Robotics Application & Product Security Engineer

About The Position

Requirements

• Advanced degree (M.S., Ph.D.) in Computer Science, Computer Engineering, Electrical Engineering, or a related field, or equivalent practical experience.
• 15+ years of experience in application security, product security, or software security engineering.
• Proven experience securing distributed systems and APIs in production environments.
• Strong background in secure software development lifecycle, including threat modeling, vulnerability management, and security-focused quality assurance and validation practices (e.g., defining test strategies, validating security controls, and ensuring fixes are verifiable and durable).
• Strong programming ability in one or more of: C/C++, Python, Rust, or similar systems-level languages, with the ability to read, understand, and modify production code.
• Ability to design and execute security validation strategies that combine testing, adversarial techniques, and system-level reasoning to verify that controls are effective under realistic conditions.
• Hands-on experience conducting application security assessments (Layer 7), including APIs, authentication/authorization flows, and business logic vulnerabilities.
• Deep understanding of authentication, authorization, and secure communication protocols (TLS/mTLS, OAuth, PKI).
• Experience integrating security into CI/CD pipelines and working with modern security tooling (SAST, SCA, DAST).
• Ability to reason about complex, multi-layered systems spanning device, network, and cloud boundaries.
• Experience working closely with engineering teams to drive security improvements in real systems.
• Experience performing security assessments of cloud-native and containerized environments, including container runtimes, orchestration platforms, and service-to-service communication.
• Experience with targeted penetration testing and adversarial analysis, focused on validating real-world exploitability of application and system-level vulnerabilities.
• Strong communication skills, with the ability to explain complex security concepts to diverse audiences.

Nice To Haves

• Strong background in offensive security and penetration testing, with demonstrated ability to identify and exploit vulnerabilities in application-layer (Layer 7) systems, APIs, and cloud-native environments, and translate findings into durable engineering improvements.
• Experience securing systems that interact with physical hardware, such as robotics, IoT, automotive, or industrial platforms.
• Background in designing or securing device-to-cloud communication protocols, including device identity, attestation, and command authorization.
• Hands-on experience with OTA update systems, including signed artifacts, update orchestration, and rollback safety.
• Strong understanding of software supply chain security, including SBOMs, dependency trust models, and build integrity.
• Familiarity with robotics or real-time distributed systems.
• Experience securing containerized and orchestrated environments in edge or resource-constrained systems.
• Contributions to security tooling, open source projects, or published research in security or systems engineering.
• Experience working across platform, infrastructure, and embedded teams to secure non-traditional application environments.

Responsibilities

• Orchestrate and bolster the application and product security program across robot, edge, and cloud systems. This includes defining standards, policies, and secure SDLC processes.
• Evaluate and implement application security tooling (SAST, SCA, secrets scanning, container scanning, dependency analysis), including vendor assessment and ongoing evaluation of emerging tools and best practices.
• Issue secure code training to issue best practices in design patterns, SOLID principals, and CLEAN architecture in regular lunch and learn sessions.
• Prioritize tools that provide high-quality signals, integrate effectively into developer workflows, and support scalable security practices without unnecessary friction.
• Partner with engineering teams to design secure architectures for APIs, services, and inter-process communication across robot, edge, and cloud systems.
• Integrate automated security checks into CI/CD pipelines, including blocking pull request controls for high-risk findings.
• Implement scheduled and out-of-band repository scans for exposed credentials, tokens, and misconfigurations.
• Conduct threat modeling sessions for new features and architectural changes.
• Perform targeted secure code reviews for high-risk components.
• Define vulnerability prioritization criteria and drive remediation with engineering teams.
• Develop secure coding guidance specific to the company's technology stack.
• Deliver developer training and ongoing security consultation.
• Report on vulnerability trends, remediation metrics, and program maturity to leadership.
• Define and implement security controls for OTA update pipelines, including artifact signing, verification, and rollback safety.
• Ensure software supply chain security practices, including SBOM generation, dependency risk analysis, and build provenance across the organization.