{"schemaVersion":"jobsearcher.job.v1","id":"259bef21aa8152a5e7a05322","url":"https://jobsearcher.com/jobs/259bef21aa8152a5e7a05322","canonicalUrl":"https://jobsearcher.com/jobs/259bef21aa8152a5e7a05322","title":"Security Engineer","description":"About NominalNominal is building the connected test and operations platform powering the world's most advanced hardware systems, from spacecraft and autonomous vehicles to next-generation defense programs. Our platform gives hardware engineering teams a single place to ingest data, analyze performance, automate test execution, and collaborate across every phase of development, so they can move faster without sacrificing safety or precision. We're a fast-moving team that owns problems end-to-end, works across disciplines, and thrives at the intersection of hardware and software.We serve top-tier commercial and defense customers, from autonomy leaders like Anduril and Shield AI to next-generation aerospace teams like Hermeus and REGENT, and performance engineering teams like Pratt Miller Motorsports, alongside mission partners within the U.S. Navy and U.S. Air Force on programs where failure isn’t an option. We’re backed by Sequoia, General Catalyst, Founders Fund, Lux Capital, and Lightspeed. Our team draws from SpaceX, Palantir, Anduril, Applied Intuition, and other leading companies, united by a common mission: giving hardware engineers the tools to build the future with speed, safety, and confidence.As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you’ll be responsible for working across the organization, developing and maturing various Security and GRC controls. You’ll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal’s software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.🚀 About The RoleOwn the Security Posture (0 to 1): As part of a small team, you will be responsible for building and maturing Nominal’s security and GRC posture from an early foundation. This includes designing first-generation controls, tooling, and processes that scale as Nominal serves regulated enterprise and defense customers (U.S. and non-U.S.). This role emphasizes systems thinking, architecture, and secure-by-design decisions over reactive monitoring or narrow security operations.Detect and Respond: Strengthen Nominalʼs operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences.Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) into concrete technical actions, architectures, and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments.Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominalʼs technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices.🚀 About The RoleThis role is designed for a broad, product-minded security engineer who has helped build security programs in early-stage or fast-scaling technology companies.You Will Thrive In This Role If You:Have operated in environments where security controls, tooling, and processes were built from first principles rather than inherited.Enjoy owning problems end-to-end across product, infrastructure, endpoints, and compliance.Are comfortable balancing technical rigor with startup velocity and ambiguity.This role is not a fit for candidates whose experience is primarily:Operating mature SOCs or alert-centric security environments.Narrowly scoped security analysis roles without broader systems ownership.Managed security service providers or highly siloed enterprise security teams.We're looking for a generalist security engineer with strong judgment and systems intuition, who has owned security outcomes across multiple domains rather than specializing in a single control area. Depth in specific areas is valuable, but success in this role requires the ability to reason across products, infrastructure, endpoints, and compliance requirements, and to learn quickly in unfamiliar domains.🚀 Preferred Qualifications:4+ years of experience working as a Security Engineer, with demonstrated ownership of security programs or systems beyond a single functional area.Hands-on experience deploying and operating security tooling (e.g., EDR, SIEM), with the ability to evaluate, select, and evolve tools as the company grows. Incident handling experience, including incident preparation, detection, containment & eradication, and post-mortem.Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls.Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC), and Google Cloud Platform (GCP). Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002.Experience with federal contracting and data protection requirements, whether in government or industry settings.Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement.General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements.✨ Benefits/Perks🏥 100% coverage of medical, dental, and vision insurance🏖️ Unlimited PTO and sick leave🍽️ Free lunch, snacks, and coffee🚀 Professional development stipend✈️ Annual company retreatAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.ITAR RequirementsTo conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C.1157, or (iv) Asylee under 8 U.S.C.1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.CompensationThe base pay range for this role is $140,000 – $170,000 per year.","company":"Nominal","rawCompany":"nominal","city":"Washington","state":"DC","isRemote":false,"isActive":false,"createdAt":"2026-04-12T17:37:33.822Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Security Engineer","description":"About NominalNominal is building the connected test and operations platform powering the world's most advanced hardware systems, from spacecraft and autonomous vehicles to next-generation defense programs. Our platform gives hardware engineering teams a single place to ingest data, analyze performance, automate test execution, and collaborate across every phase of development, so they can move faster without sacrificing safety or precision. We're a fast-moving team that owns problems end-to-end, works across disciplines, and thrives at the intersection of hardware and software.We serve top-tier commercial and defense customers, from autonomy leaders like Anduril and Shield AI to next-generation aerospace teams like Hermeus and REGENT, and performance engineering teams like Pratt Miller Motorsports, alongside mission partners within the U.S. Navy and U.S. Air Force on programs where failure isn’t an option. We’re backed by Sequoia, General Catalyst, Founders Fund, Lux Capital, and Lightspeed. Our team draws from SpaceX, Palantir, Anduril, Applied Intuition, and other leading companies, united by a common mission: giving hardware engineers the tools to build the future with speed, safety, and confidence.As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you’ll be responsible for working across the organization, developing and maturing various Security and GRC controls. You’ll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal’s software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.🚀 About The RoleOwn the Security Posture (0 to 1): As part of a small team, you will be responsible for building and maturing Nominal’s security and GRC posture from an early foundation. This includes designing first-generation controls, tooling, and processes that scale as Nominal serves regulated enterprise and defense customers (U.S. and non-U.S.). This role emphasizes systems thinking, architecture, and secure-by-design decisions over reactive monitoring or narrow security operations.Detect and Respond: Strengthen Nominalʼs operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences.Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) into concrete technical actions, architectures, and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments.Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominalʼs technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices.🚀 About The RoleThis role is designed for a broad, product-minded security engineer who has helped build security programs in early-stage or fast-scaling technology companies.You Will Thrive In This Role If You:Have operated in environments where security controls, tooling, and processes were built from first principles rather than inherited.Enjoy owning problems end-to-end across product, infrastructure, endpoints, and compliance.Are comfortable balancing technical rigor with startup velocity and ambiguity.This role is not a fit for candidates whose experience is primarily:Operating mature SOCs or alert-centric security environments.Narrowly scoped security analysis roles without broader systems ownership.Managed security service providers or highly siloed enterprise security teams.We're looking for a generalist security engineer with strong judgment and systems intuition, who has owned security outcomes across multiple domains rather than specializing in a single control area. Depth in specific areas is valuable, but success in this role requires the ability to reason across products, infrastructure, endpoints, and compliance requirements, and to learn quickly in unfamiliar domains.🚀 Preferred Qualifications:4+ years of experience working as a Security Engineer, with demonstrated ownership of security programs or systems beyond a single functional area.Hands-on experience deploying and operating security tooling (e.g., EDR, SIEM), with the ability to evaluate, select, and evolve tools as the company grows. Incident handling experience, including incident preparation, detection, containment & eradication, and post-mortem.Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls.Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC), and Google Cloud Platform (GCP). Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002.Experience with federal contracting and data protection requirements, whether in government or industry settings.Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement.General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements.✨ Benefits/Perks🏥 100% coverage of medical, dental, and vision insurance🏖️ Unlimited PTO and sick leave🍽️ Free lunch, snacks, and coffee🚀 Professional development stipend✈️ Annual company retreatAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.ITAR RequirementsTo conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C.1157, or (iv) Asylee under 8 U.S.C.1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.CompensationThe base pay range for this role is $140,000 – $170,000 per year.","datePosted":"2026-04-12T17:37:33.822Z","dateModified":"2026-04-12T17:37:33.822Z","hiringOrganization":{"@type":"Organization","name":"Nominal","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Washington","addressRegion":"DC","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"259bef21aa8152a5e7a05322"},"url":"https://jobsearcher.com/jobs/259bef21aa8152a5e7a05322"}}