Principal Security Engineer

ForeFlightCentennial, CO
Hybrid

About The Position

Jeppesen ForeFlight builds mission-critical navigation and aviation data software used by pilots and operators worldwide. As Principal Security Architect, you'll own the technical security strategy across our enterprise IT and SaaS environments, partnering closely with engineering, infrastructure, product security, and compliance functions to protect pilot, operator, and aviation data. This is a senior individual contributor role with real authority: you set the architecture, drive adoption, and measure outcomes. You'll report into IT leadership while serving as the senior technical security voice across the enterprise while partnering with your security peers within product engineering. Please note this role is hybrid in Denver, CO or Austin, TX, but remote candidates will be considered on a case by case basis.

Requirements

  • 10+ years in security engineering or architecture, including 3+ years as a principal architect or staff-level IC with demonstrated enterprise ownership.
  • Understanding of security as it flows across environments such as data centers, Azure, AWS. Hands-on familiarity with IAM and VPC security.
  • Proven experience with enterprise identity platforms (Okta, Entra ID/Azure AD) and modern detection tooling (EDR/XDR, SIEM, SOAR).
  • Solid working knowledge of NIST CSF, ISO 27001, and SOC 2; familiarity with FAA/EASA, DoD, or CMMC contexts is a meaningful advantage.
  • Track record of turning risk assessments and audit findings into shipped engineering improvements — not just recommendations.
  • Strong communicator across audiences: equally comfortable whiteboarding with engineers and presenting risk posture to executives.
  • Bachelor's in CS, engineering, or equivalent experience. CISSP, OSCP, or GIAC certifications are valued, not required.

Nice To Haves

  • Experience in aviation, aerospace, defense, or other safety-critical software environments where the cost of a security failure extends beyond data.
  • Hands-on experience integrating acquired companies onto a common enterprise security baseline — identity federation, endpoint standardization, and network segmentation.
  • Familiarity with M&A security due diligence and post-close integration planning.

Responsibilities

  • Define and continuously evolve the enterprise security architecture across identity, endpoint, network, cloud (AWS/Azure), and SaaS. Produce explicit threat models for each tier; translate them into prioritized engineering roadmaps.
  • Design and oversee implementation of zero-trust access, IAM/PAM, MFA, and privileged credential management — with Okta and Entra ID as the primary platforms.
  • Lead technical response to high-severity incidents. Operate and mature EDR/XDR, SIEM, and DLP programs; drive post-incident hardening with measurable outcomes.
  • Evaluate and approve security designs for new platforms, SaaS integrations, infrastructure initiatives, and M&A activity before they reach production.
  • Partner with GRC on SOC 2, ISO 27001, and aviation-specific control requirements. Translate auditor findings and regulatory obligations into concrete engineering work — not policy binders.
  • Mentor security and infrastructure engineers, raise the security bar in cross-functional architecture reviews, and serve as a credible peer to product security engineering leaders.

Benefits

  • Medical, dental, vision insurance with Employer paid health premiums
  • Open PTO Policy
  • 401(k) with up to 10% company matching and immediate vesting
  • 12 Weeks Paid Maternity Leave
  • 4 Weeks Paid Paternity Leave
  • Flight Training Rewards
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service