Cybersecurity Code Test Engineer

Knightscope, Inc.
Sunnyvale, United States of America
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 195K

Job location

Sunnyvale, United States of America

Tech stack

Java
API
Artificial Intelligence
Software Applications
Azure
Bash
Burp Suite
C++
Cloud Engineering
Code Review
Computer Security
Computer Programming
Computer Engineering
Continuous Integration
Software Debugging
Linux on Embedded Systems
Embedded Operating Systems
Embedded Software
Firmware
Fuzz Testing
Github
Hardware Security Module
Joint Test Action (IEEE Standards)
Python
Open Source Technology
Real-Time Operating Systems
Software Configuration Management
Software Engineering
SonarQube
Universal Asynchronous Receiver/Transmitter
Rust
Spring Cloud
GitHub Copilot
Large Language Models
Software Security
Technical Debt
Veracode
Gitlab-ci
Information Technology
IDA Pro
Bare Metal
Checkmarx
U-Boot
Jenkins
Hardware Debugging
Static Application Security Testing
Vulnerability Analysis
Go
Microservices
Dynamic Application Security Testing

Job description

As a critical defender of our product and infrastructure ecosystem, the Cybersecurity Code Test Engineer will bridge the gap between secure development architectures and robust production systems. Reporting directly to the Director of Cybersecurity, this high-impact role guarantees maximum autonomy and direct escalation paths for product security risks. You will oversee, architect, and execute advanced security testing paradigms across both bare-metal/embedded firmware layers and cloud-native software applications, enforcing adherence to strict secure development lifecycles (SSDF) aligned to NIST SP 800-218 frameworks., This engineer owns end-to-end security testing across embedded firmware, cloud-native applications, and the software supply chain, anchored to the NIST SP 800-218 SSDF. Responsibilities include integrating automated security gates into CI/CD pipelines, conducting SAST/DAST across compiled code, microservices, and firmware binaries, and managing SCA tooling with SBOM generation for code provenance and regulatory compliance. The engineer partners with development teams on secure repository practices - cryptographic signing, branch protections, and secret-leakage monitoring - and participate in threat modeling throughout the product lifecycle. The role also applies AI/ML to advance test generation, vulnerability triage, and firmware fuzzing to stay ahead of known and emergent threats., * SSDF Alignment - Operationalize and validate engineering practices against NIST SP 800-218 to ensure product resilience, supply chain integrity, and regulatory compliance. Participate in threat modeling early in the product lifecycle to establish security test plans.

  • CI/CD Pipeline Automation - Architect and maintain automated security gates within CI/CD engines, with auto-failing builds on high-risk vulnerabilities while preserving developer velocity.
  • SAST/DAST Analysis - Implement SAST policies across compiled code, microservices, and firmware binaries to catch logic flaws and unsafe memory operations. Design DAST frameworks to probe runtime applications, APIs, and microservices for structural, access control, and routing vulnerabilities.
  • Software Supply Chain Security - Deploy SCA tooling to track open-source licenses, manage technical debt, and surface vulnerabilities in third-party packages. Generate and audit SBOM artifacts in machine-readable formats (CycloneDX, SPDX) for compliance and stakeholder reporting.
  • Repository Management & Access Controls - Standardize repository layouts, cryptographic signing, and branch protections. Deploy continuous monitoring to detect accidental secret leakage, API tokens, and embedded credentials.
  • AI-Driven Testing - Apply AI/ML to enhance test generation, auto-triage SAST false positives, and identify anomalous behavior. Leverage AI-assisted fuzzing platforms to probe firmware interfaces and network stacks for unknown vulnerabilities.

Requirements

Do you have experience in Vuls?, Do you have a Master's degree?, Technical Skill Requirements & Tools

  • Candidates are expected to demonstrate deep familiarity or direct operational proficiency with common, example ecosystems such as the following:
  • CI/CD Platforms: GitHub Actions, GitLab CI/CD, Jenkins, Azure DevOps
  • SAST & DAST Solutions: Veracode, Checkmarx, SonarQube, Burp Suite Professional/Enterprise, OWASP ZAP
  • SCA & SBOM Operations: Snyk, Black Duck, Dependabot, CycloneDX CLI, Syft / Grype
  • Firmware & Embedded Analysis: Ghidra, IDA Pro, Binwalk, Radare2, JTAG/UART hardware debugging interfaces
  • AI-Assisted Security & Fuzzing: GitHub Copilot for Security, AFL++ (American Fuzzy Lop), LibFuzzer, Custom LLM-assisted code review agents, * Education: Bachelor's degree in computer science, Cybersecurity, Computer Engineering, or an equivalent technical field (Master's preferred). Equivalent practical experience is highly valued.
  • Experience: Minimum of 4-6 years of dedicated experience in software engineering, application security, and embedded firmware vulnerability assessment.
  • Firmware Domain Expertise: Demonstrated capacity analyzing hardware formats, embedded operating systems (RTOS/Embedded Linux), memory corruption boundaries (buffer overflows, race conditions), and hardware security architectures (TPM, Secure Boot).
  • Programming Fluency: Strong capabilities writing and debugging scripts in Python, C/C++, Rust, Go, or Bash to customize automated tooling wrappers.
  • Certifications (Preferred): CSSLP (Certified Secure Software Lifecycle Professional), GSSP-C/GSSP-Java, CEH, or advanced hardware security credentials (OSCP, OSCE).

Benefits & conditions

Pulled from the full job description

  • 401(k)
  • Health insurance
  • Paid time off
  • Vision insurance
  • Dental insurance
  • Stock options

About the company

Knightscope is a security technology company building the Nation's First Autonomous Security Force. The Company combines autonomous machines, advanced software, and human expertise to help protect people, property, and critical infrastructure. Knightscope's long-term mission is to make the United States of America the safest country in the world

Apply for this position