Skip to content
Northwood SpaceNorthwood SpaceLos Angeles, CA

Product Security Manager

Own the full product security lifecycle for space communications systems, from threat modeling and secure architecture to penetration testing, vulnerability management, cryptography, and compliance with FedRAMP, CMMC, and NIST standards. Requires 5+ years of product/application security leadership, deep expertise in SAST/DAST, secrets management, CI/CD hardening, and applied cryptography; TS/SCI clearance eligibility required.

120k – 190k
On-site5+ YOESecurity Engineering

About the role

Responsibilities

  • Own application security across the full software development lifecycle, ensuring security requirements are defined, validated, and enforced from design through production release.
  • Conduct security architecture reviews and threat modeling for new product features, platform changes, and third-party integrations.
  • Establish and maintain secure coding standards, security review gates, and developer security training programs.
  • Serve as the primary security liaison for product engineering teams, translating compliance and security requirements into actionable engineering guidance.
  • Deploy, manage, and continuously improve SAST and DAST tooling integrated into development workflows.
  • Own the vulnerability management program end-to-end: discovery, triage, prioritization, remediation tracking, and reporting across product and infrastructure systems.
  • Conduct and coordinate penetration testing against products and infrastructure, including scoping, execution, findings management, and remediation validation.
  • Build and maintain container security scanning, dependency analysis, and SCA pipelines.
  • Integrate automated security validation and policy enforcement into CI/CD pipelines.
  • Own secrets management infrastructure, including deployment, policy configuration, access controls, and audit logging for platforms such as HashiCorp Vault.
  • Implement and enforce controls for secure artifact management, signing, and supply chain integrity across build and deployment pipelines.
  • Review and harden Infrastructure as Code, GitOps workflows, and deployment automation for security misconfigurations and policy violations.
  • Design and implement cryptographic controls for data at rest, data in transit, and satellite communication protocols, ensuring alignment with NIST standards and government customer requirements.
  • Evaluate and advise on cryptographic library selection, key management architecture, and certificate lifecycle management.
  • Identify and remediate cryptographic weaknesses across product systems.
  • Hire and develop product security engineers as the team scales.
  • Collaborate with network operations, mission management, and compliance teams.
  • Build security documentation, audit evidence, and reporting standards that satisfy FedRAMP, CMMC, and NIST 800-171 requirements.

Basic Qualifications

  • 5+ years in product security, application security, or a closely related security engineering discipline, with demonstrated technical leadership experience.
  • Deep expertise in SAST and DAST tooling, including tool selection, integration into CI/CD pipelines, and results-driven vulnerability remediation programs.
  • Hands-on experience conducting or coordinating penetration testing engagements, including scoping, execution, and remediation validation.
  • Strong applied cryptography knowledge, including symmetric and asymmetric encryption, PKI, key management, and secure protocol design.
  • Experience owning vulnerability management programs, including prioritization frameworks, SLA enforcement, and executive reporting.
  • Proficiency with secrets management platforms such as HashiCorp Vault, including policy design and access control architecture.
  • Experience securing CI/CD pipelines and GitOps workflows, including IaC security review and automated security gate implementation.
  • Proficiency in one or more general-purpose programming languages (Python, Go, Rust, or equivalent).
  • Familiarity with government compliance frameworks including NIST 800-171, CMMC, and FedRAMP.
  • Ability to obtain and maintain a TS/SCI clearance.
  • U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

  • Active TS clearance or higher.
  • Experience with HashiCorp Vault, Terraform, and ArgoCD in production environments.
  • Hands-on experience with container security scanning, admission controllers, and microservices security patterns.
  • Familiarity with software supply chain security frameworks and tooling (SLSA, Sigstore, SBOM generation).
  • Background in aerospace, defense, critical infrastructure, or other regulated industries.
  • Experience with DFARS compliance, ITAR, and government contracting security requirements.
  • Familiarity with eMASS or similar government assessment and authorization tools.
  • CISSP, CSSLP, OSCP, or equivalent professional certification.

Skills

Application SecurityThreat ModelingPenetration TestingSASTDASTVulnerability ManagementCryptographyHashicorp VaultCi/Cd SecurityGitOpsTerraformArgo CDPythonGoRust
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k
On-site3+ YOESecurity Engineering
Resend

Security Engineer, Platform

ResendUnited States

As a Security Engineer, Platform, you will be responsible for building and improving the security foundations of Resend’s platform, including API keys, service permissions, and secrets management. You will also help design secure defaults for new services and improve detection and response for suspicious access.

120k – 140k
Remote5+ YOESecurity Engineering
WorkWave

Cloud Security Engineer

WorkWaveUnited States

Cloud Security Engineer leads secure cloud configurations in AWS (primary), Azure, and GCP, owning governance, IAM, vulnerability management, and secure-by-default patterns for engineering teams. Requires 5+ years experience with deep AWS security expertise and Terraform proficiency.

120k – 145k
Remote5+ YOESecurity Engineering
Writer

Security engineer, application security

WriterNew York, NY +1

Builds security into AI platform through threat modeling, SAST/DAST in CI/CD, code reviews, and secure architecture design. Requires 4+ years app sec experience, programming in Python/Java/Go/JS, and DevSecOps tools expertise.

119k – 210k
Hybrid4+ YOESecurity Engineering
Applied Intuition

System Safety Engineer, Autonomy Trucking

Applied IntuitionSunnyvale, CA

Defines and manages safety architecture, requirements, and analysis (FMEA, FTA, STPA) for L4 autonomous trucking software/hardware. Requires 3+ years system safety experience, automotive standards expertise (ISO 26262), and engineering background in ADAS/autonomy.

118k – 250k
On-site3+ YOESecurity Engineering