Aurora
Senior Cloud Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Aurora
Aurora Innovation, Inc. is a Pittsburgh-based company founded in 2017 that specializes in self-driving technology aimed at improving transportation safety and efficiency. The company focuses on freight-hauling trucks and ride-hailing passenger vehicles, with a mission to enhance the American supply chain by integrating autonomous systems alongside human-driven fleets. The flagship product, the Aurora Driver, is designed for various vehicle types and features advanced hardware and software, including proprietary FirstLight lidar technology. This system allows for nearly continuous operation in existing freight fleets and is compatible with major truck platforms from partners like Volvo and PACCAR. Aurora emphasizes safety and performance, guided by a dedicated Safety Advisory Board. Aurora collaborates with several industry leaders, including FedEx, Uber, and Toyota, to advance its technology and expand its impact in the transportation sector. The company values integrity, collaboration, and resilience, striving to deliver self-driving benefits safely and effectively.
Security at Aurora
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Aurora's Security Software Engineering team's mission is to design, implement, and evaluate security components across Aurora's software, hardware, and services.
- They work with partner teams to perform architectural design reviews.
- Their risk philosophy involves rigorously implementing Zero Trust Architecture, providing defense in depth through layered controls, and recognizing the inextricable link between safety and security.
- Stated goals include experience building and evaluating threat models, and ensuring the release process for software updates is built around continuous validation of threat models.
- Gaps include no explicit 'developer-first' mandate or strict gating function found.
Security Team
No public, verbatim statement was found detailing the AppSec reporting chain. Key public-facing leaders include Brett Wahlin, Chief Information Security Officer, and Chris Urmson, Chief Executive Officer. Brett Wahlin is quoted as 'Aurora's Chief Information Security Officer'. The team size estimate is not publicly available. As of, there are 3 active AppSec job postings: 'Staff Security Software Engineer' (two listings) and 'Senior Product Security Engineer'. Common skill/tool patterns from job postings include experience building and evaluating threat models, familiarity with cloud security (AWS) and infrastructure-as-code, familiarity with fuzzers, and requested languages like C++17, Golang, and Python. No public organizational chart or reporting-line statement for AppSec was found.
Key Initiatives
- No evidence was found for a Security Champions Program. 'Shift Left' practices include working with partner teams for architectural design reviews and experience building and evaluating threat models.
- The Vulnerability Management Process involves deploying custom intrusion detection capabilities for monitoring and alerting, and developing processes around managing privileged access.
- No public statements were found for SLAs, MTTR targets, or exact ticketing flows for triage/remediation.
- Secure SDLC artifacts include a release process built around continuous validation of threat models, and job postings reference threat modeling, security code reviews, and technical security assessments.
- Recent initiatives (last 6 months) include rigorously implementing Zero Trust Architecture, using cryptographic attestation to verify authenticity and integrity, and deploying custom intrusion detection capabilities.
- Gaps include no public documentation for a formal Security Champions program, explicit shift-left tool integrations, or named vulnerability management tools and SLAs.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.