# Security Engineer

**Company:** [Xdof](https://hotfix.jobs/companies/xdof)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** AWS, IAM, Kubernetes, RBAC, Oauth 2.1, OIDC, Jwt, Infrastructure As Code, GitOps, Python, Go, Mtls, Pki, Vpcs, Network Policies
**Posted:** 2026-04-11

> Security Engineer owns AWS environment security and external B2B platform, designing identity/access layers, hardening APIs, securing Kubernetes clusters, and managing device identities for robotics hardware. Requires 5+ years experience with cloud security primitives, IaC, Python/Go.

## Job Description

## What You’ll Do

Security engineers build the controls and trust layer that let our platform scale safely. Sample projects include:

- designing the identity and access layer that authenticates customers, internal users, and physical devices under a single coherent token and tenancy model
- designing and enforcing cloud IAM policies and permission boundaries so every user and service operates at minimum privilege
- hardening the external APIs our partners integrate with, including auth flows, threat modeling, rate limiting, and DDoS protection
- architecting secure cloud infrastructure with IaC and automated guardrails that catch misconfigurations before production
- securing Kubernetes clusters through RBAC, network policies, admission controllers, and secrets management
- owning the device identity story for our edge hardware — provisioning, credential rotation, and the path to mTLS with managed PKI as we scale to externally deployed fleets
- addressing lower-level concerns such as firmware pipelines, on-device security, and secure data ingestion from robotics hardware

## Baseline skills

- 5+ years in security engineering or software engineering with a strong security focus
- deep hands-on experience with cloud security primitives (**IAM**, organizational policies, **VPCs**, networking, logging, and encryption services)
- track record securing external-facing APIs and platforms in a B2B context, including modern auth standards (**OAuth 2.1**, **OIDC**, **JWT** validation, multi-tenant token design)
- proficiency with **Infrastructure-as-Code** and a GitOps-driven approach to managing environments
- fluency with **Python** or **Go**

## You might be a good fit if you:

- have experience with embedded systems, firmware security, or securing hardware-software interfaces

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/af69b5cd-ccad-4d78-a79b-99496460f9ca
**Canonical:** https://hotfix.jobs/jobs/af69b5cd-ccad-4d78-a79b-99496460f9ca