Security Engineer

About Nominal Nominal is building the connected test and operations platform powering the world's most advanced hardware systems, from spacecraft and autonomous vehicles to next-generation defense programs. Our platform gives hardware engineering teams a single place to ingest data, analyze performance, automate test execution, and collaborate across every phase of development, so they can move faster without sacrificing safety or precision. We're a fast-moving team that owns problems end-to-end, works across disciplines, and thrives at the intersection of hardware and software. We serve top-tier commercial and defense customers, from autonomy leaders like Anduril and Shield AI to next-generation aerospace teams like Hermeus and REGENT, and performance engineering teams like Pratt Miller Motorsports, alongside mission partners within the U.S. Navy and U.S. Air Force on programs where failure isn’t an option. We’re backed by Sequoia, General Catalyst, Founders Fund, Lux Capital, and Lightspeed. Our team draws from SpaceX, Palantir, Anduril, Applied Intuition, and other leading companies, united by a common mission: giving hardware engineers the tools to build the future with speed, safety, and confidence. As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you’ll be responsible for working across the organization, developing and maturing various Security and GRC controls. You’ll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal’s software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more. 🚀 About the role Own the Security Posture (0 to 1) : As part of a small team, you will be responsible for building and maturing Nominal’s security and GRC posture from an early foundation. This includes designing first-generation controls, tooling, and processes that scale as Nominal serves regulated enterprise and defense customers (U.S. and non-U.S.). This role emphasizes systems thinking, architecture, and secure-by-design decisions over reactive monitoring or narrow security operations. Detect and Respond : Strengthen Nominalʼs operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences. Plan and Execute : Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) into concrete technical actions, architectures, and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments. Coach Our Team : Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries. Communicate the Standard : Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominalʼs technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices. 🚀 About the role This role is designed for a broad, product-minded security engineer who has helped build security programs in early-stage or fast-scaling technology companies. You will thrive in this role if you: Have operated in environments where security controls, tool ... (truncated, view full listing at source)