Security Engineer

Security & Compliance Engineer

Join to apply for the Security & Compliance Engineer role at Nominal.

About Nominal

Nominal is building the software infrastructure powering the world’s most advanced hardware systems—from spacecraft and autonomous vehicles to next‑generation industrial machines. Our platform ingests high‑rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. We’re a small, fast‑moving team of engineers and operators who own problems end‑to‑end, work across disciplines, and thrive on challenges at the intersection of hardware and software.

About the Role

As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you’ll be responsible for working across the organization, developing and maturing various Security and GRC controls. You’ll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal’s software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.

• Own the Posture: Technical excellence in product hardening and information security is table‑stakes for Nominal’s success due to our product and industry. You’ll need to internalize this and fully own it in a first‑class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Detect and Respond: Strengthen Nominal’s operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences.
• Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800‑171, FedRAMP, NIST 800‑53, Impact Level (IL) 4/5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air‑gapped environments.
• Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third‑party software, applications, and libraries.
• Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices.

We're looking for someone with

• 4+ years of experience working as a Security Engineer/Security Analyst.
• Hands‑on expertise in endpoint protection, event monitoring and logging (EDR & SIEM). Incident handling experience including incident preparation, detection, analysis, containment & eradication, and post‑mortem.
• Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls.
• Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC). Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800‑171, FedRAMP, NIST 800‑53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002.
• Experience with federal contracting and data protection requirements, whether in government or industry settings.
• Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement.
• General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements.
• Strong organizational & writing skills, and attention to detail, commensurate to build out policy, procedure, plan, and standards documentation for customer, government, and auditor audiences.
• Strong project management, collaboration, and relational skills to work with cross‑functional stakeholders across Nominal to ensure ongoing delivery of our Security and GRC posture.

Benefits

• 100% coverage of medical, dental, and vision insurance.
• Unlimited PTO and sick leave.
• Free lunch, snacks, and coffee.
• Professional development stipend.
• Annual company retreat.

$140,000 - $170,000 a year

This job description is written to capture a range of experience levels from 4 years to 10+ years, which is why you’ll see a wide band listed. Your actual base salary will be determined on a case‑by‑case basis and may vary based on a range of considerations, including job‑related knowledge and skills, education, prior experience, and other business needs. The listed salary range represents an estimate for base compensation only. Base salary is just one part of the total rewards package. Eligible employees may also receive highly competitive equity grants in the form of stock options, allowing you to share in the company’s long‑term success.

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. 1157, or (iv) Asylee under 8 U.S.C. 1158, or be eligible to obtain the required authorizations from the U.S. Department of State.

Please note that Nominal is unable to sponsor employment visas (H‑1B, F‑1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.