Product Security Engineer, Cryptography & PKI

Job description

Product Security Engineer, Cryptography & PKI

Palo Alto, CA (on-site)

About 1X
We build humanoid robots that work alongside people to solve labor shortages and create abundance.

The Role
As a Product Security Engineer specializing in cryptography and PKI, you will build and scale the cryptographic infrastructure that secures 1X’s robots and communications. Your work will ensure trust, integrity, and long-term security across the company’s hardware and software systems.

You Will

• Design and manage end-to-end cryptographic services, including PKI and key lifecycle management
• Establish HSM infrastructure as the root of trust for firmware signing and IoT authentication
• Lead the evaluation, procurement, configuration, and integration of HSM vendor solutions
• Architect scalable key management systems for future growth
• Design remote device attestation mechanisms leveraging technologies such as fTPM or OP-TEE
• Build and automate secure pipelines for firmware and boot loader signing
• Define infrastructure and policies for author key provisioning, rotation, and destruction
• Secure build systems and code-signing workflows
• Develop factory provisioning architecture for mass key and certificate distribution
• Support secure communication protocol development
• Collaborate with cross-functional teams including Product Security, Cloud Infrastructure, Device Engineering, and Sec Ops

Must Have

• Strong experience with cryptography, PKI design, and key management
• Experience working with hardware security modules (HSMs), including vendor selection, integration, and root‑of‑trust establishment
• Familiarity with remote device attestation frameworks (such as fTPM, OP‑TEE, or similar)
• Demonstrated ability to design and scale secure firmware signing and code signing pipelines
• Proven track record in defining and enforcing trust policies (key generation, rotation, destruction) and provisioning mechanisms
• Experience securing build/artifact pipelines and developing secure communication protocols
• Ability to work cross‑functionally with hardware, software, security operations, and infrastructure teams
• High attention to detail, strong problem solving, with a mindset of anticipating vulnerabilities and designing defendable systems

Nice to Have:

• Vendor-specific HSM credentials or labs (Thales, Utimaco, AWS Cloud
  
  HSM)
• NVIDIA Orin or similar SoC platform experience
• Background in post-quantum crypto evaluation and migration planning
• Familiarity with large-scale factory provisioning tools (KMIP gateways, ACME/SCEP)
• Prod Sec/supply-chain security expertise (SBOMs, CI/CD hardening)
• Experience in C/C++/Rust/GoLang (in addition to Python / Bash)
• GoLang preferred
• Additional security certifications

Benefits & Compensation

• Salary Range: $137,861 – $240,000 + Equity
• Health, dental, and vision insurance
• 401(k) with company match
• Paid time off and holidays

Equal Opportunity Employer
1X is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, ancestry, citizenship, age, marital status, medical condition, genetic information, disability, military or veteran status, or any other characteristic protected under applicable federal, state, or local law.