Security & Compliance Engineer

About Nominal

Nominal is building the software infrastructure powering the world's most advanced hardware systems - from spacecraft and autonomous vehicles to next-generation industrial machines. Our platform ingests high-rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. We're a small, fast-moving team of engineers and operators who own problems end-to-end, work across disciplines, and thrive on challenges at the intersection of hardware and software.

As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you'll be responsible for working across the organization, developing and maturing various Security and GRC controls. You'll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal's software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal's network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.

About the role

• Own the Posture : Technical excellence in product hardening and information security is table-stakes for Nominal's success due to our product and industry. You'll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Detect and Respond : Strengthen Nominal's operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences.
• Plan and Execute : Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4 / 5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments.
• Coach Our Team : Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
• Communicate the Standard : Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal's technical security posture, both for our software platform and IT systems / endpoints, and inspire confidence in our secure product and business practices.

We're looking for someone with

Benefits

$140,000 - $170,000 a year

This job description is written to capture a range of experience levels from 4 years to 10+ years, which is why you'll see a wide band listed. Your actual base salary will be determined on a case-by-case basis and may vary based on a range of considerations, including job-related knowledge and skills, education, prior experience, and other business needs. The listed salary range represents an estimate for base compensation only. Base salary is just one part of the total rewards package. Eligible employees may also receive highly competitive equity grants in the form of stock options, allowing you to share in the company's long-term success.

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State.

Please note that Nominal is unable to sponsor employment visas (H-1B, F-1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.