Hydrosat is a space and data analytics company building a new Earth Observation constellation and software to unlock the power of thermal infrared imagery. Our mission is to capture and deliver high spatio-temporal resolution thermal infrared data, currently not available from other sources, to provide insights that benefit the environment, enhance food and water security, and serve other critical applications.

We are looking for a hands-on, execution-driven Sr. Security Engineer to help mature and scale Hydrosat’s security program. This role will support cloud security, application security, vulnerability management, compliance readiness, and security operations across our AWS-based environment. You will report to the IT and Security Lead and work closely with Engineering, Platform, IT, and Product teams to ensure security controls are implemented, monitored, and continuously improved. This is a practical security engineering role for someone who can translate security requirements into working technical controls and help teams remediate risk without slowing down delivery.

As a Sr. Security Engineer, you will help implement and operate the security controls that protect Hydrosat’s systems, data, and software delivery processes. You will support vulnerability remediation, AWS security hardening, secure development practices, audit readiness, and incident response activities.

Responsibilities

• Implement, maintain, and improve security controls across AWS environments.

• Support secure configuration of IAM, logging, monitoring, networking, and cloud services.

• Operate and improve vulnerability management processes across infrastructure, applications, containers, and dependencies.

• Triage security findings, assign ownership, track remediation, and drive closure with engineering teams.

• Support SAST, SCA, DAST, SBOM, and container security workflows using tools such as Snyk and AWS-native services.

• Help integrate security checks into CI/CD pipelines and development workflows.

• Track remediation of penetration testing findings and validate closure of high-priority issues.

• Support NIST 800-171 control implementation, evidence collection, and audit readiness activities.

• Maintain accurate documentation of security controls, risks, exceptions, and remediation progress.

• Support enterprise-grade security monitoring and incident response by leveraging centralized logging, alerting, and detection capabilities to identify, investigate, and respond to security events across the environment.

• Assist with security monitoring, alert triage, investigation, and incident response activities.

• Partner with Engineering, Platform, and IT teams to improve security processes without creating unnecessary friction.

• Contribute to repeatable DevSecOps practices across teams.

• 5+ years of experience in security engineering, cloud security, application security, DevSecOps, or related roles.

• Strong hands-on experience with AWS security concepts and services.

• Experience with IAM, logging, monitoring, networking, and cloud security best practices.

• Experience with vulnerability management workflows and remediation tracking.

• Familiarity with application security tooling such as SAST, SCA, DAST, SBOM, and container scanning.

• Experience working with CI/CD pipelines and secure software delivery practices.

• Experience with enterprise security monitoring and incident response, including centralized logging, alerting, and investigation of security events.

• Ability to work directly with engineering teams to resolve security findings.

• Strong documentation, tracking, and follow-through skills.

• Highly self-motivated, practical, and able to operate in a fast-moving startup environment.

• Strong team player with demonstrated ability to take ownership and drive execution.

Desired qualifications

• Experience with NIST 800-171 or similar security/compliance frameworks.

• Experience with Drata or similar GRC platforms.

• Experience with Snyk or similar application security platforms.

• Experience with Jira or similar tools for vulnerability tracking and exception management.

• Experience with Kubernetes, container security, or cloud-native infrastructure.

• Security certifications such as CISSP, CCSP, AWS Security Specialty, GSEC, GCIH, or similar are a plus.

Benefits

• Employee options

• Health insurance: Medical, Vision, Dental

• Flexible time off

• Maternity, Paternity & Parental Leave

• 401K Matching

E-Verify

Hydrosat, Inc. participates in the federal E-Verify program to confirm the eligibility of all newly hired employees, as required by law.

EEO Statement

Hydrosat, Inc. is an Equal Opportunity Employer and does not discriminate on the basis of veteran status, disability or any other characteristic protected by applicable federal, state, or local law. We are committed to providing reasonable accommodations to qualified individuals with disabilities and disabled veterans throughout the hiring process. Applicants requiring accommodation should contact Human Resources via email at hydrosat-hr-us@hydrosat.com or by calling 202-630-9980.

Federal Contract Eligibility Requirement

Due to the nature of the work and applicable U.S. federal government contract requirements, this position is limited to individuals who are U.S. citizens. This requirement is mandated by the federal government and is not a discretionary employment policy. Proof of eligibility will be required as a condition of employment, consistent with applicable law.

Export Control/ITAR Compliance

This position may involve access to information or technology subject to U.S. export control laws and regulations, including the International Traffic in Arms Regulations (ITAR). As a result, the successful candidate must be a “U.S. Person” as defined by ITAR (22 C.F.R. § 120.62). Verification of eligibility will be required as a condition of employment, in accordance with applicable law.