The Role
GM’s
Product Cybersecurity Team
safeguards the security and integrity of our vehicle platforms, embedded systems, and connected services across the entire product lifecycle. Our mission is to proactively defend GM products against evolving cyber threats by engineering cybersecurity into every phase — from concept and architecture through development, validation, production, and in-field operation. We seek product cybersecurity professionals with advanced expertise in secure system design, embedded and automotive security, and risk-based threat analysis, capable of driving security-by-design principles, ensuring compliance with global regulations and standards, and strengthening the resilience of GM’s vehicles and mobility ecosystems.
The
Connected Vehicle Cybersecurity Manager
leads the engineering team responsible for securing the end-to-end connected vehicle ecosystem – spanning in-vehicle connectivity platforms, telecom interfaces, backend services, certificate lifecycle management (CLM), and mobile integrations.
This role defines and drives the security vision, architecture, and execution strategy for connected ECUs and services. The manager ensures secure design, implementation, and operations across vehicle, cloud, and mobile domains, while maintaining compliance with global automotive cybersecurity regulations and internal standards.
This is a high-impact leadership position interfacing with vehicle engineering, cloud platforms, telecom providers, enterprise security, and product leadership.
What You'll Do Leadership & Organization
Lead, grow, and mentor the Connected Vehicle Security engineering team.
Drive hiring strategy, capability development, and performance management.
Build deep technical expertise in embedded, telecom, and cloud security within the team.
Foster a security-by-design culture across vehicle programs.
Security Architecture & Strategy
Define and maintain security architecture for:
Connected ECUs (telematics control units, infotainment systems, connectivity SoCs)
ADAS systems, CLM design
Vehicle-to-cloud communications
Backend services communicating with vehicles including CLM, IAM, APIs, and OTA
Establish and maintain security requirements aligned to:
ISO/SAE 21434
UNECE WP.29 R155 / UNECE WP.29 R156
Own threat modeling (TARA) and risk treatment decisions for connected systems.
Define cryptographic architecture (PKI, key hierarchy, provisioning, rotation, revocation).
Secure Design & Control Implementation Oversee the design and deployment of security controls including:
Secure boot & hardware root of trust (HSM / TPM-based).
Firmware signing & OTA protection.
OS hardening (Linux/QNX/Android-based IVI platforms).
TLS/mTLS implementation for vehicle-to-cloud communication.
Token-based authentication & OAuth flows.
Certificate Lifecycle Management (development, provisioning, renewal, revocation, backend trust anchors, etc.)
Secure API gateways and backend authentication services.
Secure telecom integration (eSIM, 4G/5G, V2X security).
Program Governance & Lifecycle Security
Govern cybersecurity engagement across connected vehicle programs:
Security intake
Architecture reviews
Design assessments
Penetration testing reviews
Security sign-off gates
Track and manage:
Cybersecurity risks
Deviations and compensating controls
Open vulnerabilities
Ensure traceability from cybersecurity requirements to validation artifacts.
Support CSMS evidence generation and audit readiness.
Incident Response & Vulnerability Management
Provide leadership oversight for vulnerability management across:
In-vehicle connectivity stacks
Mobile integrations
Coordinate incident response with enterprise security teams.
Define connected vehicle patching and remediation strategy.
Support external researcher engagement and responsible disclosure handling.
Stakeholder & Executive Communication
Communicate security strategy, trade-offs, and risk posture to senior leadership.
Translate technical risk into business impact.
Provide security health metrics for connected platforms.
Represent Connected Vehicle Security in executive and regulatory reviews.
Your Skills & Abilities (Required Qualifications)
Bachelor’s degree in Computer Science, Electrical Engineering, Cybersecurity, or related field.
8+ years
in automotive cybersecurity, embedded security, telecom security, or cloud security.
Demonstrated hands‑on experience with:
Connected ECUs
(
TCU, IVI, connectivity modules
)
PKI
/ certificate management systems
Secure communication protocols (
TLS, IPsec, DoIP, CAN security
)
Proven people leadership experience (team lead, engineering manager, or equivalent).
What Will Give You a Competitive Edge (Preferred Qualifications)
Experience implementing
ISO/SAE 21434
-compliant development processes.
Familiarity with
UNECE R155/R156
regulatory expectations.
Experience with:
HSM
-based key storage
Secure provisioning at manufacturing
OTA security architecture
Telecom security (
eSIM
, carrier integration)
Cloud-native security controls
(IAM, zero trust, API security)
Strong understanding of threat modeling (
TARA
), penetration testing, and red-team findings in automotive.
Experience working in a global
OEM
or Tier-1 environment.
#J-18808-Ljbffr
Product Cybersecurity Team
safeguards the security and integrity of our vehicle platforms, embedded systems, and connected services across the entire product lifecycle. Our mission is to proactively defend GM products against evolving cyber threats by engineering cybersecurity into every phase — from concept and architecture through development, validation, production, and in-field operation. We seek product cybersecurity professionals with advanced expertise in secure system design, embedded and automotive security, and risk-based threat analysis, capable of driving security-by-design principles, ensuring compliance with global regulations and standards, and strengthening the resilience of GM’s vehicles and mobility ecosystems.
The
Connected Vehicle Cybersecurity Manager
leads the engineering team responsible for securing the end-to-end connected vehicle ecosystem – spanning in-vehicle connectivity platforms, telecom interfaces, backend services, certificate lifecycle management (CLM), and mobile integrations.
This role defines and drives the security vision, architecture, and execution strategy for connected ECUs and services. The manager ensures secure design, implementation, and operations across vehicle, cloud, and mobile domains, while maintaining compliance with global automotive cybersecurity regulations and internal standards.
This is a high-impact leadership position interfacing with vehicle engineering, cloud platforms, telecom providers, enterprise security, and product leadership.
What You'll Do Leadership & Organization
Lead, grow, and mentor the Connected Vehicle Security engineering team.
Drive hiring strategy, capability development, and performance management.
Build deep technical expertise in embedded, telecom, and cloud security within the team.
Foster a security-by-design culture across vehicle programs.
Security Architecture & Strategy
Define and maintain security architecture for:
Connected ECUs (telematics control units, infotainment systems, connectivity SoCs)
ADAS systems, CLM design
Vehicle-to-cloud communications
Backend services communicating with vehicles including CLM, IAM, APIs, and OTA
Establish and maintain security requirements aligned to:
ISO/SAE 21434
UNECE WP.29 R155 / UNECE WP.29 R156
Own threat modeling (TARA) and risk treatment decisions for connected systems.
Define cryptographic architecture (PKI, key hierarchy, provisioning, rotation, revocation).
Secure Design & Control Implementation Oversee the design and deployment of security controls including:
Secure boot & hardware root of trust (HSM / TPM-based).
Firmware signing & OTA protection.
OS hardening (Linux/QNX/Android-based IVI platforms).
TLS/mTLS implementation for vehicle-to-cloud communication.
Token-based authentication & OAuth flows.
Certificate Lifecycle Management (development, provisioning, renewal, revocation, backend trust anchors, etc.)
Secure API gateways and backend authentication services.
Secure telecom integration (eSIM, 4G/5G, V2X security).
Program Governance & Lifecycle Security
Govern cybersecurity engagement across connected vehicle programs:
Security intake
Architecture reviews
Design assessments
Penetration testing reviews
Security sign-off gates
Track and manage:
Cybersecurity risks
Deviations and compensating controls
Open vulnerabilities
Ensure traceability from cybersecurity requirements to validation artifacts.
Support CSMS evidence generation and audit readiness.
Incident Response & Vulnerability Management
Provide leadership oversight for vulnerability management across:
In-vehicle connectivity stacks
Mobile integrations
Coordinate incident response with enterprise security teams.
Define connected vehicle patching and remediation strategy.
Support external researcher engagement and responsible disclosure handling.
Stakeholder & Executive Communication
Communicate security strategy, trade-offs, and risk posture to senior leadership.
Translate technical risk into business impact.
Provide security health metrics for connected platforms.
Represent Connected Vehicle Security in executive and regulatory reviews.
Your Skills & Abilities (Required Qualifications)
Bachelor’s degree in Computer Science, Electrical Engineering, Cybersecurity, or related field.
8+ years
in automotive cybersecurity, embedded security, telecom security, or cloud security.
Demonstrated hands‑on experience with:
Connected ECUs
(
TCU, IVI, connectivity modules
)
PKI
/ certificate management systems
Secure communication protocols (
TLS, IPsec, DoIP, CAN security
)
Proven people leadership experience (team lead, engineering manager, or equivalent).
What Will Give You a Competitive Edge (Preferred Qualifications)
Experience implementing
ISO/SAE 21434
-compliant development processes.
Familiarity with
UNECE R155/R156
regulatory expectations.
Experience with:
HSM
-based key storage
Secure provisioning at manufacturing
OTA security architecture
Telecom security (
eSIM
, carrier integration)
Cloud-native security controls
(IAM, zero trust, API security)
Strong understanding of threat modeling (
TARA
), penetration testing, and red-team findings in automotive.
Experience working in a global
OEM
or Tier-1 environment.
#J-18808-Ljbffr