Rivian
Staff Cybersecurity Application Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Rivian
Rivian Automotive, Inc. is an American electric vehicle manufacturer founded in 2009 by Robert 'RJ' Scaringe. The company specializes in adventure-oriented electric trucks, SUVs, and commercial delivery vans built on a unique "skateboard" platform. Rivian focuses on creating sustainable, high-performance vehicles designed for off-roading, family trips, and commercial use, featuring extended battery ranges of up to 400 miles and rapid acceleration. Rivian's product lineup includes the R1T all-electric pickup truck and the R1S all-electric SUV, both known for their impressive performance and off-road capabilities. The company also produces electric delivery vans for commercial fleets, fulfilling a significant order from Amazon. Rivian is committed to environmental sustainability, supported by the Rivian Foundation, and is actively developing a charging network to enhance EV adoption. With a mission to "Keep the World Adventurous Forever," Rivian aims to lead in the electric vehicle market while promoting conservation efforts.
Security at Rivian
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Rivian aims to integrate security deeply into the development process, positioning AppSec as a bridge between security and engineering to foster a culture of secure-by-design development.
- The team prioritizes automation and integration over manual checks, moving beyond simple vulnerability scanning toward agentic security workflows within CI/CD pipelines.
- The philosophy emphasizes developer enablement and shifting security left in the development lifecycle, with leadership stating that "AppSec is evolving past 'scan more.'".
Security Team
The AppSec team is part of the broader Enterprise Cybersecurity department, led by Mike Johnson, Chief Information Security Officer. The team prioritizes integration of security into the development process with a focus on automation and developer enablement. Leadership emphasizes moving beyond simple scanning tools toward agentic security workflows. While exact headcount for the Application Security sub-unit is not publicly disclosed, the team has 1 active job posting and recruits for roles requiring expertise in GraphQL, AWS, React, Java, Node.js, Python, Docker/Kubernetes, and CI/CD integration.
Key Initiatives
Rivian emphasizes shift-left practices through automated security tooling and agentic security workflows integrated into CI/CD pipelines. External vulnerability reports are funneled through vulnerability@rivian.com and a Bug Bounty program (managed via Intigriti) with strict response timelines (Critical: 2 working days). The company requires third parties to maintain security standards through their Secure Development Lifecycle program, including static code analysis. Recent initiatives focus on AI integration for security teams, with leadership prioritizing AI code assistants as a key ROI driver for 2026. No public evidence of an internal Security Champions program was found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.