Secure Code Review Jobs in California (NOW HIRING)

Job Summary:
True Anomaly is a company focused on delivering decisive capabilities for space superiority through advanced technology. They are seeking an Application Security Engineering Manager to build and lead a team that secures critical flight software and command systems, integrating security throughout the software development lifecycle.
Responsibilities:
• Build, lead, and mentor an application security engineering team scaling to 10+ engineers over the next year, fostering a culture of technical excellence, collaboration, and mission focus
• Define and execute application security strategy for flight software (FSW), ground command and control systems, mission planning applications, and supporting cloud infrastructure
• Integrate security throughout the software development lifecycle (SDLC) for safety-critical embedded systems and distributed C2 applications, balancing security requirements with real-time performance and operational constraints
• Establish and mature secure development practices including threat modeling, secure code review, static/dynamic analysis (SAST/DAST), software composition analysis (SCA), and security testing for both flight and ground software
• Lead application security assessments and penetration testing efforts for spacecraft flight software, telemetry and command systems, and ground-based mission applications
• Partner with spacecraft software engineers, ground systems developers, DevSecOps, and mission operations teams to embed security expertise across the engineering organization
• Develop and enforce security standards, coding guidelines, and architectural patterns appropriate for resource-constrained embedded systems and high-assurance C2 applications
• Drive remediation of security vulnerabilities and work with engineering leadership to prioritize security initiatives alongside feature development and mission timelines
• Support compliance requirements including NIST 800-53, CMMC, FedRAMP, and other federal security frameworks applicable to national security space systems
• Communicate application security posture, risks, and strategic initiatives to technical teams, engineering leadership, and executive stakeholders
Qualifications:
Required:
• 8+ years of hands-on experience in application security, secure software development, or related security engineering roles
• 3+ years of people management experience, including hiring, coaching, performance management, and team development
• Minimum Secret clearance required; active TS/SCI clearance strongly preferred
• Proven experience building or significantly scaling application security programs and teams
• Deep expertise in secure software development practices across multiple programming languages (C, C++, Rust, Python, Go, or similar)
• Strong understanding of embedded systems security, real-time operating systems (RTOS), and resource-constrained environments
• Experience with application security testing tools and methodologies including SAST, DAST, SCA, fuzzing, and penetration testing
• Strong knowledge of common vulnerability classes (OWASP Top 10, CWE Top 25) and secure coding practices
• Understanding of software supply chain security, dependency management, and build pipeline security
• Familiarity with cloud application security in AWS, GCP, or Azure environments
• Excellent leadership, communication, and stakeholder management skills
• This position requires a minimum Secret clearance
Preferred:
• Active TS/SCI security clearance
• Experience securing flight software, spacecraft systems, autonomous vehicles, or other safety-critical embedded platforms
• Background in aerospace, defense, or national security software development
• Familiarity with space system architectures including satellite operations, ground segments, and telemetry/command protocols
• Experience with CMMC, FedRAMP, NIST 800-53, or RMF processes for DoD/IC systems
• Experience with containerization security (Docker, Kubernetes) and Infrastructure-as-Code security
• Understanding of cryptographic implementations and secure communications protocols
• Relevant certifications such as CISSP, CSSLP, GWAPT, OSCP, or similar
• Experience participating in or leading red team/purple team exercises
• Prior experience in fast-paced startup or high-growth environments
Company:
True Anomaly develops space security technologies, including spacecraft, software platforms, and mission systems for orbital operations. Founded in 2022, the company is headquartered in Centennial, USA, with a team of 201-500 employees. The company is currently Growth Stage.