Security and Compliance Lead

Security and Compliance Lead About Aalyria: Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace industry. With technology acquired from Google, Aalyria is at the forefront of innovation in satellite and airborne mesh networks, as well as cislunar and deep-space communications. We are revolutionizing the orchestration and management of planetary mesh networks using any radio or optical spectrum, any orbit, and any hardware across land, sea, air, and space. Role Overview: We are looking for an experienced Security & Compliance Lead to join our team. The ideal candidate for this role has deep expertise in federal compliance frameworks including CMMC, FedRAMP, ITAR, and DFARS, combined with hands-on technical security implementation experience. We need someone who can navigate compliance frameworks and roll up their sleeves to implement controls, harden systems, and solve technical problems. We require an individual capable of navigating compliance frameworks, implementing controls, hardening systems, and resolving technical challenges. You will be the primary owner of our government compliance programs while also contributing directly to security architecture, tooling, and engineering efforts. You will work closely with the Director of Security & IT, our engineering teams, and external partners to ensure we meet contractual and regulatory obligations. Come join a team building secure systems that support mission-critical communications for defense and federal customers. Key Responsibilities: Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines Define, document, and enforce CUI boundaries and enclave architecture Translate compliance requirements into actionable technical guidance for engineering teams Support customer security assessments, due diligence requests, and contract security requirements Required Qualifications: 7+ years of experience in security roles with demonstrated compliance and technical responsibilities Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent) Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud) Experience with enterprise IAM platforms (Okta, Azure AD, or similar) Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use Strong communication skills with comfort presenting to auditors, executives, ... (truncated, view full listing at source)