Lead Product Security Engineer

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Aalyria

Site WebLinkedInTous les Emplois

51 - 200 employés

📡 Télécommunications

🏢 Entreprise

☁️ SaaS

Telecommunications • Enterprise • SaaS

Aalyria est une entreprise spécialisée dans les technologies de l'espace et des communications, qui crée, organise et gère des réseaux à l'échelle planétaire en combinant des communications laser atmosphériques cohérentes sans fil (Tightbeam) avec une plateforme logicielle d'orchestration de réseau alimentée par l'IA (Spacetime). L'entreprise permet une connectivité multi-domaines et multi-orbites à travers la terre, la mer, l'air et l'espace — soutenant des constellations de satellites, des architectures 5G/NTN et des réseaux hybrides — et travaille avec des partenaires commerciaux et gouvernementaux pour déployer des matériels et logiciels pour des communications résilientes et haute-capacité.

Description

• You'll be the technical voice of product security across Aalyria, reporting to the Director of Security & IT. • You'll own application security, CI/CD and supply-chain security, our Kubernetes-based product infrastructure, product-side authentication and PKI. • You'll partner closely with hardware engineering on Tightbeam. • Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase. • CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls. • Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection. • Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets. • Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings. • Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action. • Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments. • Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity.

🎯 Exigences

• Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec. • Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth. • Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale. • Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it. • Comfort reviewing code is a plus. • A track record of building security programs, not just operating tools someone else stood up. • Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership. • A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports. • Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain. • Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors. • Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work.

🏖️ Avantages

• Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications. • Impactful Work: Directly contribute to critical national security programs and initiatives. • Growth Opportunities: Expand your career with opportunities for professional development and advancement. • Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter. • Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.