Senior Application Security Engineer

YOUR MISSION

As a Senior Application Security Engineer, you will play a critical role in ensuring the security and compliance of our software products with FedRAMP High, NIST controls, and future Department of Defense IL5+ requirements. You will leverage your expertise to enhance our security posture and support our mission of maintaining secure and sustainable operations in space.

RESPONSIBILITIES

• Identify, assess, and mitigate security risks in software products, ensuring robust security measures are in place.
• Drive continual improvements in the quality and automation of vulnerability adjudication and remediation processes.
• Stay current with the latest security vulnerabilities and mitigation techniques and contribute to True Anomaly's security automation roadmap.
• Perform comprehensive security code reviews to identify potential vulnerabilities and provide actionable remediation suggestions.
• Evaluate and integrate third-party security solutions to enhance overall security posture.
• Implement NIST controls, FedRAMP High controls, and Security Technical Implementation Guides (STIGs) across applications.
• Collaborate closely with developers to address and resolve security vulnerabilities, fostering a culture of security excellence.

QUALIFICATIONS

• 5+ years of experience in product or application security.
• Proficiency in exploiting common attack patterns and exploitation techniques on web applications, coupled with strong knowledge of threat modeling, OWASP Top 10, and secure architecture reviews.
• Hands-on experience with web application security testing tools such as Burp Suite, open-source scanners, and/or vendor products.
• Solid understanding or experience working in containerized environments and familiarity with GitOps flow.
• Proven ability to work independently with minimal supervision, manage complex tasks, and prioritize multiple tasks based on strategic goals.
• Demonstrated passion for technology, a desire to build security tooling from the ground up, and the ability to tackle complex problems creatively.

PREFERRED SKILLS AND EXPERIENCE

• Experience with cloud platforms such as Azure, AWS, or Google Cloud.
• Proficiency in programming languages such as Python, Elixir, or Go.
• Previous experience in the defense or aerospace industry.
• Familiarity with developer security and security operations practices and tools.
• Eligibility to obtain and maintain an active U.S. Top Secret clearance.

COMPENSATION

• California Base Salary: $175,000-$245,000
• Colorado Base Salary: $155,000-$215,000
• Washington D.C. Base Salary: $160,000-$225,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education and experience.

ADDITIONAL REQUIREMENTS

• Ability to maintain or obtain TS//SCI clearance
• Work Location: this role will be fully onsite at our GravityWorks factory in Centennial, CO
• Work environment is in a standard office, working at a desk or in a production factory.
• Physical demands may include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20lbs.

This position will be open until it is successfully filled. To submit your application, please follow the directions below. [#LI-Hybrid]