Senior Software Security Engineer at Loft Federal

Golden, ColoradoFull-timeSoftwarePosted 30 days ago

About the Role

<div class="content-intro"><div> About Loft Federal Loft Federal is committed to delivering the U.S. national security space community a fast, affordable, and streamlined pathway to orbit. As a wholly owned U.S. subsidiary of Loft Orbital Solutions, Inc., we specialize in providing mission-ready space infrastructure with unmatched efficiency. At Loft, we empower our team with autonomy, ownership, and bold problem-solving opportunities while fostering a tight-knit, supportive environment. We believe that diversity, inclusivity, and community are the foundation of an open and innovative culture. We value kind, collaborative, and mission-driven teammates who excel in problem-solving and communication—because great solutions come from great teams. </div> <div>Are you ready to embark on this exciting journey with us? </div></div><span data-ccp-charstyle="normaltextrun" data-ccp-charstyle-defn="{"ObjectId":"ac0262f4-8a9e-5820-b908-2d943c5f7113|1","ClassId":1073872969,"Properties":[201342446,"1",201342447,"5",201342448,"1",201342449,"1",469777841,"Aptos",469777842,"",469777843,"Aptos",469777844,"Aptos",201341986,"1",469769226,"Aptos",268442635,"24",469775450,"normaltextrun",201340122,"1",134233614,"true",469778129,"normaltextrun",335572020,"1",469778324,"Default Paragraph Font"]}">We are seeking a Senior Software Security Engineer to lead the design, implementation, and assessment of the security architecture for our flight and ground software systems. This is not a traditional IT compliance role; you are a hands-on software engineer first, with a deep passion for building security into the core of a product. You will be responsible for everything from hands-on coding of security services to integrating automated controls into our CI/CD pipelines and ensuring our architecture meets the stringent requirements for a government Authority to Operate (ATO).  You will spend your time writing code, hardening our infrastructure, participating in threat modeling, and mentoring our talented software engineers in secure development practices. You will be the team's expert on balancing cutting-edge security with the very real constraints of embedded systems and the compliance demands of NIST and CMMC frameworks.  What You'll Do  <ul> <li data-leveltext="" data-font="Symbol" data-listid="12" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Architect & Design: Design, develop, and contribute to the Zero Trust security architecture for our flight software, including services for authentication/authorization, cryptographic key management, secure data storage, and secure transport. Lead the research and evaluation of security features, protocols, and third-party tools to make data-driven architectural decisions. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="12" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Harden Mission Infrastructure: Collaborate with infrastructure teams to secure our onboard flight software platform, including hardening embedded Linux systems, segmenting spacecraft network enclaves, configuring onboard IAM policies, and mitigating operational cybersecurity risks across the asset lifecycle. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="12" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Implement Security Controls in the SDLC: Work with the DevOps team to integrate and automate security controls directly into our CI/CD pipelines, including Static/Dynamic Application Security Testing (SAST/DAST), Software Composition Analysis (SCA), SBOM generation, and container vulnerability scanning using tools like SonarQube. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="12" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Lead Compliance Efforts: Serve as the technical expert for designing and implementing security controls required by NIST SP 800-53 / 800-171 such as encryption, access control, and secure logging. Participate in security architecture reviews, code audits, and threat modeling sessions to identify and remediate vulnerabilities like API weaknesses and supply chain risks. Collaborate with security team and ISSM to prepare systems and documentation for ATO approval. </li> </ul> What We're Looking For  Required Skills:  <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">5+ years of professional experience in software development, with at least 3 years in a security-focused role. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="2">Deep understanding of modern security principles, including DevSecOps, Zero Trust, container security, and common threats. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="2">Demonstrable expertise in one or more of the following security domains: network security, application security, or cryptography. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="2">Technical experience implementing and assessing controls for frameworks such as NIST SP 800-53 / 800-171. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="2">Hands-on experience with scripting and programming languages (e.g., Python, Bash, C++). </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="2">Strong understanding of Linux systems security and hardening. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="2">Experience with container security (Docker, k3s) and vulnerability scanning tools. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="2">One or more current, relevant security certifications such as Security+, CySA+, GSEC, CASP, or CISSP. </li> </ul> <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="9" data-aria-level="2">Active security clearance required. </li> </ul> Desired Skills (The more of these you have, the better):  <ul> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Experience with embedded Linux environments and the challenges of resource-constrained systems (CPU, memory).</li> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Hands-on experience with service-oriented or message-oriented architectures.</li> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Experience in the aerospace, defense, or another high-assurance industry. Particularly those who have written flight software for spacecraft, robotics, and/or autonomous vehicles.</li> <li data-leveltext="o" data-font="Courier New" data-listid="13" data-list-defn-props="{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="2">Experience with Infrastructure as Code (IaC) tools (Terraform, Helm, Ansible). </li> </ul> Why You'll Want to Work Here  <ul> <li data-leveltext="" data-font="Symbol" data-listid="14" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">High-Impact Mission: Your work will directly contribute to the security of critical national space assets. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="14" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Greenfield Opportunity: You will have the authority and autonomy to build a modern security architecture from the ground up, the "right way." </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="14" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Expert Team: You will be a senior member of a small, highly skilled team where your expertise will be valued and your contributions will be immediately visible. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="14" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Modern Tech Stack: We are using a modern, cloud-native-inspired stack (k3s, NATS, CI/CD) to solve aerospace's most challenging problems. </li> </ul> If you are a software engineer who is passionate about security and wants to build trusted systems for a mission that matters, we encourage you to apply. <div class="content-pay-transparency"><div class="pay-input"><div class="description"><div>Per Colorado law, we are required to disclose the base compensation range for this role. This range is intentionally wide as we assess individuals based on their unique abilities and experience to find the best fit for our needs. Ultimately, your compensation will be determined by your education, experience, knowledge, skills, and abilities. </div> <div> </div> <div>In addition to a competitive salary and <a href="https://loftfederal.com/careers/" target="_blank">benefits</a> package, you will find a truly remarkable culture guided by transparency and collaboration and work that is challenging and meaningful. We can't wait to meet you and see what you may add to our team!</div></div><div class="title">Salary Range</div><div class="pay-range">$130,000—$180,000 USD</div></div></div><div class="content-conclusion"><h4>Equal Employment Opportunity & Affirmative Action </h4> Loft Federal is an Equal Employment Opportunity and Affirmative Action Employer. We consider all qualified applicants for employment without regard to race, color, age, religion, sex, gender identity or expression, sexual orientation, marital status, national origin, ancestry, veteran status, genetic information, disability, pregnancy, or any other legally protected status. Accessibility & Accommodations If you require a reasonable accommodation due to a disability when applying for an open position, please contact us at <a href="mailto:[email protected]">[email protected]</a> for assistance. We Hire for Talent, Not Just Resumes <div> Research shows that while men apply for jobs when they meet about 60% of the qualifications, women and other underrepresented groups tend to apply only when they meet 100% of the listed criteria. At Loft Federal, we value diverse perspectives, respectful debate, and people who challenge assumptions. If you’re excited about a role but don’t meet every requirement, we strongly encourage you to apply. </div> <div> Third-Party Recruiters & Agencies No outside recruiters, please. Loft Federal does not accept unsolicited resumes from headhunters, staffing agencies, or third-party recruiters. We will not pay fees for candidates submitted without a signed agreement in place. </div></div>

About the Role

About the Role

Related Roles

About the Role

Related Roles