About the Job

The Robotics Application & Product Security Engineer will establish and own the company's application and product security program, embedding security directly into the software development lifecycle to prevent vulnerabilities before release. This role goes beyond traditional application security: you will secure distributed robotics systems operating in real-world environments, along with the cloud services that manage, update, and communicate with them. You will integrate security controls into CI/CD, implement risk-based guardrails that reduce exposure without slowing engineering velocity, and partner closely with development teams to ensure secure design, implementation, deployment, operation, and supply chain resilience. Your work will directly impact the safety, reliability, and trustworthiness of deployed robotic systems. You will act as both a builder and an adversary: designing secure systems while actively identifying how they could fail under real-world attack conditions through application security assessments, targeted penetration testing, and adversarial analysis. You will apply principles from quality assurance and validation to ensure that security controls are not only implemented, but continuously verified under realistic operating conditions.
What You'll Get To Do

• Orchestrate and bolster the application and product security program across robot, edge, and cloud systems. This includes defining standards, policies, and secure SDLC processes.
>
• Evaluate and implement application security tooling (SAST, SCA, secrets scanning, container scanning, dependency analysis), including vendor assessment and ongoing evaluation of emerging tools and best practices.
>
• Issue secure code training to issue best practices in design patterns, SOLID principals, and CLEAN architecture in regular lunch and learn sessions.
>
• Prioritize tools that provide high-quality signals, integrate effectively into developer workflows, and support scalable security practices without unnecessary friction.
>
• Partner with engineering teams to design secure architectures for APIs, services, and inter-process communication across robot, edge, and cloud systems.
>
• Integrate automated security checks into CI/CD pipelines, including blocking pull request controls for high-risk findings.
>
• Implement scheduled and out-of-band repository scans for exposed credentials, tokens, and misconfigurations.
>
• Conduct threat modeling sessions for new features and architectural changes.
>
• Perform targeted secure code reviews for high-risk components.
>
• Define vulnerability prioritization criteria and drive remediation with engineering teams.
>
• Develop secure coding guidance specific to the company's technology stack.
>
• Deliver developer training and ongoing security consultation.
>
• Report on vulnerability trends, remediation metrics, and program maturity to leadership.
>
• Define and implement security controls for OTA update pipelines, including artifact signing, verification, and rollback safety.
>
• Ensure software supply chain security practices, including SBOM generation, dependency risk analysis, and build provenance across the organization.
>

What You Have

• Advanced degree (M.S., Ph.D.) in Computer Science, Computer Engineering, Electrical Engineering, or a related field, or equivalent practical experience.
>
• 15+ years of experience in application security, product security, or software security engineering.
>
• Proven experience securing distributed systems and APIs in production environments.
>
• Strong background in secure software development lifecycle, including threat modeling, vulnerability management, and security-focused quality assurance and validation practices (e.g., defining test strategies, validating security controls, and ensuring fixes are verifiable and durable).
>
• Strong programming ability in one or more of: C/C++, Python, Rust, or similar systems-level languages, with the ability to read, understand, and modify production code.
>
• Ability to design and execute security validation strategies that combine testing, adversarial techniques, and system-level reasoning to verify that controls are effective under realistic conditions.
>
• Hands-on experience conducting application security assessments (Layer 7), including APIs, authentication/authorization flows, and business logic vulnerabilities.
>
• Deep understanding of authentication, authorization, and secure communication protocols (TLS/mTLS, OAuth, PKI).
>
• Experience integrating security into CI/CD pipelines and working with modern security tooling (SAST, SCA, DAST).
>
• Ability to reason about complex, multi-layered systems spanning device, network, and cloud boundaries.
>
• Experience working closely with engineering teams to drive security improvements in real systems.
>
• Experience performing security assessments of cloud-native and containerized environments, including container runtimes, orchestration platforms, and service-to-service communication.
>
• Experience with targeted penetration testing and adversarial analysis, focused on validating real-world exploitability of application and system-level vulnerabilities.
>
• Strong communication skills, with the ability to explain complex security concepts to diverse audiences.
>

The Extras That Set You Apart

• Strong background in offensive security and penetration testing, with demonstrated ability to identify and exploit vulnerabilities in application-layer (Layer 7) systems, APIs, and cloud-native environments, and translate findings into durable engineering improvements.
>
• Experience securing systems that interact with physical hardware, such as robotics, IoT, automotive, or industrial platforms.
>
• Background in designing or securing device-to-cloud communication protocols, including device identity, attestation, and command authorization.
>
• Hands-on experience with OTA update systems, including signed artifacts, update orchestration, and rollback safety.
>
• Strong understanding of software supply chain security, including SBOMs, dependency trust models, and build integrity.
>
• Familiarity with robotics or real-time distributed systems.
>
• Experience securing containerized and orchestrated environments in edge or resource-constrained systems.
>
• Contributions to security tooling, open source projects, or published research in security or systems engineering.
>
• Experience working across platform, infrastructure, and embedded teams to secure non-traditional application environments.
>

$90,000 - $300,000 a year

Compensation and Benefits

Our salary range is between ($90,000 - $300,000 annual), but we take into consideration an individual's background and experience in determining final salary; base pay offered may vary considerably depending on geographic location, job-related knowledge, skills, and experience. Also, while we enjoy being together on-site, we are open to exploring a hybrid or remote option.

We are headquartered in always-sunny Irvine, Southern California and have US based and global teammates.

Join us, shape the future, and be part of a fun, close-knit team on an exciting journey!