We’re Cruise, the self-driving ride-hailing service.

We are building the world’s most advanced self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles  will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.

At Cruise, our engineers have opportunities to grow and develop while learning from leaders at the cutting-edge of their fields. With a culture of internal mobility, there's opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.

If you are looking to solve one of today’s most complex engineering challenges, see the results of your work in hundreds of self-driving cars, and make a positive impact in the world starting in our cities, join us. 

As the Staff Vulnerability and Risk Management Engineer you will report to the Governance, Risk & Compliance Manager at Cruise. As a technical leader you will be responsible for partnering with Legal, IT, Risk Management, Security Teams, Global Security Operations Center (GSOC) and Business Leadership to develop, implement, maintain, and mature the vulnerability management workflow at Cruise. As the vulnerability process flow owner you will work cross-functionally to stand up, implement and automate process flows and technical solutions for vulnerability risk treatment.  Additionally, this individual will draw on technical knowledge to formulate and prioritize risks and collaborate with asset owners to prioritize vulnerability remediation. This individual will educate and enable our employee base to ensure we meet our Information Security, Risk, & Compliance objectives.

What you'll be doing:

  • Proactive communication and alignment with GRC strategic direction and objectives shared across security.
  • Responsible for developing technically informed processes and workflows to manage vulnerability risk exposure and other security risk aspects within Cruise.
  • Work with Vulnerability Management Technical Program Manager (TPM) to implement effective vulnerability discovery programs across Cruise.
  • Responsible for automation of vulnerability management workflow.
  • Develop and implement techniques and tools for meaningful risk correlation of vulnerability data. 
  • Develop vulnerability management dashboard and work with stakeholders in incident response, GSOC, risk management, and threat intel to correlate data.
  • Document process and requirements for gathering and execution of meaningful vulnerability scanning and data aggregation.
  • Develop monthly risk exposure reports for vulnerability landscape at Cruise.
  • Work with TPM, IT and asset owners to achieve timely patches and remediation plans.

What you must have:

  • Bachelor’s degree in Engineering, Business, Technology or related field
  • 10+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
  • Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
  • Strong technical experience in evaluating and security design architecture, cloud computing, software vulnerability identification, vulnerability identification, threat analysis and implementation of technical solutions to mitigate security risk.
  • The ability to write scripts to automate investigative or security analysis tasks.
  • Experience in implementation of vulnerability management and risk programs from the ground up. 
  • Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
  • Ability to synthesize a variety of data points into comprehensive and effective execution and risk mitigation plans.
  • Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.

Bonus points!

  • One or more of the following certifications: OSCP, OSCE, GVEA, GCIH, GCED and CISSP

Why Cruise?

  • Our benefits are here to support the whole you:
    • Competitive salary and benefits 
    • 401(k) Cruise matching program 
    • Medical / dental / vision, AD+D and Life
    • Flexible vacation and company paid holidays
    • Healthy meals and snacks provided
    • Paid parental leave & family expansion stipend
    • Monthly wellness stipend
    • Commuter benefits
  • We’re Integrated
    • Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
  • We’re Funded
    • GM, Honda, SoftBank, and T. Rowe Price have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.
  • We’re Independent
    • We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the bleeding-edge of technology, but also define it.
  • We’re Vested
    • You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow. 

Cruise LLC is an equal opportunity employer.  All applicants for employment will be considered without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, genetics or any other legally protected basis.   Below, you have the opportunity to share your preferred gender pronouns, gender, ethnicity, and veteran status with Cruise to help us identify areas of improvement in our hiring and recruitment processes. Completion of these questions is entirely voluntary.  Any information you choose to provide will be kept confidential, and will not impact the hiring decision in any way.

We also consider for employment qualified applicants regardless of criminal histories, consistent with applicable laws.  And, if you believe that you will need any type of accommodation, please let us know.

Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.

Apply for this Job

* Required

When autocomplete results are available use up and down arrows to review
+ Add Another Education