We're Cruise, a self-driving service designed for the cities we love.
We’re building the world’s most advanced self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
In our cars, you’re free to be yourself. It’s the same here at Cruise. We’re creating a culture that values the experiences and contributions of all of the unique individuals who collectively make up Cruise, so that every employee can do their best work.
Cruise is committed to building a diverse, equitable, and inclusive environment, both in our workplace and in our products. If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, come join us. Even if you might not meet every requirement, we strongly encourage you to apply. You might just be the right candidate for us.
Cruise is looking for a Senior Cybersecurity Risk Analyst to join our Security Trust & Assurance team as part of the first line of defense to help Cruise build trust with regulators, investors, internal Cruise teams, and customers. In this position, you will support Cruise’s cybersecurity risk management program and to improve Cruise’s Information Security Management System (ISMS). You will use a security first approach to prioritize and treat risk in order to keep Cruise secure. If you're interested in supporting a growing risk program and want to work with partners to implement innovative security controls, let's chat!
You will conduct regular security risk assessments and create risk treatment plans to address the risks
You will align these treatment plans with ongoing agile planning and strategic roadmaps to ensure risks are mitigated timely
You will identify new risk, score using NIST 800-30 methodology, and prioritize the risk treatment effort
You will work with key risk partners across Cruise to prioritize cybersecurity risk mitigation efforts
3+ years of experience with cybersecurity risk management
Experience with frameworks such as NIST RMF or Mitre Att&ck and can articulate the benefits of a cohesive methodology
Experience in a cloud environment such as AWS, GCP, or Azure and can recommend cloud security controls
An understanding of threat modeling and threat surface reduction
An understanding of kill chains and common attack patterns
The ability to drive consensus across team members, often for complex problems without clear solutions
An understanding of red team tactics, techniques, and procedures and can recommend mitigating controls
Proactive and incessant initiative to deliver results and contribute to the team's vision
You have security engineering experience or a technical certification demonstrating an understanding of proper control implementations
You have CRISC, CCSP, CEH, CASP+, OSCP, or similar certification
You have experience creating practical insights based on threat intelligence
You participate in CTF challenges, Cyber Ranges, or security conferences
You have a bachelor’s degree in computer science, computer engineering, information systems, or business technology
The salary range for this position is $115,600 - 170,000. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, restricted stock units, and benefits. These ranges are subject to change.
Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives. We seek applicants of all backgrounds and identities, across race, color, caste, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.
Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email [email protected].
We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.
Candidates applying for roles that operate and remotely operate the AV: Licensed to drive a motor vehicle in the U.S. for the three years immediately preceding your application, currently holding an active in-state regular driver’s license or equivalent, and no more than one point on driving record. A successful completion of a background check, drug screen and DMV Motor Vehicle Record check is also required.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.