The Role:
The Senior Product Cybersecurity Engineer, Product Threat Assessment role sits within the broader Product Cybersecurity organization at General Motors and is responsible for driving early cybersecurity decision-making during product development. Through threat modeling, product threat assessment, and Threat Analysis and Risk Assessment (TARA) activities, this engineer leads the identification of product risks and the definition of security requirements across embedded vehicle software, mobile experiences, and connected software and services. This role provides technical assessments and security direction that inform downstream architecture, engineering, and validation work.
What You'll Do:
-
Perform threat modeling and TARA activities across products, features, and system changes
-
Partner with product and engineering teams during design and architecture discussions
-
Identify security risks and recommend practical mitigations that align with product goals
-
Translate product context, assumptions, and attacker perspectives into actionable security requirements
-
Provide architecture, engineering, and validation teams with clear assessment inputs and security rationale
-
Contribute to the improvement of threat assessment methods, templates, and reusable artifacts across the team
-
Help drive consistent security assessment practices across the product portfolio
Your Skills & Abilities (Required Qualifications):
-
5+ years of cybersecurity experience with roles in product security, threat modeling, or similar areas
-
Strong experience with threat modeling, TARA, and structured security analysis for complex products
-
Ability to assess security considerations across embedded systems, mobile applications, and connected platforms
-
Experience working with product and engineering teams to influence secure design decisions early in development
-
Strong communication skills with the ability to translate technical concerns into practical guidance
-
Ability to review software, APIs, protocols, and system designs to support technical assessments
What Will Give You A Competitive Edge (Preferred Qualifications):
-
Prior role(s) in the automotive industry or a similarly complex, deadline-driven, and regulated field
-
Familiarity with embedded software, operating systems, mobile applications, and cloud services
-
Experience applying ISO/SAE 21434, TARA methods, attack trees, or similar risk frameworks
-
Experience contributing to security guidance, assessment patterns, or reusable technical documentation
What You'll Bring:
-
Strong technical judgment and a structured approach to early security analysis
-
Comfort working in product development environments where ambiguity is present
-
A practical mindset that helps teams address security concerns while maintaining delivery momentum
-
Clear communication that connects technical findings to design and engineering decisions
-
A collaborative approach and a willingness to build repeatable inputs for the broader product security lifecycle
#LI-SB3