Principal Product Cybersecurity Assurance
AI Summary
Here at Humanoid, we believe in a future where robots amplify human potential. That’s why we’ve set out on a mission to build the world’s most capable, commercially-scalable, and safe humanoid robots.
About this role
Here at Humanoid, we believe in a future where robots amplify human potential. That’s why we’ve set out on a mission to build the world’s most capable, commercially-scalable, and safe humanoid robots. We’re bringing that mission to life with HMND‑01 Alpha - our rapidly developed humanoid platform now running in real industrial pilots - and we’re growing the team to take it even further.
About the Role
We are seeking a Principal Product Cybersecurity Assurance Engineer with deep expertise in product security, threat modelling, and risk assurance for highly regulated electromechanical systems. In this role, you will lead the delivery of product cybersecurity across Humanoid's HMND 01 platform family — the Alpha Wheeled industrial robot and the Alpha Bipedal home robot — both powered by our KinetIQ VLM/VLA-based AI framework. Working alongside product, firmware, autonomy, and hardware teams as part of the Systems Engineering and Architecture Team, you will define and maintain the cybersecurity assurance strategy for all product security activities from first concept through post-market deployment. Security at Humanoid is an engineering discipline inseparable from functional safety and central to our mission of creating the world's most reliable, commercially scalable, and safe humanoid robots. To excel in this position, you must demonstrate the authority to influence security architecture decisions across complex, cross-functional programmes, the rigour to build defensible security cases for novel cyber-physical systems, and the leadership to grow and guide a cross team of security engineers operating at the frontier of robotics.
What You'll Do
Team Leadership & Product Security Delivery
Lead and develop a cross-functional team of security engineers, maintaining accountability for the delivery of product security services within product teams throughout the HMND 01 development lifecycle.
Define product security requirements and advise development teams on suitable implementation standards, techniques, and toolchains for embedded and AI-enabled robotic systems.
Partner with cross-functional teams to develop security protocols, tools, and processes that keep HMND 01 technologies ahead of emerging threats — including attack surfaces specific to the KinetIQ AI inference pipeline and cloud-to-robot communication architecture.
Own and maintain key security artefacts for audit-ready cybersecurity documentation including Security Management Plans, Threat Analysis and Risk Assessment (TARA) reports, Risk Assessments, and Remediation Action Plans across both platforms.
Security Assurance & Certification
Drive security assurance through the full product lifecycle, ensuring every HMND 01 design is robust, compliant, and resilient. Contribute to the continual improvement of security engineering capability across the organisation.
Ensure compliance with cybersecurity obligations under the EU Machinery Regulation 2023/1230 where cyber controls intersect with safety-critical functions and compliance to IEC 62443 (for industrial/OT product security), and the EU Cyber Resilience Act.
Provide independent Information Assurance (IA) reviews and risk assessments on complex, high-impact projects — with particular focus on cyber-physical systems where a digital compromise could result in physical harm to operators or end users.
Review and provide guidance on security risk assessments, risk mitigation plans, mitigation gap analysis, and security management documentation in support of system cybersecurity certification.
Incident Response & Lifecycle Security
Establish and maintain a Product Security Incident Response (PSIR) process, encompassing coordinated vulnerability disclosure, patch deployment pipelines, and post-field incident analysis.
Define and oversee security monitoring requirements for deployed fleets, ensuring field data feeds back into risk files and security artefacts in line with post-market surveillance obligations.
Commercial & Bid Support
Support the production of work package descriptions and cost estimates for product bids, services, and proposals that include product security scope.
Represent Humanoid's security posture in customer and partner engagements, including regulatory consultations and certification body interactions.
What We're Looking For
Proven, hands-on experience with ISO 27001/27004/27005 and the NIST Risk Management Framework (RMF), applied to regulated hardware or embedded product programmes.
Experience owning a security risk management system for highly regulated, safety-critical products — with background drawn from automotive, commercial vehicle, or industrial automation environments.
Working knowledge of IEC 62443, with the ability to adapt ISO/SAE 21434 lifecycle methodologies to robotic or electromechanical product context.
Solid understanding of engineering development lifecycles and how the product cybersecurity specialism aligns with systems engineering, functional safety, and hardware/software co-development.
Ability to interpret Penetration Test reports and author Remediation Action Plans that address identified vulnerabilities in a structured, risk-prioritised manner.
Clear, structured communication skills — able to articulate complex security risk arguments to both technical engineers and executive stakeholders with equal confidence.
Preferred:
Familiarity with Threat Analysis and Risk Assessment (TARA) or equivalent threat modelling methodologies (STRIDE, PASTA) applied to embedded or OT/IT convergent systems.
Understanding of secure-by-design principles for AI/ML-enabled systems, including securing inference pipelines, model integrity, and cloud-to-edge communication paths.
Exposure to CAN bus, Ethernet backbone, or wireless interface security in mobile, vehicular, or robotic systems.
Experience contributing to or establishing a Product Security Incident Response (PSIRT) process or coordinated vulnerability disclosure programme.
Knowledge of UL 4600, UL 3300, or ISO 13482 and an appreciation of how cybersecurity evidence integrates into safety case arguments.
Prior engagement with certification bodies (TUV, UL, BSI) or standards development organisations (ISO TC 184, IEC TC 65, SAE, IEEE RAS).
What We Offer
Competitive equity: stock options with meaningful upside as we scale.
30+ days off, including 23 days annual leave, all UK bank holidays, and additional company closure days (including Christmas–New Year shutdown).
Private healthcare, including virtual and in-person care.
Pension scheme with 8% total contribution (5% employee, 3% employer) on full earnings.
Free daily breakfast, catered lunch, and snacks in-office.
Work at the frontier - collaborate daily with world-class engineers, researchers, and product experts building the next generation of AI and humanoid robotics.
Real ownership - direct access to founding leadership, meaningful input on product direction, and the ability to drive key initiatives from day one.
