Senior Product Security Engineer

Umbra builds next-generation space systems that observe the Earth in unprecedented fidelity.

Our mission: Deliver global omniscience.

To stay ahead of climate change, geopolitical risk, and other major crises and issues, we need a global understanding of what is changing, where, and how fast. Umbra provides easy access to the highest quality commercial satellite data available, an indispensable tool for the growing number of organizations monitoring the Earth. We empower our customers to create solutions that inform, inspire, and address our planet's most pressing needs. We’re helping to create a new industry that has never meaningfully existed before.

Are you ready to take the lead as a Senior Product Security Engineer? We're on the lookout for an expert to enhance the security of the software and systems that power our satellite infrastructure. In this exciting role, you’ll collaborate with diverse teams to pinpoint security needs and vulnerabilities, execute comprehensive security assessments, and devise effective strategies to minimize risks. If you have a passion for safeguarding complex systems within the aerospace industry, don't miss this chance to make a significant impact!

Our aim is to hire this position to work in Umbra's Santa Barbara, CA location in order to work along side product development teams. However, we are open to considering Hybrid applicants as well as candidates in the VA/DC/MD area, working out of our Arlington, VA office.

What you will do - You'll be an essential collaborator with Umbra's product development teams, dedicated to enhancing the trustworthiness, resilience, and survivability of our space segment, which encompasses both satellite and ground system environments. As a secure engineering advocate, you'll support our development release trains, create threat models, assess operational risks, and collaborate with product and SRE teams at the engineering level to continuously boost our systems' trustworthiness, resilience, and survivability. Please note, this role is purely focused on technical development and engineering.

Key Responsibilities

• Lead security assessments and code reviews for our satellite software and systems as well as ground systems.
• Develop threat models and perform risk assessments to identify potential vulnerabilities in systems and applications.
• Implement security best practices across development teams and foster a culture of security awareness within the organization.
• Collaborate with engineering teams to develop, enforce, and audit security standards, policies, and procedures for satellite and ground system environments.
• Research emerging security technologies and frameworks relevant to space systems , and proactively integrate relevant solutions to protect infrastructure.
• Design and implement security automation tools and processes to improve system security and minimize manual intervention in securing software releases.
• Work with cross-functional teams to design, implement, and continuously improve secure DevOps pipelines and secure software development lifecycles (SDLC).
• Participate in incident response and security monitoring efforts, ensuring that security events are quickly identified, mitigated, and lessons learned are incorporated into security practices.
• Support third-party security audits and assessments, providing documentation and guidance on any identified vulnerabilities or risks as needed.
• Ensure regulatory compliance with relevant aerospace, satellite, and cybersecurity standards and frameworks such as NIST, CMMC, and others.
• Be the continuous advocate for improving security best practices and champion for a security minded culture with all technical staff to increase overall awareness and capabilities in addressing security risks.
• Support systems security engineering initiatives, ensuring that operational segments are well positioned for resiliency and survivability.
• Other professional duties as assigned.

Requirements

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in product security or software security engineering.
• Strong proficiency in secure coding practices and application security assessments.
• Experience with threat modeling and risk assessment methodologies.
• Familiarity with security tools such as static analysis, dynamic analysis, and penetration testing frameworks.
• In-depth understanding of networking protocols, cryptographic algorithms, and vulnerability management.
• Experience with cloud security architecture and securing cloud environments (AWS, Azure, etc.).
• Excellent communication skills and ability to work collaboratively in cross-functional teams.
• Current security clearance or willingness and ability to acquire one.
• One or more of the Desired Qualifications.

Desired Qualifications

• Experience in the aerospace or satellite industry.
• Knowledge of security frameworks such as NIST 800-171, Risk Management Framework, CMMC.
• Experience with incident response and security monitoring tools.
• Familiarity with hardware security principles and practices.
• Relevant industry certifications such as OSCP, or SANS certifications are a plus.

Benefits

• Flexible Time Off, Sick, Family & Medical Leave
• Medical, Dental, Vision, Life, LTD, STD (employer funded)
• Vol Life, Critical Illness, Accidental, Hospital Indemnity, Pet Insurance (employee funded)
• 401k with 3% non-elective company contribution
• Stock Options
• Free Parking
• Free lunch daily in office

Umbra is an Equal Opportunity Employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics.

Employment Eligibility Verification

In compliance with federal laws, all hired persons will be required to verify their identity and eligibility to work in the United States by completing the required Employment Eligibility Verification Form (I-9 Form) upon hire.

ITAR/EAR Requirements

This position may include access to technology and/or data that is subject to U.S. export controls pursuant to ITAR and EAR. To comply with federal export controls, all persons hired must be a U.S. citizen, U.S. national, U.S. lawful permanent resident, refugee or asylee as defined by 8 U.S.C. § 1324b(a)(3), or must otherwise be eligible to obtain the required authorizations from the U.S. Department of State and/or U.S. Department of Commerce as applicable. 

Pay Transparency
This job posting may cover multiple career levels. To ensure greater transparency, we provide base salary ranges for all roles, regardless of location. Our standard pay ranges are based on the role’s function and level, benchmarked against similar growth-stage companies. Compensation may vary based on geographical location, as certain regions may have different cost-of-living factors. The final offer will also be influenced by the candidate's skills, responsibilities, and relevant experience.

Compensation Range

The Compensation Range for this role is $125,000 - $185,000.