Cybersecurity Architect

About The Position

Requirements

• 10+ years of progressive cybersecurity experience; at least 3 years in an architecture-focused role.
• Demonstrated expertise in Secure by Design and security-by-architecture methodologies, with a delivered portfolio of secure architectures for complex, multi-component systems.
• Deep knowledge of cryptographic principles: symmetric/asymmetric encryption, PKI, key lifecycle management, TLS/mTLS, and FIPS 140-3 validated cryptographic module integration.
• Hands-on threat modeling (STRIDE, PASTA, Attack Trees) applied to software systems and cyber-physical/robotics platforms.
• Zero-trust network architecture, network segmentation, and authentication protocol design (OAuth 2.0, OIDC, SAML, X.509).
• Embedded/IoT security architecture: secure boot, firmware integrity, hardware-assisted security (TPM, HSM, Secure Enclave), and resource-constrained cryptography.
• ROS/ROS 2 security architecture, DDS-Security, autonomous vehicle communication protocols, and OTA update security.
• Demonstrated experience leading or supporting FIPS 140-3 validation, Common Criteria evaluation, or ISO/SAE 21434 compliance programs.
• Cloud security architecture (AWS, GCP, or Azure): IAM, VPC, container security, and compliance-aligned posture management.
• Security Target authorship, ADRs, security reference architectures, and compliance traceability matrix documentation.
• S. in Computer Science, Information Security, Systems Engineering, or equivalent.
• CISSP, CSSLP, CCSP, SABSA, or equivalent architecture credential required.

Nice To Haves

• Prior experience securing autonomous systems, robotics platforms, or physical security technology environments, including hands-on work with ROS 2 Security (SROS2), DDS-Security plugin configuration, and ROS node-level access control.
• Familiarity with automotive and autonomous vehicle cybersecurity standards including ISO/SAE 21434, UN/ECE WP.29 (R155/R156), and SAE J3061, and their application to ground vehicle and robotics platforms.
• Experience with Common Criteria Protection Profiles relevant to network devices, operating systems, or autonomous systems, including participation in formal evaluation engagements.
• In-depth knowledge of government and public-sector security frameworks: FedRAMP High, CJIS Security Policy, FISMA, and CMMC Level 2/3, with experience mapping architecture controls to regulatory requirements.
• Hardware security architecture experience: TPM 2.0 integration, secure element provisioning, anti-tamper design, and physical unclonable function (PUF) technologies in embedded or robotics platforms.
• Background in formal security risk management frameworks such as ISO 27005, NIST SP 800-30, or the SAE J3061 TARA methodology applied to safety-critical or cyber-physical systems.
• Experience architecting security for AI/ML inference pipelines, including model integrity assurance, adversarial input detection, and secure model deployment in edge environments.

Responsibilities

• Define and own Knightscope’s enterprise-wide Secure by Design framework – architectural patterns, security reference architectures, and ADRs applied from initial concept through production deployment.
• Lead threat modeling (STRIDE, PASTA, Attack Trees) and security architecture reviews for ASR embedded systems, robotics pipelines, cloud APIs, and client-facing applications; drive zero-trust, least-privilege, defense-in-depth, and cryptographic hygiene as foundational design principles.
• Evaluate and gate third-party integrations, vendor systems, and supply chain components for security compliance before production onboarding.
• Architect end-to-end ASR fleet security: embedded OS hardening, secure boot chains, firmware integrity verification, HSM/TPM key management, ROS/ROS 2 node authentication, SROS2/DDS-Security plugins, topic-level access control, and secure parameter management.
• Design authenticated robot-to-cloud and robot-to-client communications (TLS 1.3, mTLS, certificate lifecycle); architect sensor fusion anti-spoofing, tamper-evident telemetry logging, CAN bus/ECU hardening, OBD interface protection, OTA update integrity, and multi-tenant fleet segmentation.
• Establish forensic readiness and incident response architecture: tamper-evident audit logging, remote attestation, and field recovery procedures for deployed ASR platforms.
• Architect security across the full Knightscope stack (AWS/GCP/Azure, microservices, APIs, web/mobile): IAM/PAM, identity federation, RBAC/ABAC, vault-class secrets management, VPC/security group segmentation, container security (image signing, runtime policies, service mesh mTLS), and encryption at rest and in transit.
• Own SSDLC architecture – security requirements gates, threat modeling checkpoints, mandatory SAST/DAST/SCA integration, security-focused QA, and post-release vulnerability management; architect SIEM/SOAR pipelines for unified observability across fleet telemetry, cloud, and endpoints.
• Define Ubuntu hardening architecture for embedded platforms (ICM, ACM): CIS Benchmark alignment, AppArmor/SELinux policy frameworks, kernel hardening parameters, and automated patch management.
• FIPS 140-3: Lead cryptographic module compliance architecture – validated library selection and integration, key management architecture, and cryptographic boundary documentation required for module validation across all Knightscope products.
• Common Criteria: Define and oversee CC evaluation architecture – Security Target (ST) authorship, Protection Profile (PP) alignment, TOE boundary definition, and evaluation laboratory coordination for applicable products.
• ISO/SAE 21434: Architect cybersecurity processes for Knightscope’s autonomous platforms – Cybersecurity Management System (CSMS), Threat Analysis and Risk Assessment (TARA), cybersecurity goals derivation, and post-development monitoring.
• SOC 2 Type II, NIST CSF, FedRAMP, CMMC, CJIS: Map architecture controls to framework requirements; maintain compliance traceability matrix; partner with legal and product on emerging autonomous systems and AI regulations.

Benefits

• Medical, dental, vision, 401(k), paid time off