Senior Identity & Auth Engineer

Posted Yesterday
Be an Early Applicant
2 Locations
In-Office
150K-225K Annually
Senior level
Aerospace • Artificial Intelligence • Hardware • Machine Learning • Software • Defense • Manufacturing
Delivering decisive capabilities for space superiority.
The Role
Design, deploy, and harden Kubernetes-native identity and authorization infrastructure for IL6 multi-tenant environments. Implement workload identity, fine-grained authorization, and policy-as-code enforcement. Integrate IdPs, government identity systems, and secret management; support ATO/compliance processes and collaborate with security, app teams, and auditors.
Summary Generated by Built In

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

OUR MISSION

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

OUR VALUES

  • Be the offset. We create asymmetric advantages with creativity and ingenuity.
  • What would it take? We challenge assumptions to deliver ambitious results.
  • It’s the people. Our team is our competitive advantage and we are better together.

YOUR MISSION

Software is the central nervous system for True Anomaly's engineering and product thesis. As we deploy our space operations platform into classified environments, identity and authorization become critical technical challenges requiring deep specialization. True Anomaly is seeking a highly experienced Senior Identity & Authorization Engineer to build the multi-tenant identity infrastructure that enables secure operations at IL6 (SECRET) and beyond. You'll deploy and integrate Kubernetes-native identity platforms, implement fine-grained authorization models for space operations, and provide deep technical expertise on identity/auth during compliance processes. Working closely with our security and platform teams, you'll evaluate and integrate modern authorization frameworks (ReBAC, SPIFFE/SPIRE, OPA), build policy-as-code enforcement systems, and ensure our identity architecture meets the rigorous standards required for classified environments.
You do not need to have experience building space ground systems or experience in aerospace. You'll have ownership of challenging, greenfield problems and a chance to fundamentally impact the outcome of future conflict (and the future of the company), all while enjoying world-class benefits including platinum healthcare, flexible work hours/location, highly competitive compensation and a generous stock options package.

RESPONSIBILITIES

  • Architect and deploy Kubernetes-native identity and authorization infrastructure for IL6 (SECRET) multi-tenant environments
  • Serve as a technical authority for identity/auth controls during ATO processes, documenting and evidencing compliance for IdP components
  • Design and implement multi-tenant isolation strategies ensuring zero lateral movement between customer/program boundaries
  • Evaluate, deploy, and harden self-hosted IdPs (Keycloak, Dex, Authentik, etc.) for classified Kubernetes clusters
  • Design authorization models (RBAC, ABAC, ReBAC) for space operations use cases with fine-grained access control requirements
  • Implement workload identity frameworks (SPIFFE/SPIRE, K8s projected tokens) and service mesh authentication (Istio, Linkerd, Cilium)
  • Build policy-as-code systems (OPA/Gatekeeper, Kyverno, Cedar) for automated compliance enforcement at runtime
  • Integrate with government identity systems (CAC/PIV, LDAP, Active Directory) and legacy SAML 2.0 applications
  • Collaborate with security team on secret management strategy (HashiCorp Vault, Azure Key Vault) with encryption key lifecycle for IL6 environments
  • Work with application teams to define authentication/authorization contracts for microservices
  • Partner with customers and government auditors during ATO processes to demonstrate compliance and address findings
  • Stay current on emerging identity/auth technologies and evaluate applicability to classified environments

QUALIFICATIONS

  • Clearance: Eligible for TS/SCI clearance (U.S. citizen or lawful permanent resident), active clearance strongly preferred
  • Experience: 10+ years in platform/security engineering with 5+ years focused on identity, authentication, or authorization systems
  • Multi-Tenant Architecture: Designed and implemented proper tenant isolation (zero lateral movement, strong security boundaries) for SaaS, defense, or high-assurance systems
  • Kubernetes Production Experience: Deployed and operated production Kubernetes clusters with 3+ years experience
  • Identity Infrastructure: Production experience deploying/operating at least one K8s-native IdP (Keycloak, Dex, etc.) or enterprise IAM system
  • Authorization Design: Implemented RBAC, ABAC, or ReBAC authorization models in production systems
  • Zero Trust Principles: Deep understanding of NIST SP 800-207 and practical zero trust architecture patterns
  • Compliance Frameworks: Working knowledge of NIST 800-53, CMMC Level 3+, or FedRAMP High requirements
  • Scripting/Automation: Proficiency in Python, Go, or Bash for automation and tooling

PREFERRED SKILLS AND EXPERIENCE

  • Active TS/SCI clearance (or ability to start immediately upon clearance grant)
  • IL4/IL5 deployment and operations experience (IL6 is nice-to-have but not required)
  • ATO Experience: Participated in at least one ATO process for NIST 800-53, CMMC, FedRAMP, or IL4/IL5 systems
  • Experience with modern authorization frameworks (SpiceDB, Authzed, OpenFGA, Ory Keto)
  • SPIFFE/SPIRE workload identity implementation experience
  • Service mesh authentication (Istio, Linkerd, Cilium) in production
  • HashiCorp Vault or enterprise secret management in classified or high-assurance environments
  • CAC/PIV card integration and PKI certificate management
  • Policy-as-code (OPA/Rego, Kyverno, Cedar) for runtime enforcement
  • Experience in aerospace, defense, intelligence community, or national security space
  • Startup or fast-paced environment experience (balance velocity with compliance rigor)

Nice-To-Have:

  • CISSP, CCSP, or other security certifications
  • Contributed to open-source identity/auth projects (Keycloak, Dex, OPA, SPIFFE, etc.)
  • Experience with cross-domain solutions (CDS) or multi-level security (MLS) systems
  • Kubernetes CKS (Certified Kubernetes Security Specialist) certification
  • Previous experience at defense prime, IC contractor, or FAANG Gov (AWS/Azure/Google public sector)

COMPENSATION

  • Base Salary: $150,000 - $225,000  
  • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

ADDITIONAL REQUIREMENTS

  • Work Location—Successful candidates will be located near Denver or Colorado Springs. While we observe a hybrid work environment, some work must be done on site.
  • Work environment—the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
  • Physical demands—the physical demands of the job, including bending, sitting, lifting and driving.

This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Onsite

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.


Skills Required

  • Eligible for TS/SCI clearance (U.S. citizen or lawful permanent resident)
  • Active TS/SCI clearance (strongly preferred)
  • 10+ years platform/security engineering experience with 5+ years focused on identity, authentication, or authorization
  • Designed and implemented multi-tenant isolation strategies (zero lateral movement) for SaaS, defense, or high-assurance systems
  • 3+ years deploying and operating production Kubernetes clusters
  • Production experience deploying/operating at least one K8s-native IdP (Keycloak, Dex, Authentik) or enterprise IAM
  • Implemented RBAC, ABAC, or ReBAC authorization models in production
  • Deep understanding of Zero Trust principles (NIST SP 800-207)
  • Working knowledge of compliance frameworks (NIST 800-53, CMMC Level 3+, or FedRAMP High)
  • Proficiency in scripting/automation using Python, Go, or Bash
  • Experience integrating with government identity systems (CAC/PIV, LDAP, Active Directory) and SAML 2.0 apps
  • Experience with secret management and encryption key lifecycle (HashiCorp Vault, Azure Key Vault)
  • Located near Denver or Colorado Springs and able to work onsite as required (hybrid)
  • Experience with modern authorization frameworks (SpiceDB, Authzed, OpenFGA, Ory Keto)
  • SPIFFE/SPIRE workload identity and service mesh authentication (Istio, Linkerd, Cilium) experience
  • ATO participation for NIST 800-53, CMMC, FedRAMP, or IL4/IL5 systems
  • IL4/IL5 deployment and operations experience (IL6 nice-to-have)
  • CISSP, CCSP, Kubernetes CKS, or similar certifications

True Anomaly Compensation & Benefits Highlights

  • Healthcare Strength Healthcare is described as 100% employer-sponsored and comprehensive, including medical, dental, and vision. Options such as HSA/HRA are also referenced, reinforcing strong core coverage.
  • Equity Value & Accessibility Equity is a standard part of the package, positioning employees to share in company ownership. Company and job materials consistently include stock options alongside cash compensation.
  • Leave & Time Off Breadth Materials highlight generous time off and paid holidays, with references to flexible time off/PTO. Generous parental leave is also cited, complemented by an onsite mother’s room.

True Anomaly Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Centennial, CO
300 Employees
Year Founded: 2022

What We Do

Space was once the quietest place in the universe. Now, it's crowded, contested, and confrontational.  We are True Anomaly: the only defense company focused exclusively on space defense. Founded in 2022 by ex-U.S. Space Force members, True Anomaly designs and builds advanced systems for space superiority: agile and powerful spacecraft platforms, mission software engineered for unmatched command and control, and payloads tailored for precision sensing and effects.    True Anomaly is headquartered in Centennial, CO, with regional offices in Colorado Springs, CO, Long Beach, CA, and Washington, D.C.  We are hiring and seeking exceptional talent to join True Anomaly, from any technical industry or background, to bring unique talents, perspective, and solutions. If you embrace complexity, lead instead of follow, showcase integrity over ego, take ownership for outcomes, and measure success by impact, we want to hear from you.

Why Work With Us

True Anomaly exists to enable a secure, stable, and sustainable space environment for the US, its allies, and partners. We design and build spacecraft and software solutions for space superiority. If you are ready to contribute to the future of space defense, we’d love to hear from you.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

True Anomaly Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

We are a hybrid office culture. Our employees work from offices in Denver, Colorado Springs, Los Angeles, and Washington D.C. We recognize the importance of in-office collaboration, but also the value of a flexible work and location requirements

Typical time on-site: Not Specified
Company Office Image
HQEngineering and Manufacturing
Company Office Image
Mission Operations
Company Office Image
Engineering and Manufacturing
Company Office Image
Government Affairs and Sales
Learn more

Similar Jobs

True Anomaly Logo True Anomaly

Senior Manager, Data Engineering

Aerospace • Artificial Intelligence • Hardware • Machine Learning • Software • Defense • Manufacturing
In-Office or Remote
9 Locations
300 Employees
200K-290K Annually

True Anomaly Logo True Anomaly

Senior Manager, Infrastructure Engineering

Aerospace • Artificial Intelligence • Hardware • Machine Learning • Software • Defense • Manufacturing
In-Office or Remote
9 Locations
300 Employees
200K-290K Annually

True Anomaly Logo True Anomaly

Engineering Manager

Aerospace • Artificial Intelligence • Hardware • Machine Learning • Software • Defense • Manufacturing
In-Office
Denver, CO, USA
300 Employees
145K-160K Annually

True Anomaly Logo True Anomaly

Systems Engineer

Aerospace • Artificial Intelligence • Hardware • Machine Learning • Software • Defense • Manufacturing
In-Office
Denver, CO, USA
300 Employees
100K-135K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account