Senior Application Security Engineer

True Anomaly•Long Beach, CA

5h•$145,000 - $205,000•Hybrid

About The Position

A new space race has begun. True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability. OUR MISSION The peaceful use of space is essential for continued prosperity on Earth—from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all. OUR VALUES Be the offset. We create asymmetric advantages with creativity and ingenuity What would it take? We challenge assumptions to deliver ambitious results It’s the people. Our team is our competitive advantage and we are better together YOUR MISSION As a Senior Application Security Engineer, you will be instrumental in implementing and auditing security controls for mission-critical space systems that must meet stringent government compliance requirements. You will work at the intersection of security engineering, compliance frameworks (NIST 800-171/800-53), and modern cloud-native architectures to ensure our satellite mission control software and flight systems meet Department of Defense security standards. You will design and implement application-level security controls including comprehensive audit logging, incident response capabilities, access controls, and security monitoring—all while working closely with product engineering teams to shift security to ensure optimal outcomes. If you thrive in a fast-paced environment where you can build security controls from the ground up and see the direct impact of your work on national security space operations, this mission is for you. This position requires the ability to obtain and maintain a security clearance.

Requirements

5+ years of experience in application security, product security, or security engineering
Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
Experience with cloud security (Azure preferred, AWS or GCP acceptable)
Solid understanding of secure architecture principles including: Threat modeling and risk assessment Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC) Cryptography and key management Defense-in-depth and Zero Trust principles
Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
U.S. Citizen and eligible for DoD Secret or TS/SCI clearance

Nice To Haves

Active TS/SCI clearance or ability to obtain and maintain a security clearance
Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
Background in DevSecOps or Platform Security Engineering: GitOps workflows and CI/CD security Infrastructure as Code security (Terraform, Bicep, Pulumi) Kubernetes security (Pod Security Standards, network policies, service mesh)
Experience with security incident response including detection engineering and SOAR integration
Familiarity with aerospace, defense, or other highly regulated industries (finance, healthcare, critical infrastructure)
Previous experience in startups or fast-paced environments with ability to build processes from scratch

Responsibilities

Create security architecture documentation and operational security guides for government authorization processes
Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
Collaborate with engineering teams to address security findings and implement secure coding practices
Develop and deliver security training to software engineers and systems administrators across the organization
Create and manage incident response playbooks specific to application security events
Evaluate and integrate third-party security solutions to enhance overall security capabilities