• Design and implement the identity, access, and security foundation of the Human-Led AI Orchestration Layer • Ensure that every Action Point™, AI decision, and workflow is securely authorized, auditable, and aligned with human intent • Implement and manage authentication using Clerk across frontend and backend • Design RBAC and permission models aligned with human-led decision workflows • Implement secure session handling, JWT validation, and token lifecycles • Integrate identity flows with FastAPI (Python) backend services • Support secure authentication flows in React + TypeScript frontend applications • Ensure consistent authorization enforcement across APIs, services, agents, tools, and data access layers • Implement best practices for OAuth2, JWT, CORS, CSRF protection, and rate limiting • Harden APIs and identity boundaries for multi-tenant SaaS use cases • Document identity architecture and provide knowledge transfer to the team • Design and implement identity and permission models for AI agents, tools, and automated workflows • Define and enforce capability-based permission scopes for agents

Role Description Our client is redefining how humans govern technology. As the Identity & Security Engineer, you will design and implement the identity, access, and security foundation of the Human-Led AI Orchestration Layer. You will ensure that every Action Point™, AI decision, and workflow is securely authorized, auditable, and aligned with human intent. This role sits at the intersection of frontend, backend, and cloud security. Everything you build is expected to be revenue-ready and enterprise-grade. Key Responsibilities - Identity & Authentication - Implement and manage authentication using Clerk across frontend and backend. - Design RBAC and permission models aligned with human-led decision workflows. - Implement secure session handling, JWT validation, and token lifecycles. - Backend & Frontend Integration - Integrate identity flows with FastAPI (Python) backend services. - Support secure authentication flows in React + TypeScript frontend applications. - Ensure consistent authorization enforcement across APIs, services, agents, tools, and data access layers. - Security & Compliance - Implement best practices for OAuth2, JWT, CORS, CSRF protection, and rate limiting. - Harden APIs and identity boundaries for multi-tenant SaaS use cases. - Document identity architecture and provide knowledge transfer to the team. - Agent & AI Action Security - Design and implement identity and permission models for AI agents, tools, and automated workflows. - Define and enforce capability-based permission scopes for agents (what actions they can take, on what data, in which contexts). - Implement human-in-the-loop approval gates and policy enforcement points for sensitive or high-impact actions. - Prevent privilege escalation, cross-tenant access, and unauthorized tool or data usage by agents. - Design sandboxing and blast-radius containment strategies for semi-autonomous workflows. Qualifications - Hands-on experience implementing authentication and authorization in web applications. - Strong experience with Clerk (or equivalent identity providers). - Deep understanding of OAuth2, JWT, and session management. - Experience with FastAPI (Python) backend systems. - Frontend integration experience with React + TypeScript. - Strong security fundamentals and threat-model awareness. - Proficiency with Git and remote collaboration. Preferred Qualifications - Experience with Azure deployments and DevOps workflows. - Familiarity with Infrastructure-as-Code. - Experience implementing RBAC in multi-tenant SaaS platforms. - Background securing workflow or decision-support systems. Benefits - Flexible work structure of 20–40 hours per week, depending on role scope and workload. - Outcome-driven role, not hour-tracked. - Compensation provided as a fixed monthly stipend, aligned to responsibilities and expected ownership. - Stipend remains consistent as long as commitments are met and performance remains strong. - Environment requires clear ownership and follow-through, proactive communication, and consistent, high-quality delivery. - Flexibility is paired with accountability—team members are trusted to manage their time while ensuring outcomes, team continuity, and customer commitments are fully upheld.

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it. OUR MISSION True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground. OUR VALUES - Be the offset. We create asymmetric advantages with creativity and ingenuity. - What would it take? We challenge assumptions to deliver ambitious results. - It’s the people. Our team is our competitive advantage and we are better together. YOUR MISSION Cloud security at True Anomaly isn't about checking compliance boxes—it's about protecting infrastructure that enables space domain awareness and satellite operations. As our Senior Cloud Security Engineer, you'll build security tooling and implement security controls that enable our engineering teams to ship safely on cloud platforms. You'll implement security controls for our multi-cloud environments, working closely with staff engineers on architecture decisions while securing production workloads across Azure and AWS. Strong Azure security expertise is highly valued; deep AWS knowledge will be increasingly critical as our cloud footprint evolves. Working as part of the Platform Security team, you'll have impact within the security team and partner engineering teams. This is a hands-on role where you'll write production code daily, owning security projects within the cloud domain. You'll implement cloud security solutions and build tooling to enforce security controls. You'll solve complex security problems, taking ownership of projects from design through implementation with guidance on architecture and strategic direction. You'll be working in an AI-native environment where leveraging AI to accelerate your impact is expected. This position requires the ability to obtain and maintain a security clearance. RESPONSIBILITIES - Build security tooling, automation, and services for cloud security—implementing secure patterns that engineering teams can adopt - Implement security best practices and provide technical input on cloud security, IAM architecture, network security, and infrastructure-as-code - Implement and maintain security controls that strengthen the security posture of our cloud environments across Azure and AWS - Implement secure-by-default cloud infrastructure including IAM, network architecture (VPCs, subnets, NACLs, Security Groups, Transit Gateways), data protection, encryption, and security monitoring - Operate and maintain PKI infrastructure for cloud environments—including private CA hierarchies (AWS Private CA, AD CS), certificate lifecycle management, mTLS for service-to-service authentication, and load balancer certificate management - Operate and maintain HashiCorp Vault as the central secrets management platform—including Vault PKI engine, dynamic secrets, authentication methods, and policy management. You'll build and maintain this infrastructure, not just configure managed services - Partner with Kubernetes Security Engineer to implement unified PKI infrastructure across cloud and container environments, providing input on design decisions. Collaborate on K8s IAM integration, network policies, node security, and CSI driver security - Design and troubleshoot multi-account and multi-VPC network topologies—diagnosing connectivity issues and security group misconfigurations across cloud environments - Build automation and tooling to enforce security policies, detect misconfigurations, and respond to threats in cloud environments - Execute cloud security posture management (CSPM), threat detection, and incident response projects - Implement security improvements to infrastructure-as-code, CI/CD pipelines, and deployment processes - Partner with engineering teams to implement secure cloud architectures for new capabilities and workloads - Build security testing tools, CLI utilities, and dashboards to continuously validate security controls - Solve complex security challenges in multi-cloud environments - Leverage AI tools to accelerate development and automate security workflows QUALIFICATIONS - Active security clearance or ability to obtain and maintain security clearance - Experience securing production cloud environments at scale, with strong understanding of cloud security models, attack patterns, and defensive strategies across Azure and AWS - Strong software development skills in Python (preferred) and/or Go with experience building security tooling and automation - Strong software engineering fundamentals: comfortable with data structures, algorithms, API design, debugging production systems, and working across multiple languages - Strong Terraform skills including module design and infrastructure-as-code security best practices - Experience building security tooling or automation used by engineering teams - Strong experience with cloud networking and troubleshooting across AWS and Azure: VPCs/VNets, subnets, NACLs/NSGs, Security Groups, Transit Gateways/Virtual WAN, VPC peering, route tables, and VPN/ExpressConnect—you can debug "why can't X talk to Y" across multi-account/multi-subscription network topologies - Hands-on experience with cloud security tools (CSPM, CWPP, SIEM) and infrastructure-as-code security (Terraform, CloudFormation) - Strong knowledge of IAM, encryption, logging/monitoring, and cloud-native security patterns - DevSecOps mindset with experience embedding security into development and operations workflows - Proven ability to assess risk, prioritize work, and execute complex security projects - Track record of solving complex technical problems - Comfortable diving into unfamiliar codebases and leveraging AI to bridge knowledge gaps - Strong communication skills and ability to collaborate effectively across teams PREFERRED QUALIFICATIONS - Strong PKI knowledge with hands-on experience working with certificate infrastructure—including certificate lifecycle management, mTLS implementation, certificate-based authentication, and X.509/TLS troubleshooting - Hands-on experience operating HashiCorp Vault in production—including Vault PKI, dynamic secrets engines, and authentication methods. Experience integrating Vault with Kubernetes, AWS, and Azure auth methods is a plus WORK ENVIRONMENT - Fast-paced, mission-critical environment supporting national security space operations - Requires coordination across distributed teams including spacecraft engineers, ground operations, software developers, and government partners - May require participation in on-call rotation for security incident response and mission-critical system support - Occasional travel to government sites, launch facilities, or partner locations may be required COMPENSATION - Colorado Base Salary: $145,000–$195,000 - California Base Salary: $150,000–$205,000 for Long Beach, $165,000 - $225,000 for SF Bay Area - Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. ADDITIONAL REQUIREMENTS - Work Location—this role will be onsite at our Denver, SF Bay Area, or Long Beach offices. #LI-Onsite This position will be open until it is successfully filled. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it. OUR MISSION True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground. OUR VALUES - Be the offset. We create asymmetric advantages with creativity and ingenuity. - What would it take? We challenge assumptions to deliver ambitious results. - It’s the people. Our team is our competitive advantage and we are better together. YOUR MISSION Kubernetes security at the scale and complexity of space operations is genuinely hard — and a lot of it is still unsolved. This role exists to change that. As our Staff Kubernetes Security Engineer, you'll build zero-trust foundations and secure paved paths that enable our platform and development teams to ship safely on Kubernetes. You'll own the security posture of our container orchestration platform across multi-cloud environments, architecting security platforms that define how we operate containers in production. Working as part of the Platform Security team, you'll have broad impact across all teams deploying containerized workloads. This is a hands-on technical leadership role where you'll write production code daily while driving strategic security initiatives. You'll thrive on ambiguously hard problems, give yourself the toughest challenges, and have the technical maturity to drive complex security initiatives from conception to production with minimal direction. You'll be working in an AI-native environment where leveraging AI to accelerate your impact is expected. This position requires the ability to obtain and maintain a security clearance. RESPONSIBILITIES - Architect and build security platforms, frameworks, and foundational services used by platform and development teams—making secure patterns the default choice for Kubernetes deployments - Drive adoption of security best practices and influence technical direction for Kubernetes security, workload isolation, and container deployment - Own the security architecture and posture of our Kubernetes infrastructure across Azure and AWS environments - Design and implement secure-by-default infrastructure including pod security policies, network policies, RBAC, admission controllers, and runtime security - Build and ship production-grade automation, tooling, CLI utilities, and operators to enforce security best practices and detect threats across our Kubernetes clusters - Develop secure Custom Resource Definitions (CRDs), controllers, and Kubernetes operators for security automation and policy enforcement - Lead security architecture decisions for workload isolation, secrets management, service mesh security, and supply chain security - Design, implement, and operate PKI infrastructure for Kubernetes—including private CA hierarchies, automated certificate lifecycle management (cert-manager), service mesh mTLS certificate rotation, and certificate issuance for workloads and control plane components - Partner with Cloud Security Engineer to design and operate unified PKI infrastructure across cloud and container environments—ensuring consistent certificate policies, trust anchors, and operational practices. Collaborate on node IAM, pod service accounts, CNI security, and cloud provider integrations - Secure the Kubernetes control plane including API server, etcd, and CNI plugin configurations - Design and implement admission webhooks (validating and mutating) for security policy enforcement - Identify and drive resolution of complex security challenges in multi-tenant and multi-cluster environments - Partner with Platform and development teams to embed security into GitOps workflows and the development lifecycle - Stay ahead of emerging container security threats and proactively harden our defenses - Develop security testing frameworks and validation tools to continuously verify security controls - Leverage AI tools to accelerate development, close knowledge gaps, and push the boundaries of what's possible QUALIFICATIONS - Active security clearance or ability to obtain and maintain security clearance. - Deep expertise securing production Kubernetes environments at scale, with comprehensive understanding of the container attack surface - Extensive experience building Kubernetes operators, CRDs, and controllers—you understand the Kubernetes API and extension mechanisms deeply - Deep PKI knowledge with hands-on experience designing and operating certificate infrastructure—including private CA hierarchies, cert-manager deployment and operation, automated certificate rotation for service meshes (Istio/Linkerd), certificate lifecycle management, and X.509/TLS troubleshooting - You've built and maintained PKI infrastructure in production, not just consumed managed certificate services - Strong software development skills in Go (preferred) and Python with proven track record of building production platforms that engineering teams actually use - Strong software engineering fundamentals: comfortable with data structures, algorithms, API design, debugging production systems, and working across multiple languages - Track record of building security platforms or foundational services used across multiple engineering teams - Hands-on experience with container security tools and frameworks (Falco, OPA, Kyverno, Gatekeeper, service mesh security) - Deep understanding of Kubernetes internals: API server security, etcd encryption, CNI plugins, admission webhooks, RBAC, and control plane hardening - Experience with GitOps patterns and securing CI/CD pipelines for Kubernetes deployments - Experience with cloud security primitives across Azure and/or AWS - Practical knowledge of supply chain security, image scanning, admission control, and runtime threat detection - Proven ability to independently drive ambiguous, complex security initiatives to completion at staff+ level - Track record of giving yourself hard problems and navigating ambiguity with confidence - Comfortable diving into unfamiliar codebases and leveraging AI to bridge technical gaps - Strong communication skills and ability to influence technical direction across teams WORK ENVIRONMENT - Fast-paced, mission-critical environment supporting national security space operations - Requires coordination across distributed teams including spacecraft engineers, ground operations, software developers, and government partners - May require participation in on-call rotation for security incident response and mission-critical system support - Occasional travel to government sites, launch facilities, or partner locations may be required COMPENSATION - Colorado Base Salary: $160,000–$220,000 - California Base Salary: $165,000–$230,000 for Long Beach, - $185,000–$250,000 for SF Bay Area - Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. ADDITIONAL REQUIREMENTS - Work Location— this role will be onsite at our Denver, SF Bay Area, or Long Beach offices. #LI-Onsite This position will be open until it is successfully filled. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.