Cyber Security Architect Jobs in California

About Knightscope

Knightscope is a security technology company building the Nation’s First Autonomous Security Force. The Company combines autonomous machines, advanced software, and human expertise to help protect people, property, and critical infrastructure. Knightscope’s long-term mission is to make the United States of America the safest country in the world.

Job Summary

Knightscope is seeking a seasoned Cybersecurity Architect with 10+ years of experience to lead the security architecture function across our ASR platform, robotics systems, cloud services, and client-facing applications. This role is the authoritative voice for “secure by design” principles – shaping threat models, architectural patterns, compliance postures, and security engineering standards spanning embedded robotics, IoT communications, and enterprise cloud infrastructure.

About The Role

The Cybersecurity Architect operates at the strategic and technical intersection of robotics security, software platform security, and regulatory compliance, ensuring security is built in, not bolted on. This is not a coding developer/programmer role.

Location: Knightscope HQ, Sunnyvale, CA (This position is not remote)

Key Responsibilities

Secure by Design Architecture:

- Define and own Knightscope’s enterprise-wide Secure by Design framework – architectural patterns, security reference architectures, and ADRs applied from initial concept through production deployment.
- Lead threat modeling (STRIDE, PASTA, Attack Trees) and security architecture reviews for ASR embedded systems, robotics pipelines, cloud APIs, and client-facing applications; drive zero-trust, least-privilege, defense-in-depth, and cryptographic hygiene as foundational design principles.
- Evaluate and gate third-party integrations, vendor systems, and supply chain components for security compliance before production onboarding.

Robotics Systems Cybersecurity Architecture:

- Architect end-to-end ASR fleet security: embedded OS hardening, secure boot chains, firmware integrity verification, HSM/TPM key management, ROS/ROS 2 node authentication, SROS2/DDS-Security plugins, topic-level access control, and secure parameter management.
- Design authenticated robot-to-cloud and robot-to-client communications (TLS 1.3, mTLS, certificate lifecycle); architect sensor fusion anti-spoofing, tamper-evident telemetry logging, CAN bus/ECU hardening, OBD interface protection, OTA update integrity, and multi-tenant fleet segmentation.
- Establish forensic readiness and incident response architecture: tamper-evident audit logging, remote attestation, and field recovery procedures for deployed ASR platforms.

Software & Cloud Systems Security Architecture:

- Architect security across the full Knightscope stack (AWS/GCP/Azure, microservices, APIs, web/mobile): IAM/PAM, identity federation, RBAC/ABAC, vault-class secrets management, VPC/security group segmentation, container security (image signing, runtime policies, service mesh mTLS), and encryption at rest and in transit.
- Own SSDLC architecture – security requirements gates, threat modeling checkpoints, mandatory SAST/DAST/SCA integration, security-focused QA, and post-release vulnerability management; architect SIEM/SOAR pipelines for unified observability across fleet telemetry, cloud, and endpoints.
- Define Ubuntu hardening architecture for embedded platforms (ICM, ACM): CIS Benchmark alignment, AppArmor/SELinux policy frameworks, kernel hardening parameters, and automated patch management.

Compliance Architecture – FIPS 140-3 | Common Criteria | ISO/SAE 21434:

- FIPS 140-3: Lead cryptographic module compliance architecture – validated library selection and integration, key management architecture, and cryptographic boundary documentation required for module validation across all Knightscope products.
- Common Criteria: Define and oversee CC evaluation architecture – Security Target (ST) authorship, Protection Profile (PP) alignment, TOE boundary definition, and evaluation laboratory coordination for applicable products.
- ISO/SAE 21434: Architect cybersecurity processes for Knightscope’s autonomous platforms – Cybersecurity Management System (CSMS), Threat Analysis and Risk Assessment (TARA), cybersecurity goals derivation, and post-development monitoring.
- SOC 2 Type II, NIST CSF, FedRAMP, CMMC, CJIS: Map architecture controls to framework requirements; maintain compliance traceability matrix; partner with legal and product on emerging autonomous systems and AI regulations.

Required Qualifications

- 10+ years of progressive cybersecurity experience; at least 3 years in an architecture-focused role.
- Demonstrated expertise in Secure by Design and security-by-architecture methodologies, with a delivered portfolio of secure architectures for complex, multi-component systems.
- Deep knowledge of cryptographic principles: symmetric/asymmetric encryption, PKI, key lifecycle management, TLS/mTLS, and FIPS 140-3 validated cryptographic module integration.
- Hands-on threat modeling (STRIDE, PASTA, Attack Trees) applied to software systems and cyber-physical/robotics platforms.
- Zero-trust network architecture, network segmentation, and authentication protocol design (OAuth 2.0, OIDC, SAML, X.509).
- Embedded/IoT security architecture: secure boot, firmware integrity, hardware-assisted security (TPM, HSM, Secure Enclave), and resource-constrained cryptography.
- ROS/ROS 2 security architecture, DDS-Security, autonomous vehicle communication protocols, and OTA update security.
- Demonstrated experience leading or supporting FIPS 140-3 validation, Common Criteria evaluation, or ISO/SAE 21434 compliance programs.
- Cloud security architecture (AWS, GCP, or Azure): IAM, VPC, container security, and compliance-aligned posture management.
- Security Target authorship, ADRs, security reference architectures, and compliance traceability matrix documentation.
- S. in Computer Science, Information Security, Systems Engineering, or equivalent. CISSP, CSSLP, CCSP, SABSA, or equivalent architecture credential required.

Preferred Qualifications

- Prior experience securing autonomous systems, robotics platforms, or physical security technology environments, including hands-on work with ROS 2 Security (SROS2), DDS-Security plugin configuration, and ROS node-level access control.
- Familiarity with automotive and autonomous vehicle cybersecurity standards including ISO/SAE 21434, UN/ECE WP.29 (R155/R156), and SAE J3061, and their application to ground vehicle and robotics platforms.
- Experience with Common Criteria Protection Profiles relevant to network devices, operating systems, or autonomous systems, including participation in formal evaluation engagements.
- In-depth knowledge of government and public-sector security frameworks: FedRAMP High, CJIS Security Policy, FISMA, and CMMC Level 2/3, with experience mapping architecture controls to regulatory requirements.
- Hardware security architecture experience: TPM 2.0 integration, secure element provisioning, anti-tamper design, and physical unclonable function (PUF) technologies in embedded or robotics platforms.
- Background in formal security risk management frameworks such as ISO 27005, NIST SP 800-30, or the SAE J3061 TARA methodology applied to safety-critical or cyber-physical systems.
- Experience architecting security for AI/ML inference pipelines, including model integrity assurance, adversarial input detection, and secure model deployment in edge environments.

Compensation & Benefits

- Base Salary: $160,000 – $210,000 (DOE)
- Equity: Stock options
- Benefits: Medical, dental, vision, 401(k), paid time off
- Location Requirement: Full-time, on-site at Sunnyvale HQ