Job Summary:
Overland AI is transforming land operations for modern defense, leveraging advanced research in robotics and machine learning. They are seeking a mission-driven Product Security Engineer to embed security into the lifecycle of their robotic systems, ensuring compliance with cybersecurity requirements and hardening systems against threats.
Responsibilities:
• Lead the design and validation of security controls that ensure system integrity, intrusion prevention, secure logging, and data protection for robotic platforms.
• Collaborate with customers, regulators, and internal teams to define and document security requirements that guide software development and system integration.
• Ensure compliance with CSEIG v3.0, DISA STIGs, and NIST 800‑53/171 by implementing required controls and preparing evidence for certification and authorization (ATO/ATC) activities.
• Drive a secure software development lifecycle (SDLC) by establishing policies, gates, and checklists across design, code review, CI/CD, and release processes.
• Develop secure firmware and update mechanisms, including signed, atomic, and recoverable updates with built‑in health checks, CVE management, and SBOM generation.
• Harden operating systems (Ubuntu and NixOS) through CIS/STIG baselines, AppArmor/SELinux configuration, systemd hardening, and least‑privilege enforcement.
• Strengthen physical security through tamper‑evident designs, interface protection, and side‑channel attack mitigation.
• Implement cryptographic controls including validated crypto modules, FIPS 140‑3 compliance, TPM management, and secure/measured boot processes.
• Build and maintain a secure software supply chain with artifact signing, provenance tracking, vendor risk reviews, and defined security SLAs.
• Lead threat‑modeling and Attack Tree exercises across robotic, autonomy, and C2 systems to identify vulnerabilities and define mitigations.
• Establish robust API security aligned with OWASP ASVS, implementing mTLS, key management, rate limiting, and secure session controls.
• Apply ROS 2 security principles, including DDS‑Security and namespace policies, to ensure authenticated and confidential message exchange.
• Define and support operational security requirements, covering log collection, forensics, and automated intrusion detection and prevention.
• Safeguard command integrity via CAC/PIV‑based client authentication, mutual TLS, and role‑based authorization enforcing least‑privilege access.
Qualifications:
Required:
• BS in CS/EE or related, or equivalent experience
• 6+ years in cybersecurity or secure software development, with no less than 2 years in a product security or offensive security role
• Direct experience with the Department of Defense (DoD) Risk Management Framework (RMF), NIST 800-53, CNSSI 1253, and documenting security controls for Authority to Operate (ATO) or Authority to Connect (ATC) packages in eMass
• Proven ownership of SAST/SCA/DAST and CI/CD security controls
• Strong Linux internals and hardening experience (Ubuntu and/or NixOS)
• Hands-on with cryptography engineering, key management, and secure boot chains
• Experience shipping signed firmware/OS images
• Proficiency in either Python or C++
• Must be eligible to obtain and maintain a TS/SCI clearance
Preferred:
• Hands on experience with LabJack sensors, Dataspeed Drive By Wire Systems, Ouster Lidar, and CAN network systems
• Familiarity with industry cybersecurity standards such as ISO 21434 or UN R155
• Certifications: GIAC GPEN/GXPN, OSCP, ISC2 CSSLP
Company:
Overland AI develops autonomous ground vehicle technology for tactical and operational applications. Founded in 2022, the company is headquartered in Seattle, USA, with a team of 51-200 employees. The company is currently Growth Stage.