Robotics Platform Security Engineer

About The Position

Requirements

• Applied System Mastery: Expert-level experience in Linux/UNIX administration and security hardening. You have a proven history of creating production-ready "Golden Images" compliant with STIG or CIS Benchmarks.
• Hardware Security Expertise: Hands-on experience with TPM 2.0, Secure Elements (SE), and hardware-backed key storage. You understand the physical trust boundary of an embedded system and autonomous fleet.
• Dual-Stack Programming: High proficiency in C/C++ for low-level system interactions and Python for building complex security automation and audit frameworks.
• Network Defense: Deep knowledge of defensive networking, including VPN overlays, SSH hardening, and encrypted transport protocols (TLS/mTLS) for real-time systems.
• Problem-Solving: The ability to conduct comprehensive threat modeling for robotic platforms, specifically identifying risks in the boot process and network-exposed interfaces.

Nice To Haves

• Experience designing or implementing a complete secure boot and measured boot chain
• Hands-on work with TPM backed disk encryption and remote attestation
• Experience securing over-the-air (OTA) update systems
• Deep familiarity with Linux boot internals (UEFI, GRUB, shim, UKI)
• Experience hardening systems that operation in physically adversarial or untrusted environments
• Strong understanding of network isolation and encryption

Responsibilities

• Hardware Root of Trust & Secure Boot: Design and implement the end-to-end boot chain (from UEFI/Secure Boot to Measured Boot) to ensure the hardware validates every stage of the bootloader and kernel via TPM or Secure Elements.
• Applied OS Hardening: Construct UNIX/Linux golden build images. This includes deep sysctl tuning, authoring custom AppArmor profiles, and stripping the kernel of non-essential drivers to eliminate lateral movement vectors.
• Hardened Network Architecture: Engineer the robot’s security, utilizing mTLS for inter-process communication and configuring strictly scoped iptables/UFW policies to isolate sensitive control telemetry from external interfaces.
• Security Orchestration (Python): Build a suite of Python tools to automate continuous security posture checks, including CIS Benchmark audits, automated certificate rotation, and real-time integrity monitoring via auditd.
• Applied Vulnerability Research: Proactively identify and patch CVEs in the Linux ecosystem, using Python for automated fuzz testing of networking protocols and system interfaces.