Lead Product Security Engineer

🕒 May 8

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Aalyria

WebsiteLinkedInAll Job Openings

51 - 200 employees

📡 Telecommunications

🏢 Enterprise

☁️ SaaS

Telecommunications • Enterprise • SaaS

Aalyria is a company dedicated to creating, organizing, and managing the world's most advanced networks to enable ubiquitous connectivity at the speed of discovery. It utilizes atmospheric laser communications technology and a software platform originally developed by Alphabet. Aalyria's platform orchestrates networks across land, sea, air, space, and beyond. Key technological components include Tightbeam, a free space optics technology, and Spacetime, a software platform for network orchestration. Aalyria is backed by significant investors and has engaged in various high-profile projects, including working with NASA and developing 5G/6G networking platforms.

📋 Description

• You'll be the technical voice of product security across Aalyria, reporting to the Director of Security & IT. • You'll own application security, CI/CD and supply-chain security, our Kubernetes-based product infrastructure, product-side authentication and PKI. • You'll partner closely with hardware engineering on Tightbeam. • Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase. • CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls. • Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection. • Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets. • Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings. • Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action. • Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments. • Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity.

🎯 Requirements

• Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec. • Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth. • Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale. • Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it. • Comfort reviewing code is a plus. • A track record of building security programs, not just operating tools someone else stood up. • Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership. • A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports. • Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain. • Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors. • Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work.

🏖️ Benefits

• Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications. • Impactful Work: Directly contribute to critical national security programs and initiatives. • Growth Opportunities: Expand your career with opportunities for professional development and advancement. • Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter. • Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.