Vehicle SOC Manager

<div class="content-intro"><div><u><strong>Leading the future in luxury electric and mobility</strong></u></div> <div>At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.</div> <div> </div> <div>We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.</div> <div> </div> <div>Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.</div></div><p><strong>Role Summary</strong></p> <p>We are seeking a Lead SOC Validation Adversary Simulation Engineer to strengthen the effectiveness of our Security Operations Center (SOC / VSOC) by continuously validating detections, response workflows, and telemetry using adversary-informed testing techniques.</p> <p>This role is SOC-owned and SOC-driven. The primary objective is to improve detection fidelity, reduce blind spots, and increase SOC readiness across vehicle, cloud, and other environments. Adversary simulation and Purple Team techniques are used as methods to harden SOC operations not as standalone Red Team activities.</p> <p><strong>Key Responsibilities</strong></p> <ol> <li>SOC Detection Validation Assurance (Primary Focus)</li> </ol> <ol> <ul> <li>Own continuous validation of SOC detections across:</li> <ul> <li>Vehicle telemetry and in-vehicle IDS</li> <li>Telematics and backend services</li> <li>Cloud APIs, and other supporting systems</li> </ul> <li>Validate alerts against realistic attacker behavior, not synthetic rules</li> <li>Identify:</li> <ul> <li>Detection gaps</li> <li>Signal quality issues</li> <li>Excessive false positives or low-value alerts</li> </ul> <li>Partner with SOC engineers to improve alert logic, correlation, and response playbooks</li> </ul> <li>Adversary Simulation in Support of SOC</li> <ul> <li>Design controlled adversary simulations to test SOC capabilities:</li> <ul> <li>API misuse and abuse</li> <li>Lateral movement</li> <li>Unauthorized diagnostics or ECU access</li> </ul> <li>Align scenarios to MITRE ATTCK (Cloud API + Automotive)</li> <li>Coordinate with Red Team only when advanced exploitation is required</li> </ul> <li>SOC Telemetry Signal Engineering</li> <ul> <li>Work with platform and product teams to:</li> <ul> <li>Improve log coverage and quality</li> <li>Define high-value security signals</li> <li>Reduce noisy or redundant telemetry</li> </ul> <li>Influence what gets logged, where, and why—from ECUs to cloud services</li> <li>Help SOC prioritize telemetry based on risk and detection value</li> </ul> <li>Incident Readiness Response Validation</li> <ul> <li>Validate SOC incident response workflows through:</li> <ul> <li>Detection-driven exercises</li> <li>Tabletop scenarios informed by real attack paths</li> </ul> <li>Measure and improve:</li> <ul> <li>Mean Time to Detect (MTTD)</li> <li>Mean Time to Triage (MTTT)</li> <li>Mean Time to Respond (MTTR)</li> </ul> <li>Ensure SOC procedures align with real attack timelines</li> </ul> <li>Threat Modeling Risk Alignment</li> <ul> <li>Leverage TARA / threat-modeling outputs to prioritize SOC coverage</li> <li>Ensure SOC monitoring aligns with:</li> <ul> <li>ISO/SAE 21434</li> <li>UNECE R155/R156</li> </ul> <li>Translate detection gaps into risk-based narratives for leadership and auditors</li> <li>Support audit evidence by demonstrating validated monitoring effectiveness</li> </ul> <li>Automation Continuous SOC Vali ... (truncated, view full listing at source)