Senior Software Engineer, Security Engineering

<div class="mt-8 text-xl text-gray-600 leading-8"> <div data-controller="rich-text"> <div class="rich-text-container" data-rich-text-target="richTextContainer"> <h3><strong>Company Introduction</strong></h3> <p>At Bot Auto, we are revolutionizing the transportation of goods with our cutting-edge autonomous trucks, enhancing the quality of life for communities around the globe. With the agility of a start-up and the wisdom of seasoned experts, Bot Auto boasts a team that has achieved numerous world-firsts and unparalleled innovations. United by a shared vision, we create miracles and propel the future of transportation. Join us and transform your dreams into reality.</p> <p>We are seeking a highly skilled and motivated <strong>Senior Software Engineer, Security Engineering</strong> to design, build, and operate security across Bot Auto's autonomous trucking stack. The proprietary technology that powers our autonomous driving system is our core intellectual property, and protecting it — along with the safety-relevant systems behind our fleet — is mission critical. In this role, you will work across onboard (in-vehicle) security as well as infrastructure and platform security. You will also help shape how Bot Auto adopts AI responsibly: understanding the security implications of large language models and agentic systems, and developing the protections that let us innovate quickly and safely. As a hands-on technical leader, you will embed security best practices into every layer of our systems, from the vehicle to the cloud.</p> <h3><strong>Key Responsibilities</strong></h3> <ul> <li>Design and implement security controls for onboard (in-vehicle) systems, including secure boot, code signing, secrets and key management, secure over-the-air (OTA) updates, and hardening of the autonomous driving software stack.</li> <li>Architect and operate security across infrastructure and platforms, spanning Kubernetes, public cloud (AWS), on-prem data centers, CI/CD pipelines, and internal developer platforms.</li> <li>Develop protections for AI systems — assess the security implications of large language models and agentic workflows (prompt injection, data exfiltration, model and supply-chain risks) and build guardrails, sandboxing, and monitoring.</li> <li>Build identity and access management, secrets management, and least-privilege authorization across services, devices, and the fleet.</li> <li>Perform threat modeling, security design reviews, and risk assessments for new products and architectures, partnering with engineering teams to remediate findings.</li> <li>Establish vulnerability management, dependency and supply-chain scanning, and a secure software development lifecycle (SSDLC) across the organization.</li> <li>Develop detection, logging, and incident response capabilities to identify and respond to security events across onboard and infrastructure environments.</li> <li>Champion a security-first culture through tooling, automation, documentation, and mentorship.</li> </ul> <h3>Required <strong>Qualifications&nbsp;</strong></h3> <ul> <li>Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent experience</li> <li>5+ years of hands-on software engineering experience, with a strong focus on security</li> <li>Strong software development skills in one or more languages: Python, Go, Rust, C/C++, or JavaScript/TypeScript</li> <li>Solid understanding of applied cryptography, authentication and authorization, secure system design, and common vulnerability classes</li> <li>Experience securing cloud infrastructure and/or distributed systems in production</li> </ul> <h3>Preferred <strong>Qualifications&nbsp;</strong></h3> <ul> <li>Experience with embedded, automotive, IoT, or other onboard/edge security (secure boot, TPM/HSM, code signing, OTA updates)</li> <li>Familiarity with Kubernetes and cloud security (AWS), IaC security (Terraform, Pulumi), and CI/CD pipeline hardening</li> <li>Knowledge of AI/LLM security: prompt injection, model supply chain, agent sandboxing, and AI guardrail frameworks</li> <li>Experience with IAM, secrets management (e.g., HashiCorp Vault), and zero-trust architectures</li> <li>Hands-on experience with security tooling: SAST/DAST, SBOM and dependency scanning, SIEM, and detection engineering</li> <li>Familiarity with security standards and frameworks (e.g., ISO/SAE 21434, NIST, OWASP, SOC 2)</li> <li>Experience with threat modeling and incident response</li> </ul> </div> </div> </div>