The Role

This is a senior security leadership role reporting to the CDO, with genuine breadth across cloud, product, and enterprise security. You will build and lead the Security Hub, a cross-functional centre of excellence that anchors cybersecurity across the domains Coretura operates in. You will lead off-board and enterprise security directly and coordinate closely with the onboard vehicle cybersecurity organisation to ensure a coherent, end-to-end security posture.

Scope

You directly own and lead:

• Cloud & Product Security, secure architecture, DevSecOps, vulnerability management, and CI/CD hardening across the services that connect vehicles to the outside world

• Enterprise IT Security, IAM, endpoint protection, network security, and incident response

• Physical Security, lab access control, visitor management, and physical incident handling

You coordinate with the onboard vehicle cybersecurity organisation on:

• Vehicle Cybersecurity, TARA per ISO/SAE 21434, UN R155/R156 compliance, and the zone-based security architecture spanning safety-critical ASIL partitions to the external connectivity boundary

You also establish and lead a Security Community of Practice, the connective tissue that spreads security thinking across vehicle, cloud, and enterprise domains.

How This Role Creates Value

Coretura is a product company, not a systems integrator or project house. That distinction matters enormously for security. Our platform ships to multiple global OEMs and runs in the field for years. Every security decision we make, or fail to make, has consequences at scale, long after delivery. The Security Hub exists to ensure that security is designed in from day one, that compliance is traceable without drowning engineers in process, and that our platform becomes a competitive differentiator rather than a liability.

You will own our ISMS and CSMS, govern our Asset → Threat → Control → Implementation → Evidence model, and ensure security tooling integrates directly into how engineers already work, using the same Sphinx-needs toolchain as our product documentation. Security here must be lean, auditable, and real.

The Challenges

Converging regulations, GDPR, ISO 26262, and many more apply simultaneously. Our policy with everything as code is a blessing but also adds friction.

Cross-domain attack surface. Cloud and vehicle security are inseparable, requires technical depth and cross-team alignment.

Supply chain risk. Keep curation policies sharp: block malicious packages, flag CVEs, monitor aged dependencies.

OEM demands. Negotiate Cybersecurity Interface Agreements and turn security architecture into hardware procurement requirements.

Incident response. Our security incident response team and system must meet UN R155 timelines and OEM contracts, ready before an incident.

What We Are Looking For

A security generalist with depth in at least two of the domains above. You can read a cloud architecture diagram and a TARA and have a view on both. You understand that compliance without engineering is theatre, and engineering without compliance is liability.

Experience with ISO/SAE 21434, UN R155/R156, and ISO 27001 in a product company context is essential. Automotive background is a strong advantage. Comfort with AWS/Azure, DevSecOps, and software supply chain security is expected.

Most importantly: you are motivated by the mission. Safe, secure vehicles on the road. That is what this work is for.

Apply Anonymously?

It is completely understandable if you want to know more before putting yourself out there. Generate and apply with your anonymized resume and hidden mail here. This means we will review your profile without knowing your identity, and keep the initial dialogue to an untraceable mail address.