Product Security Manager

As Drivemode's Product Security Manager, you will lead the product security program, owning strategy, risk management, compliance, vulnerability management, and incident response processes. You will ensure Drivemode products are designed, built, and maintained securely across the product lifecycle, partnering with engineering, QA, suppliers, and product teams to embed secure-by-design practices. This role is crucial for revolutionizing vehicle engagement and driving Honda's success in the EV market.

Must Have

• Define and maintain product security policies and secure development lifecycle.
• Identify, assess, and prioritize product security risks.
• Lead TARA/threat modeling, vulnerability management, and SBOM/OSS controls.
• Support PSIRT activities and ensure appropriate triage and remediation.
• Implement controls for ISO/SAE 21434, UN R155/R156 compliance.
• Deliver security posture reports and maintain training for security champions.
• Define and execute product security strategy and roadmap.
• Embed secure-by-design practices across engineering.
• Own SBOM/OSS controls and supplier security requirements.
• Run the product vulnerability program and coordinate remediation.
• Define patch/update policy and oversee secure update delivery.
• Report product security posture and KPIs to leadership.
• 7+ years in security roles, 3+ years in management/lead capacity.
• Proven experience leading product security programs.
• Experience with security and compliance audits.
• Strong stakeholder skills.
• Demonstrated ability to embed security practices into agile product teams.
• Ability to collaborate effectively in English.

Good to Have

• Strong stakeholder management.
• Knowledge of automotive cybersecurity standards (ISO/SAE 21434, UNECE R155/R156).
• Familiarity with CAN, automotive Ethernet, OTA mechanisms, Android/Linux.
• Experience with SAST/DAST, SBOM/OSS tooling, vulnerability scanners.
• Experience working with agile development methodologies.
• Familiarity with Automotive SPICE (ASPICE).
• Familiarity with Application Lifecycle Management (ALM) tools (JAMA, Polarion, DOORS).
• CSSLP, CISSP certifications.
• Automotive security training (ISO/SAE 21434 / TARA).
• OSCP certification.
• Japanese language ability.

Perks & Benefits

• Competitive compensation
• Excellent benefits
• Vibrant culture
• Impactful work

Our Mission:

Driving technology always feels old. Not by a little bit. We believe vehicles can be a thousand times smarter, safer, and more connected to the world around us, and our mission is to see it happen. In 2019, we joined forces with Honda as their first startup acquisition, and now we’re expanding our vision into building the future of electric vehicles (BEV) for millions of people around the world.

Why Drivemode:

Join Drivemode for an exciting startup environment and a vibrant culture that combines impactful work, competitive compensation, and excellent benefits. By becoming a part of our team, you'll contribute to a crucial mission that revolutionizes the way people engage with vehicles, addressing both business needs and the world's environmental challenges. This presents an exceptional opportunity to be at the forefront of innovation and drive Honda's success in the EV market.

About the Role:

As Drivemode's Product Security Manager, you will lead the product security program, owning strategy, risk management, compliance, vulnerability management, and incident response processes. You will ensure Drivemode products are designed, built, and maintained securely across the product lifecycle. This role involves partnering with engineering, QA, suppliers, and our product team to embed secure-by-design practices.

What You Will Do

• Define and maintain product security policies, secure development lifecycle, and product security controls.
• Identify, assess, and prioritize product security risks.
• Lead TARA/threat modeling, vulnerability management, SBOM/OSS controls, and secure development practices.
• Support PSIRT activities by ensuring appropriate triage, remediation, and engineering response from Drivemode teams.
• Define and implement controls to meet and demonstrate compliance with ISO/SAE 21434, UN R155/R156, and internal governance and security requirements.
• Deliver regular security posture reports, KPIs, and maintain training for engineering security champions.
• Define and execute product security strategy and roadmap; set policy, risk appetite, and release acceptance criteria.
• Embed secure-by-design practices across engineering: lead TARA/threat modeling, security design reviews, and security gates (CI/CD first).
• Own SBOM/OSS controls and supplier security requirements; ensure evidence for audits and acceptance.
• Run the product vulnerability program and coordinate remediation and evidence handover to other departments; support internal triage and verification.
• Define patch/update policy and oversee secure update delivery for releases and OTA where applicable.
• Report product security posture and KPIs to leadership; run the security champions and training strategy to up-skill engineering teams.

What We Are Looking For

• 7+ years in security roles with more than three years in management/lead capacity.
• Proven experience leading product security programs, TARA/threat modeling ownership, SBOM/OSS management, and vulnerability triage coordination.
• Experience with security and compliance audits.
• Strong stakeholder skills and demonstrated ability to embed security practices into agile product teams.
• Ability to collaborate effectively in English.

Nice to Have

• Preferred Qualifications / Experience
• Strong stakeholder management.
• Knowledge of automotive cybersecurity standards (ISO/SAE 21434, UNECE R155/R156).
• Familiarity with CAN, automotive Ethernet, OTA mechanisms, Android/Linux.
• Experience with SAST/DAST, SBOM/OSS tooling, vulnerability scanners.
• Experience working with agile development methodologies.
• Familiarity with Automotive SPICE (ASPICE)
• Familiarity with Application Lifecycle Management (ALM) tools (e.g., JAMA, Polarion, DOORS).
• Preferred Certifications
• CSSLP, CISSP.
• Strong preference for automotive security training (ISO/SAE 21434 / TARA).
• OSCP.
• Japanese language ability is always welcome.

EEOC Statement

Drivemode is proud of a very diverse team with employees coming from 5 continents/16 countries as of today. Diversity in our workplace has played an important part in our success; we recognize each employee’s unique background, knowledge, experiences, ideas, and viewpoints which are all critical in developing a product that has the greatest impacts on drivers all over the world.

Drivemode provides equal opportunities to all employees and applicants for employment without regard to race, religion, color, age, gender, national origin, sexual orientation, gender identity, disability, or any other characteristics that make you unique.