True Anomaly

Senior Application Security Engineer

1mo ago
USASenior
True Anomaly

Senior Application Security Engineer

1mo ago
USASeniornist 800-171nist 800-53cloud-native architecturessecurity monitoringaudit loggingincident responseaccess controls

Senior Application Security Engineer responsible for implementing and auditing security controls for mission-critical space systems meeting government compliance requirements.

Responsibilities

  • As a Senior Application Security Engineer, you will be instrumental in implementing and auditing security controls for mission-critical space systems that must meet stringent government compliance requirements. You will work at the intersection of security engineering, compliance frameworks (NIST 800-171/800-53), and modern cloud-native architectures to ensure our satellite mission control software and flight systems meet Department of Defense security standards.
  • You will design and implement application-level security controls including comprehensive audit logging, incident response capabilities, access controls, and security monitoring—all while working closely with product engineering teams to shift security to ensure optimal outcomes.
  • If you thrive in a fast-paced environment where you can build security controls from the ground up and see the direct impact of your work on national security space operations, this mission is for you.
  • This position requires the ability to obtain and maintain a security clearance.
  • Create security architecture documentation and operational security guides for government authorization processes
  • Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
  • Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
  • Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
  • Collaborate with engineering teams to address security findings and implement secure coding practices
  • Develop and deliver security training to software engineers and systems administrators across the organization
  • Create and manage incident response playbooks specific to application security events
  • Evaluate and integrate third-party security solutions to enhance overall security capabilities

Requirements

  • 5+ years of experience in application security, product security, or security engineering
  • Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
  • Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
  • Experience with cloud security (Azure preferred, AWS or GCP acceptable)
  • Solid understanding of secure architecture principles including:
  • Threat modeling and risk assessment
  • Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC)
  • Cryptography and key management
  • Defense-in-depth and Zero Trust principles
  • Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
  • Eligible for DoD Secret or TS/SCI clearance
  • Work Location —Successful candidates must be located near Denver, SF Bay Area, or Long Beach. While we observe a hybrid work environment, significant work must be done on site. #LI-Onsite
  • Work environment —the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
  • Physical demands —the physical demands of the job, including bending, sitting, lifting and driving.
  • This position will be open until it is successfully filled. To submit your application, please follow the directions below.
  • To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
  • True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
  •  

Nice to have

  • Active TS/SCI clearance or ability to obtain and maintain a security clearance
  • Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
  • Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
  • Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
  • Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
  • Experience using Ghommit tool
  • Background in DevSecOps or Platform Security Engineering:
  • GitOps workflows and CI/CD security
  • Infrastructure as Code security (Terraform, Bicep, Pulumi)
  • Kubernetes security (Pod Security Standards, network policies, service mesh)
  • Experience with security incident response including detection engineering and SOAR integration
  • Familiarity with aerospace, defense, or other highly regulated industries (finance, healthcare, critical infrastructure)
  • Previous experience in startups or fast-paced environments with ability to build processes from scratch

Conditions

  • Base Salary:  Long Beach - $150,000 to $205,000, Denver - $145,000 to $195,000, SF Bay Area - $165,000 to $225,000
  • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave  
  • Your actual level and base salary will be  determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.  

Other

  • Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
  • OUR MISSION
  • True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
  • OUR VALUES
  • Be the offset.   We create asymmetric advantages with creativity and ingenuity.
  • What would it take?  We challenge assumptions to deliver ambitious results.
  • It’s the people.  Our team is our competitive advantage and we are better together.