Cybersecurity Engineer, Product Security

El Segundo1d ago

About the role

CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators, and border protection teams to act faster, adapt rapidly, and stay ahead of evolving threats.  CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel, and Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle, and London. For more information, please visit <a href="https://www.chaosinc.com">www.chaosinc.com</a>. Role Overview: We are seeking a Cybersecurity Engineer focused on Product Security to help design, assess, and secure our next-generation sensor platforms and supporting software ecosystems. This role will work closely with Software Engineering, Embedded Systems, Hardware Engineering, Infrastructure, and Program teams to ensure security is integrated throughout the product lifecycle — from architecture and development through deployment and operational support.  The ideal candidate has experience securing complex software and hardware systems within defense, aerospace, or other highly regulated environments. This individual will lead software security architecture efforts, perform threat modeling and risk assessments, support compliance initiatives, and help establish secure engineering standards across the organization.  This is a highly collaborative and hands-on role with direct impact on the security and resiliency of mission-critical technologies deployed in operational environments.  Responsibilities:   <ul> <li>Product Security Engineering  <ul> <li>Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure  </li> <li>Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)  </li> <li>Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems  </li> <li>Develop secure design standards, engineering guidance, and product security best practices  </li> <li>Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation  </li> </ul> </li> <li>Threat Modeling & Risk Assessment  <ul> <li>Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure  </li> <li>Conduct cybersecurity risk assessments for products, systems, and operational environments  </li> <li>Identify attack surfaces, trust boundaries, and potential exploitation paths  </li> <li>Work with engineering teams to prioritize and remediate identified security risks  </li> <li>Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies  </li> </ul> </li> <li>Compliance & Security Authorization  <ul> <li>Support cybersecurity compliance initiatives and product authorization efforts including:  </li> <li>RMF (Risk Management Framework)  </li> <li>ATO (Authority to Operate)  </li> <li>Export control and regulated data handling requirements  </li> <li>Assist with development of system security documentation, security controls, SSPs, and assessment artifacts  </li> <li>Support internal and external security audits, assessments, and accreditation activities  </li> <li>Collaborate with government, customer, and program stakeholders on security requirements and authorization activities  </li> </ul> </li> <li>Security Testing & Validation  <ul> <li>Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts  </li> <li>Support secure configuration and hardening efforts across software, operating systems, and embedded environments  </li> <li>Review software and system telemetry to identify potential security weaknesses or anomalous behavior  </li> <li>Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility  </li> </ul> </li> <li>Cross-Functional Collaboration  <ul> <li>Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements  </li> <li>Contribute to the development of scalable product security processes and governance  </li> <li>Support customer and internal security reviews related to deployed technologies and operational environments  </li> <li>Mentor engineering teams on secure development and security-by-design principles  </li> </ul> </li> </ul>  Minimum Requirements:  <ul> <li>5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles  </li> <li>Experience with software security design and secure system architecture principles  </li> <li>Hands-on experience conducting threat modeling and cybersecurity risk assessments  </li> <li>Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts  </li> <li>Familiarity with cybersecurity frameworks and compliance standards including:  </li> <li>RMF  </li> <li>NIST 800-53  </li> <li>NIST 800-171  </li> <li>CMMC  </li> <li>DFARS  </li> <li>Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS </li> <li>Understanding of cloud, endpoint, network, and identity security concepts  </li> <li>Strong analytical, troubleshooting, and technical communication skills  </li> <li>Ability to operate effectively in a fast-paced startup environment  </li> <li>Must be a U.S. Citizen eligible for government facilities and sensitive information</li> <li>Ability to obtain additional security clearances as required by contract</li> </ul> Preferred Requirements:  <ul> <li>Active Security Clearance</li> <li>Experience supporting defense, aerospace, government contracting, or regulated technology environments  </li> <li>Experience securing embedded systems, sensor platforms, or edge computing technologies  </li> <li>Familiarity with export control requirements including ITAR and EAR  </li> <li>Experience with secure DevSecOps pipelines and automation practices  </li> <li>Experience with Microsoft GCC High environments and regulated cloud architectures  </li> <li>Firmware development experience  </li> <li>BIOS/UEFI security or development experience  </li> <li>Hardware security design experience  </li> <li>Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge  </li> <li>Experience with scripting or automation using Python, PowerShell, or Bash  </li> <li>Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent  </li> </ul> Why CHAOS? <ul> <li>Health Benefits: Medical, dental, and vision benefits 100% paid for by the company</li> <li>Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more</li> <li>Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code</li> <li>Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses</li> <li>Team Growth: 250 employees and counting across 5 global offices</li> </ul> <div>Salary Range: $110,000 - $190,000</div> The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.    <hr> <h3>Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.</h3> <hr>   #LI-onsite

Perks & benefits

401k
Vision Insurance
Unlimited Vacation
Paid Time Off
Pension Matching
Equity Compensation

747,000+ hidden jobs like this

CHAOS Industries and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.

Everything Pro unlocks:

Unlimited applications — free stops at 5
Track every application in one place
Apply straight to the source, one click
Save & organize roles you love
Roles pulled from company boards before the big sites

Weekly

$9.99

$4.99/week

For an active search. Cancel anytime.

Get Weekly

Monthly

$24.99

$12.99/month

The smart pick. Save 35% vs weekly.

Get Monthly

Lifetime

$99

$49.99once

Pay once. Every future feature, forever.

Get Lifetime