of experience in product or cybersecurity security compliance and vulnerability management role
Proven experience in vulnerability management, cybersecurity, or related field, with a focus on the automotive industry
In-depth knowledge of automotive systems, protocols, and architectures, including CAN bus, LIN bus, Ethernet, and automotive ECUs
Strong understanding of cybersecurity principles, threat modeling, and risk assessment methodologies.
Experience with code scanning, binary scanning, and other software security analysis tools
MS/BS degree in Computer Science, Engineering or equivalent
Nice to have:
Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders
Experience in conducting Threat and Risk Assessments (TARAs) on automotive systems
Experience in developing and implementing Secured Software Development Lifecycle (SDLC) processes
The salary range for this position is $ 150,000 - $220,000 USD annually. This salary range is an estimate, and the actual salary may vary based on the Company's compensation practices.
#J-18808-Ljbffr