CrawlJobs Logo

Product Security Engineer

United States, San Carlos Employment contract 137861.00 - 250000.00 USD / Year · Job Posted July 03, 2026
Apply Position
Job Link Share

Job Description

Secure NEO end-to-end. You will analyze the system services, operating systems, cryptographic infrastructure, networks, and cloud services that power 1X humanoid robots, identify weaknesses before adversaries do, and partner with engineering teams to design and ship the fixes. This role is critical to ensuring that a robot operating inside someone’s home can be trusted by its owner, by its operators, and by us.

Job Responsibility

  • Audit code and systems across NEO’s stack from bootloader and Linux userspace to cloud services and CI/CD pipelines to identify and drive remediation of security vulnerabilities
  • Lead security initiatives end-to-end, serving as the technical point of contact and partnering with Robotics, AI, Infrastructure, and Manufacturing teams to design secure-by-default systems
  • Conduct penetration tests, threat models, and risk assessments against NEO and its supporting infrastructure, prioritizing the issues that matter most
  • Design and contribute production code for security-critical components such as secure boot chains, code-signing pipelines, attestation flows, and hardened system services
  • Help define the security architecture for how humanoid robots are provisioned, deployed, updated, and operated at scale

Requirements

  • 5+ years of experience in product security, offensive security, or a closely related engineering role
  • Strong experience with Linux operating system internals and security mechanisms (namespaces, syscall filtering, Linux systems hardening, least-privilege service design)
  • Proficiency in software development and code auditing, with shipping experience in C, C++, Rust, Go or Python
  • Penetration testing experience against real production systems
  • Security expertise in one or more of: Offensive security against Linux-based devices vulnerability research, exploit development, and end-to-end attack chains against embedded or production systems
  • Secure boot, verified boot, and Trusted Execution Environments (e.g., OP-TEE, fTPM)
  • Cryptography, PKI design, key lifecycle management, and HSM-backed roots of trust
  • Cloud security (AWS, GCP, or Azure), infrastructure-as-code, Kubernetes, and CI/CD pipeline security
  • Secure firmware update systems for embedded devices over-the-air delivery, rollback protection, signature verification, and recovery from failed updates
  • Bachelor’s degree in Computer Science, Information Security, Engineering, or related technical field or equivalent experience

Nice to have

  • Experience with NVIDIA Jetson or similar SoC platforms
  • Background in firmware/code-signing pipelines and artifact integrity (SBOMs, supply-chain hardening)
  • Experience with factory provisioning at scale mass key and certificate distribution, key management, ACME/SCEP
  • HSM vendor evaluation and procurement experience (Thales, Utimaco, AWS CloudHSM, or similar)
  • Familiarity with remote device attestation frameworks
  • Exposure to post-quantum cryptography evaluation and migration planning
  • Experience supporting robotics, automotive, manufacturing, or other hardware engineering environments
  • Exposure to zero trust architectures, identity systems, and secrets management platforms
  • Experience operating in fast-paced startup environments

What we offer

  • Comprehensive medical, dental, and vision coverage
  • Generous paid time off, company holidays, and parental leave
  • 401(k) plan with company match (100% on the first 3% of contributions, 50% on the next 2%)
  • Flexible Spending Accounts (FSA) and Health Savings Accounts (HSA) options
  • Commuter benefits (transit and parking)
  • Short-term and long-term disability, and life insurance
  • Employee Assistance Program (EAP) for mental health, financial, and personal support
  • Onsite snacks and catered lunches
  • Equity

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Product Security Engineer

8 matching positions

Product Security Engineer

As a Product Security Engineer at Ema, you sit at the intersection of backend en...
Location
Location
India
Salary
Salary:
Not provided
ema.co Logo
Ema
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4–7 years of experience building scalable software systems, with a strong emphasis on security engineering
  • Excellent programming skills (Python required
  • Go or similar strongly preferred)
  • Proven experience building internal tools, and frameworks used by engineering teams
  • Proven ability to build security platforms from zero to production scale
  • Strong judgment translating abstract risk into concrete engineering controls
  • Track record of influencing architecture across product, infra, and reliability teams
  • Comfortable owning ambiguous, high-impact security problems end to end
  • Experience integrating security into CI/CD pipelines and developer workflows
  • Comfortable operating cross-functionally with Product, Engineering, and Infra teams
Job Responsibility
Job Responsibility
  • Design, build, and maintain internal security tools and platforms to improve Ema’s overall security posture
  • Implement and improve security controls directly into product and platform workflows
  • Influence engineering architecture and ensure secure-by-design implementations
  • Own and scale application security programs including SAST, SCA, dependency risk, and custom detection logic
  • Support penetration testing efforts by validating findings and engineering durable fixes
  • Perform threat modeling for new features and systems, translating risks into concrete engineering solutions
  • Develop automation to reduce manual security effort across vulnerability management, access reviews, and incident response
  • Conduct secure design and code reviews with a strong focus on exploitable logic flaws and systemic risks
  • Build tooling to surface security signals from production systems and dev workflows
  • Fulltime
Read More
Arrow Right

Product Security Engineer

We are looking for a highly skilled PSIRT Engineer to lead the vulnerability res...
Location
Location
United States , Foster City
Salary
Salary:
180000.00 - 325000.00 USD / Year
replit.com Logo
Replit
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience running or triaging for bug bounty programs (HackerOne ideally)
  • Strong ability to triage, validate, and reproduce vulnerabilities independently
  • Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
  • Familiarity with cloud platforms (GCP preferred) and SaaS architectures
  • Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals
Job Responsibility
Job Responsibility
  • Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels
  • Independently validate, reproduce, severity-score, and document findings
  • Identify duplicates and maintain a clean vulnerability records pipeline
  • Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorization risks (Oauth, OIDC)
  • Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation
  • Provide detailed reproduction steps, proof-of-concepts, and technical analyses
  • Track SLAs, remediation progress, regression testing, and systemic improvements
  • Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance
  • Design and evolve the bug bounty program, including scope, rules, and reward structures
  • Manage platform selection, private vs. public launches, and community engagement
What we offer
What we offer
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Security Team is responsible for providing key security capabilities coverin...
Location
Location
Germany
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Job Responsibility
Job Responsibility
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering - security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What we offer
What we offer
  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly
  • Healthcare - Employer contributions towards your healthcare
  • Equity in the company - Every new team member who joins our company receives stock options
  • Time off - Flexible time off in the US, generous entitlement in other countries
  • A $500 Home office setup if you’re a remote employee
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right

Product Security Engineer

Product Security Engineer role in the Tech Foundations area. Tech Foundations en...
Location
Location
France
Salary
Salary:
Not provided
alan.com Logo
Alan
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong background in application and infrastructure security
  • Hands-on experience using Software Security, Product Security or Pentesting techniques to identify and mitigate security vulnerabilities in web and mobile applications
  • Experience in protecting organisations from cyber threats and have experience working with platforms to monitor, detect, and respond to security incidents
  • Familiarity with cloud security and modern web application security
  • Well-versed in Object Oriented Programming such as Python, Java, C#
  • Enthusiastic about web technologies such as modern Javascript
  • Willing to work in Python/JavaScript
  • Passionate about building products
  • Self-starting and entrepreneurial
  • Humble and still willing to grow
Job Responsibility
Job Responsibility
  • Strengthen security posture across the engineering organization
What we offer
What we offer
  • Generous equity packages
  • Flexible Office
  • All the tools you need (Macbook Pro, keyboard, laptop stand, monitor, Bose noise-canceling headphones)
  • Flexible vacation policy and flexible working hours
  • Extremely comprehensive health insurance
  • Country-specific commuter benefits
  • Learning & Training opportunities
  • Personal growth through coaching
  • Extended parental leave
  • Fulltime
Read More
Arrow Right

Senior Security Engineer and Principal Security Engineer (Multiple Positions)- Windows Security

The Microsoft Windows Security team is looking for learn-it-all security enginee...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Participate in security reviews to identify and mitigate risk in Microsoft products, including design reviews, code reviews, and fuzzing
  • Be the security contact for teams building new innovative products and technologies in the next version of Windows and devices
  • Identify security vulnerabilities in a wide variety of key OS features such as network protocols, security features, and Microsoft devices
  • Leverage a broad and current understanding of security to devise new protections
  • Interact with the external security community and security researchers
  • Collaborate with product teams to improve security, and articulate the business value of security investments
  • Fulltime
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , New York, NY; San Francisco, CA; Seattle, WA; Washington, DC
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to drive multi-month security initiatives independently, from problem definition through execution, without requiring significant direction
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience operating and securing AWS infrastructure at scale
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
Job Responsibility
Job Responsibility
  • Leverage broad product security expertise to build and maintain software tooling that secures every layer of the modern AI/ML software ecosystem
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , San Francisco; Seattle; New York
Salary
Salary:
189200.00 - 236500.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience with Kubernetes backed services
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • Ability to structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
  • Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus
Job Responsibility
Job Responsibility
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • a learning and development stipend
  • generous PTO
  • additional benefits such as a commuter stipend
  • equity grant
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right