Product Security Engineer, Cryptography & PKI
Kind Humanoid
Job description
Product Security Engineer, Cryptography & PKI
Palo Alto, CA (on-site)
About 1X
We build humanoid robots that work alongside people to solve labor shortages and create abundance.
The Role
As a Product Security Engineer specializing in cryptography and PKI, you will build and scale the cryptographic infrastructure that secures 1X’s robots and communications. Your work will ensure trust, integrity, and long-term security across the company’s hardware and software systems.
You Will
Design and manage end-to-end cryptographic services, including PKI and key lifecycle management
Establish HSM infrastructure as the root of trust for firmware signing and IoT authentication
Lead the evaluation, procurement, configuration, and integration of HSM vendor solutions
Architect scalable key management systems for future growth
Design remote device attestation mechanisms leveraging technologies such as fTPM or OP-TEE
Build and automate secure pipelines for firmware and bootloader signing
Define infrastructure and policies for author key provisioning, rotation, and destruction
Secure build systems and code-signing workflows
Develop factory provisioning architecture for mass key and certificate distribution
Support secure communication protocol development
Collaborate with cross-functional teams including Product Security, Cloud Infrastructure, Device Engineering, and SecOps
Job requirements
Must Have
Strong experience with cryptography, PKI design, and key management
Experience working with hardware security modules (HSMs), including vendor selection, integration, and root‑of‑trust establishment
Familiarity with remote device attestation frameworks (such as fTPM, OP‑TEE, or similar)
Demonstrated ability to design and scale secure firmware signing and code signing pipelines
Proven track record in defining and enforcing trust policies (key generation, rotation, destruction) and provisioning mechanisms
Experience securing build/artifact pipelines and developing secure communication protocols
Ability to work cross‑functionally with hardware, software, security operations, and infrastructure teams
High attention to detail, strong problem solving, with a mindset of anticipating vulnerabilities and designing defendable systems
Nice to Have:
Vendor-specific HSM credentials or labs (Thales, Utimaco, AWS CloudHSM)
NVIDIA Orin or similar SoC platform experience
Background in post-quantum crypto evaluation and migration planning
Familiarity with large-scale factory provisioning tools (KMIP gateways, ACME/SCEP)
ProdSec/supply-chain security expertise (SBOMs, CI/CD hardening)
Experience in C/C++/Rust/GoLang (in addition to Python / Bash)
GoLang preferred
Additional security certifications
Benefits & Compensation
Salary Range: $137,861 – $240,000 + Equity
Health, dental, and vision insurance
401(k) with company match
Paid time off and holidays
Equal Opportunity Employer
1X is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, ancestry, citizenship, age, marital status, medical condition, genetic information, disability, military or veteran status, or any other characteristic protected under applicable federal, state, or local law.
or