Principal Product Security Architect

Daimler Truck North America•Portland, OR

1d•Hybrid

About The Position

Inside the Role Our team owns the cybersecurity practice for DTNA's Autonomous Technology Group. We are a small team that respects and learns from established approaches, but we are not afraid to build our own path where the established one ends. We are curious by nature and encourage experimentation. The team is at its best when someone asks, "what if we tried it this way instead?" Good ideas come from questioning status quo! We built our vehicle cybersecurity risk modeling methodology from the ground up and completed the first full vehicle risk assessment of Daimler Truck’s autonomous vehicle platform. Version 1 is done, but we are not satisfied yet. We believe in what we built, but are looking for someone who will challenge it to make it better. The next phase of work is about making the methodology scale and tightening the connection between risk analysis and implementation evidence. That means extending the model to additional vehicle platforms, automating manual steps in the tooling, and closing the gaps between what the risk assessment says should exist and what can be demonstrated in our evidence chain. You will have real ownership of the risk model and wide latitude to improve the methodology, the tools, and the standards. Your decisions will show up in Daimler Truck products globally. Posting Information We provide a scheduled posting end date to assist our candidates with their application planning. While this date reflects our latest plans, it is subject to change, and postings may be extended or removed earlier than expected. We Take Care of Our Team What You Drive at DTNA The Principal Product Security Risk Model Owner will serve as the technical authority for cybersecurity risk modeling methodology and tooling. Automotive cybersecurity is a young discipline. We do not expect candidates to check every box below. These requirements are structured around what we consider foundational versus what can be developed on the job.

Requirements

Bachelor’s Degree in Engineering, Computer Science or other STEM type degree and 5-7 years of related experience is required.
Strong Technical Writing Skills - Work products must be clear, consistent, and defensible under audit. Prior experience producing engineering specifications, test procedures, or diagnostic documentation is relevant.
Automotive System Architecture - Strong understanding of automotive system architecture, including ECU design, in-vehicle network topologies, runtime communication, and diagnostic protocols.
Embedded Systems Experience - Hands-on experience developing, integrating, or diagnosing automotive embedded systems. Worked close enough to hardware and software to understand how vehicle systems behave under normal and abnormal conditions.
Attacker Mindset - The ability to look at a system and reason about how it could be manipulated or misused, where boundaries are weak, and recognize potential design flaws. This may come from a formal cybersecurity background, a test and validation background, or some other demonstrated aptitude.
Resourcefulness with Tools and Processes - We value engineers who adapt existing tools to new purposes and build creative solutions when off-the-shelf options fall short.
Standards Familiarity - Comfort working within a standards-driven engineering environment is essential. Familiarity with ISO/SAE 21434, or the ability to develop proficiency quickly.
Threat Modeling Knowledge - Working knowledge of threat modeling concepts and risk assessment methodology.
An attached resume is required.

Nice To Haves

Structured Threat Modeling - Direct experience implementing TARA methodology, STRIDE, or similar structured threat modeling frameworks.
Attack Feasibility Rating - Experience with attack feasibility rating frameworks (e.g., CVSS, attack potential-based approaches).
Requirements Management Tools - Familiarity with requirements management tools (e.g., IBM ELM/DOORS, JAMA, CATIA) and traceability workflows.
Engineering Tooling Development - Background in engineering tooling development or customization.
Safety-Critical Frameworks - Experience working within ISO 26262 or similar safety-critical development frameworks.

Responsibilities

TARA methodology ownership. Define, document, and continuously improve DTNA's threat analysis and risk assessment process. Ensure the methodology is rigorous, repeatable, and auditable across the full vehicle cybersecurity case lifecycle.
Risk modeling tooling . Lead the design and development of internal tooling that supports structured risk assessment, attack feasibility analysis, and traceability from threat scenarios through implementation requirements.
ISO/SAE 21434 compliance. Serve as a subject matter expert on ISO/SAE 21434. Ensure risk modeling methodology and outputs satisfy the standard's work product and evidentiary requirements.
Threat intelligence and attack feasibility analysis . Maintain current awareness of the threat landscape relevant to commercial and autonomous vehicles. Translate that awareness into updates to attack feasibility ratings, threat scenarios, and risk treatment decisions.
Authoring standards. Define and enforce quality standards for cybersecurity work products including threat scenarios, risk assessments, and security requirements. Provide technical review and guidance to maintain consistency across the team.
Traceability and lifecycle management. Ensure risk model outputs maintain clean connections to upstream functional assets and downstream implementation requirements, test cases, and evidence artifacts across toolchains (IBM ELM, SharePoint, TARA tooling).
Cross-functional collaboration. Work with systems engineering, Truck Technology, and Product Validation teams to integrate cybersecurity risk assessments into vehicle development workflows.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume