Cybersecurity Engineer, Product Security

• CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators
• border protection teams to act faster, adapt rapidly
• stay ahead of evolving threats.
• CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel
• Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle
• London. For more information, please visit www.chaosinc.com .
• Role Overview:
• We are seeking a Cybersecurity Engineer focused on Product Security to help design, assess
• secure our next-generation sensor platforms and supporting software ecosystems. This role will work closely with Software Engineering, Embedded Systems, Hardware Engineering, Infrastructure
• Program teams to ensure security is integrated throughout the product lifecycle — from architecture and development through deployment and operational support.
• The ideal candidate has experience securing complex software and hardware systems within defense, aerospace
• other highly regulated environments. This individual will lead software security architecture efforts, perform threat modeling and risk assessments, support compliance initiatives
• help establish secure engineering standards across the organization.
• This is a highly collaborative and hands-on role with direct impact on the security and resiliency of mission-critical technologies deployed in operational environments

Responsibilities

• Product Security Engineering
• Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure
• Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)
• Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems
• Develop secure design standards, engineering guidance, and product security best practices
• Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation
• Threat Modeling & Risk Assessment
• Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure
• Conduct cybersecurity risk assessments for products, systems, and operational environments
• Identify attack surfaces, trust boundaries, and potential exploitation paths
• Work with engineering teams to prioritize and remediate identified security risks
• Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies
• Compliance & Security Authorization
• Support cybersecurity compliance initiatives and product authorization efforts including:
• RMF (Risk Management Framework)
• ATO (Authority to Operate)
• Export control and regulated data handling requirements
• Assist with development of system security documentation, security controls, SSPs, and assessment artifacts
• Support internal and external security audits, assessments, and accreditation activities
• Collaborate with government, customer, and program stakeholders on security requirements and authorization activities
• Security Testing & Validation
• Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts
• Support secure configuration and hardening efforts across software, operating systems, and embedded environments
• Review software and system telemetry to identify potential security weaknesses or anomalous behavior
• Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility
• Cross-Functional Collaboration
• Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements
• Contribute to the development of scalable product security processes and governance
• Support customer and internal security reviews related to deployed technologies and operational environments
• Mentor engineering teams on secure development and security-by-design principles
• Minimum Requirements:
• 5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles
• Experience with software security design and secure system architecture principles
• Hands-on experience conducting threat modeling and cybersecurity risk assessments
• Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts
• Familiarity with cybersecurity frameworks and compliance standards including:
• RMF
• NIST 800-53
• NIST 800-171
• CMMC
• DFARS
• Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS
• Understanding of cloud, endpoint, network, and identity security concepts
• Strong analytical, troubleshooting, and technical communication skills
• Ability to operate effectively in a fast-paced startup environment
• Must be a U.S. Citizen eligible for government facilities and sensitive information
• Ability to obtain additional security clearances as required by contract
• Preferred Requirements:
• Active Security Clearance
• Experience supporting defense, aerospace, government contracting, or regulated technology environments
• Experience securing embedded systems, sensor platforms, or edge computing technologies
• Familiarity with export control requirements including ITAR and EAR
• Experience with secure DevSecOps pipelines and automation practices
• Experience with Microsoft GCC High environments and regulated cloud architectures
• Firmware development experience
• BIOS/UEFI security or development experience
• Hardware security design experience
• Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge
• Experience with scripting or automation using Python, PowerShell, or Bash
• Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent
• Why CHAOS?
• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits : 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices
• The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity
• benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.
• Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.
• #LI-onsite