Senior Cybersecurity Compliance Engineer

Описание вакансии

Kodiak Robotics, Inc. was founded in 2018 and has become a leader in autonomous ground transportation committed to a safer and more efficient future for all. The company has developed an artificial intelligence (AI) powered technology stack purpose-built for commercial trucking and the public sector. The company delivers freight daily for its customers across the southern United States using its autonomous technology. In 2024, Kodiak became the first known company to publicly announce delivering a driverless semi-truck to a customer. Kodiak is also leveraging its commercial self-driving software to develop, test and deploy autonomous capabilities for the U.S. Department of Defense.

As a Senior Cybersecurity Compliance Engineer at Kodiak AI, you will work at the intersection of traditional IT security, embedded systems engineering, and rigorous international safety regulations. Unlike a general compliance role, this position requires a deep understanding of how software interacts with vehicle hardware to ensure public safety.

In this role, you will:

• Establish and maintain a Cybersecurity Management System (CSMS) to ensure the organization has appropriate security measures across development, production, and post-production.
• Manage security requirements and risk treatment for self-driving platform features throughout the entire product lifecycle (concept, development, operation, and incident response).
• Partner with Functional Safety teams to evaluate the overlap between cybersecurity (ISO 21434) and functional safety (ISO 26262) to mitigate physical safety implications of cyber threats.
• Drive compliance efforts across various security frameworks, encompassing both general IT and autonomous vehicle (AV) specific standards. This includes:

• NIST SP 800-171: Focusing on CMMC and Controlled Unclassified Information (CUI) security.
• NIST SP 800-53: Addressing SaaS security.
• SOC2: Ensuring customer data protection.
• ISO/SAE 21434: Leading initiatives for emerging road vehicle cybersecurity engineering standards.

• SupportKodiak’s management team by providing written and verbal responses to potential partners and customers.
• Design and audit security controls for our off-vehicle infrastructure, ensuring data integrity and end-to-end encryption.
• Conduct technical risk assessments of ourhardware components and partners, ensuring every link in the supply chain meets our high security bar.
• Track remediation progress with owner teams, escalate blockers, and ensure clean issue closure
• Participate in incident investigations by gathering technical evidence and supporting impact analysis
• Maintain high-quality documentation, runbooks, and operational updates
• Identify process gaps and contribute practical workflow improvements that reduce manual toil

What you'll bring:

• 6+ years of relevant experience in cybersecurity, vulnerability management, security operations, application security, or related security engineering
• 3+ years in Autonomous Vehicles, Aerospace, or Robotics.
• Deep familiarity with the NHTSA AV Framework and experience applying SOC2 or ISO 27001 to safety-critical hardware/software environments.
• Ability to work with C++ or Python for security scripting and experience with cloud-native security tools (AWS/GCP).
• Understanding of embedded systems security and how to protect safety-critical functions from external communication ports.
• Strong understanding of vulnerability assessment fundamentals (CVSS, exploitability, risk prioritization, remediation tradeoffs)
• Strong written and verbal communication skills for cross-functional collaboration
• Demonstrated execution ownership in operational security work

Bonus Points for:

• Exposure to security automation/SOAR platforms (for example Tines, Splunk SOAR, or equivalent)
• Experience with container/Kubernetes vulnerability workflows
• Familiarity with hardware-adjacent vulnerability domains (GPU/DPU firmware, BMC/IPMI)
• Experience supporting compliance evidence collection (SOC 2, ISO 27001, FedRAMP, or similar)
• Experience in high-growth or fast-moving infrastructure environments
• Exposure to AI-assisted security workflows and human-in-the-loop validation
• Expert knowledge of communication protocols such as CAN, CAN-FD, Automotive Ethernet, and LIN, including their common vulnerabilities (e.g., message injection, spoofing, DoS).
• Implementation of Public Key Infrastructure (PKI) for secure boot, secure Over-the-Air (OTA) software updates, and encrypted in-vehicle communication.
• Experience leading or performing hands-on penetration testing against Electronic Control Units (ECUs), telematics units, and ADAS sensors.
• Strong understanding of secure architectural patterns for embedded systems, including hardware security modules (HSMs) and Trusted Execution Environments (TEE).

What we offer:

• Competitive compensation package including equity and annual bonuses
• Excellent Medical, Dental, and Vision plans through Kaiser Permanente, Cigna, and MetLife (including a medical plan with infertility benefits)
• MetLife Legal Services, Identity & Fraud Protection, Hospital Indemnity Insurance, Accident Insurance, & Critical Illness Insurance
• Flexible PTO, 10 paid holidays, and generous parental leave policies
• Our office is centrally located in Mountain View, CA
• Office perks: dog-friendly, free catered lunch, a fully stocked kitchen, and free EV charging
• Long Term Disability, Short Term Disability, Life Insurance
• Wellbeing Benefits - Headspace through Cigna, Calm through Kaiser, One Medical, Gympass, Spring Health through Cigna, Rula (mental health navigation)
• Fidelity 401(k)
• Commuter, FSA, Dependent Care FSA, HSA
• Various incentive programs (referral bonuses, patent bonuses, etc.)

The pay range listed below reflects the base salary in our SF/Silicon Valley location,across several internal levels. Actual starting pay will be based on job-related factors including: work location, experience, relevant training, education, skill level and performance during interview. Total compensation at Kodiak includes base pay, equity, bonus and a competitive benefits package

California Pay Range

$190,000—$250,000 USD

At Kodiak, we strive to build a diverse community working towards our common company goals in a safe and collaborative environment where harassment of any kind is strictly prohibited. Kodiak is committed to equal opportunity employment regardless of race, ethnicity, religion, gender identity, sexual orientation, age, disability, or veteran status, or any other basis protected by applicable law.

In alignment with its business operations, Kodiak adheres to all relevant statutes, regulations, and administrative prerequisites. Accordingly, roles that carry more sensitive requirements may be limited to candidates that can satisfy additional scrutiny and eligibility for such positions may hinge on verification of a candidate’s residence, U.S. person status, and/or citizenship status. Should the position require, and Kodiak determines that a candidate’s residence, U.S. person status, and/or citizenship status necessitate an export license, bar the candidate from the position, or otherwise fall under national security-related restrictions, Kodiak will consider the candidate for alternative positions unaffected by such restrictions, under terms and conditions set forth at Kodiak’s sole discretion, or, as an alternative, opt not to proceed with the candidate’s application. If applicable, Kodiak may provide visa sponsorship for eligible candidates.

We use a third-party AI tool (Endorsed) to assist in the initial screening of applications. As part of the evaluation process, we provide Endorsed with job requirements and candidate-submitted applications. Final hiring decisions are made by our human recruitment team, and no automated system makes the ultimate decision regarding hiring. Certain features of the platform may qualify it as an Automated Employment Decision Tool (AEDT) under applicable regulations. We began using Endorsed on January 1, 2026. You can review the independent bias audit report covering our use of Endorsed [here](https://endorsed.com/local-law-144). By submitting your application, you acknowledge that your application may be processed by AI systems as part of the screening and selection process. If you have any questions or would like to request a separate review of your application, please contact careers@kodiak.ai with "Separate Review Request" in the email subject line.