Application Security Engineer II
True Anomaly
True Anomaly is seeking an experienced Application Security Engineer II to enhance the security of their innovative space technology. The role focuses on continuous monitoring and compliance for FedRAMP-compliant systems.
Job description
A new space race has begun. True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability. OUR MISSION The peaceful use of space is essential for continued prosperity on Earth-from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all. OUR VALUES • Be the offset. We create asymmetric advantages with creativity and ingenuity • What would it take? We challenge assumptions to deliver ambitious results • It's the people. Our team is our competitive advantage and we are better together YOUR MISSION Software is the central nervous system for True Anomaly's engineering and product thesis. Software bridges the gap between military objectives, theoretical astrodynamics and the human and autonomous control of spacecraft and ground systems in time and space. True Anomaly is seeking a highly experienced Continuous Monitoring Engineer with cloud certification compliance experience, to contribute to the continuing evolution of our complex spacecraft modeling and simulation software. You do not need to have experience building space ground systems or experience in aerospace. You'll have ownership of challenging, greenfield problems and a chance to fundamentally impact the outcome of future conflict (and the future of the company), all while enjoying world-class benefits including platinum healthcare, flexible work hours/location, highly competitive compensation and a generous stock options package. RESPONSIBILITIES • Develop, implement, and maintain continuous monitoring strategies for FedRAMP-compliant systems. • Conduct continuous control testing and verification in accordance with FedRAMP requirements. • Conduct regular security assessments, vulnerability scans, and risk assessments to identify and mitigate potential threats. • Monitor security controls to ensure compliance with FedRAMP, SOC 2, ISO 27001, and NIST standards. • Collaborate with cross-functional teams to ensure security measures are integrated into the system development lifecycle. • Support the maintenance the FedRAMP System Security Plan (SSP) and ensure all necessary documentation is up to date. • Monitor and analyze security logs from various sources (e.g., SIEMs, IDS/IPS) to identify suspicious activities and respond to security incidents. • Prepare and present reports on the security status and compliance posture to management and external auditors. • Assist in the development and maintenance of security policies, procedures, and guidelines. • Stay updated with the latest security trends, threats, and technology solutions. • Provide guidance and training to internal stakeholders on compliance and security best practices. QUALIFICATIONS • Bachelor's degree in Computer Science, Information Security, or equivalent professional experience. • Minimum of 3 years of experience in information security, with a focus on continuous monitoring and compliance. • Proficiency with security tools and technologies such as SIEM, IDS/IPS, vulnerability scanners, and endpoint protection. • In-depth knowledge and hands-on experience with FedRAMP, SOC 2, ISO 27001, and NIST frameworks. • Strong understanding of cloud security principles and best practices. • Excellent analytical, problem-solving, and communication skills. • Ability to work independently and collaboratively in a fast-paced environment. • Relevant certifications such as CISSP, CISM, CISA, or equivalents are highly desirable. PREFERRED SKILLS AND EXPERIENCE • Experience with cloud platforms such as Azure, AWS, or Google Cloud. • Familiarity with developer security and security operations practices and tools. • Experience working with a FedRAMP-accredited 3PAO and civilian agencies. • Previous work with the Department of Defense Impact Levels COMPENSATION • California Base Salary: $145,000-$195,000 • Colorado Base Salary: $125,000-$170,000 • Washington D.C. Base Salary: $130,000-$175,000 • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. ADDITIONAL REQUIREMENTS • Work Location-Successful candidates will be located near Denver, Colorado Springs, Long Beach, or Washington D.C. While we observe a hybrid work environment, some work must be done on site. • Work environment-the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job. • Physical demands-the physical demands of the job, including bending, sitting, lifting and driving. This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Hybrid To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
Requirements
• True Anomaly is seeking a highly experienced Continuous Monitoring Engineer with cloud certification compliance experience, to contribute to the continuing evolution of our complex spacecraft modeling and simulation software
• You do not need to have experience building space ground systems or experience in aerospace
• You'll have ownership of challenging, greenfield problems and a chance to fundamentally impact the outcome of future conflict (and the future of the company), all while enjoying world-class benefits including platinum healthcare, flexible work hours/location, highly competitive compensation and a generous stock options package
• Bachelor's degree in Computer Science, Information Security, or equivalent professional experience
• Minimum of 3 years of experience in information security, with a focus on continuous monitoring and compliance
• Proficiency with security tools and technologies such as SIEM, IDS/IPS, vulnerability scanners, and endpoint protection
• In-depth knowledge and hands-on experience with FedRAMP, SOC 2, ISO 27001, and NIST frameworks
• Strong understanding of cloud security principles and best practices
• Excellent analytical, problem-solving, and communication skills
• Ability to work independently and collaboratively in a fast-paced environment
• Work Location-Successful candidates will be located near Denver, Colorado Springs, Long Beach, or Washington D.C
• Physical demands-the physical demands of the job, including bending, sitting, lifting and driving
• To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C
• 1324b(a)(3), or eligible to obtain the required authorizations from the U.S
Similar Jobs
Jul 7, 2025
Application Security Engineer II
Denver, Colorado
Full-time job
True Anomaly is seeking an experienced Application Security Engineer II to enhance the security of their innovative space technology. The role focuses on continuous monitoring and compliance for FedRAMP-compliant systems.
Aug 20, 2025
Application Security Engineer
Boston, Massachusetts
Full-time job
Sompo International is seeking an experienced Application Security Engineer to join their Information Security team in Boston, Massachusetts. The role involves developing and implementing security controls throughout the software development lifecycle and collaborating with development teams to enhance secure coding practices.
Python
Aug 4, 2025
Information Security Engineer II
Carson City, Nevada
Full-time job
Lumen Technologies is seeking an Information Security Engineer II to manage and secure the enterprise's firewall and VPN operations. This role involves troubleshooting, maintaining security compliance, and collaborating with internal teams to enhance security capabilities.
Aug 1, 2025
Senior Application Security Engineer II
Seattle, Washington
Full-time job
Axon Enterprise is seeking a Senior Application Security Engineer II to enhance application security within the software development lifecycle. This role involves partnering with development teams to implement security practices and tools while promoting a culture of secure coding.
PythonJavaGo
Aug 9, 2025
Senior Application Security Engineer
Indianapolis, Indiana
Full-time job
Coinbase is seeking a Senior Application Security Engineer to enhance the security of its applications and services. The role involves designing security solutions, collaborating with engineering teams, and mentoring junior engineers.
PythonGo
Jan 1, 1970
Application Security Engineer - Remote
Juneau, AK
Full-time job
_Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. ( SUMMARY We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications and data. The Application Security Engineer must understand development, coding, security engineering, and secure systems configurations. This position ensures that every step of the software development lifecycle (SDLC) follows security best practices. This involves conducting security assessments with SAST and DAST tools, reading source code, threat modeling, and designing and implementing secure software development practices. They will determine where security vulnerabilities exist and implement fixes. They must understand how an application may be misused and exploited. The Application Security Engineer will collaborate with software development teams and provide guidance on best practices for secure coding. They will also stay up to date on the latest security trends and technologies and integrate them into the organization's security strategy. The ideal candidate will have strong analytical and problem-solving skills, as well as experience in application security and knowledge of programming languages and web technologies. A Bachelor's degree in Computer Science and certifications such as CISSP, OSCP, or CASE are preferred. ESSENTIAL FUNCTIONS Conduct security assessments that require expertise of our organization's applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies. Collaborate with software development teams to integrate security into the development life cycle. Conduct security assessments of web, mobile, and other applications. Analyze security assessment results to identify security vulnerabilities and provide guidance on remediation. Design and implement secure software development practices, including threat modeling, secure coding standards, and code review. Stay current with security threats, trends, and technologies, and recommend new security controls as needed. Conduct application security investigations and provide recommendations to mitigate risk. Maintain security documentation, provide subject matter expertise, and collaborate on security policies, procedures, and standards. ADDITIONAL RESPONSIBILITIES Performs other duties as assigned. EDUCATION Bachelor's degree in computer science, information security, or a related field EXPERIENCE Five (5) years or more experience with OWASP, SAST, DAST, SCA, RASP and common security tools, required. Seven (7) years or more application security, security engineering, software development, or a related field, required. Five (5) years or more strong understanding of web application security and common attack vectors. (e.g. SQL injection, XSS, CSRF), required. Five (5) years or more experience with secure coding practices, threat modeling, and secure software development life cycle (SDLC) methodologies. required Five (5) years or more proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems, required. Five (5) years or more demonstrated experience with systems integration processes, methodology and tools, required. Seven (7) years or more development and scripting experience, required. Five (5) years or more professional application security role, required. Five (5) years or more experience with API and Web Security, required. Three (3) years or more experience with WAF, or similar application security infrastructure a plus, preferred. Seven (7) years or more experience in integrating security in CI/CD, DevOps, required. Six (6) years or more experience process or operation management Six (6) years or more experience Value Stream Mapping, Continuous Flow, Pull Replenishment and other process improvement experience. SKILLS Excellent communication skills, both verbal and written, and the ability to work effectively with cross-functional teams. Ability to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors). Ability to work independently and as a member of a team. Flexibility to operate and self-driven to excel in a fast-paced environment. Capable of multi-tasking, highly organized, with excellent time management skills Proficiency in at least one programming language (e.g. Python, .NET, Javascript) with .NET preferred., advanced, required. Proficiency in at least one common scripting language (e.g. PowerShell, bash, etc.), advanced, required. Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations, expert, required. CI/CD experience with Azure Devops, Terraform or other automation and integration technologies, expert, required. Risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy, advanced, required. LICENSES CISSP, OSCP, CASE, or other industry-leading certifications, preferred. TRAVEL 1-10% Applicants from California, Colorado, Hawaii, New Jersey, New York City, and Washington: Salary is determined based on internal equity; internal salary ranges; market data/ranges; applicant’s skills; prior relevant experience; certain degrees or certifications, etc. The salary for this position ranges from $120,000.00 to $150,000.00. Employees may also be eligible to receive an annual bonus, as applicable. Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax advantaged 401(k) retirement savings plan Job Category: Information Security Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability. _Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. ( Current Employees: If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here ( to log in to Workday to apply using the internal application process. #wd
CI/CDAzureAzure Devops
Jul 7, 2025
Application Security Engineer II
Denver, Colorado
Full-time job
True Anomaly is seeking an experienced Application Security Engineer II to enhance the security of their innovative space technology. The role focuses on continuous monitoring and compliance for FedRAMP-compliant systems.
Aug 20, 2025
Application Security Engineer
Boston, Massachusetts
Full-time job
Sompo International is seeking an experienced Application Security Engineer to join their Information Security team in Boston, Massachusetts. The role involves developing and implementing security controls throughout the software development lifecycle and collaborating with development teams to enhance secure coding practices.
Python
Aug 4, 2025
Information Security Engineer II
Carson City, Nevada
Full-time job
Lumen Technologies is seeking an Information Security Engineer II to manage and secure the enterprise's firewall and VPN operations. This role involves troubleshooting, maintaining security compliance, and collaborating with internal teams to enhance security capabilities.
Aug 1, 2025
Senior Application Security Engineer II
Seattle, Washington
Full-time job
Axon Enterprise is seeking a Senior Application Security Engineer II to enhance application security within the software development lifecycle. This role involves partnering with development teams to implement security practices and tools while promoting a culture of secure coding.
PythonJavaGo
Aug 9, 2025
Senior Application Security Engineer
Indianapolis, Indiana
Full-time job
Coinbase is seeking a Senior Application Security Engineer to enhance the security of its applications and services. The role involves designing security solutions, collaborating with engineering teams, and mentoring junior engineers.
PythonGo
Jan 1, 1970
Application Security Engineer - Remote
Juneau, AK
Full-time job
_Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. ( SUMMARY We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications and data. The Application Security Engineer must understand development, coding, security engineering, and secure systems configurations. This position ensures that every step of the software development lifecycle (SDLC) follows security best practices. This involves conducting security assessments with SAST and DAST tools, reading source code, threat modeling, and designing and implementing secure software development practices. They will determine where security vulnerabilities exist and implement fixes. They must understand how an application may be misused and exploited. The Application Security Engineer will collaborate with software development teams and provide guidance on best practices for secure coding. They will also stay up to date on the latest security trends and technologies and integrate them into the organization's security strategy. The ideal candidate will have strong analytical and problem-solving skills, as well as experience in application security and knowledge of programming languages and web technologies. A Bachelor's degree in Computer Science and certifications such as CISSP, OSCP, or CASE are preferred. ESSENTIAL FUNCTIONS Conduct security assessments that require expertise of our organization's applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies. Collaborate with software development teams to integrate security into the development life cycle. Conduct security assessments of web, mobile, and other applications. Analyze security assessment results to identify security vulnerabilities and provide guidance on remediation. Design and implement secure software development practices, including threat modeling, secure coding standards, and code review. Stay current with security threats, trends, and technologies, and recommend new security controls as needed. Conduct application security investigations and provide recommendations to mitigate risk. Maintain security documentation, provide subject matter expertise, and collaborate on security policies, procedures, and standards. ADDITIONAL RESPONSIBILITIES Performs other duties as assigned. EDUCATION Bachelor's degree in computer science, information security, or a related field EXPERIENCE Five (5) years or more experience with OWASP, SAST, DAST, SCA, RASP and common security tools, required. Seven (7) years or more application security, security engineering, software development, or a related field, required. Five (5) years or more strong understanding of web application security and common attack vectors. (e.g. SQL injection, XSS, CSRF), required. Five (5) years or more experience with secure coding practices, threat modeling, and secure software development life cycle (SDLC) methodologies. required Five (5) years or more proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems, required. Five (5) years or more demonstrated experience with systems integration processes, methodology and tools, required. Seven (7) years or more development and scripting experience, required. Five (5) years or more professional application security role, required. Five (5) years or more experience with API and Web Security, required. Three (3) years or more experience with WAF, or similar application security infrastructure a plus, preferred. Seven (7) years or more experience in integrating security in CI/CD, DevOps, required. Six (6) years or more experience process or operation management Six (6) years or more experience Value Stream Mapping, Continuous Flow, Pull Replenishment and other process improvement experience. SKILLS Excellent communication skills, both verbal and written, and the ability to work effectively with cross-functional teams. Ability to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors). Ability to work independently and as a member of a team. Flexibility to operate and self-driven to excel in a fast-paced environment. Capable of multi-tasking, highly organized, with excellent time management skills Proficiency in at least one programming language (e.g. Python, .NET, Javascript) with .NET preferred., advanced, required. Proficiency in at least one common scripting language (e.g. PowerShell, bash, etc.), advanced, required. Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations, expert, required. CI/CD experience with Azure Devops, Terraform or other automation and integration technologies, expert, required. Risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy, advanced, required. LICENSES CISSP, OSCP, CASE, or other industry-leading certifications, preferred. TRAVEL 1-10% Applicants from California, Colorado, Hawaii, New Jersey, New York City, and Washington: Salary is determined based on internal equity; internal salary ranges; market data/ranges; applicant’s skills; prior relevant experience; certain degrees or certifications, etc. The salary for this position ranges from $120,000.00 to $150,000.00. Employees may also be eligible to receive an annual bonus, as applicable. Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax advantaged 401(k) retirement savings plan Job Category: Information Security Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability. _Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. ( Current Employees: If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here ( to log in to Workday to apply using the internal application process. #wd
CI/CDAzureAzure Devops
Jul 7, 2025
Application Security Engineer II
Denver, Colorado
Full-time job
True Anomaly is seeking an experienced Application Security Engineer II to enhance the security of their innovative space technology. The role focuses on continuous monitoring and compliance for FedRAMP-compliant systems.
Aug 20, 2025
Application Security Engineer
Boston, Massachusetts
Full-time job
Sompo International is seeking an experienced Application Security Engineer to join their Information Security team in Boston, Massachusetts. The role involves developing and implementing security controls throughout the software development lifecycle and collaborating with development teams to enhance secure coding practices.
Python
True Anomaly
True Anomaly is seeking an experienced Application Security Engineer II to enhance the security of their innovative space technology. The role focuses on continuous monitoring and compliance for FedRAMP-compliant systems.