The Principal Security Engineer will serve as the technical authority for end-to-end product security across hardware, firmware, and cloud software at AutoStore. This role involves shaping and governing secure architecture at scale within a global robotics environment, working with integrators, internal teams, and regulatory bodies to maintain a best-in-class security posture.
What You'll Do
- Own and operationalize secure development standards across hardware and software, translating frameworks such as OWASP ASVS/SAMM, NIST SSDF, and IEC 62443 into pragmatic, risk-based controls embedded in product architecture and engineering workflows.
- Design, evolve, and govern a scalable, automation-driven Secure SDLC that integrates security across design, implementation, testing, release, and maintenance without compromising engineering velocity.
- Drive secure design principles across firmware, secure boot/update mechanisms, device interfaces, and cyber-physical systems, applying defense-in-depth and system-level risk analysis.
- Lead structured threat modeling and product risk assessments, translating complex technical risks into prioritized, actionable engineering decisions.
- Embed security requirements into product development while driving alignment with IEC 62443, ISO 27001/9001, SOC 2, NIST, CIS, and the Cyber Resilience Act, including audit readiness and certification support.
- Define and implement security tooling strategy (SAST, DAST, SCA, secret scanning, firmware analysis) and integrate controls directly into CI/CD and developer workflows.
- Establish security standards, architecture guidelines, KPIs, and review processes while mentoring engineers and partnering with executive stakeholders to continuously elevate product security maturity.
What We're Looking For
- 10+ years in technical security engineering, with experience shaping product security strategies
- Proven track record influencing security posture in software or product-driven companies
- Experienced engaging with executives, customers, auditors, and partners on security matters
- Hands-on experience driving compliance with SOC 2, IEC 62443, ISO 27001, or similar standards
- Skilled at balancing security, engineering velocity, and business priorities
- Bachelor’s degree in Computer Science, Engineering, Robotics, or related field
Nice to Have
- Experience in hardware, robotics, or cyber-physical security
Technical Stack
- OWASP ASVS
- OWASP SAMM
- NIST SSDF
- IEC 62443
- SAST
- DAST
- SCA
- Secret scanning
- Firmware analysis
- CI/CD integration
Benefits & Compensation
- A Collaborative & Inclusive Culture where we celebrate and value everyone’s contributions, encouraging diverse perspectives in decision-making.
- Work-Life Balance & Well-being: We offer 1 hour per week of paid exercise, health insurance, and a generous pension plan, prioritizing your mental and physical well-being.
- A Creative and Safe Workplace by joining a company experiencing rapid growth, with the stability of being Norway’s first unicorn listed on the Oslo Stock Exchange.
- International and Supportive Environment within a Norwegian multinational that values collaboration and innovation with a structured onboarding plan and career opportunities within the company
- 1 hour per week of paid exercise, health insurance, generous pension plan
Work Mode
- Onsite
- Locations: Norway, US
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.
