Security & Compliance Engineer

Security & Compliance Engineer – Nominal

About Nominal
Nominal builds the software infrastructure that powers the world’s most advanced hardware systems—including spacecraft, autonomous vehicles, and next-generation industrial machines. Our platform ingests high‑rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. We’re a small, fast‑moving team that owns problems end‑to‑end, works across disciplines, and thrives on challenges at the intersection of hardware and software.

As an early team hire focused on information security (Security) and governance, risk, and compliance (GRC), you’ll work across the organization to develop and mature a range of Security and GRC controls. You’ll help Nominal meet various authority‑to‑operate (ATO) initiatives, including hardening our software platform, deploying into secure environments, incident response, network and endpoint security, baseline device configuration, and technical compliance with information security standards.

• Own and elevate our posture:
  Deliver technical excellence in product hardening and information security, ensuring Nominal can serve large DoD and enterprise customers securely.
• Detect and respond:
  Strengthen operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps.
• Plan and execute:
  Translate GRC requirements (CMMC, NIST 800‑171, FedRAMP, NIST 800‑53, IL 4/5, NSS, etc.) into technical actions and policies that meet stringent standards. Support our Information Security Program and apply standards to classified, air‑gapped environments.
• Coach our team:
  Develop and deliver training that equips all employees to maintain high technical Security and Compliance standards.
• Communicate the standard:
  Prepare communications for government partners, assessors, auditors, and customers that explain Nominal’s technical security posture and inspire confidence.

• 4+ years of experience as a Security Engineer or Security Analyst.
• Hands‑on expertise in endpoint protection, event monitoring and logging (EDR & SIEM). Incident handling experience including preparation, detection, analysis, containment, eradication, and post‑mortem.
• Strong understanding of system administration, network setup (VPN, SSIDs, firewalls), software & hardware allow listing/block listing, encryption & secure protocols, and identity & access management controls.
• Familiarity with cloud environments such as AWS Gov Cloud, Microsoft Azure, and Microsoft GCC.
• Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800‑171, FedRAMP, NIST 800‑53, IL 4/5, NSS, SOC 2, ISO 27001/27002.
• Experience with federal contracting and data protection requirements in government or industry settings.
• Experience conducting risk assessments, vulnerability management, and security control testing.
• General knowledge of Dev Sec Ops  and infrastructure concepts, with ability to collaborate with engineering teams.
• Strong organizational, writing, and attention‑to‑detail skills to produce policy, procedure, plan, and standard documentation.
• Strong project management and relational skills to work with cross‑functional stakeholders and ensure delivery of Security and GRC posture.

• 100% coverage of medical, dental, and vision insurance.
• Unlimited PTO and sick leave.
• Free lunch, snacks, and coffee.
• Professional development stipend.
• Annual company retreat.

Compliance & Eligibility
To comply with U.S. Government export regulations, applicants must be a U.S. citizen or national, lawful permanent resident, refugee under 8 U.S.C. § 1157, or asylee under 8 U.S.C. § 1158, or be able to obtain required authorizations from the U.S. Department of State. Nominal cannot sponsor visas. Qualified applicants will receive consideration regardless of race, color, religion, sex, sexual orientation, gender identity, or national origin.