About the Role
You'll focus on hands-on design and implementation of security related software, to shift security left in our development processes. This includes embedding automated controls such as SBOMs and vulnerability scanning into CI / CD pipelines; maintaining and updating our internal shared libraries and infrastructure for authentication, authorization, and logging; and assisting with monitoring tools for operational services. Where needed, you'll help align systems with NIST 800-171 / CMMC requirements, collaborating closely with the Principal Security Engineer, AWS infra team, dev tooling team, chief software engineer, and cybersecurity / GRC group.
You'll work in a lean, impact-focused environment—prioritizing deliverables like secure code and architecture with bureaucracy handled by the TPM / GRC org as much as possible. Occasional engagement in security discussions with government entities may be involved, under the principal security engineer's guidance.
~80-90% hands-on work, with the remainder on collaboration and learning.
Key Responsibilities :
- I mplement Security Controls in SDLC : Assist in integrating security automation into pipelines (e.g., GitHub Actions / ArgoCD for SAST / DAST / SCA, SBOM generation, and vulnerability scanning).
- Support Shared Libraries and Infra : Contribute to evolving standard libraries / infra for authn / authz, logging, and other runtime security features, including testing and updates.
- Contribute to CMMC Compliance : Hands-on support for implementing controls (e.g., encryption, secure configurations, monitoring) to meet / exceed CMMC Level 2 requirements in AC, IA, SC, and SI families, building on our ISO 27001 foundation.
- Assist with Reviews and Models : Participate in security architecture reviews, code audits, and threat modeling; help identify and remediate issues like API vulnerabilities or supply chain risks.
- Team Collaboration : Engage in code reviews, pair programming sessions, and tooling development to advance secure practices; provide peer support within the security engineering team.
Required Qualifications :
Experience : 5+ years in software or security engineering, with at least 3+ years in security-focused roles. Experience with secure cloud systems (AWS), CI / CD security, and compliance efforts (e.g., NIST, CMMC, or FedRAMP).Technical Expertise : Proficiency in container security (Docker / Kubernetes), security tools (e.g., Trivy, Snyk, Falco, OPA), and programming languages for tooling (Python, Rust). Understanding of modern attacks and defenses.Security Acumen : Knowledge of common threats (e.g., injection, lateral movement), controls (NIST 800-53 mappings), DevSecOps practices, SBOMs, zero-trust principles, and SIEM-integrated logging.Interpersonal Skills : Ability to collaborate constructively with internal teams and contribute to external security discussions as needed.Preferred Skills :
Familiarity with AWS security services (e.g., GuardDuty, Security Hub, Config) and IaC tools (Terraform).Experience with embedded or satellite security (e.g., secure boot, over-the-air updates).Contributions to open-source security projects.Relevant certifications (e.g., CSSLP, OSCP, GIAC) demonstrating practical expertise.Proven ability to work in small, agile teams and learn from senior mentors.Bonus
Other : Experience in regulated industries (defense / aerospace); clearance for sensitive data handling.Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.
Access to US export-controlled software and / or technology may be for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. #LI-DC1