Information Systems Security Manager

About Nominal

Nominal is a venture-backed company with offices in Los Angeles, Austin, and New York City. We’re focused on building software and data solutions for organizations that test and validate complex systems—think drones, rocket engines, satellites, and nuclear reactors. Supported by leading investors like General Catalyst, Founders Fund, Lux Capital, and more, we’re gaining strong traction in the commercial and government aerospace and defense industrial base, including working directly with the Department of Defense.

Our team includes engineers and operators from SpaceX, Palantir, Anduril, Lockheed Martin, and NASA, all working toward a common goal: making it faster and easier for hardware engineers to push the boundaries of advanced technology safely and efficiently. Our platform helps engineering teams accelerate test data review and analysis, scaling testing campaigns to save time and cut costs.

Nominal’s customers operate in some of the most sensitive data environments in the country. The Nominal platform was built to protect the sensitivity of this data and prioritizes its security above all else. Additionally, our internal systems must meet a commensurate standard of security.
As the first fully dedicated technical hire focused on secure deployments, information technology (IT), and information security to join the team, you’ll be responsible for shaping and developing our long-term posture on these topics to meet the high bar described above.

This includes hardening Nominal’s software platform (both security and availability/reliability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.

🚀 About the role

• Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal’s success due to our product and industry. You would need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Plan & Execute: Translate compliance requirements (e.g., NIST 800-53, NIST 800-171, CMMC) into technical actions and policies to meet a stringent standard of government- and enterprise-defined information security. Oversee the RMF lifecycle management. Apply technology standards to classified, air-gapped environments.
• Manage the Network: Oversee network design, configuration, and administration. Handle endpoint device management across Nominal’s locations and assets. Includes VPNs or firewalls, SSIDs, malware/antivirus software, system configurations, software allowlisting / blocklisting, etc. to guarantee secure IT systems.
• Coach Our Team: Create and deliver approachable, relevant trainings to ensure all employees are equipped to maintain high technical standards of information security and compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
• Communicate the Standard: Prepare communications for government partners, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints, as well as inspire confidence in our secure product and business practices.

🔍 We're looking for someone with

• 4+ years of experience in topics such as DevSecOps and infrastructure, Risk Management Framework (RMF), information technology (IT), information security, cybersecurity, incident management, and root cause analysis.
• Knowledge of modern software development techniques and processes and their security (CI pipelines, microservice architectures, cloud and container-based deployments).
• Experience with systems administration, including network setup (VPN, SSIDs, firewalls), endpoint device protection, attack monitoring & logging (EDR & SIEM), software allowlisting / blocklisting, encryption & secure protocols, and more.
• Experience working with the DoD and extensive knowledge of federal contracting and data requirements, including ATO, NIST 800-171, CMMC, IL4/5, FedRAMP, NISPOM, RMF, etc.
• Familiarity with a variety of deployment styles, including cloud, on-prem, air-gapped, and hybrid.
• Organization, attention to detail, and strong writing skills to build out associated documentation that would stand up to questioning and scrutiny by customers, government officials, and auditors.
• Process management and relational skills to work with employees from across the organization to ensure ongoing delivery of our security and compliance posture.

Preferred qualifications include: - CISM / CISSP or equivalent IAM level III certification

• Bachelor’s degree in Information Systems, Cybersecurity, or related field
• Experience with AWS / Cloud, Microsoft Azure, Microsoft Government Community Cloud (GCC)

✨ Benefits/Perks

• Medical, dental, and vision insurance with 100% of premiums covered
• Unlimited PTO /sick leave
• Free lunch, snacks, and coffee
• Professional development stipend
• Quarterly company retreats

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.