Crux Security Application Security Engineer Remote · Full time Company website

Apply for Application Security Engineer

Crux Security is a comprehensive cybersecurity firm that blends GRC SaaS solutions with high-touch security services to help businesses build and manage effective security programs. Headquartered in Austin, TX, we work across industries—including finance, healthcare, defense, and technology—to provide risk advisory, application and network pen testing, security training, and fractional CISO services. Our Crux Platform simplifies security program development, offering automated tools, compliance tracking, and policy management, ensuring companies can confidently demonstrate and maintain their security posture.

As an Application Security Engineer, you’ll spearhead the security of our software applications—encompassing robot control interfaces, cloud platforms, and user-facing tools like mobile apps and teleoperation dashboards. You’ll design robust defenses against vulnerabilities, leveraging tools like SAST, DAST, and SCA, while collaborating with software developers, cloud architects, embedded security engineers, and AI teams. This role is pivotal in securing the application layer that drives our robots’ higher-level functions—such as gesture-based commands and remote diagnostics—ensuring reliability, data integrity, and safety. You’ll shape a cohesive security posture in a fast-moving startup landscape.

Key Responsibilities

Application Security Design: Develop and enforce secure coding standards for humanoid robotics applications (e.g., real-time control GUIs, teleoperation apps, behavior scripting tools), integrating protections like input sanitization, multi-factor authentication, and secure session handling.

Threat Modeling & Mitigation: Conduct threat modeling to pinpoint and neutralize risks—such as SQL injection in telemetry dashboards, XSS in user portals, or API abuse in command interfaces—specific to humanoid robot interactions.

API & Cloud Security: Secure RESTful APIs, GraphQL endpoints, and cloud integrations that enable robot-to-cloud communication, implementing OAuth 2.0, JWT, and TLS 1.3 to protect data flows like motion telemetry or voice commands.

Cross-Functional Collaboration:

•  Partner with software developers to embed security throughout the SDLC, deploying SAST , DAST , and SCA to catch vulnerabilities and third-party risks early.
• Work with cloud engineers to harden IaC , Kubernetes clusters, and OTA pipelines delivering behavior updates to robots.
• Collaborate with embedded security engineers to ensure secure handoffs between app-layer controls and firmware.
• Coordinate with AI/ML teams to protect inference endpoints against data poisoning or model inversion.

Testing & Validation: Lead rigorous testing with SAST (static analysis), DAST (dynamic testing), and SCA (dependency scanning) tools; conduct penetration tests (e.g., exploiting API rate limits) and integrate automated security gates into CI/CD pipelines (e.g., GitLab CI, Jenkins).

Incident Response: Drive rapid response to app-layer breaches—like compromised user portals or OTA hijacking—working cross-functionally to contain, mitigate, and log incidents with tools.

Compliance & Standards: Align security with OWASP Top 10, NIST 800-53, and robotics-specific regs, ensuring audit-ready systems.

Innovation: Explore advanced app security paradigms to future-proof our humanoid robots against evolving threats.

Qualifications

Experience:

• 4–6+ years in application security, software engineering, or DevSecOps, ideally in humanoid robotics, IoT, or real-time systems.
• Demonstrated success securing web, mobile, or cloud apps in production, with hands-on SAST/DAST/SCA experience.

Technical Skills:

• Expertise in secure coding with Python, Java, or Go; familiarity with C/C++ for ROS integration a plus.
• Mastery of security tools: SAST, DAST, & SCA.
• Strong grasp of API security, encryption , and cloud platforms.
• Proficiency with CI/CD and container security.
• Experience with robotics frameworks like ROS/ROS 2 for app-to-robot communication a plus.

Education: Bachelor’s degree in Computer Science, Cybersecurity, or related field (Master’s or certs like CSSLP, GWAPT preferred).

Collaboration: Skilled at partnering with software, cloud, embedded, and AI teams, driving security consensus in a robotics context.

Mindset: Startup-savvy—proactive, innovative, and passionate about securing humanoid robotics applications.

Nice-to-Haves:

• Background in securing human-robot interfaces (e.g., gesture UIs, voice controls).
• Experience with AI-driven app security or real-time teleoperation systems.