Security Engineer - Governance, Risk & Compliance

About Nominal

Nominal is a venture-backed company with offices in Washington DC, Los Angeles, Austin, and New York City. We're focused on building software and data solutions for organizations that test and validate complex systems-think drones, rocket engines, satellites, and nuclear reactors. Supported by leading investors like General Catalyst, Founders Fund, Lux Capital, and more, we're gaining strong traction in the commercial and government aerospace and defense industrial base, including direct work with the U.S. Department of Defense (DoD).

Our team includes engineers and operators from SpaceX, Palantir, Anduril, Lockheed Martin, and NASA, all working toward a common goal : making it faster and easier for hardware engineers to push the boundaries of advanced technology safely and efficiently. Our platform helps engineering teams accelerate test data review and analysis, scaling testing campaigns to save time and cut costs.

Nominal's defense and commercial customers operate in some of the most sensitive data environments in the country. We built the Nominal platform to protect the sensitivity of this data and to prioritize its security above all else. Our internal systems must meet a commensurate standard of security.

As our first technical hire fully dedicated to information security (infosec) and governance, risk, and compliance (GRC), you'll be responsible for developing and maturing various infosec and GRC controls, and authority to operate (ATO) initiatives, to meet the high bar described above. This includes hardening Nominal's software platform (both security and availability / reliability), deploying into secure environments, assisting with incident response, managing Nominal's network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.

About the role

• Own the Posture : Technical excellence in product hardening and information security is table-stakes for Nominal's success due to our product and industry. You'll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Plan & Execute : Translate GRC requirements (e.g., CMMC, NIST 800-171, Impact Level (IL) 4 / 5, FedRAMP) in order to propose and lead a rollout of technical actions and policies that meet the stringent standard of government- and enterprise-defined information security. Oversee our Risk Management Framework (RMF) lifecycle management. Apply technology standards to classified, air-gapped environments.
• Coach Our Team : Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for infosec and GRC. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
• Communicate the Standard : Prepare communications for government partners, auditors, and customers that satisfactorily explain Nominal's technical security posture, both for our software platform and IT systems / endpoints and inspire confidence in our secure product and business practices.

We're looking for someone with

Benefits / Perks

140,000 - $170,000 a year

Compensation at Nominal for eligible roles consists of a base salary, equity, and benefits. The base salary is just one part of the overall compensation package, which may also include equity in the form of stock options. In addition, we offer comprehensive health, dental, and vision insurance, life coverage, a 401(k) retirement plan, learning stipend, and unlimited PTO. Please note that benefits may vary based on your location and are subject to change.

Please note that Nominal is unable to sponsor employment visas (H-1B, F-1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Salary : $140,000 - $170,000