Cybersecurity Architect
Listed on 2026-07-10
-
IT/Tech
Cybersecurity, Systems Engineer
About Knightscope
Knightscope is a security technology company building the Nation’s First Autonomous Security Force. The Company combines autonomous machines, advanced software, and human expertise to help protect people, property, and critical infrastructure. Knightscope’s long‑term mission is to make the United States of America the safest country in the world
Job SummaryKnightscope is seeking a seasoned Cybersecurity Architect with 10+ years of experience to lead the security architecture function across our ASR platform, robotics systems, cloud services, and client‑facing applications. This role is the authoritative voice for “secure by design” principles – shaping threat models, architectural patterns, compliance postures, and security engineering standards spanning embedded robotics, IoT communications, and enterprise cloud infrastructure.
Aboutthe Role
The Cybersecurity Architect operates at the strategic and technical intersection of robotics security, software platform security, and regulatory compliance, ensuring security is built in, not bolted on. This is not a coding developer/programmer role.
Location:
Knightscope HQ, Sunnyvale, CA (This position is not remote)
Secure by Design Architecture
- Define and own Knightscope’s enterprise‑wide Secure by Design framework – architectural patterns, security reference architectures, and ADRs applied from initial concept through production deployment.
- Lead threat modeling (STRIDE, PASTA, Attack Trees) and security architecture reviews for ASR embedded systems, robotics pipelines, cloud APIs, and client‑facing applications; drive zero‑trust, least‑privilege, defense‑in‑depth, and cryptographic hygiene as foundational design principles.
- Evaluate and gate third‑party integrations, vendor systems, and supply chain components for security compliance before production onboarding.
- Architect end‑to‑end ASR fleet security: embedded OS hardening, secure boot chains, firmware integrity verification, HSM/TPM key management, ROS/ROS 2 node authentication, SROS2/DDS‑Security plugins, topic‑level access control, and secure parameter management.
- Design authenticated robot‑to‑cloud and robot‑to‑client communications (TLS 1.3, mTLS, certificate lifecycle); architect sensor fusion anti‑spoofing, tamper‑evident telemetry logging, CAN bus/ECU hardening, OBD interface protection, OTA update integrity, and multi‑tenant fleet segmentation.
- Establish forensic readiness and incident response architecture: tamper‑evident audit logging, remote attestation, and field recovery procedures for deployed ASR platforms.
- Architect security across the full Knightscope stack (AWS/GCP/Azure, microservices, APIs, web/mobile): IAM/PAM, identity federation, RBAC/ABAC, vault‑class secrets management, VPC/security group segmentation, container security (image signing, runtime policies, service mesh mTLS), and encryption at rest and in transit.
- Own SSDLC architecture – security requirements gates, threat modeling checkpoints, mandatory SAST/DAST/SCA integration, security‑focused QA, and post‑release vulnerability management; architect SIEM/SOAR pipelines for unified observability across fleet telemetry, cloud, and endpoints.
- Define Ubuntu hardening architecture for embedded platforms (ICM, ACM): CIS Benchmark alignment, App Armor/SELinux policy frameworks, kernel hardening parameters, and automated patch management.
- FIPS 140‑3:
Lead cryptographic module compliance architecture – validated library selection and integration, key management architecture, and cryptographic boundary documentation required for module validation across all Knightscope products. - Common Criteria:
Define and oversee CC evaluation architecture – Security Target (ST) authorship, Protection Profile (PP) alignment, TOE boundary definition, and evaluation laboratory coordination for applicable products. - ISO/SAE 21434:
Architect cybersecurity processes for Knightscope’s autonomous platforms – Cybersecurity Management System (CSMS), Threat Analysis and…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).