Product Security Engineer

What We Do

Gecko Robotics is helping the world’s most important organizations ensure the availability, reliability, and sustainability of critical infrastructure. Gecko's complete and connected solutions combine wall-climbing robots, industry-leading sensors, and an AI-powered data platform to provide customers with a unique window into the current and future health of their physical assets. This enables real-time decision making to increase the efficiency and safety of operations, promote mission readiness, and protect the environment and civilization from the effects of infrastructure failure.

We are hiring an experienced Product Security Engineer to embed security deeply into how Gecko designs, builds, deploys, and operates software.

This role goes far beyond traditional App Sec scanning or policy enforcement. You will:

• Shape Gecko’s Secure Development Lifecycle (SDL)
• Secure cloud-native architectures (AWS, GCP, Azure)
• Design and implement security and software architecture
• Act as a technical authority for all things cloud and product security

This role is ideal for someone who has:

• Strong cloud security, software security and engineering skills
• Comfort writing code and building real-world infrastructure
• Built or fixed secure systems in production
• Worked closely with engineers (not just assess/audit/break them)

• Design, implement, and evolve Gecko’s SDL across design, build, test, deploy, and operate
• Embed security into CI/CD pipelines without slowing delivery
• Define security gates that are practical, measurable, and enforceable
• Drive remediation workflows that engineers actually complete

• Perform hands‑on secure code reviews (Python, Type Script, Cloud Formation/Terra Form, backend services)
• Identify and remediate vulnerabilities across APIs, services, auth flows, and data access
• Build and implement secure patterns (auth
  
  N/Z, secrets handling, input validation, crypto usage)
• Own and operate application security tooling (SAST, DAST, dependency and secret scanning) with a focus on signal quality and developer adoption

• Secure cloud-native architectures (IAM, networking, storage, compute, CI/CD)
• Identify toxic combinations (e.g., public access + IAM misconfigurations)
• Partner with platform teams to harden baseline infrastructure
• Support container, workload identity, and service-to-service security
• Lead incident response and root cause analysis for security events
• Build and maintain automation to integrate security controls into CI/CD pipelines

• Lead threat modeling for new systems, features, and integrations
• Review system and data flow architectures for security risks
• Translate abstract threats into concrete mitigations
• Influence design decisions early — before code ships

• Partner with SOC and engineering teams to lead incident response
• Support investigations, containment, and post-incident reviews
• Help turn incidents into durable architectural improvements
• Improve logging, detection, and security telemetry over time

• Map technical controls to leading compliance frameworks (ISO 27001, SOC 2, NIST 800‑53, FedRAMP, IL‑4, IL‑5)
• Automate audits evidence, not spreadsheets
• Ensure security controls align with real system behavior
• Enable Gecko’s expansion into regulated and mission‑critical environments

• Create practical security guidance, tooling and internal documentation to scale adoption
• Deliver targeted technical training for engineers (not generic awareness)
• Act as a trusted advisor, not a blocker

Technologies We Use

We use a variety of technologies, but we primarily operate using Python, React, and Typescript with CSPs. This is a non‑exhaustive list and we are tech agnostic in our interview process, so we encourage you to apply regardless of your background.

• 6+ years of experience in application security or a related role
• Bachelor’s in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience)
• Strong understanding of security…