Engineering Manager, Application Security

True Anomaly•Long Beach, CA

11h•$175,000 - $255,000•Hybrid

About The Position

As the Application Security Engineering Manager, you will build and lead True Anomaly's application security team, focusing on securing the most critical software in our portfolio—flight software that operates on-orbit and command and control (C2) systems that enable mission success. This is a unique opportunity to shape the future of application security for national security space systems, building a team from the ground up while establishing the processes, tools, and culture that will secure our spacecraft and ground operations. In this role, you will have significant autonomy to recruit and develop a world-class application security team over the coming year. You will define application security strategy, integrate security throughout the software development lifecycle, and create the foundation for a security program that meets the unique demands of flight-critical and mission-critical systems operating in contested environments. This is an ideal role for a technical leader who thrives on building teams, wants to leave their mark on cutting-edge space technology, and is energized by the opportunity to solve challenging security problems at the intersection of embedded systems, real-time software, and cloud-based command and control. This position requires a minimum Secret clearance with strong preference for active TS/SCI clearance or the ability to obtain and maintain TS/SCI.

Requirements

8+ years of hands-on experience in application security, secure software development, or related security engineering roles
3+ years of people management experience, including hiring, coaching, performance management, and team development
Minimum Secret clearance required; active TS/SCI clearance strongly preferred
Proven experience building or significantly scaling application security programs and teams
Deep expertise in secure software development practices across multiple programming languages (C, C++, Rust, Python, Go, or similar)
Strong understanding of embedded systems security, real-time operating systems (RTOS), and resource-constrained environments
Experience with application security testing tools and methodologies including SAST, DAST, SCA, fuzzing, and penetration testing
Strong knowledge of common vulnerability classes (OWASP Top 10, CWE Top 25) and secure coding practices
Understanding of software supply chain security, dependency management, and build pipeline security
Familiarity with cloud application security in AWS, GCP, or Azure environments
Excellent leadership, communication, and stakeholder management skills
This position requires a minimum Secret clearance

Nice To Haves

Active TS/SCI security clearance
Experience securing flight software, spacecraft systems, autonomous vehicles, or other safety-critical embedded platforms
Background in aerospace, defense, or national security software development
Familiarity with space system architectures including satellite operations, ground segments, and telemetry/command protocols
Experience with CMMC, FedRAMP, NIST 800-53, or RMF processes for DoD/IC systems
Experience with containerization security (Docker, Kubernetes) and Infrastructure-as-Code security
Understanding of cryptographic implementations and secure communications protocols
Relevant certifications such as CISSP, CSSLP, GWAPT, OSCP, or similar
Experience participating in or leading red team/purple team exercises
Prior experience in fast-paced startup or high-growth environments

Responsibilities

Build, lead, and mentor an application security engineering team scaling to 10+ engineers over the next year, fostering a culture of technical excellence, collaboration, and mission focus
Define and execute application security strategy for flight software (FSW), ground command and control systems, mission planning applications, and supporting cloud infrastructure
Integrate security throughout the software development lifecycle (SDLC) for safety-critical embedded systems and distributed C2 applications, balancing security requirements with real-time performance and operational constraints
Establish and mature secure development practices including threat modeling, secure code review, static/dynamic analysis (SAST/DAST), software composition analysis (SCA), and security testing for both flight and ground software
Lead application security assessments and penetration testing efforts for spacecraft flight software, telemetry and command systems, and ground-based mission applications
Partner with spacecraft software engineers, ground systems developers, DevSecOps, and mission operations teams to embed security expertise across the engineering organization
Develop and enforce security standards, coding guidelines, and architectural patterns appropriate for resource-constrained embedded systems and high-assurance C2 applications
Drive remediation of security vulnerabilities and work with engineering leadership to prioritize security initiatives alongside feature development and mission timelines
Support compliance requirements including NIST 800-53, CMMC, FedRAMP, and other federal security frameworks applicable to national security space systems
Communicate application security posture, risks, and strategic initiatives to technical teams, engineering leadership, and executive stakeholders