Jobs · Information Technology

Lead Product Security Engineer

Aalyria · United States · 3 wk ago
RemoteRemoteInformation TechnologyFull-time

Senior Product Security Engineer

Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace industry. We are revolutionizing the orchestration and management of planetary mesh networks using any radio or optical spectrum, any orbit, and any hardware across land, sea, air, and space.

About the role

You'll be the technical voice of product security across Aalyria, reporting to the Director of Security & IT. You'll own application security, CI/CD and supply-chain security, our Kubernetes-based product infrastructure, product-side authentication and PKI, and you'll partner closely with hardware engineering on Tightbeam.

This is a senior to staff level individual contributor role with room to grow into management as the function scales. We need someone who's genuinely happy in a terminal and equally comfortable leading an architecture review.

Responsibilities

  • Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase.
  • CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls.
  • Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection.
  • Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets.
  • Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings.
  • Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action.
  • Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments.
  • Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity.

Requirements

  • Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec.
  • Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth.
  • Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale.
  • Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it. Comfort reviewing code is a plus.
  • A track record of building security programs, not just operating tools someone else stood up.
  • Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership.
  • A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports.
  • Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain.
  • Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors.
  • Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work.
  • Hands on experience with NIST 800-53, NIST 800-171, or DoD SRG environments.
  • Experience with government-cloud platforms.
  • Hardware security depth in HSMs, TPMs, secure elements, supply-chain attestation.
  • Embedded / firmware security background, secure boot, RoT, OTA update integrity, hands-on firmware review.
  • Experience standing up or running a vulnerability disclosure program or bug bounty, triage, researcher comms, and CVE coordination.

Qualifications

  • U.S. citizen or national, green card holder, refugee under 8 U.S.C. 1157, asylee under 8 U.S.C. 1158, or eligible to access export-controlled information without requiring an export authorization.
  • Experience with government-cloud platforms.
  • Embedded / firmware security background, secure boot, RoT, OTA update integrity, hands-on firmware review.
  • Experience standing up or running a vulnerability disclosure program or bug bounty, triage, researcher comms, and CVE coordination.

Benefits

Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
Impactful Work: Directly contribute to critical national security programs and initiatives.
Growth Opportunities: Expand your career with opportunities for professional development and advancement.
Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.

Pay

Competitive salary.

Schedule

Remote (United States).

Company Information

Aalyria is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Qualified applicants from all backgrounds are encouraged to apply.

Similar jobs

Lead Product Engineer

Bayview Asset Management, LLCCoral Gables, FL· 1 mo ago
RemoteEngineering$170k–$220k/yrapply on careers.bayview.com