Security Engineer

At xdof, we’re at an inflection point. Frontier labs are racing to build general-purpose robots, and high-quality training data is the bottleneck. We’re building the foundation behind the foundation models – the data collection systems, operational capability, exabyte-scale data warehouse, and software toolchain – to help our partners drive the field forward.

As more enterprise partners depend on our platform, security is infrastructure. We’re looking for a Security Engineer to own the security posture of our AWS environment and the external-facing platform our B2B customers integrate with every day. We’re early-stage, so you’ll have broad scope for security ownership across the stack.

What You’ll DoSecurity engineers build the controls and trust layer that let our platform scale safely. Sample projects include:

- designing the identity and access layer that authenticates customers, internal users, and physical devices under a single coherent token and tenancy model

- designing and enforcing cloud IAM policies and permission boundaries so every user and service operates at minimum privilege

- hardening the external APIs our partners integrate with, including auth flows, threat modeling, rate limiting, and DDoS protection

- architecting secure cloud infrastructure with IaC and automated guardrails that catch misconfigurations before production

- securing Kubernetes clusters through RBAC, network policies, admission controllers, and secrets management

- owning the device identity story for our edge hardware — provisioning, credential rotation, and the path to mTLS with managed PKI as we scale to externally deployed fleets

- addressing lower-level concerns such as firmware pipelines, on-device security, and secure data ingestion from robotics hardware

Baseline skills:- 5+ years in security engineering or software engineering with a strong security focus

- deep hands-on experience with cloud security primitives (IAM, organizational policies, VPCs, networking, logging, and encryption services)

- track record securing external-facing APIs and platforms in a B2B context, including modern auth standards (OAuth 2.1, OIDC, JWT validation, multi-tenant token design)

- proficiency with Infrastructure-as-Code and a GitOps-driven approach to managing environments

- fluency with Python or Go

You might be a good fit if you:- have experience with embedded systems, firmware security, or securing hardware-software interfaces