Apply on Employer Site

Nominal · 1 month ago

Security & Compliance Engineer

New York, NY

Full-time

Onsite

Mid, Senior Level

4+ years exp

Nominal is building the software infrastructure powering the world’s most advanced hardware systems. As a Security & Compliance Engineer, you will be responsible for developing and maturing various Security and GRC controls, assisting the company in meeting authority to operate initiatives, and managing Nominal’s network and endpoint security.

Information TechnologySaaSSoftware

No H1B

U.S. Citizen Only

Responsibilities

Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal’s success due to our product and industry. You’ll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner

Detect and Respond: Strengthen Nominal’s operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences

Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments

Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries

Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices

Qualification

Security EngineeringEndpoint ProtectionCompliance FrameworksIncident ResponseSystem AdministrationCloud EnvironmentsRisk AssessmentsDevSecOpsOrganizational SkillsProject Management

Required

4+ years of experience working as a Security Engineer/Security Analyst

Hands-on expertise in endpoint protection, event monitoring and logging (EDR & SIEM). Incident handling experience including incident preparation, detection, analysis, containment & eradication, and post-mortem

Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls

Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC). Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002

Experience with federal contracting and data protection requirements, whether in government or industry settings

Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement

General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements

Strong organizational & writing skills, and attention to detail, commensurate to build out policy, procedure, plan, and standards documentation for customer, government, and auditor audiences

Strong project management, collaboration, and relational skills to work with cross-functional stakeholders across Nominal to ensure ongoing delivery of our Security and GRC posture