Product Security Engineer

Overland AISeattle, WA
12d$170,000 - $200,000Onsite
Match Resume

About The Position

We are looking for a mission-driven Product Security Engineer to embed security into the entire lifecycle of our cutting-edge robotic systems and our command and control system. You will be responsible for hardening our autonomous ground vehicles against cyber threats in complex, contested environments. You will own compliance with our customer's contract requirements for cyber security. In this role, you will take ownership of the security architecture for our robotic systems, ensuring that every component—from firmware to command interfaces—is designed, implemented, and validated with security at its core. You will architect and develop robust security controls to meet rigorous contractual and regulatory requirements, encompassing intrusion prevention, secure logging, encryption, and system integrity protections. You’ll serve as the key integrator of feedback from customers, industry standards, and regulatory agencies, translating their input into clear, actionable security requirements for software development teams. As a compliance leader, you will map and implement controls aligned with CSEIG v3.0, DISA STIGs, and NIST 800-53/171, preparing the necessary documentation and evidence to support customer ATO and ATC efforts. You’ll define and champion security across the software development lifecycle by implementing policies, security gates, and checklists for design, code review, CI/CD, and release. Each feature will include measurable security acceptance criteria to ensure continuous assurance.

Requirements

  • BS in CS/EE or related, or equivalent experience
  • 6+ years in cybersecurity or secure software development, with no less than 2 years in a product security or offensive security role
  • Direct experience with the Department of Defense (DoD) Risk Management Framework (RMF), NIST 800-53, CNSSI 1253, and documenting security controls for Authority to Operate (ATO) or Authority to Connect (ATC) packages in eMass
  • Proven ownership of SAST/SCA/DAST and CI/CD security controls
  • Strong Linux internals and hardening experience (Ubuntu and/or NixOS)
  • Hands-on with cryptography engineering, key management, and secure boot chains
  • Experience shipping signed firmware/OS images
  • Proficiency in either Python or C++
  • Must be eligible to obtain and maintain a TS/SCI clearance

Nice To Haves

  • Hands on experience with LabJack sensors, Dataspeed Drive By Wire Systems, Ouster Lidar, and CAN network systems
  • Familiarity with industry cybersecurity standards such as ISO 21434 or UN R155
  • Certifications: GIAC GPEN/GXPN, OSCP, ISC2 CSSLP

Responsibilities

  • Lead the design and validation of security controls that ensure system integrity, intrusion prevention, secure logging, and data protection for robotic platforms.
  • Collaborate with customers, regulators, and internal teams to define and document security requirements that guide software development and system integration.
  • Ensure compliance with CSEIG v3.0, DISA STIGs, and NIST 800‑53/171 by implementing required controls and preparing evidence for certification and authorization (ATO/ATC) activities.
  • Drive a secure software development lifecycle (SDLC) by establishing policies, gates, and checklists across design, code review, CI/CD, and release processes.
  • Develop secure firmware and update mechanisms, including signed, atomic, and recoverable updates with built‑in health checks, CVE management, and SBOM generation.
  • Harden operating systems (Ubuntu and NixOS) through CIS/STIG baselines, AppArmor/SELinux configuration, systemd hardening, and least‑privilege enforcement.
  • Strengthen physical security through tamper‑evident designs, interface protection, and side‑channel attack mitigation.
  • Implement cryptographic controls including validated crypto modules, FIPS 140‑3 compliance, TPM management, and secure/measured boot processes.
  • Build and maintain a secure software supply chain with artifact signing, provenance tracking, vendor risk reviews, and defined security SLAs.
  • Lead threat‑modeling and Attack Tree exercises across robotic, autonomy, and C2 systems to identify vulnerabilities and define mitigations.
  • Establish robust API security aligned with OWASP ASVS, implementing mTLS, key management, rate limiting, and secure session controls.
  • Apply ROS 2 security principles, including DDS‑Security and namespace policies, to ensure authenticated and confidential message exchange.
  • Define and support operational security requirements, covering log collection, forensics, and automated intrusion detection and prevention.
  • Safeguard command integrity via CAC/PIV‑based client authentication, mutual TLS, and role‑based authorization enforcing least‑privilege access.

Benefits

  • Equity compensation
  • Best-in-class healthcare, dental and vision plans.
  • Unlimited PTO
  • 401k with company match
  • Parental leave

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Product Security Engineer job opportunities

Product Security Engineer
Boeing
Boeing • Hazelwood, MO13d • $130,000 - $140,000
Product Security Engineer
Applied Intuition
Applied Intuition • Sunnyvale, CA8d • Onsite
Product Security Engineer
Overland AI
Overland AI • Seattle, WA13d • $170,000 - $200,000 • Onsite
Product Security Engineer
Boeing
Boeing • Hazelwood, MO7d • $102,000 - $130,000
Product Security Engineer
Boeing
Boeing • Hazelwood, MO7d • $102,000 - $130,000
Product Security Engineer
Applied Intuition
Applied Intuition • Sunnyvale, CA9d • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service