Senior Application Security Engineer

Senior Application Security Engineer

Denver, CO or Long Beach, CA or SF Bay Area, CA

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

Be the offset. We create asymmetric advantages with creativity and ingenuity.

What would it take? We challenge assumptions to deliver ambitious results.

It's the people. Our team is our competitive advantage and we are better together.

Your Mission

As a Senior Application Security Engineer, you will be instrumental in implementing and auditing security controls for mission-critical space systems that must meet stringent government compliance requirements. You will work at the intersection of security engineering, compliance frameworks (NIST 800-171/800-53), and modern cloud-native architectures to ensure our satellite mission control software and flight systems meet Department of Defense security standards.

You will design and implement application-level security controls including comprehensive audit logging, incident response capabilities, access controls, and security monitoring—all while working closely with product engineering teams to shift security to ensure optimal outcomes.

If you thrive in a fast-paced environment where you can build security controls from the ground up and see the direct impact of your work on national security space operations, this mission is for you.

This position requires the ability to obtain and maintain a security clearance.

Responsibilities

• Create security architecture documentation and operational security guides for government authorization processes
• Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
• Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
• Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
• Collaborate with engineering teams to address security findings and implement secure coding practices
• Develop and deliver security training to software engineers and systems administrators across the organization
• Create and manage incident response playbooks specific to application security events
• Evaluate and integrate third-party security solutions to enhance overall security capabilities

Qualifications:

• 5+ years of experience in application security, product security, or security engineering
• Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
• Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
• Experience with cloud security (Azure preferred, AWS or GCP acceptable)
• Solid understanding of secure architecture principles including:
• Threat modeling and risk assessment
• Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC)
• Cryptography and key management
• Defense-in-depth and Zero Trust principles
• Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
• Eligible for DoD Secret or TS/SCI clearance

Preferred Skills:

• Active TS/SCI clearance or ability to obtain and maintain a security clearance
• Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
• Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
• Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
• Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
• Experience using Ghommit tool
• Background in DevSecOps or Platform Security Engineering:
• GitOps workflows and CI/CD security
• Infrastructure as Code security (Terraform, Bicep, Pulumi)
• Kubernetes security (Pod Security Standards, network policies, service mesh)
• Experience with security incident response including detection engineering and SOAR integration
• Familiarity with aerospace, defense, or other highly regulated industries (finance, healthcare, critical infrastructure)
• Previous experience in startups or fast-paced environments with ability to build processes from scratch

Compensation Base Salary: Long Beach - $150,000 to $205,000, Denver - $145,000 to $195,000, SF Bay Area - $165,000 to $225,000

Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.

Additional Requirements Work Location —Successful candidates must be located near Denver, SF Bay Area, or Long Beach. While we observe a hybrid work environment, significant work must be done on site. #LI-Onsite

Work environment —the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.

Physical demands —the physical demands of the job, including bending, sitting, lifting and driving.