The Fourth Law (TFL) is an autonomous robotics company focused on solving massively scalable autonomy for defensive FPV drones. The company has offices in the US, the EU, and Ukraine and is on a mission to increase the defensive capabilities of the Free World. Its name is a reference to Isaac Asimov’s laws of robotics and the search for an enigmatic Fourth Law. The role We’re looking for a Head of Digital Security to own and elevate our security posture across people, devices, cloud infrastructure, and R&D systems—across multiple countries and high-sensitivity environments. You will build pragmatic, scalable security foundations and lead incident readiness, while enabling fast product development and operations.
This is a senior, hands-on leadership role: you’ll set strategy and drive execution, partnering closely with Engineering, IT, Legal, HR, and Ops. Key ResponsibilitiesSecurity strategy & governance * Define and execute the company’s digital security strategy, policies, and priorities across US/EU/Ukraine. * Build a risk management approach that matches a fast-moving, mission-critical R&D + manufacturing environment. * Establish security standards for identity, access, endpoints, cloud, and data handling—without slowing teams down unnecessarily.
Identity, access & device security * Own IAM and access control strategy (SSO/MFA, least privilege, role-based access, joiner/mover/leaver processes). * Implement and run endpoint security for laptops/workstations/phones (device management, hardening baselines, encryption). * Secure internal collaboration and communication workflows used by distributed teams.
Secure engineering & infrastructure * Partner with Engineering to embed security into the SDLC: threat modeling, secure-by-design reviews, dependency hygiene, vulnerability management. * Improve cloud and network security: segmentation principles, secrets management, logging/monitoring coverage, secure configs. * Build security guardrails for AI/ML datasets, training pipelines, and sensitive R&D artifacts.
Detection, incident response & resilience * Own security monitoring and incident response (playbooks, escalation, forensics workflows, tabletop exercises). * Manage incident handling end-to-end: triage, containment, recovery, and post-incident improvements. * Drive backup/restore and business continuity practices for critical systems.
Vendor, supply-chain & partner security * Evaluate and manage third-party risk (vendors, contractors, service providers). * Define security requirements for partners and customers where needed (questionnaires, audits, security addenda). * Ensure secure onboarding/offboarding for contractors and external collaborators.
Culture & security awareness * Build a strong security culture: practical training, phishing awareness, clean data-handling habits, and clear “do/don’t” rules. * Create lightweight reporting so leadership understands posture, trends, and the ROI of security work.
Required Skills & Experience * 7+ years in cybersecurity / information security, including ownership of security programs in a fast-moving tech environment. * Strong hands-on experience with IAM, endpoint security, cloud security, logging/monitoring, and incident response. * Demonstrated ability to translate risk into clear priorities and policies, and then implement them. * Experience working with engineering teams on secure development practices (reviews, vulnerabilities, dependencies, secrets). * Comfortable operating in multi-country setups and collaborating with legal/HR/ops stakeholders. * Excellent communication: can influence, train, and drive change without relying on heavy bureaucracy. * Working English required (Ukrainian is a strong plus).
Nice to Have * Experience in defense, aerospace, robotics, dual-use, or other high-sensitivity industries. * Familiarity with common security frameworks/audits (e.g., ISO 27001, SOC 2, NIST-aligned controls) and customer security requirements. * Experience securing R&D environments and IP-heavy workflows (design files, datasets, firmware/embedded toolchains). * Built or led a small security team, or managed strong external security partners.
We Offer * Self-development and assistance. * Market salary. * Flexible/hybrid working hours. * 24 paid days off per year + 14 additional days off for veterans.
