Automotive Security Product Lead

About us

Founded in 2017, Wayve is the leading developer of Embodied AI technology. Our advanced AI software and foundation models enable vehicles to perceive, understand, and navigate any complex environment, enhancing the usability and safety of automated driving systems.

Our vision is to create autonomy that propels the world forward. Our intelligent, mapless, and hardware-agnostic AI products are designed for automakers, accelerating the transition from assisted to automated driving.

In our fast-paced environment big problems ignite us—we embrace uncertainty, leaning into complex challenges to unlock groundbreaking solutions. We aim high and stay humble in our pursuit of excellence, constantly learning and evolving as we pave the way for a smarter, safer future.

At Wayve, your contributions matter. We value diversity, embrace new perspectives, and foster an inclusive work environment; we back each other to deliver impact.

Make Wayve the experience that defines your career!

The role

As Automotive Product Security Lead at Wayve, you will define, mature, and operate the product security framework for Wayve’s automotive software activities. This spans our internal R&D fleet, robotaxi programme, and automotive software supplied to OEM customers, with assurance expectations applied proportionately to each context. You will help ensure Wayve can develop, assure, and supply automotive software that meets appropriate cybersecurity expectations from internal governance, customers, regulators, and external assessors.

You will be trusted to determine what good looks like for automotive product security at Wayve, applying industry best practice with pragmatism and adapting it to our technology, risk profile, product maturity, and stage of growth. You will translate regulations, standards, customer expectations and risk assessments into clear, practical requirements and ways of working that product and engineering teams can apply effectively.

This role sits within Security, but works in close partnership with product, engineering, safety, and customer-facing teams. This role sets standards, guides and advises, and assures implementation. Delivery teams apply the controls and processes, produce evidence and work products, maintain cybersecurity cases, and own residual risk.

This is a senior individual contributor role with broad cross-functional influence. You will be hands-on in establishing expectations, reviewing work products, advising teams, assessing cybersecurity case credibility, and challenging or escalating where evidence or risk gaps are not being addressed. As the capability matures, you will help scale repeatable processes, templates, metrics, and assurance mechanisms that allow Wayve to move quickly while maintaining the rigour expected for automotive software.

The role is advisory and assurance-focused in nature, providing oversight, challenge, and pragmatic guidance to the business while enabling product and engineering teams to meet automotive cybersecurity expectations without unnecessary friction.

Key responsibilities

• Automotive Product Security Framework & Strategy
• Define and maintain Wayve's automotive product security framework, aligned to ISO 21434, ASPICE for Cybersecurity, and customer assurance expectations.
• Establish practical processes, templates, guidance, and minimum control expectations for automotive cybersecurity activities across R&D fleet, robotaxi, and customer software programmes.
• Programme Guidance & Coordination
• Act as the product security lead across automotive software activities, helping teams understand what security activities are required, when they are required, and what good evidence looks like.
• Coordinate product security activity across security, product, engineering, safety, and customer-facing teams to ensure dependencies, risks, and assurance needs are understood early.
• Cybersecurity Case Assurance
• Define the minimum expectations, structure, and quality bar for Wayve's automotive cybersecurity cases.
• Provide independent review of required work products, traceability and completeness, residual risk statements, and the overall credibility of the cybersecurity case.
• Assess whether the cybersecurity case provides a defensible argument that the relevant system or software is acceptably secure for its intended context.
• Product Security Risk Governance
• Establish mechanisms for product cybersecurity risk visibility, challenge, escalation, and decision-making across automotive programmes.
• Partner with risk owners to ensure residual product cybersecurity risks are clearly documented, treatment options are understood, remediation is tracked, and acceptance decisions are made by the appropriate accountable owners.
• Challenge and escalate where risk, evidence, or delivery gaps are not being addressed appropriately.
• Regulatory, Customer & OEM Readiness
• Translate automotive cybersecurity regulatory, standards, and customer expectations into practical internal requirements and assurance activities.
• Support preparation for external audits, customer assessments, and OEM reviews where product cybersecurity evidence is required.
• Represent Wayve credibly in product security discussions with customers, partners, and external assessors.
• Secure Development Enablement
• Advise and upskill product and engineering teams on automotive cybersecurity practices, including TARA, cybersecurity requirements, secure architecture, implementation evidence, verification, validation, and security testing expectations.
• Build reusable guidance and playbooks that help teams integrate product security into existing development processes without duplicative or unnecessary process overhead.
• Metrics, Reporting & Continuous Improvement
• Develop meaningful metrics that demonstrate automotive product security maturity, assurance readiness, evidence quality, risk treatment progress, and recurring areas of weakness.
• Provide clear reporting to security, product, engineering and other senior stakeholders, using evidence and judgement to drive continuous improvement in Wayve's product security capability.

About you

To set you up for success as Automotive Product Security Lead at Wayve, we’re looking for the following skills and experience.

Essential

• Proven experience in a senior product security, automotive cybersecurity, embedded systems security, or security assurance role, with accountability for influencing security outcomes across complex technical programmes.
• Strong knowledge of automotive cybersecurity expectations, particularly ISO 21434 and UNECE R155.
• Experience defining, applying, or assessing cybersecurity lifecycle activities and work products, including TARA, cybersecurity goals, cybersecurity requirements, verification and validation evidence, and residual risk treatment.
• Strong technical judgement across software security, embedded or vehicle systems, secure architecture, threat modelling, security testing, and risk assessment.
• Experience reviewing or contributing to cybersecurity cases, assurance cases, technical evidence packs, or comparable structured security arguments.
• Excellent judgement and independence, with confidence challenging issues while maintaining constructive working relationships.
• Experience partnering with product, engineering, delivery, safety, legal, security, supplier, or customer-facing teams to deliver proportionate and effective security outcomes.
• Strong written and verbal communication skills, able to translate standards, risks, and assurance expectations into clear, practical guidance for technical and non-technical stakeholders.
• Comfort operating with high autonomy in a fast-moving, ambiguous environment where the right level of process needs to be designed, not simply inherited.

Desirable

• Experience establishing or scaling a product security or automotive cybersecurity capability in a growing or fast-moving organisation.
• Experience with OEM customer assurance, external audits, cybersecurity certification, type approval, or independent assessment activity.
• Familiarity with ASPICE, ISO 26262, ISO 21448 / SOTIF, or safety-security interface management.
• Experience with autonomous vehicles, ADAS, robotics, safety-critical software, automotive software platforms, vehicle networks, OTA update systems, or fleet operations.
• Experience managing product-security-relevant supplier assurance, supplier evidence, or third-party cybersecurity risk in an automotive context.
• Relevant certifications or training, such as ISO 21434, CISSP, CSSLP, GICSP, or automotive cybersecurity training.

This is a full-time role based in our offices in London, Sunnyvale or Leonberg. At Wayve we want the best of all worlds so we operate a hybrid working policy that combines time together in our offices and workshops to fuel innovation, culture, relationships and learning, and time spent working from home. We operate core working hours so you can determine the schedule that works best for you and your team.

Wayve is committed to creating an inclusive interview experience. If you require any accommodations or adjustments to participate fully in our interview process, please let us know.

We understand that everyone has a unique set of skills and experiences and that not everyone will meet all of the requirements listed above. If you’re passionate about self-driving cars and think you have what it takes to make a positive impact on the world, we encourage you to apply.

At Wayve we're committed to creating a diverse, fair and respectful culture that is inclusive of everyone based on their unique skills and perspectives, and regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, veteran status, pregnancy or related condition (including breastfeeding) or any other basis as protected by applicable law.

For more information visit Careers at Wayve.

To learn more about what drives us, visit Values at Wayve

For US candidates only, please visit E-Verify Notice and Participation and Right to Work

DISCLAIMER: We will not ask about marriage or pregnancy, care responsibilities or disabilities in any of our job adverts or interviews. However, we do look to capture information about care responsibilities, and disabilities among other diversity information as part of an optional DEI Monitoring form to help us identify areas of improvement in our hiring process and ensure that the process is inclusive and non-discriminatory.