About the Role
Knightscope is seeking a Senior DevOps / Platform Engineer to own the configuration management, CI/CD release pipeline, observability stack, and security compliance infrastructure for the ICM platform - the software backbone running across K1, K5, and K7 robot product lines. This is a hands-on platform engineering role with broad scope: you will build and maintain the systems that enable ICM engineers to ship reliably and securely, while ensuring the platform meets FIPS 140-2 compliance requirements and operates with high availability across a distributed robot fleet. There is a potential opportunity to share this role at 50% with the existing infrastructure team, reducing cost while maintaining full platform ownership.
Location Requirement: Full-time, on-site at Sunnyvale HQ (No relocation provided)
Key Responsibilities
- Own and maintain ICM configuration management using Ansible: unified config across K1/K5/K7 product lines, finite state machine definitions, hardware parameter management, and automated rollout workflows.
- Design, build, and maintain multi-stage CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins) for all ICM repositories - including automated quality gates, artifact management, and blue/green or rolling deployment strategies.
- Build and operate the ICM observability stack: Prometheus metrics collection, Grafana dashboards for fleet-wide health visibility, PagerDuty alerting and on-call runbooks, and distributed tracing with OpenTelemetry or equivalent.
- Own OTA (over-the-air) update management for deployed ICM instances across the robot fleet - ensuring reliable, rollback-capable delivery of software updates to edge hardware.
- Manage FIPS 140-2 credential rotation and compliance automation; implement secrets management best practices using HashiCorp Vault or equivalent.
- Maintain infrastructure as code (Terraform or CloudFormation) for ICM cloud and edge infrastructure; enforce GitOps practices and ensure all infrastructure changes are version-controlled and auditable.
- Implement and maintain container orchestration for ICM services using Docker and Kubernetes (or ECS/EKS); manage Helm charts for deployment lifecycle.
- Collaborate with ICM and Signals engineers to define SLOs, establish incident response procedures, and reduce mean time to recovery across the platform.
- Document operational runbooks, on-call procedures, and architecture decisions; mentor engineers on DevOps best practices.
Required Qualifications
- 4-8 years of DevOps or platform engineering experience in production environments, with at least 2 years supporting IoT, embedded, or edge computing platforms.
- Strong proficiency with Ansible for configuration management at scale across heterogeneous hardware - including playbook authoring, role design, and inventory management.
- Hands-on experience building and maintaining CI/CD pipelines with GitHub Actions, GitLab CI, or Jenkins - including multi-stage pipelines, automated testing gates, and artifact registries.
- Solid experience with Prometheus, Grafana, and PagerDuty (or equivalent observability stack) for real-time fleet monitoring and alerting.
- Proficiency with infrastructure as code using Terraform and/or CloudFormation; experience with GitOps tools (ArgoCD, Flux, or equivalent) is a strong plus.
- Hands-on with Docker and Kubernetes (or AWS ECS/EKS) for containerized service deployments; familiar with Helm chart management.
- Working knowledge of FIPS 140-2 compliance requirements, secrets management (HashiCorp Vault or AWS Secrets Manager), and DevSecOps practices including automated security scanning in CI/CD pipelines.
- Experience with OTA update systems for embedded or edge devices is a strong differentiator.
- Strong scripting skills in Python and Bash; familiarity with Go or TypeScript is a plus.
- BS in Computer Science, Systems Engineering, or equivalent professional experience.
Compensation & Benefits
- Base Salary: $130,000 - $170,000 (DOE)
- Equity: Stock options
- Benefits: Medical, dental, vision, 401(k), paid time off
- Location Requirement: Full-time, on-site at Sunnyvale HQ
