Lead Product Security Engineer

🕒 Maio 8

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Aalyria

SiteLinkedInTodas as Vagas

51 - 200 funcionários

📡 Telecomunicações

🏢 Corporativo

☁️ SaaS

Telecommunications • Enterprise • SaaS

A Aalyria é uma empresa de tecnologia espacial e de comunicações que cria, organiza e gerencia redes em escala planetária, combinando comunicações a laser em espaço livre atmosférico coerente (Tightbeam) com uma plataforma de orquestração de rede impulsionada por IA (Spacetime). A empresa possibilita conectividade multidomínio e multi-órbita através de terra, mar, ar e espaço — apoiando constelações de satélites, arquiteturas 5G/NTN e redes híbridas — e trabalha com parceiros comerciais e governamentais para implantar hardware e software para comunicações resilientes e de alta capacidade.

Descrição

• You'll be the technical voice of product security across Aalyria, reporting to the Director of Security & IT. • You'll own application security, CI/CD and supply-chain security, our Kubernetes-based product infrastructure, product-side authentication and PKI. • You'll partner closely with hardware engineering on Tightbeam. • Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase. • CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls. • Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection. • Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets. • Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings. • Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action. • Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments. • Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity.

🎯 Requisitos

• Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec. • Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth. • Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale. • Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it. • Comfort reviewing code is a plus. • A track record of building security programs, not just operating tools someone else stood up. • Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership. • A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports. • Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain. • Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors. • Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work.

🏖️ Benefícios

• Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications. • Impactful Work: Directly contribute to critical national security programs and initiatives. • Growth Opportunities: Expand your career with opportunities for professional development and advancement. • Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter. • Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.