Senior Software Security Engineer

Are you ready to embark on this exciting journey with us

We are seeking a Senior Software Security Engineer to lead the design implementation and assessment of the security architecture for our flight and ground software systems. This is not a traditional IT compliance role; you are a hands-on software engineer first with a deep passion for building security into the core of a product. You willbe responsible foreverything from hands-on coding of security services to integrating automated controls into our CI/CD pipelines and ensuring our architecture meets the stringent requirements for a government Authority to Operate (ATO).

You will spend your time writing code hardening our infrastructureparticipatingin threat modeling and mentoring our talented software engineers in secure development practices. You will be the teams expert on balancingcutting-edgesecurity with the very real constraints of embeddedsystemsand the compliance demands of NIST and CMMC frameworks.

What Youll Do

• Architect & Design:Design develop and contribute tothe Zero Trust security architecture for our flight software including services forauthentication/authorization cryptographic key management secure data storage and secure transport.Lead the research and evaluation of security features protocols and third-party tools to make data-driven architectural decisions.

• Harden Mission Infrastructure: Collaborate with infrastructure teams to secure ouronboardflight softwareplatform including hardeningembeddedLinux systems segmentingspacecraftnetwork enclaves configuringonboardIAM policies and mitigating operational cybersecurity risks across the asset lifecycle.

• Implement Security Controls in the SDLC:Work with the DevOps team to integrate and automate security controls directly into our CI/CD pipelines including Static/Dynamic Application Security Testing (SAST/DAST) Software Composition Analysis (SCA) SBOM generation and container vulnerability scanning using tools like SonarQube.

• Lead Compliance Efforts:Serve as the technical expert for designing and implementing security controls required by NIST SP 800-53 / 800-171 such as encryption access control and secure logging. Participate in security architecture reviews code audits and threat modeling sessions toidentifyand remediate vulnerabilities like API weaknesses and supply chain with security team and ISSM to prepare systems and documentation for ATO approval.

What Were Looking For

Required Skills:

• 5 years of professionalexperiencein software development withat least 3 years in a security-focused role.

• Deep understanding of modern security principles includingDevSecOps Zero Trust container security and common threats.

• Demonstrableexpertisein one or more of the following security domains: network securityapplication security or cryptography.

• Technical experience implementing and assessing controls for frameworks such as NIST SP 800-53 / 800-171.

• Hands-on experience with scripting and programming languages (e.g. Python Bash C).

• Strongunderstanding of Linux systemssecurity and hardening.

• Experience with container security (Docker k3s) and vulnerability scanning tools.

• One or more current relevant security certifications such asSecurityCySA GSEC CASP or CISSP.

• Active security clearancerequired.

Desired Skills (The more of these you have the better):

• Experience with embedded Linux environments and the challenges of resource-constrained systems (CPU memory).
• Hands-on experience with service-oriented or message-oriented architectures.
• Experience in the aerospace defense or another high-assurance industry. Particularly those who have written flight software for spacecraft robotics and/or autonomous vehicles.
• Experience with Infrastructure as Code (IaC) tools (Terraform Helm Ansible).

Why Youll Want to Work Here

• High-Impact Mission:Your work will directly contribute to the security of critical national space assets.

• Greenfield Opportunity:You will have the authority and autonomy to build a modern security architecture from the ground up the right way.

• Expert Team:You will be a senior member of a small highly skilled team where yourexpertisewill bevaluedand your contributions will beimmediatelyvisible.

• Modern Tech Stack:We are using a modern cloud-native-inspired stack(k3s NATS CI/CD)to solve aerospaces most challenging problems.

If you are a software engineer who is passionate about security and wants to build trusted systems for a mission that matters we encourage you to apply.

Equal Employment Opportunity & Affirmative Action

Loft Federal is an Equal Employment Opportunity and Affirmative Action Employer. We consider all qualified applicants for employment without regard to race color age religion sex gender identity or expression sexual orientation marital status national origin ancestry veteran status genetic information disability pregnancy or any other legally protected status.

Accessibility & Accommodations

If you require a reasonable accommodation due to a disability when applying for an open position please contact us at for assistance.

We Hire for Talent Not Just Resumes