Rivian and Volkswagen Group Technologies logo

Director, Product Security

Rivian and Volkswagen Group Technologies

Posted about 2 hours ago

About Us

Rivian and Volkswagen Group Technologies is a joint venture between two industry leaders with a clear vision for automotive’s next chapter. From operating systems to zonal controllers to cloud and connectivity solutions, we’re addressing the challenges of electric vehicles through technology that will set the standards for software-defined vehicles around the world.

The road to the future is uncharted. By combining our expertise across connectivity, AI, security and more, we’ll map a new way forward. Working together, we’ll create a future that’s more connected, more intelligent, more sustainable for everyone.

Role Summary

As the Director of Product Security, you will be the driving force behind securing the most consequential software-defined vehicle platform in the automotive industry. Reporting to the Sr. Director, Systems Engineering, Safety and Software Quality, you will lead the end-to-end product security strategy for Rivian and Volkswagen Group Technologies’ joint platform, a technology stack that will underpin millions of future electric vehicles across Rivian, Volkswagen, Audi, Scout, and beyond.

This is not a compliance role. This is a builder’s role. You will embed security into the DNA of our zonal architecture, over-the-air update pipeline, cloud infrastructure, and autonomous driving stack. Working shoulder-to-shoulder with elite software and hardware engineers who share your obsession with getting it right. You’ll own the discipline, lead the team, and set the standard for what product security looks like at the intersection of Silicon Valley and the global automotive industry.

 

Responsibilities

  • Product Security Strategy & Architecture: Lead a team that will define and own the multi-year product security roadmap for Rivian and RV Tech’s joint SDV (Software Defined Vehicle) platform. Translate business objectives, threat landscapes, and regulatory requirements into a coherent, executable security strategy spanning vehicle firmware, cloud backend, mobile applications, and the OTA update pipeline.

  • Secure-by-Design Engineering: Embed security across the full software development lifecycle. Partner with software, hardware, and platform engineering teams to conduct threat modeling and TARA (Threat Analysis and Risk Assessment), development of security requirements for implementation, systematic test definition and execution on SIL (software-in-loop), HIL (hardware-in-loop) and test vehicle levels. You will also establish secure coding guidelines to be used across all core engineering teams and build automated security tooling (SAST, DAST, fuzzing) into CI/CD pipelines. Champion a “security by design” culture across a global engineering org of 1,500+.

  • Automotive & Connected Vehicle Security: Lead adhering to compliance and security engineering efforts for automotive cybersecurity standards including ISO/SAE 21434 and UN Regulation No. 155. Secure zonal and E/E architecture, ECU communication buses (CAN, Automotive Ethernet), telematics, V2X, and ADAS/autonomy stacks. Own security of OTA update signing and delivery infrastructure.

  • Vulnerability Management & Red Team Programs: Build and operate a world-class vulnerability management program covering vehicle software, cloud services, and mobile apps. Establish and manage a bug bounty program and coordinate penetration testing across all product surfaces. Oversee triage, prioritization, and remediation tracking in partnership with engineering teams.

  • Supply Chain & Third-Party Security: Define and enforce security requirements across Tier-1 and Tier-2 automotive suppliers and software vendors. Build Software Bill of Materials (SBOM) practices, oversee third-party security assessments, and ensure supply chain integrity across the full software stack shared between Rivian and Volkswagen Group brands.

  • AI & Autonomy Security: Secure RV Tech’s AI and autonomy platform, including the Rivian Unified Intelligence stack and in-vehicle AI systems. Develop threat models for ML pipelines, model integrity, adversarial input attacks, and in-vehicle inference security. Stay at the forefront of AI security as a rapidly evolving attack surface in safety-critical systems.

  • Incident Response & PSIRT: Build and lead the Product Security Incident Response Team (PSIRT) for RV Tech. Establish coordinated disclosure processes, incident playbooks, and executive communication frameworks. Ensure rapid and effective response to security incidents affecting vehicle or platform software.

  • Team Leadership & Talent Development: Recruit, build, and inspire a high-performance product security team across Palo Alto, Irvine, Vancouver and Berlin. Create a culture of ownership, technical excellence, and continuous improvement while fostering collaboration across the RV Tech core engineering team and parent companies.

  • Executive & Cross-Organizational Leadership: Report directly to the Sr. Director, Product Security, Safety and Software Quality and present to executive leadership and the board on product security posture, program maturity, and key risks. Represent RV Tech at industry forums and standards bodies (Auto-ISAC, NHTSA, UNECE WP.29). Serve as the external face of product security for the company.

 

Qualifications

Minimum Qualifications:

  • 12+ years of progressive experience in cybersecurity, with at least 5 years in product security leadership at a software-defined product company (automotive, consumer electronics, aerospace, robotics, or similar).

  • Deep technical expertise in application security, embedded systems security, or automotive cybersecurity with a hands-on engineering background, not purely managerial.

  • Demonstrated experience building and scaling a product security or AppSec team from the ground up, including hiring, org design, and culture-setting.

  • Proven ability to influence and drive security posture across engineering organizations without direct authority - the credibility to be taken seriously in a room full of elite engineers.

  • Strong working knowledge of threat modeling methodologies (eg STRIDE, PASTA, TARA), secure SDLC practices, and vulnerability management programs including coordinated disclosure.

  • Experience securing cloud-native architectures at scale (GCP, AWS, or Azure) including cloud-to-vehicle communication channels and data pipelines.

  • Track record of operating at the executive level presenting to the board, partnering with the C-suite, and translating deeply technical risk into business-level language.

  • B.S. or M.S. in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience.

Preferred Qualifications

  • Direct experience with ISO/SAE 21434, UN Regulation No. 155, NHTSA cybersecurity best practices, or other automotive-specific cybersecurity frameworks.

  • Background in embedded security, firmware security, or hardware security (e.g. HSMs, secure boot, cryptographic key management in constrained environments).

  • Experience at a mission-driven, high-velocity technology company

  • Familiarity with AI/ML security: adversarial robustness, model integrity, and securing inference pipelines in safety-critical systems.

Total Rewards

Full-time positions include base salary, eligibility for an annual performance bonus, and eligibility for equity.

In addition to base salary, Rivian and Volkswagen Group Technologies offers benefits tailored to the local market. For more information on the benefits available for full-time employees, check out our Global Benefits Site.

External candidates can apply for this role through the Rivian and Volkswagen Group Technologies careers site (https://rivianvw.tech/#careers). If you are a current employee, please apply through our internal job board.

Equal Opportunity

Rivian and Volkswagen Group Technologies is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law. We are also committed to ensuring compliance with all applicable fair employment practice laws regarding citizenship and immigration status.

Rivian and Volkswagen Group Technologies is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at [email protected].

Candidate Data Privacy

Rivian and Volkswagen Group Technologies” may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian and Volkswagen Group Technologies may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) record keeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law.

Rivian and Volkswagen Group Technologies may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian and Volkswagen Group Technologies affiliates; and (iii) Rivian and Volkswagen Group Technologies’ service providers, including providers of background checks, staffing services, and cloud services.

Rivian and Volkswagen Group Technologies may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.

If you provide a mobile telephone number as part of your application or during the recruitment process, Rivian and Volkswagen Group Technologies may use that number to contact you via SMS text message for recruitment-related purposes, including scheduling, logistics, and status updates. Message and data rates may apply. You may opt out of SMS communications at any time by replying STOP to any text message you receive from us. Consent to receive SMS messages is not a condition of applying for or being considered for employment.

Want to see the full job description?

Sign in to view the complete details and apply to this position.

Job details

Workplace

Hybrid

Location

Palo Alto, California

Experience

EX

Salary

241k - 344k USD

per year

Similar
Rivian and Volkswagen Group Technologies logo

Rivian and Volkswagen Group Technologies

Jobr Assistant extension

Get the extension →