This range is representative of the starting base salary for this role at Gecko based on the current available market data; it does not include bonuses, equity, or other salary components. Where a candidate falls in the range will be determined based on job-related factors such as relevant experience, skills, and location. Should you have compensation expectations that exceed these bands, we'd love to hear from you and would welcome you to reach out to further discuss.

What We Do

Gecko Robotics is helping the world’s most important organizations ensure the availability, reliability, and sustainability of critical infrastructure. Gecko's complete and connected solutions combine wall-climbing robots, industry-leading sensors, and an AI-powered data platform to provide customers with a unique window into the current and future health of their physical assets. This enables real-time decision making to increase the efficiency and safety of operations, promote mission readiness, and protect the environment and civilization from the effects of infrastructure failure.

Role at a Glance

We are hiring an experienced Product Security Engineer to embed security deeply into how Gecko designs, builds, deploys, and operates software.

This role goes far beyond traditional AppSec scanning or policy enforcement. You will:

• Shape Gecko’s Secure Development Lifecycle (SDL)

• Secure cloud-native architectures (AWS, GCP, Azure)

• Design and implement security and software architecture

• Act as a technical authority for all things cloud and product security

This role is ideal for someone who has:

• Strong cloud security, software security and engineering skills

• Comfort writing code and building real-world infrastructure

• Built or fixed secure systems in production

• Worked closely with engineers (not just assess/audit/break them)

What you will do

Secure Development Lifecycle (SDL) Ownership

• Design, implement, and evolve Gecko’s SDL across design, build, test, deploy, and operate

• Embed security into CI/CD pipelines without slowing delivery

• Define security gates that are practical, measurable, and enforceable

• Drive remediation workflows that engineers actually complete

Application & Code Security

• Perform hands-on secure code reviews (Python, TypeScript, Cloud Formation/TerraForm, backend services)

• Identify and remediate vulnerabilities across APIs, services, auth flows, and data access

• Build and implement secure patterns (authN/Z, secrets handling, input validation, crypto usage)

• Own and operate application security tooling (SAST, DAST, dependency and secret scanning) with a focus on signal quality and developer adoption

Cloud & Infrastructure Security

• Secure cloud-native architectures (IAM, networking, storage, compute, CI/CD)

• Identify toxic combinations (e.g., public access + IAM misconfigurations)

• Partner with platform teams to harden baseline infrastructure

• Support container, workload identity, and service-to-service security

• Lead incident response and root cause analysis for security events

• Build and maintain automation to integrate security controls into CI/CD pipelines

Architecture & Threat Modeling

• Lead threat modeling for new systems, features, and integrations

• Review system and data flow architectures for security risks

• Translate abstract threats into concrete mitigations

• Influence design decisions early — before code ships

Detection, Response & Resilience

• Partner with SOC and engineering teams to lead incident response

• Support investigations, containment, and post-incident reviews

• Help turn incidents into durable architectural improvements

• Improve logging, detection, and security telemetry over time

Compliance & Customer Trust

• Map technical controls to leading compliance frameworks (ISO 27001, SOC 2, NIST 800-53, FedRAMP, IL-4, IL-5)

• Automate audits evidence, not spreadsheets

• Ensure security controls align with real system behavior

• Enable Gecko’s expansion into regulated and mission-critical environments

Developer Enablement

• Create practical security guidance, tooling and internal documentation to scale adoption

• Deliver targeted technical training for engineers (not generic awareness)

• Act as a trusted advisor, not a blocker

Technologies We Use

We use a variety of technologies, but we primarily operate using Python, React, and Typescript with CSPs. This is a non-exhaustive list and we are tech agnostic in our interview process, so we encourage you to apply regardless of your background.

About You

Required Skills

• 6+ years of experience in application security or a related role

• Bachelor’s in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience)

• Strong understanding of security protocols, cryptography, and application security frameworks (e.g., OWASP)

• Proficient in security testing tools (e.g., Burp Suite, OWASP ZAP) and methods

• Experience with programming languages such as Java, Python, or C++

• Familiarity with various operating systems and datastores

• Familiarity with Security Best Practices and frameworks (e.g. NIST, ISO27001, SOC 2)

• Experience with Cloud architectures and design patterns ( GCP experience is a plus)

Preferred Skills

• Experience in robotics, industrial systems, or safety-critical environments

• Experience supporting DoD or regulated defence customers

• Red team or offensive security background

• Experience building SDLs from scratch or maturing them significantly

Who We Are

At Gecko, our people are our greatest investment. In addition to competitive compensation packages, we offer company equity, 401(k) matching, gender-neutral parental leave, full medical, dental, and vision insurance, mental health and wellness support, ongoing professional development, family planning assistance, and flexible paid time off.

Gecko values collaboration, innovation, and partnership, and we believe we do our best work when we're together in person. We’re an office-first culture but understand that sometimes you may need to work from home. Many people are in the office five days a week, others need a bit more flexibility. Ultimately, we care about the outcomes we achieve - and creating a culture of autonomy and trust that enables that impact.

Gecko is committed to creating a culture of inclusion and belonging, and we are proud to be an equal opportunity employer. We believe it is our collective responsibility to uphold these values and encourage candidates from all backgrounds to join us in our mission to protect today’s infrastructure and give form to tomorrow’s. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, veteran status, age, or any other protected characteristic per federal, state, or local law. If you are passionate about what you do and want to use your talents to support our critical mission, we’d love to hear from you.

Compensation Range: $175K - $210K