Principal Security Engineer

About the Role

You'll focus on hands-on design and implementation of security related software, to shift security left in our development processes. This includes embedding automated controls such as SBOMs and vulnerability scanning into CI/CD pipelines; maintaining and updating our internal shared libraries and infrastructure for authentication, authorization, and logging; and assisting with monitoring tools for operational services. Where needed, you'll help align systems with NIST 800-171/CMMC requirements, collaborating closely with the Principal Security Engineer, AWS infra team, dev tooling team, chief software engineer, and cybersecurity/GRC group.

You'll work in a lean, impact-focused environment—prioritizing deliverables like secure code and architecture with bureaucracy handled by the TPM/GRC org as much as possible. Occasional engagement in security discussions with government entities may be involved, under the principal security engineer's guidance.

~80-90% hands-on work, with the remainder on collaboration and learning.

Key Responsibilities:

• Implement Security Controls in SDLC: Assist in integrating security automation into pipelines (e.g., GitHub Actions/ArgoCD for SAST/DAST/SCA, SBOM generation, and vulnerability scanning).


• Support Shared Libraries and Infra: Contribute to evolving standard libraries/infra for authn/authz, logging, and other runtime security features, including testing and updates.


• Contribute to CMMC Compliance: Hands-on support for implementing controls (e.g., encryption, secure configurations, monitoring) to meet/exceed CMMC Level 2 requirements in AC, IA, SC, and SI families, building on our ISO 27001 foundation.


• Assist with Reviews and Models: Participate in security architecture reviews, code audits, and threat modeling; help identify and remediate issues like API vulnerabilities or supply chain risks.


• Team Collaboration: Engage in code reviews, pair programming sessions, and tooling development to advance secure practices; provide peer support within the security engineering team.

Required Qualifications:

• Experience: 5+ years in software or security engineering, with at least 3+ years in security-focused roles. Experience with secure cloud systems (AWS), CI/CD security, and compliance efforts (e.g., NIST, CMMC, or FedRAMP).


• Technical Expertise: Proficiency in container security (Docker/Kubernetes), security tools (e.g., Trivy, Snyk, Falco, OPA), and programming languages for tooling (Python, Rust). Understanding of modern attacks and defenses.


• Security Acumen: Knowledge of common threats (e.g., injection, lateral movement), controls (NIST 800-53 mappings), DevSecOps practices, SBOMs, zero-trust principles, and SIEM-integrated logging.


• Interpersonal Skills: Ability to collaborate constructively with internal teams and contribute to external security discussions as needed.

Preferred Skills:

• Familiarity with AWS security services (e.g., GuardDuty, Security Hub, Config) and IaC tools (Terraform).


• Experience with embedded or satellite security (e.g., secure boot, over-the-air updates).


• Contributions to open-source security projects.


• Relevant certifications (e.g., CSSLP, OSCP, GIAC) demonstrating practical expertise.


• Proven ability to work in small, agile teams and learn from senior mentors.

Bonus

• Other: Experience in regulated industries (defense/aerospace); clearance for sensitive data handling.

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.

Access to US export-controlled software and/or technology may be for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. #LI-DC1