Senior Application Security Engineer

<div class="content-intro"><p class="ms-outlook-mobile-reference-message">Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.</p> <p class="ms-outlook-mobile-reference-message"><u>OUR MISSION</u></p> <p class="ms-outlook-mobile-reference-message">True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.</p> <p class="ms-outlook-mobile-reference-message"><u>OUR VALUES</u></p> <ul> <li class="ms-outlook-mobile-reference-message"><strong>Be the offset.</strong><span class="Apple-converted-space">&nbsp;</span>We create asymmetric advantages with creativity and ingenuity.</li> <li class="ms-outlook-mobile-reference-message"><strong>What would it take?</strong>&nbsp;We challenge assumptions to deliver ambitious results.</li> <li class="ms-outlook-mobile-reference-message"><strong>It’s the people.</strong>&nbsp;Our team is our competitive advantage and we are better together.</li> </ul></div><h2><span style="text-decoration: underline;">YOUR MISSION</span></h2> <p>As a Senior Application Security Engineer, you will be instrumental in implementing and auditing security controls for mission-critical space systems that must meet stringent government compliance requirements. You will work at the intersection of security engineering, compliance frameworks (NIST 800-171/800-53), and modern cloud-native architectures to ensure our satellite mission control software and flight systems meet Department of Defense security standards.</p> <p>You will design and implement application-level security controls including comprehensive audit logging, incident response capabilities, access controls, and security monitoring—all while working closely with product engineering teams to shift security to ensure optimal outcomes.</p> <p>If you thrive in a fast-paced environment where you can build security controls from the ground up and see the direct impact of your work on national security space operations, this mission is for you.</p> <p><em>This position requires the ability to obtain and maintain a security clearance.</em></p> <h2><span style="text-decoration: underline;">Responsibilities</span></h2> <ul> <li>Create security architecture documentation and operational security guides for government authorization processes</li> <li>Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)</li> <li>Perform security code reviews for Elixir, Python, C++, and JavaScript codebases</li> <li>Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools</li> <li>Collaborate with engineering teams to address security findings and implement secure coding practices</li> <li>Develop and deliver security training to software engineers and systems administrators across the organization</li> <li>Create and manage incident response playbooks specific to application security events</li> <li>Evaluate and integrate third-party security solutions to enhance overall security capabilities</li> </ul> <h2><span style="text-decoration: underline;">Qualifications:</span></h2> <ul> <li>5+ years of experience in application security, product security, or security engineering</li> <li>Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC</li> <li>Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)</li> <li>Experience with cloud security (Azure preferred, AWS or GCP acceptable)</li> <li>Solid understanding of secure architecture principles including:</li> <ul> <li>Threat modeling and risk assessment</li> <li>Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC)</li> <li>Cryptography and key management</li> <li>Defense-in-depth and Zero Trust principles</li> </ul> <li>Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity</li> <li>Eligible for DoD Secret or TS/SCI clearance</li> </ul> <h3><span style="text-decoration: underline;">Preferred Skills:</span></h3> <ul> <li>Active TS/SCI clearance or ability to obtain and maintain a security clearance</li> <li>Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)</li> <li>Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)</li> <li>Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)</li> <li>Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments</li> <li>Experience using Ghommit tool</li> <li>Background in DevSecOps or Platform Security Engineering:</li> <ul> <li>GitOps workflows and CI/CD security</li> <li>Infrastructure as Code security (Terraform, Bicep, Pulumi)</li> <li>Kubernetes security (Pod Security Standards, network policies, service mesh)</li> </ul> <li>Experience with security incident response including detection engineering and SOAR integration</li> <li>Familiarity with aerospace, defense, or other highly regulated industries (finance, healthcare, critical infrastructure)</li> <li>Previous experience in startups or fast-paced environments with ability to build processes from scratch<br><br></li> </ul> <p><strong>COMPENSATION</strong></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Base Salary:&nbsp;</span></strong><span data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}"> <strong>Long Beach - $150,000 to $205,000, Denver - $145,000 to $195,000, SF Bay Area - $165,000 to $225,000</strong></span></li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="2" data-aria-level="1"><strong><span data-contrast="none">Equity + Benefits</span></strong><span data-contrast="none"> including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave</span><span data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</span></li> </ul> <p><span data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}"><em><span class="TextRun SCXW83253800 BCX0" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW83253800 BCX0">Your actual level and base salary will be&nbsp;</span><span class="NormalTextRun SCXW83253800 BCX0">determined</span><span class="NormalTextRun SCXW83253800 BCX0"> on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.</span></span></em><span class="EOP SCXW83253800 BCX0" data-ccp-props="{&quot;335559739&quot;:0}">&nbsp;</span></span></p> <p><strong>ADDITIONAL REQUIREMENTS</strong></p> <ul> <li><strong>Work Location</strong>—Successful candidates must be located near Denver, SF Bay Area, or Long Beach. While we observe a hybrid work environment, significant work must be done on site. <span class="TextRun MacChromeBold SCXW267002851 BCX0" lang="EN-US" style="color: rgb(0, 0, 0);" data-contrast="none"><strong><span class="NormalTextRun SCXW267002851 BCX0">#LI-Onsite</span></strong></span></li> <li><strong>Work environment</strong>—the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.</li> <li><strong>Physical demands</strong>—the physical demands of the job, including bending, sitting, lifting and driving.</li> </ul> <p><span class="TextRun SCXW267002851 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW267002851 BCX0">This position will be open until it is successfully filled. To </span><span class="NormalTextRun SCXW267002851 BCX0">submit</span><span class="NormalTextRun SCXW267002851 BCX0"> your application, please follow the directions below.</span></span></p><div class="content-conclusion"><p>To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.</p> <p>True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.</p> <p>&nbsp;</p></div>