Senior Cybersecurity Compliance Engineer

Kodiak

Job Location:

Mountain View, CA - USA

Monthly Salary: $ 190000 - 250000

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Kodiak Robotics Inc. was founded in 2018 and has become a leader in autonomous ground transportation committed to a safer and more efficient future for all. The company has developed an artificial intelligence (AI) powered technology stack purpose-built for commercial trucking and the public sector. The company delivers freight daily for its customers across the southern United States using its autonomous 2024 Kodiak became the first known company to publicly announce delivering a driverless semi-truck to a customer. Kodiak is also leveraging its commercial self-driving software to develop test and deploy autonomous capabilities for the U.S. Department of Defense.

As a Senior Cybersecurity Compliance Engineer at Kodiak AI you will work at the intersection of traditional IT security embedded systems engineering and rigorous international safety regulations. Unlike a general compliance role this position requires a deep understanding of how software interacts with vehicle hardware to ensure public safety.

In this role you will:

Establish and maintain a Cybersecurity Management System (CSMS) to ensure the organization has appropriate security measures across development production and post-production.
Manage security requirements and risk treatment for self-driving platform features throughout the entire product lifecycle (concept development operation and incident response).
Partner with Functional Safety teams to evaluate the overlap between cybersecurity (ISO 21434) and functional safety (ISO 26262) to mitigate physical safety implications of cyber threats.
Drive compliance efforts across various security frameworks encompassing both general IT and autonomous vehicle (AV) specific standards. This includes:

NIST SP 800-171: Focusing on CMMC and Controlled Unclassified Information (CUI) security.
NIST SP 800-53: Addressing SaaS security.
SOC2: Ensuring customer data protection.
ISO/SAE 21434: Leading initiatives for emerging road vehicle cybersecurity engineering standards.

Support Kodiaks management team by providing written and verbal responses to potential partners and customers.
Design and audit security controls for our off-vehicle infrastructure ensuring data integrity and end-to-end encryption.
Conduct technical risk assessments of our hardware components and partners ensuring every link in the supply chain meets our high security bar.
Track remediation progress with owner teams escalate blockers and ensure clean issue closure
Participate in incident investigations by gathering technical evidence and supporting impact analysis
Maintain high-quality documentation runbooks and operational updates
Identify process gaps and contribute practical workflow improvements that reduce manual toil

What youll bring:

6 years of relevant experience in cybersecurity vulnerability management security operations application security or related security engineering
3 years in Autonomous Vehicles Aerospace or Robotics.
Deep familiarity with the NHTSA AV Framework and experience applying SOC2 or ISO 27001 to safety-critical hardware/software environments.
Ability to work with C or Python for security scripting and experience with cloud-native security tools (AWS/GCP).
Understanding of embedded systems security and how to protect safety-critical functions from external communication ports.
Strong understanding of vulnerability assessment fundamentals (CVSS exploitability risk prioritization remediation tradeoffs)
Strong written and verbal communication skills for cross-functional collaboration
Demonstrated execution ownership in operational security work

Bonus Points for:

Exposure to security automation/SOAR platforms (for example Tines Splunk SOAR or equivalent)
Experience with container/Kubernetes vulnerability workflows
Familiarity with hardware-adjacent vulnerability domains (GPU/DPU firmware BMC/IPMI)
Experience supporting compliance evidence collection (SOC 2 ISO 27001 FedRAMP or similar)
Experience in high-growth or fast-moving infrastructure environments
Exposure to AI-assisted security workflows and human-in-the-loop validation
Expert knowledge of communication protocols such as CAN CAN-FD Automotive Ethernet and LIN including their common vulnerabilities (e.g. message injection spoofing DoS).
Implementation of Public Key Infrastructure (PKI) for secure boot secure Over-the-Air (OTA) software updates and encrypted in-vehicle communication.
Experience leading or performing hands-on penetration testing against Electronic Control Units (ECUs) telematics units and ADAS sensors.
Strong understanding of secure architectural patterns for embedded systems including hardware security modules (HSMs) and Trusted Execution Environments (TEE).

What we offer:

Competitive compensation package including equity and annual bonuses
Excellent Medical Dental and Vision plans through Kaiser Permanente Cigna and MetLife (including a medical plan with infertility benefits)
MetLife Legal Services Identity & Fraud Protection Hospital Indemnity Insurance Accident Insurance & Critical Illness Insurance
Flexible PTO 10 paid holidays and generous parental leave policies
Our office is centrally located in Mountain View CA
Office perks: dog-friendly free catered lunch a fully stocked kitchen and free EV charging
Long Term Disability Short Term Disability Life Insurance
Wellbeing Benefits - Headspace through Cigna Calm through Kaiser One Medical Gympass Spring Health through Cigna Rula (mental health navigation)
Fidelity 401(k)
Commuter FSA Dependent Care FSA HSA
Various incentive programs (referral bonuses patent bonuses etc.)

The pay range listed below reflects the base salaryin our SF/Silicon Valley locationacross several internal levels. Actual starting pay will be based on job-related factors including: work location experience relevant training education skill level and performance during interview. Total compensation at Kodiak includes base pay equity bonus and a competitive benefits package

California Pay Range

$190000 - $250000 USD

At Kodiak we strive to build a diverse community working towards our common company goals in a safe and collaborative environment where harassment of any kind is strictly prohibited. Kodiak is committed to equal opportunity employment regardless of race ethnicity religion gender identity sexual orientation age disability or veteran status or any other basis protected by applicable law.

In alignment with its business operations Kodiak adheres to all relevant statutes regulations and administrative prerequisites. Accordingly roles that carry more sensitive requirements may be limited to candidates that can satisfy additional scrutiny and eligibility for such positions may hinge on verification of a candidates residence U.S. person status and/or citizenship status. Should the position require and Kodiak determines that a candidates residence U.S. person status and/or citizenship status necessitate an export license bar the candidate from the position or otherwise fall under national security-related restrictions Kodiak will consider the candidate for alternative positions unaffected by such restrictions under terms and conditions set forth at Kodiaks sole discretion or as an alternative opt not to proceed with the candidates application. If applicable Kodiak may provide visa sponsorship for eligible candidates.

We use a third-party AI tool (Endorsed) to assist in the initial screening of applications. As part of the evaluation process we provide Endorsed with job requirements and candidate-submitted applications. Final hiring decisions are made by our human recruitment team and no automated system makes the ultimate decision regarding hiring. Certain features of the platform may qualify it as an Automated Employment Decision Tool (AEDT) under applicable regulations. We began using Endorsed on January 1 2026. You can review the independent bias audit report covering our use of Endorsed here( By submitting your application you acknowledge that your application may be processed by AI systems as part of the screening and selection process. If you have any questions or would like to request a separate review of your application please contact with Separate Review Request in the email subject line.

Required Experience:

Senior IC

In this role you will:

Establish and maintain a Cybersecurity Management System (CSMS) to ensure the organization has appropriate security measures across development production and post-production.
Manage security requirements and risk treatment for self-driving platform features throughout the entire product lifecycle (concept development operation and incident response).
Partner with Functional Safety teams to evaluate the overlap between cybersecurity (ISO 21434) and functional safety (ISO 26262) to mitigate physical safety implications of cyber threats.
Drive compliance efforts across various security frameworks encompassing both general IT and autonomous vehicle (AV) specific standards. This includes:

NIST SP 800-171: Focusing on CMMC and Controlled Unclassified Information (CUI) security.
NIST SP 800-53: Addressing SaaS security.
SOC2: Ensuring customer data protection.
ISO/SAE 21434: Leading initiatives for emerging road vehicle cybersecurity engineering standards.

Support Kodiaks management team by providing written and verbal responses to potential partners and customers.
Design and audit security controls for our off-vehicle infrastructure ensuring data integrity and end-to-end encryption.
Conduct technical risk assessments of our hardware components and partners ensuring every link in the supply chain meets our high security bar.
Track remediation progress with owner teams escalate blockers and ensure clean issue closure
Participate in incident investigations by gathering technical evidence and supporting impact analysis
Maintain high-quality documentation runbooks and operational updates
Identify process gaps and contribute practical workflow improvements that reduce manual toil

What youll bring:

6 years of relevant experience in cybersecurity vulnerability management security operations application security or related security engineering
3 years in Autonomous Vehicles Aerospace or Robotics.
Deep familiarity with the NHTSA AV Framework and experience applying SOC2 or ISO 27001 to safety-critical hardware/software environments.
Ability to work with C or Python for security scripting and experience with cloud-native security tools (AWS/GCP).
Understanding of embedded systems security and how to protect safety-critical functions from external communication ports.
Strong understanding of vulnerability assessment fundamentals (CVSS exploitability risk prioritization remediation tradeoffs)
Strong written and verbal communication skills for cross-functional collaboration
Demonstrated execution ownership in operational security work

Bonus Points for:

Exposure to security automation/SOAR platforms (for example Tines Splunk SOAR or equivalent)
Experience with container/Kubernetes vulnerability workflows
Familiarity with hardware-adjacent vulnerability domains (GPU/DPU firmware BMC/IPMI)
Experience supporting compliance evidence collection (SOC 2 ISO 27001 FedRAMP or similar)
Experience in high-growth or fast-moving infrastructure environments
Exposure to AI-assisted security workflows and human-in-the-loop validation
Expert knowledge of communication protocols such as CAN CAN-FD Automotive Ethernet and LIN including their common vulnerabilities (e.g. message injection spoofing DoS).
Implementation of Public Key Infrastructure (PKI) for secure boot secure Over-the-Air (OTA) software updates and encrypted in-vehicle communication.
Experience leading or performing hands-on penetration testing against Electronic Control Units (ECUs) telematics units and ADAS sensors.
Strong understanding of secure architectural patterns for embedded systems including hardware security modules (HSMs) and Trusted Execution Environments (TEE).

What we offer:

Competitive compensation package including equity and annual bonuses
Excellent Medical Dental and Vision plans through Kaiser Permanente Cigna and MetLife (including a medical plan with infertility benefits)
MetLife Legal Services Identity & Fraud Protection Hospital Indemnity Insurance Accident Insurance & Critical Illness Insurance
Flexible PTO 10 paid holidays and generous parental leave policies
Our office is centrally located in Mountain View CA
Office perks: dog-friendly free catered lunch a fully stocked kitchen and free EV charging
Long Term Disability Short Term Disability Life Insurance
Wellbeing Benefits - Headspace through Cigna Calm through Kaiser One Medical Gympass Spring Health through Cigna Rula (mental health navigation)
Fidelity 401(k)
Commuter FSA Dependent Care FSA HSA
Various incentive programs (referral bonuses patent bonuses etc.)