Product Security Engineer

Role Summary: 

We are looking for a mission-driven Product Security Engineer to embed security into the entire lifecycle of our cutting-edge robotic systems and our command and control system. You will be responsible for hardening our autonomous ground vehicles against cyber threats in complex, contested environments. You will own compliance with our customer's contract requirements for cyber security.

In this role, you will take ownership of the security architecture for our robotic systems, ensuring that every component—from firmware to command interfaces—is designed, implemented, and validated with security at its core. You will architect and develop robust security controls to meet rigorous contractual and regulatory requirements, encompassing intrusion prevention, secure logging, encryption, and system integrity protections. You’ll serve as the key integrator of feedback from customers, industry standards, and regulatory agencies, translating their input into clear, actionable security requirements for software development teams. As a compliance leader, you will map and implement controls aligned with CSEIG v3.0, DISA STIGs, and NIST 800-53/171, preparing the necessary documentation and evidence to support customer ATO and ATC efforts. You’ll define and champion security across the software development lifecycle by implementing policies, security gates, and checklists for design, code review, CI/CD, and release. Each feature will include measurable security acceptance criteria to ensure continuous assurance.

Key Responsibilities

• Lead the design and validation of security controls that ensure system integrity, intrusion prevention, secure logging, and data protection for robotic platforms.

• Collaborate with customers, regulators, and internal teams to define and document security requirements that guide software development and system integration.

• Ensure compliance with CSEIG v3.0, DISA STIGs, and NIST 800‑53/171 by implementing required controls and preparing evidence for certification and authorization (ATO/ATC) activities.

• Drive a secure software development lifecycle (SDLC) by establishing policies, gates, and checklists across design, code review, CI/CD, and release processes.

• Develop secure firmware and update mechanisms, including signed, atomic, and recoverable updates with built‑in health checks, CVE management, and SBOM generation.

• Harden operating systems (Ubuntu and NixOS) through CIS/STIG baselines, AppArmor/SELinux configuration, systemd hardening, and least‑privilege enforcement.

• Strengthen physical security through tamper‑evident designs, interface protection, and side‑c