True Anomaly
Senior Application Security Engineer
1mo ago
USASeniornist 800-171nist 800-53cloud-native architecturessecurity monitoringaudit loggingincident responseaccess controls
Senior Application Security Engineer responsible for implementing and auditing security controls for mission-critical space systems meeting government compliance requirements.
Responsibilities
- As a Senior Application Security Engineer, you will be instrumental in implementing and auditing security controls for mission-critical space systems that must meet stringent government compliance requirements. You will work at the intersection of security engineering, compliance frameworks (NIST 800-171/800-53), and modern cloud-native architectures to ensure our satellite mission control software and flight systems meet Department of Defense security standards.
- You will design and implement application-level security controls including comprehensive audit logging, incident response capabilities, access controls, and security monitoring—all while working closely with product engineering teams to shift security to ensure optimal outcomes.
- If you thrive in a fast-paced environment where you can build security controls from the ground up and see the direct impact of your work on national security space operations, this mission is for you.
- This position requires the ability to obtain and maintain a security clearance.
- Create security architecture documentation and operational security guides for government authorization processes
- Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
- Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
- Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
- Collaborate with engineering teams to address security findings and implement secure coding practices
- Develop and deliver security training to software engineers and systems administrators across the organization
- Create and manage incident response playbooks specific to application security events
- Evaluate and integrate third-party security solutions to enhance overall security capabilities
Requirements
- 5+ years of experience in application security, product security, or security engineering
- Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
- Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
- Experience with cloud security (Azure preferred, AWS or GCP acceptable)
- Solid understanding of secure architecture principles including:
- Threat modeling and risk assessment
- Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC)
- Cryptography and key management
- Defense-in-depth and Zero Trust principles
- Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
- Eligible for DoD Secret or TS/SCI clearance
- Work Location —Successful candidates must be located near Denver, SF Bay Area, or Long Beach. While we observe a hybrid work environment, significant work must be done on site. #LI-Onsite
- Work environment —the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
- Physical demands —the physical demands of the job, including bending, sitting, lifting and driving.
- This position will be open until it is successfully filled. To submit your application, please follow the directions below.
- To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
- True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
-
Nice to have
- Active TS/SCI clearance or ability to obtain and maintain a security clearance
- Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
- Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
- Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
- Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
- Experience using Ghommit tool
- Background in DevSecOps or Platform Security Engineering:
- GitOps workflows and CI/CD security
- Infrastructure as Code security (Terraform, Bicep, Pulumi)
- Kubernetes security (Pod Security Standards, network policies, service mesh)
- Experience with security incident response including detection engineering and SOAR integration
- Familiarity with aerospace, defense, or other highly regulated industries (finance, healthcare, critical infrastructure)
- Previous experience in startups or fast-paced environments with ability to build processes from scratch
Conditions
- Base Salary: Long Beach - $150,000 to $205,000, Denver - $145,000 to $195,000, SF Bay Area - $165,000 to $225,000
- Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave
- Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Other
- Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
- OUR MISSION
- True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
- OUR VALUES
- Be the offset. We create asymmetric advantages with creativity and ingenuity.
- What would it take? We challenge assumptions to deliver ambitious results.
- It’s the people. Our team is our competitive advantage and we are better together.