Senior Staff Software Engineer - Secure Manufacturing

About the role

We're scaling from prototypes to manufacturing, and the process maturity needs to match. This role owns the secure manufacturing pipeline - the procedures, tooling, and controls that take a bare board in an untrusted CM facility and turn it into a cryptographically enrolled, OTA-ready device that our cloud fleet trusts. You'll be the bridge between our secure boot/firmware teams and the cloud control plane, connecting them at the point of manufacture.

Responsibilities

• Design the secure manufacturing station - Architect the hardware, software, and network stack for factory floor provisioning stations (HSM, key injection, AWS Private CA, secure boot fuse programming).
• Build the provisioning toolchain - Own the automation pipeline that takes a bare device through identity provisioning, firmware flashing, calibration, and functional test.
• Bridge device and cloud identity Enroll every device into a registry with correct credentials for OTA, session heartbeating, and deployment tracking.
• Own the EOL test specification - Work with peer teams to define pass/fail criteria for devices leaving the line: sensor calibration, actuator checks, secure boot verification, and initial OTA health check.
• Work with contract manufacturers -Translate security requirements into CM-executable procedures; threat-model the factory for key leakage, firmware tampering, and supply chain substitution.
• Maintain chain of custody - Link each physical serial number to its provisioned identity, calibration records, test results, and firmware version at manufacture.
• Collaborate across teams - Work daily with a globally distributed team of firmware, cloud, manufacturing, systems and operational team members.

Requirements

• 10+ years of experience in embedded systems, device security, or manufacturing engineering, with at least 3 years focused on secure device provisioning and/or secure manufacturing processes. And ideally 3 years in a Staff level role.
• PKI and device identity - Experience with X.509 certificate lifecycles, mTLS, device attestation and managed CA services like AWS Private CA.
• AWS infrastructure - S3, IAM, ECS, KMS, CloudHSM and Secrets Manager for secure provisioning workflows.
• EOL test and calibration - Hands-on experience defining manufacturing test specifications, building automated fixtures, and managing quality gates with contract manufacturers.
• Scripting and automation - Advanced skills in Python or Bash for developing production-grade provisioning toolchains.
• Embedded Linux systems - Experience with NVIDIA Jetson Orin/Thor platforms.
• Secure manufacturing design - Ability to design secure processes for untrusted or semi-trusted offshore CMs, including A/B partitioning, signed image verification, and air-gapped station design.
• Hardware root of trust understanding - General understanding of secure boot chains, TPM/TrustZone, cryptographic key injection, certificate provisioning, and eFuse programming.

Benefits

Additional Information

Here at Humanoid, we believe in a future where robots amplify human potential. That's why we've set out on a mission to build the world's most capable, commercially-scalable, and safe humanoid robots. We're bringing that mission to life with HMND‑01 Alpha - our rapidly developed humanoid platform now running in real industrial pilots - and we're growing the team to take it even further.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Humanoid? Share your experience