Principal Information Security Engineer

A Moving Experience.

As a Principal Information Security Engineer, you will play a critical role in safeguarding our systems and software platforms across the development lifecycle. You will leverage your security engineering expertise and hands-on experience with tools like CrowdStrike, Zscaler, and Microsoft Security technologies to detect, respond to, and prevent threats. Your understanding of information security technologies, governance, and risk management will ensure we meet security and compliance expectations in a highly regulated, global automotive environment.

Key Responsibilities:

• Design and maintain robust security technologies, controls, and policies across our global enterprise.
• Support the implementation and management of endpoint detection and response (EDR), end point protection (EPP), zero trust network access (ZTNA), vulnerability management, identity and threat protection using platforms such as CrowdStrike Falcon, Zscaler, Tenable, and Microsoft Security PIM, conditional access, and Windows Hello.
• Own the information security controls that contribute to the company’s governance, risk, and compliance (GRC) efforts, particularly ISO 27001, TISAX, CIS, and customer security assessments.
• Monitor, analyze, and respond to security events, collaborating with vendors, global engineering, DevOps, and IT teams to resolve threats efficiently.
• Run corporate phishing campaign, security training, and security awareness programs
• Document security processes and contribute to internal policies that support information and application security programs.
• Support vulnerability scanning, secure coding, and threat modeling activities in partnership with IT, product, and software teams.
• Participate in vendor security assessments and global OEM customer security reviews.

Required Qualifications:

• Minimum of 3 years of experience in information security, with a focus on corporate / enterprise security in a global, software-driven business.
• Proven experience with CrowdStrike Falcon, Zscaler, Microsoft Security tools, Tenable or similar.
• Solid understanding of governance and risk frameworks, particularly those relevant to enterprise information security management systems.
• Familiarity with secure software development practices and security in cloud environments (Azure preferred).
• Demonstrable ability as self-driven and to work independently
• Strong analytical, problem-solving, and communication skills.

Preferred Qualifications:

• Bachelor’s degree or higher
• Industry certifications such as CISSP, CISM, Microsoft SC Series
• Experience with Atlassian Jira and Confluence
• Experience with ISO 27001, TISAX, NIST, or CIS.
• Understanding of automotive cybersecurity standards (e.g., ISO 21434, UNECE WP.29).
• Knowledge of CI/CD pipelines and security integration in software development workflows.

Cerence Inc. (Nasdaq: CRNC and www.cerence.com) is the global industry leader in creating unique, moving experiences for the automotive world. Spun out from Nuance in October 2019, Cerence is a new, independent company that has quickly gained traction as a leader in the automotive voice assistant space, working with all of the world’s leading automakers – from Ford and Fiat Chrysler to Daimler, Audi and BMW to Geely and SAIC – to transform how a car feels, responds and learns. Its track record is built on more than 20 years of industry experience and leadership and more than 500 million cars on the road today across more than 70 languages.

As Cerence looks to the future and continues an ambitious growth agenda, we need someone to join the team and help build the future of voice and AI in cars. This is an exciting opportunity to join Cerence’s passionate, dedicated, global team and be a part of meaningful innovation in a rapidly growing industry.

EQUAL OPPORTUNITY EMPLOYER

Cerence is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, gender identity, gender expression, sex, sex stereotyping, pregnancy, national origin, ancestry, religion, physical or mental disability, medical condition, marital status, citizenship status, sexual orientation, protected military or veteran status, genetic information and other protected classifications. Cerence Equal Employment Opportunity Policy Statement.

All prospective and current Employees need to remain vigilant when it comes to executing security policies in the workplace. This includes:

- Following workplace security protocols and training programs to familiarize with the ways to maintain a safe workplace.
- Following security procedures to report any suspicious activity.
- Having respect for corporate security procedures to allow those procedures to be effective.
- Adhering to company's compliance and regulations.
- Encouraging to follow a zero tolerance for workplace violence.

- Basic knowledge of information security and data privacy requirements (e.g., how to protect data & how to be handling this data).

- Demonstrative knowledge of information security through internal training programs.