Staff TLM, Security Engineering

What we’re doing isn’t easy, but nothing worth doing ever is.

Diligent builds helpful robots that operate safely in the real world. We move fast, ship often, and rely on pragmatic engineering to make high-risk systems trustworthy.

We’re hiring a Staff TLM, Security Engineering — a hands-on leader who both manages a small team and executes high-impact technical work in a Tech-Lead-Manager (TLM) style. You’ll own the Security Engineering roadmap, ship secure features and controls, mentor junior engineers, and raise the bar for product and operational security across embedded systems, cloud services, and the supply chain.

Key Responsibilities

• Lead & execute: Act as a TLM — set technical direction, own deliverables, and regularly contribute as an IC (design, architecture, code, reviews, and hands-on proof-of-concepts).
• Build the security program: Define and deliver the long-term Security Engineering roadmap for device, firmware, cloud, and service security. Prioritize work to address the highest business risk.
• Secure product lifecycle: Embed security into product development: threat modeling, secure design reviews, architecture reviews, secure coding practices, and verification/testing (including fuzzing, static/dynamic analysis).
• Device & firmware security: Drive secure boot, hardware root of trust, cryptographic design/PKI, OTA update security, device identity, and secrets management for embedded platforms and sensor subsystems.
• Cloud & infrastructure security: Own security of backend services, CI/CD pipelines, IaC, identity and access management, secrets engines, logging/monitoring, and incident detection/response.
• Vulnerability management: Lead vulnerability discovery, triage, SLAs and remediation, coordinating across firmware, hardware, cloud, and third-party vendors.
• Incident response & forensics: Lead or support security incidents; develop runbooks, playbooks, and blameless postmortems.
• Mentor & grow the team: Hire, coach, and mentor security engineers. Run 1:1s, career development plans, and technical training; create a culture of ownership and continuous improvement.
• Cross-functional partnership: Partner with product, firmware, SRE/Ops, QA, and supply-chain teams to implement pragmatic controls and measure security outcomes.

What Success Looks Like

• Production systems with measurable reductions in exploitable vulnerabilities and shortened remediation times.
• Secure provisioning and lifecycle for devices and firmware with robust telemetry and verification.
• A high-performing security engineering team that consistently delivers technical outcomes and has visible growth.
• Repeatable security design and validation patterns integrated into product development.
• Clear, data-driven visibility into security posture for leadership and engineering teams.

Basic Qualifications

• • 8+ years experience in security engineering, with demonstrated impacts across product and infrastructure security.
    
    
  • 3+ years leading teams or operating in a TLM/tech-lead + manager capacity (hands-on plus people leadership).
    
    
  • Strong hands-on technical skills: design and implementation experience in secure firmware, embedded platforms, or device security and cloud/backend security. Comfortable writing and reviewing code (C/C++, Python, Go, or similar).
    
    
  • Deep knowledge of cryptography concepts, PKI, secure boot, secure OTA, device identity, and secrets management.
    
    
  • Proven experience in vulnerability management, threat modeling, and incident response for distributed systems.
    
    
  • Experience securing CI/CD pipelines, IaC (Terraform/CloudFormation), and cloud platforms (AWS/GCP/Azure).
    
    
  • Excellent technical communication skills: able to explain tradeoffs and design security controls to engineers and leadership alike.
    
    
  Strong mentoring skills and demonstrated success developing junior engineers into independent contributors.
  
• Experience: 3–5+ years of proven success managing complex Enterprise Network Environments.
• Firewall Expertise: In-depth experience with Palo Alto firewalls (configuration, management, and security policy).
• Wireless Mastery: Strong background in wireless network design, maintenance, and complex troubleshooting.
• Leadership: Demonstrated ability to lead projects and mentor team members.

Preferred Qualifications

• Hardware/Platform Experience: Ubiquiti/UniFi Systems, Routers (e.g. Cradlepoint), and NetCloud Manager.
• Network Tools: Experience with WiFi Survey tools (e.g., Ekahau), RADIUS, DNS, and MDM solutions.
• Cellular Connectivity: Knowledge of LTE/5G RF technologies and LTE failover configurations.
• Systems: Proficiency in Linux environments.
• Certifications: PCNSA/PCNSE, CCNA/CCNP, or equivalent.
• Agility: Previous experience thriving in a high-growth startup environment.