Senior Cloud Security Engineer at Kodiak

<div class="content-intro"><p>Kodiak Robotics, Inc. was founded in 2018 and has become a leader in autonomous ground transportation committed to a safer and more efficient future for all. The company has developed an artificial intelligence (AI) powered technology stack purpose-built for commercial trucking and the public sector. The company delivers freight daily for its customers across the southern United States using its autonomous technology. In 2024, Kodiak became the first known company to publicly announce delivering a driverless semi-truck to a customer. Kodiak is also leveraging its commercial self-driving software to develop, test and deploy autonomous capabilities for the U.S. Department of Defense.</p></div><p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">We are seeking a highly skilled and proactive Senior Cloud Security Engineer to join our growing security team. In this role, you will be the primary architect and guardian of our central command and control center application environment, ensuring that our cloud-native platforms—and the data within them—remain secure against an evolving threat landscape.</span></p> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">The ideal candidate bridges the gap between traditional security engineering and modern DevOps, possessing a deep understanding of how to secure multi-tenant cloud environments without compromising agility.</span></p> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>In this role, you will:</strong></span></p> <ul> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Scope, design, and build complex security systems end to end, maintaining them through production and driving through ambiguous technical challenges with minimal oversight</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Identify systematic risks through threat modeling and risk assessment, then build the controls and infrastructure that address them</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Enable other teams to build their own security solutions by providing design pattern guidance and expanding security ownership beyond the security team</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Developer security and supply chain</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Build and advance our developer security program by embedding security practices into the software development lifecycle and developer workflows</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Harden CI/CD pipelines against supply chain attacks through isolated build environments, signed attestations, dependency verification, and automated policy enforcement</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Identity and secrets management</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Architect systems that protect sensitive assets including model weights, customer data, and training datasets</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Build and operate credential issuance, rotation, and workload authentication across our multi-cloud environments</span></li> </ul> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>Infrastructure security</strong></span></p> <ul> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Implement and maintain cloud security controls including IAM, network segmentation, VPC architecture, and encryption across our multi-cloud and on-prem environments</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Contribute to cluster security controls including RBAC policies, namespace isolation, workload identity, and pod security</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Contribute to continuous cloud security posture management using infrastructure-as-code scanning, misconfiguration detection, and automated remediation</span></li> </ul> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>Secure frameworks</strong></span></p> <ul> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Build critical security foundations including cryptographic frameworks, mTLS infrastructure, secure serialization, and authorization systems, designed to prevent entire classes of vulnerabilities and empower engineering teams to work securely without becoming security experts themselves</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Partner with product, research, infrastructure, and other security teams to ensure frameworks integrate smoothly with lower-layer security controls</span></li> </ul> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>What you'll bring:</strong></span></p> <ul> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">At least 6 years of software engineering experience with deep security expertise, including leading complex security initiatives independently</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Bachelor's degree in Computer Science or equivalent industry experience</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Strong programming skills in Python or at least one systems language such as Go, Rust, or C/C++</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Deep understanding of identity systems, cryptographic primitives, and secrets management</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Working knowledge of Kubernetes security primitives including RBAC, namespaces, network policies, and service accounts</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Experience leading cross-functional security initiatives and navigating complex organizational dynamics</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Outstanding communication skills, translating technical concepts effectively across all levels of the organization</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">A track record of bringing clarity and ownership to ambiguous technical problems and driving them to resolution</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Low ego and high empathy, with a history of growing the engineers around you and supporting diverse, inclusive teams</span></li> </ul> <p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>Bonus Points for:</strong></span></p> <ul> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Designed or operated identity and secrets management systems for large-scale AI or cloud infrastructure</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Built security frameworks or libraries adopted across an engineering organization</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Led a developer security program including supply chain security, secure build infrastructure, and SDLC integrations</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Built or secured CI infrastructure using Nix, Bazel, or Kubernetes-based deploy systems, with depth in toolchain issues, CI/CD pipelines, and developer workflow optimization</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Implemented machine identity or workload authentication systems using SPIFFE/SPIRE, mTLS, or equivalent</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Understanding of Linux systems internals including namespaces, cgroups, and seccomp, and how these underpin container and workload isolation</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Contributed to the security architecture of multi-cloud environments including network segmentation, data protection, and access governance</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Experience with network security controls including admission controllers, CNI-level policy, service mesh security, and east-west traffic enforcement</span></li> <li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Experience building runtime security monitoring using eBPF or kernel security policies</span></li> </ul> <p class="p2"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><strong>What we offer:</strong></span></p> <ul> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Competitive compensation package including equity and annual bonuses</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Excellent Medical, Dental, and Vision plans through Kaiser Permanente, Cigna, and MetLife (including a medical plan with infertility benefits)</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">MetLife Legal Services, Identity &amp; Fraud Protection, Hospital Indemnity Insurance, Accident Insurance, &amp; Critical Illness Insurance</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Flexible PTO, 10 paid holidays, and generous parental leave policies</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Our office is centrally located in Mountain View, CA</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Office perks: dog-friendly, free catered lunch, a fully stocked kitchen, and free EV charging</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Long Term Disability, Short Term Disability, Life Insurance</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Wellbeing Benefits - Headspace through Cigna, Calm through Kaiser, One Medical, Gympass, Spring Health through Cigna, Rula (mental health navigation)&nbsp;</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Fidelity 401(k)</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Commuter, FSA, Dependent Care FSA, HSA</span></li> <li style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">Various incentive programs (referral bonuses, patent bonuses, etc.)</span></li> </ul><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>The pay range listed below reflects the base salary&nbsp;<strong data-stringify-type="bold">in our SF/Silicon Valley location,&nbsp;</strong>across several internal levels. Actual starting pay will be based on job-related factors including: work location, experience, relevant training, education, skill level and performance during interview. Total compensation at Kodiak includes base pay, equity, bonus and a competitive benefits package</p></div><div class="title">California Pay Range</div><div class="pay-range"><span>$190,000</span><span class="divider">&mdash;</span><span>$250,000 USD</span></div></div></div><div class="content-conclusion"><div>&nbsp;</div> <div>At Kodiak, we strive to build a diverse community working towards our common company goals in a safe and collaborative environment where harassment of any kind is strictly prohibited. Kodiak is committed to equal opportunity employment regardless of race, ethnicity, religion, gender identity, sexual orientation, age, disability, or veteran status, or any other basis protected by applicable law.</div> <div>&nbsp;</div> <div>In alignment with its business operations, Kodiak adheres to all relevant statutes, regulations, and administrative prerequisites. Accordingly, roles that carry more sensitive requirements may be limited to candidates that can satisfy additional scrutiny and eligibility for such positions may hinge on verification of a candidate’s residence, U.S. person status, and/or citizenship status. Should the position require, and Kodiak determines that a candidate’s residence, U.S. person status, and/or citizenship status necessitate an export license, bar the candidate from the position, or otherwise fall under national security-related restrictions, Kodiak will consider the candidate for alternative positions unaffected by such restrictions, under terms and conditions set forth at Kodiak’s sole discretion, or, as an alternative, opt not to proceed with the candidate’s application. If applicable, Kodiak may provide visa sponsorship for eligible candidates.</div> <div>&nbsp;</div> <div><em>We use a third-party AI tool (Endorsed) to assist in the initial screening of applications. As part of the evaluation process, we provide Endorsed with job requirements and candidate-submitted applications. Final hiring decisions are made by our human recruitment team, and no automated system makes the ultimate decision regarding hiring. Certain features of the platform may qualify it as an Automated Employment Decision Tool (AEDT) under applicable regulations. We began using Endorsed on January 1, 2026. You can review the independent bias audit report covering our use of Endorsed [here](</em><em><a href="https://endorsed.com/local-law-144" target="_blank" data-sk="tooltip_parent">https://endorsed.com/local-law-144</a></em><em>). By submitting your application, you acknowledge that your application may be processed by AI systems as part of the screening and selection process. If you have any questions or would like to request a separate review of your application, please contact </em><em><a href="mailto:[email protected]" target="_blank" data-sk="tooltip_parent">[email protected]</a></em><em> with "Separate Review Request" in the email subject line.</em></div> <p>&nbsp;</p></div>