Senior Compliance Automation Engineer

Space is a war fighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

• Be the offset. We create asymmetric advantages with creativity and ingenuity.
• What would it take? We challenge assumptions to deliver ambitious results.
• It’s the people. Our team is our competitive advantage and we are better together.

We are seeking a Senior Compliance Automation Engineer to join our Governance, Risk, and Compliance (GRC) team and design and build True Anomaly's compliance automation platform from the ground up. This is a greenfield engineering role, not a configuration or administration position. You will not be deploying off-the-shelf GRC tools and calling it done. Instead, you will architect and engineer a purpose-built, continuous compliance monitoring platform capable of spanning a hybrid environment of on-premises classified systems and multi-cloud infrastructure (AWS Gov Cloud, Azure Government).

This role sits at the intersection of software engineering, Dev Sec Ops , and compliance, and demands someone who can write production-quality code, design robust API and webhook integration frameworks, and translate NIST SP 800-53 Rev. 5 and NIST SP 800-171 Rev. 3 control requirements into automated, evidence-generating technical workflows. You will own the architecture, build the pipelines, and integrate data from across the enterprise to produce a real-time, auditable, and scalable compliance posture built on infrastructure you design, not a vendor's dashboard.

This position requires the ability to obtain and maintain a security clearance.

• Architect and build a greenfield Continuous Compliance Monitoring (CCM) platform from first principles, designed to aggregate, correlate, and report on security control status across hybrid on-premises and cloud environments in near real time.
• Design and implement a modular, API-first platform architecture with well-documented internal APIs and extensible data models that support rapid onboarding of new control families, systems, and data sources.
• Develop webhook-driven integration pipelines that ingest telemetry and compliance signals from diverse source systems, including cloud-native security services, SIEM platforms, vulnerability scanners, configuration management tools, and identity providers, without reliance on manual data collection or polling.
• Build control validation microservices that programmatically test the implementation state of NIST SP 800-53 and 800-171 controls, generate machine-readable evidence artifacts, and surface control gaps with contextual remediation guidance.
• Implement an evidence collection and artifact management framework that automatically captures, timestamps, and indexes compliance evidence mapped to specific control requirements, enabling audit-ready artifact packages to be assembled on demand.
• Develop platform capabilities to support continuous authorization workflows, replacing point-in-time assessment cycles with living, automated control validation that feeds directly into ATO decision support.

• Embed compliance enforcement gates into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins) to intercept non-compliant infrastructure-as-code (IaC) changes, insecure configurations, and policy violations before they reach production.
• Develop and maintain policy-as-code libraries using tools such as Open Policy Agent (OPA), Terraform Sentinel, AWS Config Rules, and Azure Policy, translating control requirements into machine-enforceable rulesets.
• Integrate compliance telemetry with infrastructure provisioning workflows using Terraform, Ansible, and Pulumi, ensuring that system authorization boundaries are maintained as infrastructure evolves.
• Build automated STIG validation workflows that…