Product Security Engineer

What We Do Gecko Robotics is helping the world’s most important organizations ensure the availability, reliability, and sustainability of critical infrastructure. Gecko's complete and connected solutions combine wall-climbing robots, industry-leading sensors, and an AI-powered data platform to provide customers with a unique window into the current and future health of their physical assets. This enables real-time decision making to increase the efficiency and safety of operations, promote mission readiness, and protect the environment and civilization from the effects of infrastructure failure.Role at a GlanceWe are hiring an experienced Product Security Engineer to embed security deeply into how Gecko designs, builds, deploys, and operates software.This role goes far beyond traditional AppSec scanning or policy enforcement. You will:Shape Gecko’s Secure Development Lifecycle (SDL)Secure cloud-native architectures (AWS, GCP, Azure)Design and implement security and software architectureAct as a technical authority for all things cloud and product securityThis role is ideal for someone who has:Strong cloud security, software security and engineering skillsComfort writing code and building real-world infrastructureBuilt or fixed secure systems in productionWorked closely with engineers (not just assess/audit/break them)What you will doSecure Development Lifecycle (SDL) OwnershipDesign, implement, and evolve Gecko’s SDL across design, build, test, deploy, and operateEmbed security into CI/CD pipelines without slowing deliveryDefine security gates that are practical, measurable, and enforceableDrive remediation workflows that engineers actually completeApplication & Code SecurityPerform hands-on secure code reviews (Python, TypeScript, Cloud Formation/TerraForm, backend services)Identify and remediate vulnerabilities across APIs, services, auth flows, and data accessBuild and implement secure patterns (authN/Z, secrets handling, input validation, crypto usage)Own and operate application security tooling (SAST, DAST, dependency and secret scanning) with a focus on signal quality and developer adoptionCloud & Infrastructure SecuritySecure cloud-native architectures (IAM, networking, storage, compute, CI/CD)Identify toxic combinations (e.g., public access + IAM misconfigurations)Partner with platform teams to harden baseline infrastructureSupport container, workload identity, and service-to-service securityLead incident response and root cause analysis for security eventsBuild and maintain automation to integrate security controls into CI/CD pipelinesArchitecture & Threat ModelingLead threat modeling for new systems, features, and integrationsReview system and data flow architectures for security risksTranslate abstract threats into concrete mitigationsInfluence design decisions early — before code shipsDetection, Response & ResiliencePartner with SOC and engineering teams to lead incident responseSupport investigations, containment, and post-incident reviewsHelp turn incidents into durable architectural improvementsImprove logging, detection, and security telemetry over timeCompliance & Customer TrustMap technical controls to leading compliance frameworks (ISO 27001, SOC 2, NIST 800-53, FedRAMP, IL-4, IL-5)Automate audits evidence, not spreadsheetsEnsure security controls align with real system behaviorEnable Gecko’s expansion into regulated and mission-critical environmentsDeveloper EnablementCreate practical security guidance, tooling and internal documentation to scale adoptionDeliver targeted technical training for engineers (not generic awareness)Act as a trusted advisor, not a blockerTechnologies We UseWe use a variety of technologies, but we primarily operate using Python, React, and Typescript with CSPs. This is a non-exhaustive list and we are tech agnostic in our interview process, so we encourage you to apply regardless of your background.About YouRequired Skills6+ years of experience in application security or a related ... (truncated, view full listing at source)