This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Secure NEO end-to-end. You will analyze the system services, operating systems, cryptographic infrastructure, networks, and cloud services that power 1X humanoid robots, identify weaknesses before adversaries do, and partner with engineering teams to design and ship the fixes. This role is critical to ensuring that a robot operating inside someone’s home can be trusted by its owner, by its operators, and by us.
Job Responsibility
Audit code and systems across NEO’s stack from bootloader and Linux userspace to cloud services and CI/CD pipelines to identify and drive remediation of security vulnerabilities
Lead security initiatives end-to-end, serving as the technical point of contact and partnering with Robotics, AI, Infrastructure, and Manufacturing teams to design secure-by-default systems
Conduct penetration tests, threat models, and risk assessments against NEO and its supporting infrastructure, prioritizing the issues that matter most
Design and contribute production code for security-critical components such as secure boot chains, code-signing pipelines, attestation flows, and hardened system services
Help define the security architecture for how humanoid robots are provisioned, deployed, updated, and operated at scale
Requirements
5+ years of experience in product security, offensive security, or a closely related engineering role
Strong experience with Linux operating system internals and security mechanisms (namespaces, syscall filtering, Linux systems hardening, least-privilege service design)
Proficiency in software development and code auditing, with shipping experience in C, C++, Rust, Go or Python
Penetration testing experience against real production systems
Security expertise in one or more of: Offensive security against Linux-based devices vulnerability research, exploit development, and end-to-end attack chains against embedded or production systems
Cryptography, PKI design, key lifecycle management, and HSM-backed roots of trust
Cloud security (AWS, GCP, or Azure), infrastructure-as-code, Kubernetes, and CI/CD pipeline security
Secure firmware update systems for embedded devices over-the-air delivery, rollback protection, signature verification, and recovery from failed updates
Bachelor’s degree in Computer Science, Information Security, Engineering, or related technical field or equivalent experience
Nice to have
Experience with NVIDIA Jetson or similar SoC platforms
Background in firmware/code-signing pipelines and artifact integrity (SBOMs, supply-chain hardening)
Experience with factory provisioning at scale mass key and certificate distribution, key management, ACME/SCEP
HSM vendor evaluation and procurement experience (Thales, Utimaco, AWS CloudHSM, or similar)
Familiarity with remote device attestation frameworks
Exposure to post-quantum cryptography evaluation and migration planning
Experience supporting robotics, automotive, manufacturing, or other hardware engineering environments
Exposure to zero trust architectures, identity systems, and secrets management platforms
Experience operating in fast-paced startup environments
What we offer
Comprehensive medical, dental, and vision coverage
Generous paid time off, company holidays, and parental leave
401(k) plan with company match (100% on the first 3% of contributions, 50% on the next 2%)
Flexible Spending Accounts (FSA) and Health Savings Accounts (HSA) options
Commuter benefits (transit and parking)
Short-term and long-term disability, and life insurance
Employee Assistance Program (EAP) for mental health, financial, and personal support