🚀 About the role

• Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal’s success due to our product and industry. You’ll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Detect and Respond: Strengthen Nominal’s operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences.
• Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments.
• Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
• Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices.

🔍 We're looking for someone with

• 4+ years of experience working as a Security Engineer/Security Analyst.
• Hands-on expertise in endpoint protection, event monitoring and logging (EDR & SIEM).Incident handlining experience including incident preparation, detection, analysis, containment & eradication, and post-mortem.
• Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls.
• Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC).Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002.
• Experience with federal contracting and data protection requirements, whether in government or industry settings.
• Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement.
• General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements.
• Strong organizational & writing skills, and attention to detail, commensurate to build out policy, procedure, plan, and standards documentation for customer, government, and auditor audiences.
• Strong project management, collaboration, and relational skills to work with cross-functional stakeholders across Nominal to ensure ongoing delivery of our Security and GRC posture.

✨ Benefits

• 🏥 100% coverage of medical, dental, and vision insurance
• 🏖️ Unlimited PTO and sick leave
• 🍽️ Free lunch, snacks, and coffee
• 🚀 Professional development stipend
• ✈️ Annual company retreat

140000 - 170000 USD a year