THE ROLE:
We are seeking a highly motivated and adaptable engineer to own the infrastructure and security foundation that a fleet of wearable robots depends on. This means hardening our cloud and device infrastructure from the ground up, and building the PKI and device identity systems that let us ship trusted firmware to thousands of MO/GOs in customers' homes -- safely, verifiably, and at scale.
You'll work closely with our backend and firmware engineers as a core member of our small software team. There's no security org above you, no dedicated platform team below you. You'll be writing the playbook.
Some of the specific responsibilities include, but are not limited to:
- Design and operate Skip's PKI infrastructure -- device certificate provisioning, certificate authority management, key lifecycle management, and revocation -- across our device fleet and cloud services
- Own device identity and secure boot: ensure every MO/GO that leaves our factory is cryptographically authenticated and that firmware updates can only come from Skip
- Harden our GCP infrastructure across networking, IAM, secrets management, and data isolation between Dev and Prod environments
- Build and maintain security tooling for secrets management, vulnerability scanning, dependency auditing, and incident detection
- Define and implement secure OTA (over-the-air) update pipelines that ensure firmware integrity from signing through delivery to device
- Automate infrastructure provisioning and security configuration using Terraform and GCP-native tooling
- Partner with firmware engineers to define embedded security requirements -- secure element usage, TrustZone, attestation -- and ensure cloud-side infrastructure meets them
- Contribute to compliance readiness as we approach regulated market entry, including audit logging, access controls, and data handling practices
- Wear prototypes several hours a week to participate in data collection, test new builds, and provide feedback
- Bring joy to the team, participate in embarrassing team events, tolerate KZ's terrible music choices
Basic Qualifications- 6+ years of experience in infrastructure engineering, platform security, or a combined DevSecOps role
- Hands-on experience designing and operating PKI systems: CA hierarchies, certificate provisioning at scale, key management, and revocation
- Strong GCP or equivalent cloud infrastructure experience (IAM, VPC, Secret Manager, Cloud KMS, audit logging)
- Experience with Infrastructure as Code (Terraform or equivalent)
- Solid understanding of TLS, mTLS, code signing, and secure boot concepts in the context of connected devices or IoT
- Experience with CI/CD security: signing pipelines, artifact attestation, secrets hygiene
- Able to operate independently in a fast-paced environment where the security playbook is still being written
- Ability to relocate to work at the Skip Bay Area office
- Sense of humour, tolerant of Aussie & Canadian spelling
Bonus Points- Experience securing IoT or embedded device fleets at scale, including OTA update security
- Familiarity with embedded security primitives: secure elements, TrustZone, TPM, or hardware attestation
- Background in compliance frameworks relevant to connected medical or consumer devices (SOC 2, ISO 27001, FDA cybersecurity guidance)
- Experience with BLE security and wireless protocol hardening
- Experience in start-up environments
- Personal motivation to improve human movement
This is a full time hybrid position working at the Skip office in the Dogpatch neighborhood of San Francisco.
