Security Engineer

XDOF· San Mateo· ashby· publicat 11.04.2026
Obligatoriu:PythonAWSKubernetesCloudSecurity
At XDOF, we’re at an inflection point. Frontier labs are racing to build general-purpose robots, and high-quality training data is the bottleneck. We’re building the foundation behind the foundation models – the data collection systems, operational capability, exabyte-scale data warehouse, and software toolchain – to help our partners drive the field forward. As more enterprise partners depend on our platform, security is infrastructure. We’re looking for a Security Engineer to own the security posture of our AWS environment and the external-facing platform our B2B customers integrate with every day. We’re early-stage, so you’ll have broad scope for security ownership across the stack. WHAT YOU’LL DO Security engineers build the controls and trust layer that let our platform scale safely. Sample projects include: - designing the identity and access layer that authenticates customers, internal users, and physical devices under a single coherent token and tenancy model - designing and enforcing cloud IAM policies and permission boundaries so every user and service operates at minimum privilege - hardening the external APIs our partners integrate with, including auth flows, threat modeling, rate limiting, and DDoS protection - architecting secure cloud infrastructure with IaC and automated guardrails that catch misconfigurations before production - securing Kubernetes clusters through RBAC, network policies, admission controllers, and secrets management - owning the device identity story for our edge hardware — provisioning, credential rotation, and the path to mTLS with managed PKI as we scale to externally deployed fleets - addressing lower-level concerns such as firmware pipelines, on-device security, and secure data ingestion from robotics hardware BASELINE SKILLS: - 5+ years in security engineering or software engineering with a strong security focus - deep hands-on experience with cloud security primitives (IAM, organizational policies, VPCs, networking, logging, and encryption services) - track record securing external-facing APIs and platforms in a B2B context, including modern auth standards (OAuth 2.1, OIDC, JWT validation, multi-tenant token design) - proficiency with Infrastructure-as-Code and a GitOps-driven approach to managing environments - fluency with Python or Go YOU MIGHT BE A GOOD FIT IF YOU: - have experience with embedded systems, firmware security, or securing hardware-software interfaces