Product Security Enginee
At Gecko Robotics, we're on a mission to safeguard the world's most vital infrastructure. Our cutting-edge solutions — combining advanced wall-climbing robots, industry-leading sensors, and an AI-powered data platform — provide an unparalleled view into the health of physical assets. This empowers real-time decision-making, significantly boosting operational efficiency and safety, ensuring mission readiness, and protecting our environment and civilization from catastrophic infrastructure failures.
Your Impact: Elevating Security at Gecko
We're seeking a highly experienced Product Security Engineer to deeply embed security into the DNA of how Gecko designs, builds, deploys, and operates our software and systems. This isn't just about scanning or policy enforcement; it's about engineering security from the ground up, shaping our future, and building a culture of secure development.
As a key technical authority in cloud and product security, you will: Architect and shape Gecko’s Secure Development Lifecycle (SDL). This role is designed for a builder, someone who: Possesses strong cloud security, software security, and engineering prowess. What You'll Be Doing: Core Responsibilities Secure Development Lifecycle (SDL) Leadership Design, implement, and continuously evolve Gecko’s SDL across the entire software development lifecycle: design, build, test, deploy, and operate. Application & Code Security Engineering Perform hands-on secure code reviews across critical systems (Python, TypeScript, Cloud Formation/TerraForm, backend services). Cloud & Infrastructure Security Hardening Secure and harden cloud-native architectures, focusing on IAM, networking, storage, compute, and CI/CD. Architecture & Threat Modeling Leadership Lead comprehensive threat modeling exercises for all new systems, features, and integrations. Detection, Response & Resilience Enhancement Collaborate with SOC and engineering teams to lead and execute incident response activities. Compliance & Customer Trust Automation Map technical security controls to leading compliance frameworks (ISO 27001, SOC 2, NIST 800-53, FedRAMP, IL-4, IL-5). Developer Enablement & Empowerment Create practical, impactful security guidance, tooling, and internal documentation to scale security adoption across engineering teams. Technologies You'll Master Who You Are: Expertise & Experience Required Skills & Experience 6+ years of progressive experience in application security or a closely related role. Preferred Skills & Experience Experience working within robotics, industrial systems, or other safety-critical environments. Life at Gecko Robotics: Our Culture & Benefits At Gecko, our people are our most valuable asset. We invest heavily in our team, offering: Competitive compensation packages. We foster a culture of collaboration, innovation, and partnership. While we value in-person connection as an office-first culture, we understand the need for flexibility. Many team members are in the office five days a week, while others leverage a hybrid approach. Ultimately, we prioritize the outcomes we achieve and cultivate a culture of autonomy and trust that empowers significant impact. Gecko is deeply committed to creating a diverse and inclusive environment where everyone belongs. We are proud to be an equal opportunity employer and believe it is our collective responsibility to uphold these values. We strongly encourage candidates from all backgrounds to join us in our critical mission: protecting today’s infrastructure and shaping tomorrow’s. All qualified applicants will receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, veteran status, age, or any other protected characteristic per federal, state, or local law. If you are passionate about what you do and eager to use your talents to support a mission of profound importance, we’d love to connect with you.
Fortify cloud-native architectures across AWS, GCP, and Azure.
Lead the design and implementation of robust security and software architecture.
Act as the go-to expert for all things cloud and product security.
Is comfortable writing code and actively building real-world infrastructure.
Has a proven track record of building or fixing secure systems in production.
Thrives working collaboratively with engineers, acting as a partner and enabler, not just an assessor or auditor.
Seamlessly embed security into CI/CD pipelines, enhancing resilience without compromising delivery speed.
Define and implement security gates that are practical, measurable, and enforceable.
Drive effective remediation workflows that engineers not only understand but actively complete.
Proactively identify and remediate vulnerabilities within APIs, services, authentication flows, and data access layers.
Architect and implement secure coding patterns (e.g., authN/Z, secrets handling, robust input validation, secure cryptographic usage).
Own and optimize application security tooling (SAST, DAST, dependency and secret scanning), focusing on signal quality and maximizing developer adoption.
Identify and mitigate "toxic combinations" (e.g., public access coupled with IAM misconfigurations).
Partner closely with platform teams to fortify baseline infrastructure and shared services.
Provide expert guidance and support for container security, workload identity, and service-to-service authentication.
Lead incident response and conduct thorough root cause analysis for security events within cloud environments.
Build and maintain automation to seamlessly integrate security controls into CI/CD pipelines.
Conduct in-depth reviews of system and data flow architectures to identify and assess security risks.
Translate abstract security threats into concrete, actionable mitigation strategies.
Influence critical design decisions early in the development process, long before code is shipped.
Support investigations, containment efforts, and post-incident reviews to extract key learnings.
Transform security incidents into durable, long-term architectural improvements.
Continuously improve logging, detection capabilities, and overall security telemetry.
Automate the generation and collection of audit evidence, moving beyond manual spreadsheets.
Ensure security controls accurately align with real-world system behavior and operational realities.
Enable Gecko’s strategic expansion into highly regulated and mission-critical environments.
Deliver targeted, technical training sessions for engineers, focusing on practical skills over generic awareness.
Act as a trusted security advisor and partner, fostering innovation rather than acting as a blocker.
While we use a diverse technology stack, our core operations primarily leverage Python, React, and TypeScript with various Cloud Service Providers (CSPs). This is a non-exhaustive list, and we are proudly tech-agnostic in our interview process. We encourage you to apply regardless of your specific background if you have the core skills and passion.
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent practical experience).
Strong understanding of security protocols, cryptographic principles, and application security frameworks (e.g., OWASP Top 10).
Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP) and various security assessment methodologies.
Hands-on experience with programming languages such as Java, Python, or C++.
Familiarity with various operating systems and datastore technologies.
Solid understanding of Security Best Practices and frameworks (e.g., NIST, ISO27001, SOC 2).
Proven experience with Cloud architectures and design patterns (GCP experience is a significant plus).
Previous experience supporting DoD or regulated defense customers.
A background in red team or offensive security.
Demonstrated experience building Secure Development Lifecycles from scratch or maturing them significantly within an organization.
Company equity.
401(k) matching.
Gender-neutral parental leave.
Comprehensive medical, dental, and vision insurance.
Robust mental health and wellness support.
Ongoing professional development opportunities.
Family planning assistance.
Flexible paid time off.