Senior Staff Software Engineer - Secure Manufacturing

About The Position

Requirements

• 10+ years of experience in embedded systems, device security, or manufacturing engineering, with at least 3 years focused on secure device provisioning and/or secure manufacturing processes.
• Ideally 3 years in a Staff level role.
• PKI and device identity — Experience with X.509 certificate lifecycles, mTLS, device attestation and managed CA services like AWS Private CA.
• AWS infrastructure — S3, IAM, ECS, KMS, CloudHSM and Secrets Manager for secure provisioning workflows.
• EOL test and calibration — Hands-on experience defining manufacturing test specifications, building automated fixtures, and managing quality gates with contract manufacturers.
• Scripting and automation — Advanced skills in Python or Bash for developing production-grade provisioning toolchains.
• Embedded Linux systems — Experience with NVIDIA Jetson Orin/Thor platforms.
• Secure manufacturing design — Ability to design secure processes for untrusted or semi-trusted offshore CMs, including A/B partitioning, signed image verification, and air-gapped station design.
• Hardware root of trust understanding — General understanding of secure boot chains, TPM/TrustZone, cryptographic key injection, certificate provisioning, and eFuse programming.

Responsibilities

• Design the secure manufacturing station — Architect the hardware, software, and network stack for factory floor provisioning stations (HSM, key injection, AWS Private CA, secure boot fuse programming).
• Build the provisioning toolchain — Own the automation pipeline that takes a bare device through identity provisioning, firmware flashing, calibration, and functional test.
• Bridge device and cloud identity Enroll every device into a registry with correct credentials for OTA, session heartbeating, and deployment tracking.
• Own the EOL test specification — Work with peer teams to define pass/fail criteria for devices leaving the line: sensor calibration, actuator checks, secure boot verification, and initial OTA health check.
• Work with contract manufacturers —Translate security requirements into CM-executable procedures; threat-model the factory for key leakage, firmware tampering, and supply chain substitution.
• Maintain chain of custody — Link each physical serial number to its provisioned identity, calibration records, test results, and firmware version at manufacture.
• Collaborate across teams — Work daily with a globally distributed team of firmware, cloud, manufacturing, systems and operational team members.

Benefits

• Comprehensive health coverage for US‑based employees, including fully paid medical, dental, and vision insurance, with virtual care and employee assistance resources.
• Meaningful time off to rest and recharge: 23 days of PTO (accrued), separate sick leave, and paid company holidays.
• 401(k) retirement plan with employer match.
• Equity included–we believe builders should share in what they build.
• Free daily catered lunch, snacks, and drinks in‑office.
• Collaboration with top‑tier engineers, researchers, and product experts in AI and robotics.
• Freedom to influence the product and own key initiatives.