Product Security Engineer

Overland AI

Seattle, Washington

JOB DETAILS
SKILLS
Application Programming Interface (API), Artificial Intelligence (AI), Authentication, Booting, C++ Programming Language, Code Reviews, Computer Firmware, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Contract Requirements, Control Systems, Cryptography, Customer Support/Service, Defense Information Systems Agency (DISA), Dental Insurance, Documentation, FIPS (Federal Information Processing Standards) 140, Forensic Science, GIAC - Global Information Assurance Certification, GPEN - GIAC Penetration Tester, Healthcare, ISO (International Organization for Standardization), Industry Standards, Information/Data Security (InfoSec), International Information Systems Security Certification Consortium (ISC)2, Internet Security, Intrusion Detection and Prevention (IDP), Intrusion Prevention Systems, Light Detection and Ranging (LiDAR)\Laser Detection and Ranging (LADAR), Linux Operating System, Maintain Compliance, Network Systems, Operating Systems, Operational Support, Operations Security (OPSEC), Physical Security, Policy Development, Product Engineering, Python Programming/Scripting Language, Regulations, Regulatory Requirements, Risk, Risk Management Framework (RMF), SSL-TLS (Secure Socket Layer - Transport Layer Security), Security Architecture, Security Attacks, Security Software, Security-Enhanced Linux (SELinux), Service Level Agreement (SLA), Software Administration, Software Development, Software Development Lifecycle (SDLC), Supply Chain, System Architecture, System Integration (SI), Threat Modeling, Traffic Shaping, U.S. National Institute of Standards and Technology (NIST), Ubuntu, United States Department of Defense (DoD), Vision Plan
LOCATION
Seattle, Washington
POSTED
30+ days ago

Role Summary: 

We are looking for a mission-driven Product Security Engineer to embed security into the entire lifecycle of our cutting-edge robotic systems and our command and control system. You will be responsible for hardening our autonomous ground vehicles against cyber threats in complex, contested environments. You will own compliance with our customer's contract requirements for cyber security.

In this role, you will take ownership of the security architecture for our robotic systems, ensuring that every component—from firmware to command interfaces—is designed, implemented, and validated with security at its core. You will architect and develop robust security controls to meet rigorous contractual and regulatory requirements, encompassing intrusion prevention, secure logging, encryption, and system integrity protections. You’ll serve as the key integrator of feedback from customers, industry standards, and regulatory agencies, translating their input into clear, actionable security requirements for software development teams. As a compliance leader, you will map and implement controls aligned with CSEIG v3.0, DISA STIGs, and NIST 800-53/171, preparing the necessary documentation and evidence to support customer ATO and ATC efforts. You’ll define and champion security across the software development lifecycle by implementing policies, security gates, and checklists for design, code review, CI/CD, and release. Each feature will include measurable security acceptance criteria to ensure continuous assurance.


Key Responsibilities

  • Lead the design and validation of security controls that ensure system integrity, intrusion prevention, secure logging, and data protection for robotic platforms.
  • Collaborate with customers, regulators, and internal teams to define and document security requirements that guide software development and system integration.
  • Ensure compliance with CSEIG v3.0, DISA STIGs, and NIST 800‑53/171 by implementing required controls and preparing evidence for certification and authorization (ATO/ATC) activities.
  • Drive a secure software development lifecycle (SDLC) by establishing policies, gates, and checklists across design, code review, CI/CD, and release processes.
  • Develop secure firmware and update mechanisms, including signed, atomic, and recoverable updates with built‑in health checks, CVE management, and SBOM generation.
  • Harden operating systems (Ubuntu and NixOS) through CIS/STIG baselines, AppArmor/SELinux configuration, systemd hardening, and least‑privilege enforcement.
  • Strengthen physical security through tamper‑evident designs, interface protection, and side‑channel attack mitigation.
  • Implement cryptographic controls including validated crypto modules, FIPS 140‑3 compliance, TPM management, and secure/measured boot processes.
  • Build and maintain a secure software supply chain with artifact signing, provenance tracking, vendor risk reviews, and defined security SLAs.
  • Lead threat‑modeling and Attack Tree exercises across robotic, autonomy, and C2 systems to identify vulnerabilities and define mitigations.
  • Establish robust API security aligned with OWASP ASVS, implementing mTLS, key management, rate limiting, and secure session controls.
  • Apply ROS 2 security principles, including DDS‑Security and namespace policies, to ensure authenticated and confidential message exchange.
  • Define and support operational security requirements, covering log collection, forensics, and automated intrusion detection and prevention.
  • Safeguard command integrity via CAC/PIV‑based client authentication, mutual TLS, and role‑based authorization enforcing least‑privilege access.

Qualifications:

  • BS in CS/EE or related, or equivalent experience
  • 6+ years in cybersecurity or secure software development, with no less than 2 years in a product security or offensive security role
  • Direct experience with the Department of Defense (DoD) Risk Management Framework (RMF), NIST 800-53, CNSSI 1253, and documenting security controls for Authority to Operate (ATO) or Authority to Connect (ATC) packages in eMass
  • Proven ownership of SAST/SCA/DAST and CI/CD security controls
  • Strong Linux internals and hardening experience (Ubuntu and/or NixOS)
  • Hands-on with cryptography engineering, key management, and secure boot chains
  • Experience shipping signed firmware/OS images
  • Proficiency in either Python or C++

Desired Experience & Qualifications: 

  • Hands on experience with LabJack sensors, Dataspeed Drive By Wire Systems, Ouster Lidar, and CAN network systems
  • Familiarity with industry cybersecurity standards such as ISO 21434 or UN R155
  • Certifications: GIAC GPEN/GXPN, OSCP, ISC2 CSSLP
  • Must be eligible to obtain and maintain a TS/SCI clearance 

Benefits:

Overland AI believes in creating a work environment that you look forward to embracing every day.

  • The salary range for this position is $170K to $200K annually  
  • Equity compensation
  • Best-in-class healthcare, dental and vision plans.
  • Unlimited PTO
  • 401k with company match
  • Parental leave

Location:

This position will be located in Seattle, WA.

 

Overland AI is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, age, marital status, disability, genetic information, protected veteran or military status, or any other status protected by applicable law.

This position may involve access to export-controlled technology. Employment is contingent on the ability to comply with U.S. export control laws.

Overland AI provides reasonable accommodations for qualified individuals with disabilities and disabled veterans during the application process. Please contact [peopleops@overland.ai] to request an accommodation.

 

About the Company

O

Overland AI