Lead Product Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Lead Product Security Engineer responsible for application and infrastructure security at Aalyria. Reporting to Director of Security & IT while mentoring engineers on security practices.
Responsibilities:
- You'll be the technical voice of product security across Aalyria, reporting to the Director of Security & IT.
- You'll own application security, CI/CD and supply-chain security, our Kubernetes-based product infrastructure, product-side authentication and PKI.
- You'll partner closely with hardware engineering on Tightbeam.
- Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase.
- CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls.
- Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection.
- Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets.
- Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings.
- Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action.
- Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments.
- Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity.
Requirements:
- Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec.
- Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth.
- Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale.
- Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it.
- Comfort reviewing code is a plus.
- A track record of building security programs, not just operating tools someone else stood up.
- Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership.
- A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports.
- Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain.
- Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors.
- Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work.
Benefits:
- Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
- Impactful Work: Directly contribute to critical national security programs and initiatives.
- Growth Opportunities: Expand your career with opportunities for professional development and advancement.
- Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
- Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.
Similar Jobs
Experienced Information Security Engineer
Information Security Engineer conducting vulnerability assessments for complex environments at Gainwell Technologies. Collaborating with IT Operations and leadership for security management and compliance.
Head of Security Engineering
Head of Security Engineering at Suno, defining and leading security strategy for an AI music platform. Building and leading a high-performing security engineering organization with collaboration across various teams.
Senior Cyber Architect – OT Security
Senior role at EY in Cyber Security developing and implementing OT Security solutions for clients. Involvement in monitoring, analysing, and responding to security alerts in OT environments.
Staff Cyber Architect – OT Security, Engineering
Join EY as a Staff in Cyber Security focusing on OT security. Conduct assessments, support vulnerability management, and assist clients in improving security posture.
Software Engineer V – Security Engineer
Software Engineer V at Mighty Acorn focusing on embedding security in product teams. Ensuring compliance and data protection across digital services for government agencies.
Software Engineer I – Salesforce Integration, Tier 2 Security Clearance
Software Engineer I providing engineering support for Salesforce integration to federal contact center program. Must have Tier 2 Security Clearance and up to 3 years of experience.
Senior Developer III – Salesforce Integration, Tier 2 Security Clearance
Senior Developer responsible for Salesforce CRM integration solutions. Providing technical guidance and leading integration architecture decisions for federal contact center projects.
Developer I – Salesforce Integration, Tier 2 Security Clearance
Developer I supporting the development and testing of Salesforce CRM integrations. Working remotely at M&S Consulting with an emphasis on technical qualifications and active clearance.
Security Consultant
Security Consultant driving production efficiency within design team at Ares Technology. Supporting design department in delivering high-quality, mission-critical projects.
Senior Functional Consultant – HCM, HCM Security, Recruiting
Senior Functional Consultant assisting customers in overcoming HR technology challenges and maximizing Workday's value. Engaging in various consulting services while collaborating with clients.
Senior Security Engineer
Senior Security Engineer focusing on security operations in software development pipelines for a sustainable infrastructure company. Collaborating with IT and DevOps teams in a remote setting.
Cybersecurity Project Manager – Contract
Cybersecurity Project Manager in Technology Program Management Office overseeing cybersecurity project delivery. Requires extensive experience in cybersecurity, risk, compliance, controls, and audits.
Data Protection & AI Security, Staff Engineer
Staff Engineer leading strategic data protection and AI security initiatives at The Hershey Company. Collaborating with cross-functional teams to protect sensitive data and manage emerging risks.
Senior Cybersecurity Engineer
Cybersecurity Engineer responsible for protecting technology environments and delivering threat detection capabilities. Collaborating with IT, OT, and operations to strengthen operational security and compliance.
Senior Cybersecurity Engineer, Threat Detection and Response
Cybersecurity Engineer managing threat detection and response within Starbucks Security Operations Center. Leveraging expertise in cybersecurity and advanced log analysis to mitigate threats and support IT security.
Head of Security
Head of Security operating the information security program at Anomaly. Focused on enabling rapid product development while maintaining security and compliance.
Information Security GRC Analyst
Information Security GRC Analyst role focusing on developing and maturing governance, risk, and compliance programs. Assisting clients with compliance frameworks and cybersecurity measures in a remote work environment.
Senior Security Engineer
Senior Security Engineer at Red Cup IT, Inc. designing cloud security architectures and automating security processes to defend against modern threats. Leading projects and mentoring junior staff.
Senior Security Engineer
Senior Security Engineer at Sandisk owning and improving security tooling for SOC operations. Focus on reliability, detection, and automation in a leading tech company.
Senior System Security Engineer
Senior System Security Engineer safeguarding critical systems and infrastructure for cybersecurity firm. Developing security strategies and collaborating with teams to maintain system integrity and compliance.