Senior Identity & Auth Engineer
Quick Summary
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
YOUR MISSION
Software is the central nervous system for True Anomaly's engineering and product thesis. As we deploy our space operations platform into classified environments, identity and authorization become critical technical challenges requiring deep specialization. True Anomaly is seeking a highly experienced Senior Identity & Authorization Engineer to build the multi-tenant identity infrastructure that enables secure operations at IL6 (SECRET) and beyond. You'll deploy and integrate Kubernetes-native identity platforms, implement fine-grained authorization models for space operations, and provide deep technical expertise on identity/auth during compliance processes. Working closely with our security and platform teams, you'll evaluate and integrate modern authorization frameworks (ReBAC, SPIFFE/SPIRE, OPA), build policy-as-code enforcement systems, and ensure our identity architecture meets the rigorous standards required for classified environments.
You do not need to have experience building space ground systems or experience in aerospace. You'll have ownership of challenging, greenfield problems and a chance to fundamentally impact the outcome of future conflict (and the future of the company), all while enjoying world-class benefits including platinum healthcare, flexible work hours/location, highly competitive compensation and a generous stock options package.
Responsibilities
~1 min read- →Architect and deploy Kubernetes-native identity and authorization infrastructure for IL6 (SECRET) multi-tenant environments
- →Serve as a technical authority for identity/auth controls during ATO processes, documenting and evidencing compliance for IdP components
- →Design and implement multi-tenant isolation strategies ensuring zero lateral movement between customer/program boundaries
- →Evaluate, deploy, and harden self-hosted IdPs (Keycloak, Dex, Authentik, etc.) for classified Kubernetes clusters
- →Design authorization models (RBAC, ABAC, ReBAC) for space operations use cases with fine-grained access control requirements
- →Implement workload identity frameworks (SPIFFE/SPIRE, K8s projected tokens) and service mesh authentication (Istio, Linkerd, Cilium)
- →Build policy-as-code systems (OPA/Gatekeeper, Kyverno, Cedar) for automated compliance enforcement at runtime
- →Integrate with government identity systems (CAC/PIV, LDAP, Active Directory) and legacy SAML 2.0 applications
- →Collaborate with security team on secret management strategy (HashiCorp Vault, Azure Key Vault) with encryption key lifecycle for IL6 environments
- →Work with application teams to define authentication/authorization contracts for microservices
- →Partner with customers and government auditors during ATO processes to demonstrate compliance and address findings
- →Stay current on emerging identity/auth technologies and evaluate applicability to classified environments
Requirements
~3 min read- Clearance: Eligible for TS/SCI clearance (U.S. citizen or lawful permanent resident), active clearance strongly preferred
- Experience: 10+ years in platform/security engineering with 5+ years focused on identity, authentication, or authorization systems
- Multi-Tenant Architecture: Designed and implemented proper tenant isolation (zero lateral movement, strong security boundaries) for SaaS, defense, or high-assurance systems
- Kubernetes Production Experience: Deployed and operated production Kubernetes clusters with 3+ years experience
- Identity Infrastructure: Production experience deploying/operating at least one K8s-native IdP (Keycloak, Dex, etc.) or enterprise IAM system
- Authorization Design: Implemented RBAC, ABAC, or ReBAC authorization models in production systems
- Zero Trust Principles: Deep understanding of NIST SP 800-207 and practical zero trust architecture patterns
- Compliance Frameworks: Working knowledge of NIST 800-53, CMMC Level 3+, or FedRAMP High requirements
- Scripting/Automation: Proficiency in Python, Go, or Bash for automation and tooling
- Active TS/SCI clearance (or ability to start immediately upon clearance grant)
- IL4/IL5 deployment and operations experience (IL6 is nice-to-have but not required)
- ATO Experience: Participated in at least one ATO process for NIST 800-53, CMMC, FedRAMP, or IL4/IL5 systems
- Experience with modern authorization frameworks (SpiceDB, Authzed, OpenFGA, Ory Keto)
- SPIFFE/SPIRE workload identity implementation experience
- Service mesh authentication (Istio, Linkerd, Cilium) in production
- HashiCorp Vault or enterprise secret management in classified or high-assurance environments
- CAC/PIV card integration and PKI certificate management
- Policy-as-code (OPA/Rego, Kyverno, Cedar) for runtime enforcement
- Experience in aerospace, defense, intelligence community, or national security space
- Startup or fast-paced environment experience (balance velocity with compliance rigor)
- Work Location—Successful candidates will be located near Denver or Colorado Springs. While we observe a hybrid work environment, some work must be done on site.
- Work environment—the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
- Physical demands—the physical demands of the job, including bending, sitting, lifting and driving.
This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Onsite
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
- CISSP, CCSP, or other security certifications
- Contributed to open-source identity/auth projects (Keycloak, Dex, OPA, SPIFFE, etc.)
- Experience with cross-domain solutions (CDS) or multi-level security (MLS) systems
- Kubernetes CKS (Certified Kubernetes Security Specialist) certification
- Previous experience at defense prime, IC contractor, or FAANG Gov (AWS/Azure/Google public sector)
What We Offer
~1 min readLocation & Eligibility
Listing Details
- Posted
- July 15, 2026
- First seen
- July 15, 2026
- Last seen
- July 15, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 60%
- Scored at
- July 15, 2026
Signal breakdown
Please let Trueanomalyinc know you found this job on Jobera.
3 other jobs at Trueanomalyinc
View all →Explore open roles at Trueanomalyinc.
Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.