Led by a team of seasoned experts, our mission is to deliver the benefits of self-driving technology safely, quickly, and broadly. We are designing the software and hardware to power the transportation of our future that will make our roads safer, give more people access to mobility, and reduce congestion and pollution in cities - improving the quality of life for all. The challenge in what we are endeavoring to achieve is transcendent; we are developing perhaps the world's most complex computing system and asking it to perform the task of transporting and keeping safe our most precious asset: human life.

This role sits within the Security Strategy and Programs team. Aurora’s Security Strategy and Programs team’s mission is to develop security strategy and drive security initiatives across all of Aurora. We are searching for a seasoned security professional with expertise in driving company wide technical programs to join us on this mission.

This role specifically is responsible for defining and driving security assessment initiatives and risk management programs. This role will function as the bridge between Security and Product, Software, Hardware, Safety, Legal teams to drive execution of security risk management programs as needed for different product release milestones.

Flexible work locations are available (MTV, SFO, PIT) for US-based employees (Full remote is NOT available for this role).

In this role, you will

• Define schedule and scope of security threat analysis and risk assessments (TARA) as per product release milestones
• Partner closely with Aurora’s engineering teams to develop security assessment schedule and execution plans.
• Drive continuous TARA efforts as different parts of the product become mature.
• Develop higher level abstraction of threat models of product components and ecosystems.
• Identify major security gaps and work with other security TPMs to develop strategic security controls.
• Drive external 3rd party engagements of security assessments and pentests.
• Interpret 3rd party assessment/pentest results into tangible context specific risk items.
• Drive (and improve) security risk management program and its integration with other company-wide risk management efforts.
• Define and report on program KPIs and residual risks.
• Track progress, roadblocks and potential risks of security initiatives and programs.
• Proactively remove obstacles to drive momentum and progress. 
• Establish engagement interfaces to keep various levels of stakeholders for timely decision making.

Required Qualifications

• Minimum 7+ years of experience in the capacity of a Technical Program Manager, Product Manager, Engineering Manager or Security Engineer in domains of Security or Privacy.
• BS in Computer Science, Information Technology or a technical field or equivalent experience.
• Ability to define prioritization of security initiatives and efforts.
• Ability to influence and motivate people across a broad variety of job functions through your relationships.
• Experience with creating detailed reports and dashboards.
• Experience with developing threat models and using threat models to identify potential security controls.
• Experience in working with external security assessors to drive 3rd party assessments and pentest.
• Ability to translate a pentest report into tangible contextual security risk elements.
• Hands-on experience in driving security programs such as offensive security, security risk management, security compliance.

Desirable Qualifications

• Professional certifications such as CISSP, OSCP, GIAC-PEN, Prosci, SAFe or PMP.
• Experience in building security programs (e.g. security risk management, security compliance, pentest) from ground up.
• Ability to work within organizations with minimal structure and with minimal direction.
• Experience is rolling out potentially disruptive organizational process changes.
• Experience with creating communication plans for various levels of stakeholders.
• Excellent emotional intelligence. 
• Excellent written and verbal communication skills.
• Strong technical, analytical and quantitative skills with the ability to use data and metrics to back up assumptions, recommendations and drive decisions.

Working at Aurora

Our work has real purpose. Delivering the benefits of self-driving will save lives around the world, expand access to transportation, revitalize cities, and give people time back every day.

We’re one team. We’re inspired by the challenge of what we’re solving and the impact our work will have on society. Our camaraderie is built on respect for our work and the fundamental belief our success will be a result of working together.

The Founding Team

Aurora has assembled the most experienced leadership team in this space. Chris Urmson helped lead Carnegie Mellon’s efforts in Darpa’s Grand Challenges, then was a founding member of Google’s self-driving team. Sterling Anderson worked on the tech at MIT before leading Tesla’s Autopilot system. Drew Bagnell, also a Carnegie Mellon alum, is a machine learning expert who helped build Uber’s autonomy effort. At Aurora, these three continue to bring experts from all areas of the industry to the team. We are funded by Amazon, T Rowe Price, and some of Silicon Valley’s best venture capital firms, including Sequoia, Greylock and Index Ventures.

The base salary range for this position is $216K-$345K per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

#LI-DW1

#Mid-Senior