← all jobs

[Remote] Lead Product Security Engineer

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace industry. The Lead Product Security Engineer will be responsible for owning application security, CI/CD and supply-chain security, and product infrastructure security while collaborating closely with hardware engineering.

Responsibilities

  • Application & software security. SAST/DAST/SCA, secure SDLC, threat modeling, and software vulnerability management across our codebase
  • CI/CD and supply-chain security. Hardening our GitLab pipelines, build provenance, dependency integrity, signing, and SLSA-aligned controls
  • Product infrastructure security. GKE and Kubernetes hardening, container security, workload identity, network policy, and runtime protection
  • Product PKI. Certificate lifecycle, issuance, rotation, and mTLS architecture across distributed services and remote assets
  • Vulnerability management. Triage, prioritization, remediation tracking, and exception handling, for both disclosed upstream issues and internal findings
  • Product incident response. Leading triage and response for product-side security incidents, coordinating with corporate IR, and driving post-mortems to action
  • Product infra hardening. Baseline configurations, secure defaults, and compensating controls across product environments
  • Hardware security partnership. Working with the Tightbeam team on firmware security, secure boot, key storage, and hardware supply-chain integrity

Skills

  • Senior- or staff-level hands-on experience in product security or security engineering, with significant depth in software/AppSec
  • Production experience securing cloud environments such as IAM, org policy, VPC Service Controls, KMS, and Kubernetes at depth
  • Strong cryptographic foundations, PKI architecture, key management, signing, mTLS, and secrets handling at scale
  • Hands-on coding ability in Python, Bash, and Go, you can write tooling, automate controls, and ship Terraform/scripts when the situation calls for it. Comfort reviewing code is a plus
  • A track record of building security programs, not just operating tools someone else stood up
  • Experience leading product incident response, triage, response, coordination with engineering teams, customer comms, and post-mortem ownership
  • A pattern of mentoring engineers and raising the security bar of teams around you, even without direct reports
  • Experience interfacing with hardware/firmware teams, even if hardware isn't your primary domain
  • Strong written communication, you'll write threat models, design docs, and program updates that go to the executives, customers, and assessors
  • Working knowledge of the compliance frameworks that govern our environment such as CMMC, FedRAMP, and DFARS along with the ability to translate controls into engineering work
  • Hands on experience with NIST 800-53, NIST 800-171, or DoD SRG environments
  • Experience with government-cloud platforms
  • Hardware security depth in HSMs, TPMs, secure elements, supply-chain attestation
  • Embedded / firmware security background, secure boot, RoT, OTA update integrity, hands-on firmware review
  • Experience standing up or running a vulnerability disclosure program or bug bounty, triage, researcher comms, and CVE coordination

Benefits

  • 401(k)
  • Dental
  • Vision
  • Health
  • Life insurance
  • Paid time off
  • Equity options
  • Flexible working arrangements including hybrid remote/in-office schedules

Company Overview

  • Aalyria is an advanced aerospace communications company that provides high-throughput networks for both commercial and government clients. It is a sub-organization of Google. It was founded in 2021, and is headquartered in Livermore, California, USA, with a workforce of 51-200 employees. Its website is https://www.aalyria.com.
  • More open positions

    [Remote] Account Executive

    Work from home Full-time role

    [Remote] Senior Growth Product Designer

    Work from home Full-time role

    [Remote] Senior Data Scientist

    Work from home Full-time role

    [Remote] Software Engineer/Senior - foreUP

    Work from home Full-time role

    [Remote] Director of Business Operations, Marketplace Analytics

    Work from home Full-time role

    Flexible, Weekly Gig Work - Multiple Opportunities in Cities Across the US

    Work from home Full-time role

    [Remote] AI Engineer (Python, LLM/Agentic AI)

    Work from home Full-time role

    Remote – Online Appointment Setter: Booking Hotels

    Work from home Full-time role

    Remote Data Entry Clerk – Precise Virtual Data Management Specialist for careerzynith

    Work from home Full-time role

    Strategy & Operations Manager, Revenue Operations

    Work from home Full-time role

    Payroll Analyst, US - Remote (6 Month Contract)

    Work from home Full-time role

    Experienced Live Chat Representative – Urgent Part-Time Remote Opportunity at careerzynith

    Work from home Full-time role

    [Remote] Business Value Lead (SaaS/Healthcare Tech)

    Work from home Full-time role

    Lead, Business Development

    Work from home Full-time role

    [Remote] Associate - Strategy and Technology Management Consultant

    Work from home Full-time role

    Senior Software Engineer

    Work from home Full-time role

    Remote Motion Designer

    Work from home Full-time role

    [Remote] Regulatory Writer I

    Work from home Full-time role

    Family Health Advocate - Remote

    Work from home Full-time role

    Senior Product Manager

    Work from home Full-time role

    USA Fractional CMO (Growth Marketing/UA focus)

    Work from home Full-time role