Security Engineer

At xdof, we’re at an inflection point. Frontier labs are racing to build general-purpose robots, and high-quality training data is the bottleneck. We’re building the foundation behind the foundation models – the data collection systems, operational capability, exabyte-scale data warehouse, and software toolchain – to help our partners drive the field forward.

As more enterprise partners depend on our platform, security is infrastructure. We’re looking for a Security Engineer to own the security posture of our AWS environment and the external-facing platform our B2B customers integrate with every day. We’re early-stage, so you’ll have broad scope for security ownership across the stack.

What You’ll Do

Security engineers build the controls and trust layer that let our platform scale safely. Sample projects include:

• designing the identity and access layer that authenticates customers, internal users, and physical devices under a single coherent token and tenancy model

• designing and enforcing cloud IAM policies and permission boundaries so every user and service operates at minimum privilege

• hardening the external APIs our partners integrate with, including auth flows, threat modeling, rate limiting, and DDoS protection

• architecting secure cloud infrastructure with IaC and automated guardrails that catch misconfigurations before production

• securing Kubernetes clusters through RBAC, network policies, admission controllers, and secrets management

• owning the device identity story for our edge hardware — provisioning, credential rotation, and the path to mTLS with managed PKI as we scale to externally deployed fleets

• addressing lower-level concerns such as firmware pipelines, on-device security, and secure data ingestion from robotics hardware

Baseline skills:

• 5+ years in security engineering or software engineering with a strong security focus

• deep hands-on experience with cloud security primitives (IAM, organizational policies, VPCs, networking, logging, and encryption services)

• track record securing external-facing APIs and platforms in a B2B context, including modern auth standards (OAuth 2.1, OIDC, JWT validation, multi-tenant token design)

• proficiency with Infrastructure-as-Code and a GitOps-driven approach to managing environments

• fluency with Python or Go

You might be a good fit if you:

• have experience with embedded systems, firmware security, or securing hardware-software interfaces