Product Cybersecurity Engineer - Vehicle Security

GM's Product Cybersecurity Team safeguards the security and integrity of our vehicle platforms, embedded systems, and connected services across the entire product lifecycle. Our mission is to proactively defend GM products against evolving cyber threats by engineering cybersecurity into every phase - from concept and architecture through development, validation, production, and in-field operation. We seek product cybersecurity professionals with advanced expertise in secure system design, embedded and automotive security, and risk-based threat analysis, capable of driving security-by-design principles, ensuring compliance with global regulations and standards, and strengthening the resilience of GM's vehicles and mobility ecosystems.

The Sr. Product Cybersecurity Engineer will lead and deliver end-to-end product cybersecurity for connected vehicle systems, with a focus on EV charging and Plug & Charge technologies (ISO 15118). This role translates cybersecurity risk assessments into production-ready security requirements and architectures, while partnering with engineering teams and suppliers to implement compliant, robust vehicle cybersecurity controls.

What You'll Do

Security Requirements & Architecture

• Define and enforce security requirements for Plug & Charge implementations, including ISO 15118-2 / ISO 15118-20 certificate handling, TLS, and contract management.

• Architect and evolve PKI and certificate lifecycle management (CLM) for vehicle-to-charger-to-cloud ecosystems, including key provisioning and secure storage approaches (e.g., HSM/secure elements).

• Drive secure communications patterns (e.g., TLS/mTLS) and trust chain strategy across vehicle, EVSE, backend APIs, and partner integrations.

• Execute and support cybersecurity activities across the full ISO/SAE 21434 lifecycle (Concept, Product Development, Production, Operation, and Decommissioning).

• Define cybersecurity requirements and design constraints for ECUs, vehicle networks, diagnostics, and connected features.

• Translate threat scenarios into concrete security controls (e.g., authentication, authorization, secure communications, logging, monitoring).

• Review and influence system and software architectures to ensure defense-in-depth and least-privilege principles are applied.

• Contribute to hardening strategies for embedded platforms (e.g., secure boot/chain-of-trust, OS hardening, SELinux policy where applicable).

Implementation & Validation Support

• Partner with development teams and suppliers during implementation to ensure security requirements are correctly interpreted and delivered.
• Support cybersecurity verification and validation planning, including test strategy reviews and evidence assessment.
• Participate in design reviews, vulnerability assessments, and security readiness evaluations.
• Provide hands-on technical leadership to execution teams and suppliers, review concepts, evidence packages, and integration plans; drive clarity from ambiguity., GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc).This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week {or other frequency dictated by their manager}.This job may be eligible for relocation benefits. About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

• Bachelor's degree in Computer Engineering, Electrical Engineering, Computer Science, or a related technical field.
• 5+ years of experience in automotive, embedded, or product cybersecurity engineering.
• Strong understanding of vehicle E/E architectures, embedded systems, and in-vehicle communications (e.g., CAN, Ethernet, UDS).
• Proficiency in at least one: C, C++, Python, Go, or Java.
• Expertise with ISO 15118 Plug & Charge, PKI, certificates, and secure communications in charging ecosystems.
• Experience with embedded Linux security (e.g., SELinux, Yocto/AGL/AAOS hardening), secure boot, HSM/secure elements.
• Strong communication, documentation, and cross-functional collaboration skills; comfortable making recommendations with limited data.

We believe we all must make a choice every day - individually and collectively - to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee to feel they belong to one General Motors team., General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.