Nominal
Security & Compliance Engineer
Nominal About Nominal Nominal builds the software infrastructure that powers the worlds most advanced hardware systemsincluding spacecraft, autonomous vehicles, and next-generation industrial machines. Our platform ingests high?rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. Were a small, fast?moving team that owns problems end?to?end, works across disciplines, and thrives on challenges at the intersection of hardware and software. About the Role
As an early team hire focused on information security (Security) and governance, risk, and compliance (GRC), youll work across the organization to develop and mature a range of Security and GRC controls. Youll help Nominal meet various authority?to?operate (ATO) initiatives, including hardening our software platform, deploying into secure environments, incident response, network and endpoint security, baseline device configuration, and technical compliance with information security standards. Own and elevate our posture: Deliver technical excellence in product hardening and information security, ensuring Nominal can serve large DoD and enterprise customers securely. Detect and respond: Strengthen operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps. Plan and execute: Translate GRC requirements (CMMC, NIST?800?171, FedRAMP, NIST?800?53, IL?4/5, NSS, etc.) into technical actions and policies that meet stringent standards. Support our Information Security Program and apply standards to classified, air?gapped environments. Coach our team: Develop and deliver training that equips all employees to maintain high technical Security and Compliance standards. Communicate the standard: Prepare communications for government partners, assessors, auditors, and customers that explain Nominals technical security posture and inspire confidence. Were Looking For Someone With
4+ years of experience as a Security Engineer or Security Analyst. Hands?on expertise in endpoint protection, event monitoring and logging (EDR & SIEM). Incident handling experience including preparation, detection, analysis, containment, eradication, and post?mortem. Strong understanding of system administration, network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, and identity & access management controls. Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, and Microsoft GCC. Experience implementing and maintaining compliance frameworks such as CMMC, NIST?800?171, FedRAMP, NIST?800?53, IL?4/5, NSS, SOC?2, ISO?27001/27002. Experience with federal contracting and data protection requirements in government or industry settings. Experience conducting risk assessments, vulnerability management, and security control testing. General knowledge of DevSecOps and infrastructure concepts, with ability to collaborate with engineering teams. Strong organizational, writing, and attention?to?detail skills to produce policy, procedure, plan, and standard documentation. Strong project management and relational skills to work with cross?functional stakeholders and ensure delivery of Security and GRC posture. Benefits
100% coverage of medical, dental, and vision insurance. Unlimited PTO and sick leave. Free lunch, snacks, and coffee. Professional development stipend. Annual company retreat. Compliance & Eligibility To comply with U.S. Government export regulations, applicants must be a U.S. citizen or national, lawful permanent resident, refugee under 8 U.S.C. 1157, or asylee under 8 U.S.C. 1158, or be able to obtain required authorizations from the U.S. Department of State. Nominal cannot sponsor visas. Qualified applicants will receive consideration regardless of race, color, religion, sex, sexual orientation, gender identity, or national origin. #J-18808-Ljbffr
Nominal About Nominal Nominal builds the software infrastructure that powers the worlds most advanced hardware systemsincluding spacecraft, autonomous vehicles, and next-generation industrial machines. Our platform ingests high?rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. Were a small, fast?moving team that owns problems end?to?end, works across disciplines, and thrives on challenges at the intersection of hardware and software. About the Role
As an early team hire focused on information security (Security) and governance, risk, and compliance (GRC), youll work across the organization to develop and mature a range of Security and GRC controls. Youll help Nominal meet various authority?to?operate (ATO) initiatives, including hardening our software platform, deploying into secure environments, incident response, network and endpoint security, baseline device configuration, and technical compliance with information security standards. Own and elevate our posture: Deliver technical excellence in product hardening and information security, ensuring Nominal can serve large DoD and enterprise customers securely. Detect and respond: Strengthen operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps. Plan and execute: Translate GRC requirements (CMMC, NIST?800?171, FedRAMP, NIST?800?53, IL?4/5, NSS, etc.) into technical actions and policies that meet stringent standards. Support our Information Security Program and apply standards to classified, air?gapped environments. Coach our team: Develop and deliver training that equips all employees to maintain high technical Security and Compliance standards. Communicate the standard: Prepare communications for government partners, assessors, auditors, and customers that explain Nominals technical security posture and inspire confidence. Were Looking For Someone With
4+ years of experience as a Security Engineer or Security Analyst. Hands?on expertise in endpoint protection, event monitoring and logging (EDR & SIEM). Incident handling experience including preparation, detection, analysis, containment, eradication, and post?mortem. Strong understanding of system administration, network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, and identity & access management controls. Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, and Microsoft GCC. Experience implementing and maintaining compliance frameworks such as CMMC, NIST?800?171, FedRAMP, NIST?800?53, IL?4/5, NSS, SOC?2, ISO?27001/27002. Experience with federal contracting and data protection requirements in government or industry settings. Experience conducting risk assessments, vulnerability management, and security control testing. General knowledge of DevSecOps and infrastructure concepts, with ability to collaborate with engineering teams. Strong organizational, writing, and attention?to?detail skills to produce policy, procedure, plan, and standard documentation. Strong project management and relational skills to work with cross?functional stakeholders and ensure delivery of Security and GRC posture. Benefits
100% coverage of medical, dental, and vision insurance. Unlimited PTO and sick leave. Free lunch, snacks, and coffee. Professional development stipend. Annual company retreat. Compliance & Eligibility To comply with U.S. Government export regulations, applicants must be a U.S. citizen or national, lawful permanent resident, refugee under 8 U.S.C. 1157, or asylee under 8 U.S.C. 1158, or be able to obtain required authorizations from the U.S. Department of State. Nominal cannot sponsor visas. Qualified applicants will receive consideration regardless of race, color, religion, sex, sexual orientation, gender identity, or national origin. #J-18808-Ljbffr