Orchestrate and bolster the application and product security program across robot, edge, and cloud systems. This includes defining standards, policies, and secure SDLC processes.
Evaluate and implement application security tooling (SAST, SCA, secrets scanning, container scanning, dependency analysis), including vendor assessment and ongoing evaluation of emerging tools and best practices.
Issue secure code training to issue best practices in design patterns, SOLID principals, and CLEAN architecture in regular lunch and learn sessions.
Prioritize tools that provide high-quality signals, integrate effectively into developer workflows, and support scalable security practices without unnecessary friction.
Partner with engineering teams to design secure architectures for APIs, services, and inter-process communication across robot, edge, and cloud systems.
Integrate automated security checks into CI/CD pipelines, including blocking pull request controls for high-risk findings.
Implement scheduled and out-of-band repository scans for exposed credentials, tokens, and misconfigurations.
Conduct threat modeling sessions for new features and architectural changes.
Perform targeted secure code reviews for high-risk components.
Define vulnerability prioritization criteria and drive remediation with engineering teams.
Develop secure coding guidance specific to the company's technology stack.
Deliver developer training and ongoing security consultation.
Report on vulnerability trends, remediation metrics, and program maturity to leadership.
Define and implement security controls for OTA update pipelines, including artifact signing, verification, and rollback safety.
Ensure software supply chain security practices, including SBOM generation, dependency risk analysis, and build provenance across the organization.

Requirements

Advanced degree (M.S., Ph.D.) in Computer Science, Computer Engineering, Electrical Engineering, or a related field, or equivalent practical experience.
15+ years of experience in application security, product security, or software security engineering.
Proven experience securing distributed systems and APIs in production environments.
Strong background in secure software development lifecycle, including threat modeling, vulnerability management, and security-focused quality assurance and validation practices (e.g., defining test strategies, validating security controls, and ensuring fixes are verifiable and durable).
Strong programming ability in one or more of: C/C++, Python, Rust, or similar systems-level languages, with the ability to read, understand, and modify production code.
Ability to design and execute security validation strategies that combine testing, adversarial techniques, and system-level reasoning to verify that controls are effective under realistic conditions.
Hands-on experience conducting application security assessments (Layer 7), including APIs, authentication/authorization flows, and business logic vulnerabilities.
Deep understanding of authentication, authorization, and secure communication protocols (TLS/mTLS, OAuth, PKI).
Experience integrating security into CI/CD pipelines and working with modern security tooling (SAST, SCA, DAST).
Ability to reason about complex, multi-layered systems spanning device, network, and cloud boundaries.
Experience working closely with engineering teams to drive security improvements in real systems.
Experience performing security assessments of cloud-native and containerized environments, including container runtimes, orchestration platforms, and service-to-service communication.
Experience with targeted penetration testing and adversarial analysis, focused on validating real-world exploitability of application and system-level vulnerabilities.
Strong communication skills, with the ability to explain complex security concepts to diverse audiences.

Benefits

We celebrate diversity and are committed to creating an inclusive environment for all employees.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securityproduct securitysoftware security engineeringsecure software development lifecyclethreat modelingvulnerability managementC/C++PythonRustSAST

Soft Skills

strong communication skillsability to explain complex security conceptscollaboration with engineering teamstraining and consultation

Certifications

advanced degree in Computer Scienceadvanced degree in Computer Engineeringadvanced degree in Electrical Engineering