Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Security Engineer - Governance, Risk & Compliance image - Rise Careers
Job details

Security Engineer - Governance, Risk & Compliance

About Nominal

Nominal is a venture-backed company with offices in Washington DC, Los Angeles, Austin, and New York City. We’re focused on building software and data solutions for organizations that test and validate complex systems—think drones, rocket engines, satellites, and nuclear reactors. Supported by leading investors like General Catalyst, Founders Fund, Lux Capital, and more, we’re gaining strong traction in the commercial and government aerospace and defense industrial base, including direct work with the U.S. Department of Defense (DoD).


Our team includes engineers and operators from SpaceX, Palantir, Anduril, Lockheed Martin, and NASA, all working toward a common goal: making it faster and easier for hardware engineers to push the boundaries of advanced technology safely and efficiently. Our platform helps engineering teams accelerate test data review and analysis, scaling testing campaigns to save time and cut costs.


Nominal’s defense and commercial customers operate in some of the most sensitive data environments in the country. We built the Nominal platform to protect the sensitivity of this data and to prioritize its security above all else. Our internal systems must meet a commensurate standard of security.


As our first technical hire fully dedicated to information security (infosec) and governance, risk, and compliance (GRC), you’ll be responsible for developing and maturing various infosec and GRC controls, and authority to operate (ATO) initiatives, to meet the high bar described above. This includes hardening Nominal’s software platform (both security and availability/reliability), deploying into secure environments, assisting with incident response, managing Nominal’s network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.


🚀 About the role
  • Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal’s success due to our product and industry. You’ll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
  • Plan & Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, Impact Level (IL) 4/5, FedRAMP) in order to propose and lead a rollout of technical actions and policies that meet the stringent standard of government- and enterprise-defined information security. Oversee our Risk Management Framework (RMF) lifecycle management. Apply technology standards to classified, air-gapped environments.
  • Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for infosec and GRC. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
  • Communicate the Standard:  Prepare communications for government partners, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints and inspire confidence in our secure product and business practices.


🔍 We're looking for someone with
  • 4+ years of experience working with U.S. Department of Defense contracting and data requirements (whether in the government or industry), including CMMC, NIST 800-171, IL4/5, FedRAMP, SOC 2, and the Risk Management Framework (RMF).
  • General knowledge of DevSecOps and infrastructure, information security, cybersecurity, incident management, and root cause analysis.
  • Experience with systems administration, including network setup (VPN, SSIDs, firewalls), endpoint device protection, attack monitoring & logging (EDR & SIEM), software allowlisting / blocklisting, encryption & secure protocols, and more.
  • Experience with AWS / Cloud, Microsoft Azure, and Microsoft Government Community Cloud (GCC).
  • Familiarity with a variety of deployment styles, including cloud, on-prem, air-gapped, and hybrid.
  • Knowledge of modern software development techniques and processes and their security (CI pipelines, microservice architectures, cloud and container-based deployments).
  • Organization, attention to detail, and strong writing skills to build out associated documentation that would stand up to questioning and scrutiny by customers, government officials, and auditors.
  • Process management and relational skills to work with cross-functional stakeholders from across Nominal to ensure ongoing delivery of our infosec and GRC posture.


✨ Benefits/Perks
  • Medical, dental, and vision insurance with 100% of premiums covered
  • Unlimited PTO /sick leave
  • Free lunch, snacks, and coffee
  • Professional development stipend
  • Quarterly company retreats


$140,000 - $170,000 a year
Compensation at Nominal for eligible roles consists of a base salary, equity, and benefits. The base salary is just one part of the overall compensation package, which may also include equity in the form of stock options. In addition, we offer comprehensive health, dental, and vision insurance, life coverage, a 401(k) retirement plan, learning stipend, and unlimited PTO. Please note that benefits may vary based on your location and are subject to change.


Please note that Nominal is unable to sponsor employment visas (H-1B, F-1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Nominal Glassdoor Company Review
5.0 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
Nominal DE&I Review
5.0 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of Nominal
Nominal CEO photo
Unknown name
Approve of CEO
by Nominal on Glassdoor

Average salary estimate

$155000 / YEARLY (est.)
min
max
$140000K
$170000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Security Engineer - Governance, Risk & Compliance, Nominal

Join Nominal as a Security Engineer - Governance, Risk & Compliance, where your expertise will shape the backbone of our secure operations. At Nominal, we're all about innovating in the realm of software and data solutions tailored for high-stakes environments, like those found in aerospace and defense. As we partner with notable clients including the U.S. Department of Defense, your role will be pivotal in developing and maturing our information security frameworks. You'll be entrusted with hardening our platforms, ensuring we meet stringent government regulations, and creating a culture of security awareness amongst our employees. With the combination of your DevSecOps background and experience in navigating complex compliance landscapes like CMMC and NIST, you'll lead the charge in securing sensitive data. We’re not just looking for someone to fill a position but someone passionate about security who thrives in a fast-paced, evolving tech space. At Nominal, you will work alongside an elite team of engineers and operators hailing from leading organizations, all while enjoying benefits like unlimited PTO and a professional development stipend. If you’re ready to make a difference and drive our security measures to new heights, we’d love to hear from you!

Frequently Asked Questions (FAQs) for Security Engineer - Governance, Risk & Compliance Role at Nominal
What are the main responsibilities of a Security Engineer - Governance, Risk & Compliance at Nominal?

As a Security Engineer - Governance, Risk & Compliance at Nominal, you'll be responsible for developing extensive information security and GRC controls, enhancing our security posture, and ensuring compliance with U.S. Department of Defense requirements. This includes hardening our software platform, overseeing incident responses, and communicating security standards across the organization. Your role is essential in implementing GRC frameworks like NIST 800-171 and FedRAMP while educating and preparing the team to maintain these high standards.

Join Rise to see the full answer
What qualifications are needed for the Security Engineer position at Nominal?

To excel as a Security Engineer - Governance, Risk & Compliance at Nominal, you will need at least 4 years of experience working with U.S. Department of Defense data requirements, including familiarity with CMMC and FedRAMP. A strong background in information security practices, systems administration, and cloud environments like AWS is essential, along with excellent organizational and writing skills to build thorough documentation that meets compliance criteria. Your ability to manage and process complex security frameworks will be crucial.

Join Rise to see the full answer
What can I expect in terms of career growth as a Security Engineer at Nominal?

At Nominal, the role of Security Engineer - Governance, Risk & Compliance is not just a job—it's a career-shaping opportunity. You’ll have the chance to shape essential security practices within a fast-growing tech environment and collaborate closely with seasoned professionals from top-tier organizations. With professional development funding and exposure to significant projects, you’ll be poised for continuous learning and advancement in your career.

Join Rise to see the full answer
What does the work culture look like for a Security Engineer at Nominal?

Nominal offers a dynamic and inclusive work culture where innovation thrives. As a Security Engineer - Governance, Risk & Compliance, you'll be part of a collaborative team that values your insights and promotes continuous professional growth. We encourage open communication and offer perks like unlimited PTO and professional development stipends, fostering a balanced working environment that recognizes the efforts of our team.

Join Rise to see the full answer
Is experience with cloud security relevant for the Security Engineer role at Nominal?

Absolutely! Experience with cloud security is highly relevant for the Security Engineer - Governance, Risk & Compliance role at Nominal. Understanding cloud environments such as AWS and Microsoft Azure is essential, as you'll be involved in ensuring compliance and implementing security measures across these platforms, ensuring our software meets the high standards required for sensitive defense contracts.

Join Rise to see the full answer
Common Interview Questions for Security Engineer - Governance, Risk & Compliance
Can you explain your experience with U.S. Department of Defense contracting requirements?

When answering this question, focus on your specific roles and responsibilities related to DoD compliance, such as your familiarity with CMMC, NIST standards, and any relevant projects you've worked on. Highlight instances where you ensured compliance and how your efforts contributed to the project's success.

Join Rise to see the full answer
What strategies will you implement to improve Nominal's information security posture?

Discuss a systematic approach that includes risk assessments, maturity model evaluations, and continuous monitoring. Mention how education and training are vital to empowering employees to safeguard sensitive data while ensuring adherence to security protocols.

Join Rise to see the full answer
How do you handle incident response and management?

Bring attention to your understanding of the incident response lifecycle. Describe a process you would follow, from detection to recovery, emphasizing communication and documentation as key components.

Join Rise to see the full answer
What security frameworks are you most familiar with?

Include specific frameworks like NIST 800-171, FedRAMP, and RMF. Discuss how these frameworks relate to your past experiences and how you’ve applied their principles in meeting compliance standards.

Join Rise to see the full answer
What is the importance of vulnerability management in an organization?

Explain how vulnerability management helps identify, prioritize, and remediate security weaknesses proactively. Highlight your experience in monitoring and addressing vulnerabilities within systems or applications.

Join Rise to see the full answer
Can you describe a time when you had to develop security documentation?

Provide a specific example where you created documentation for security policies or procedures, mentioning the challenges you faced and how you ensured it met regulatory and organizational standards.

Join Rise to see the full answer
How do you prioritize security initiatives within a rapidly changing environment?

Discuss your approach to prioritizing initiatives based on risk assessments, regulatory requirements, and business impact. Highlight a time when you effectively balanced security needs with company objectives.

Join Rise to see the full answer
How do you keep up with the latest trends in cybersecurity?

Mention subscriptions to industry publications, attendance at conferences, and involvement in cybersecurity communities. Share any recent learning you’ve implemented in your security practices.

Join Rise to see the full answer
How would you assess the security posture of an organization?

Talk about conducting a comprehensive security assessment, including reviewing policies, procedures, and technical controls. Describe the importance of stakeholder interviews and assessments of existing security measures.

Join Rise to see the full answer
What role does employee training play in information security?

Emphasize the critical role of training in creating a culture of security. Discuss how regular training and awareness programs can significantly reduce human-related security incidents.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
INflow Federal Hybrid Millington, TN
VIEW
Posted 6 days ago
Photo of the Rise User
Veeva Systems Remote Massachusetts - Boston
VIEW
Posted 12 days ago
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Family Medical Leave
Maternity Leave
Paternity Leave
Lactation Facilities
Family Coverage (Insurance)
Medical Insurance
Dental Insurance
Vision Insurance
Mental Health Resources
Life insurance
Disability Insurance
Health Savings Account (HSA)
Flexible Spending Account (FSA)
401K Matching
Paid Time-Off
Paid Volunteer Time
Photo of the Rise User
WPROMOTE Remote Remote, United States
VIEW
Posted 11 days ago
Photo of the Rise User
Chabez Tech Remote Navi Mumbai Metro, Navi Mumbai, Maharashtra, India
VIEW
Posted 10 days ago
Photo of the Rise User
Stafford Gray Hybrid No location specified
VIEW
Posted 8 days ago
Photo of the Rise User
Fuel50 Remote No location specified
VIEW
Posted 7 days ago
H
HR Force International Remote No location specified
VIEW
Posted 8 days ago
Photo of the Rise User
A Society Group, Inc. Remote No location specified
VIEW
Posted 8 days ago
N By Nominal

Ignite the next industrial revolution‍We equip engineering teams with tools to rapidly deploy resilient systems to explore, protect, connect, and power the world. Our platform informs rapid and reliable decisions in the most critical moments.

10 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
No info
LOCATION
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
January 15, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok