Senior Security Engineer

Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace industry. With technology acquired from Google, Aalyria is at the forefront of innovation in satellite and airborne mesh networks, as well as cislunar and deep-space communications. We are revolutionizing the orchestration and management of planetary mesh networks using any radio or optical spectrum, any orbit, and any hardware across land, sea, air, and space.

• →Design, implement, and manage secure cloud networking architectures including VPCs, subnets, peering, and transit gateways across GCP, AWS, or Azure
• →Configure and maintain cloud-native firewall rules, security groups, network ACLs, and perimeter controls to enforce least-privilege traffic policies
• →Implement and manage cloud security posture management (CSPM) tooling and continuously remediate misconfigurations across cloud environments
• →Design and operate network segmentation and micro-segmentation strategies aligned with zero trust architecture principles
• →Manage and harden cloud IAM, including role definitions, service account policies, privileged access controls, and just-in-time access

• Manage next-generation firewall (NGFW) platforms, including policy development, rule lifecycle management, and traffic inspection configurations
• Implement and maintain IDS/IPS, DNS security, and network monitoring solutions to detect and respond to threats
• Design and enforce network access control (NAC) policies and segmentation for both cloud and on-premises environments
• Conduct regular firewall rule reviews and access path analysis to identify and remediate overly permissive configurations

• Design, implement, and operate PKI infrastructure including certificate authorities, certificate lifecycle management, and trust store management
• Manage certificates for device identity, mutual TLS (mTLS), VPN authentication, and code signing in compliance with federal requirements
• Administer and enforce access control policies across identity providers (IdPs), directory services (Active Directory / LDAP), and SSO platforms
• Implement and maintain multi-factor authentication (MFA), privileged access management (PAM), and role-based access control (RBAC) systems
• Ensure cryptographic implementations meet FIPS 140-2/140-3 requirements and federal standards

• Implement and maintain technical controls mapped to CMMC Level 2, FedRAMP, and NIST 800-171 control families
• Develop and manage system security plans (SSPs), security assessment reports (SARs), and plans of action and milestones (POA&Ms)
• Conduct continuous monitoring, log review, and evidence collection to support compliance audits and third-party assessments
• Perform risk assessments and vulnerability management across cloud and on-premises infrastructure in accordance with NIST RMF
• Maintain configuration baselines and enforce hardening standards (DISA STIGs, CIS Benchmarks) across systems and cloud resources

• Maintain and tune SIEM integrations, security logging pipelines, and alerting rules for cloud and network infrastructure
• Manage endpoint detection and response (EDR) and vulnerability scanning tools across the infrastructure fleet
• Build and maintain automation for compliance evidence collection, configuration auditing, and security reporting
• Document security architecture, network diagrams, access control matrices, and

• 5+ years of experience in cloud infrastructure security, network security, or IT systems engineering with a security focus
• Hands-on experience securing cloud environments in GCP, AWS, or Azure, including networking, IAM, and logging controls (GCP strongly preferred)
• Demonstrated experience designing and managing cloud network security controls: firewalls, security groups, VPC/VNet architecture, and traffic inspection
• Proficiency with next-generation firewalls (e.g., Palo Alto, Fortinet, or cloud-native equivalents) including policy management and traffic analysis
• Working knowledge of PKI concepts, certificate lifecycle management, and cryptographic protocols (TLS, mTLS, FIPS 140-2/3)
• Hands-on experience implementing and managing IAM, PAM, MFA, RBAC, and SSO systems in enterprise or federal environments
• Direct experience implementing technical controls for CMMC L2, FedRAMP, or NIST 800-171 compliance programs
• Strong understanding of zero trust architecture principles and practical implementation across hybrid environments
• Experience with SIEM platforms, log aggregation, and security monitoring for infrastructure and network event data
• Excellent communication skills with ability to explain security architecture and compliance posture to both technical teams and leadership

• Active Secret or Top Secret clearance, or ability to obtain
• Experience designing and operating PKI infrastructure at scale, including enterprise or government CA hierarchies
• Familiarity with FIPS 140-2/140-3 validated cryptographic modules and their deployment in federal environments
• Experience with cloud security platforms such as Wiz, AWS Security Hub, GCP Security Command Center, or Azure Defender
• Proficiency with infrastructure-as-code tools (Terraform, Ansible) for automating security configurations and compliance baselines
• Knowledge of DISA STIGs, CIS Benchmarks, and hardening standards for Linux, Windows, and cloud platforms
• Experience with network access control (NAC), SD-WAN, or SASE platforms in enterprise or federal environments
• Background in IT systems engineering, network engineering, or systems administration with a transition to security
• Familiarity with hardware security modules (HSMs) and their integration into PKI or secrets management workflows
• Security certifications such as CISSP, CCSP, CompTIA Security+, GCP Professional Cloud Security Engineer, or equivalent

This position involves access to export-controlled information. To comply with U.S. government export regulations, applicants must meet one of the following criteria:

(A) Qualify as a U.S. person, which includes:

• U.S. citizen or national
• U.S. lawful permanent resident (green card holder)
• Refugee under 8 U.S.C. 1157
• Asylee under 8 U.S.C. 1158

(B) Be eligible to access export-controlled information without requiring an export authorization.

(C) Be eligible and reasonably likely to obtain the necessary export authorization from the appropriate U.S. government agency.

The company reserves the right to decline pursuing an export licensing process for legitimate business-related reasons.

Aalyria is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Qualified applicants from all backgrounds are encouraged to apply.