Jobs · Information Technology · Washington

Product Security Engineer

Overland AI · Seattle, WA · 1 wk ago
On-siteInformation Technology$170k–$200k/yrFull-time

Role Summary

We are looking for a mission-driven Product Security Engineer to embed security into the entire lifecycle of our cutting-edge robotic systems and our command and control system. You will be responsible for hardening our autonomous ground vehicles against cyber threats in complex, contested environments. You will own compliance with our customer's contract requirements for cyber security.

Key Responsibilities

  • Lead the design and validation of security controls that ensure system integrity, intrusion prevention, secure logging, and data protection for robotic platforms.
  • Collaborate with customers, regulators, and internal teams to define and document security requirements that guide software development and system integration.
  • Ensure compliance with CSEIG v3.0, DISA STIGs, and NIST 800-53/171 by implementing required controls and preparing evidence for certification and authorization (ATO/ATC) activities.
  • Drive a secure software development lifecycle (SDLC) by establishing policies, gates, and checklists across design, code review, CI/CD, and release processes.
  • Develop secure firmware and update mechanisms, including signed, atomic, and recoverable updates with built-in health checks, CVE management, and SBOM generation.
  • Harden operating systems (Ubuntu and NixOS) through CIS/STIG baselines, AppArmor/SELinux configuration, systemd hardening, and least-privilege enforcement.
  • Strengthen physical security through tamper-evident designs, interface protection, and side-channel attack mitigation.
  • Implement cryptographic controls including validated crypto modules, FIPS 140-3 compliance, TPM management, and secure/measured boot processes.
  • Build and maintain a secure software supply chain with artifact signing, provenance tracking, vendor risk reviews, and defined security SLAs.
  • Lead threat-modeling and Attack Tree exercises across robotic, autonomy, and C2 systems to identify vulnerabilities and define mitigations.
  • Establish robust API security aligned with OWASP ASVS, implementing mTLS, key management, rate limiting, and secure session controls.
  • Apply ROS 2 security principles, including DDS-Security and namespace policies, to ensure authenticated and confidential message exchange.
  • Define and support operational security requirements, covering log collection, forensics, and automated intrusion detection and prevention.
  • Safeguard command integrity via CAC/PIV-based client authentication, mutual TLS, and role-based authorization enforcing least-privilege access.

Qualifications

  • BS in CS/EE or related, or equivalent experience
  • 6+ years in cybersecurity or secure software development, with no less than 2 years in a product security or offensive security role
  • Direct experience with the Department of Defense (DoD) Risk Management Framework (RMF), NIST 800-53, CNSSI 1253, and documenting security controls for Authority to Operate (ATO) or Authority to Connect (ATC) packages in eMass
  • Proven ownership of SAST/SCA/DAST and CI/CD security controls
  • Strong Linux internals and hardening experience (Ubuntu and/or NixOS)
  • Hands-on with cryptography engineering, key management, and secure boot chains
  • Experience shipping signed firmware/OS images
  • Proficiency in either Python or C++

Desired Experience & Qualifications

  • Hands on experience with LabJack sensors, Dataspeed Drive By Wire Systems, Ouster Lidar, and CAN network systems
  • Familiarity with industry cybersecurity standards such as ISO 21434 or UN R155
  • Certifications: GIAC GPEN/GXPN, OSCP, ISC2 CSSLP
  • Must be eligible to obtain and maintain a TS/SCI clearance

Benefits

  • The salary range for this position is $170K to $200K annually
  • Equity compensation
  • Best-in-class healthcare, dental and vision plans.
  • Unlimited PTO
  • 401k with company match

Location

This position will be located in Seattle, WA.

Operations

Seattle, WA

Similar jobs

Product Security Engineer

Applied IntuitionSunnyvale, CA· 2 wk ago
Information Technology$133k–$190k/yrapply on jobs.ashbyhq.com

Product Security Engineer

Aras CorporationAndover, MA· 2 wk ago
Information Technology$100k–$125k/yrapply on aras.bamboohr.com