Although traditional automotive development has mainly focused on functional safety, as the number of automotive hacking cases has increased due to the growing Internet connectivity of automotive control systems, security is also becoming more important. Accordingly, various international organizations are preparing cybersecurity regulations or standards to ensure security in automotive development by emphasizing the concept of security-by-design(i.e. security engineering) which emphasizes trustworthiness from the beginning of development. The problem, however, is that no specific methodology has been suggested. In this paper, we propose a specific security-by-design methodology for automotive development based on Secure System Development Life Cycle (secure SDLC) standards and evidence-based standards. Our methodology could be easily used in the actual field as it is more general and detailed than existing secure SDLC standards and research. Also, since it satisfies all requirements of United Nations Economic Commission for Europe (UNECE) regulation, automobile manufacturers could respond to the upcoming cybersecurity regulation with our methodology.