Infrastructure & Security Engineer

Job Description

Firestorm is building the next generation of uncrewed aircraft and the advanced manufacturing systems that deliver them at speed. The Software Integration & Operations department owns the software layer that spans factory floor to cloud — the applications, automation, edge systems, and intelligence that make it possible to iterate product designs, automate advanced manufacturing, and scale production with uncompromising quality and rigor. As an Infrastructure & Security Engineer, you own the security and compliance envelope around the manufacturing software platform. Your scope is the security architecture of a system that spans commercial cloud, GovCloud, on-premise edge on the factory floor, and eventually air-gapped DoD environments — and the compliance posture that lets Firestorm operate in each of them. Security and compliance are preconditions for shipping, not afterthoughts. You define how identity, secrets, and trust boundaries are architected across the platform; you translate FedRAMP and ITAR controls into operable technical implementations; and you serve as the security authority on architectural decisions and design reviews across the department. You partner tightly with our cloud infrastructure experts, who owns the cloud runtime the platform operates on, and with our devops engineers who operate shared security tooling at the department level. The boundaries are deliberate — you own how the platform is secured and governed; they own how it runs — and the two concerns must resolve cohesively as the department grows.

What You'll Do

Own the security architecture of the manufacturing software platform end-to-end: identity, secrets, network segmentation, audit logging, data residency, and the trust boundaries between environments. Drive FedRAMP and ITAR readiness — translating compliance controls into concrete, operable technical implementation in partnership with compliance leadership and the DevSecOps team. Own the edge-to-cloud trust model and data pipeline security in partnership with the embedded engineering team — how factory-floor systems authenticate, stream data, and maintain security boundaries under disconnection. Define and enforce the compliance topology across commercial cloud, GovCloud, on-premise edge, and air-gapped DoD environments — what can talk to what, under what conditions, with what audit trail. Serve as the security authority on architectural decisions, design reviews, and incident response across the department when the issue involves the platform's security posture. Deliver solutions that harden security without compromising operability every release Required Qualifications 5+ years of security engineering, cloud security architecture, or infrastructure-security experience with production ownership. Strong background in security architecture: IAM, secrets management, network segmentation, audit logging, and boundary enforcement across multi-environment deployments. Experience designing or operating systems in a regulated environment — FedRAMP, ITAR, HIPAA, PCI, or similar — with a track record of translating controls into working code and configuration, not just documentation. Working proficiency in AWS or Azure and infrastructure-as-code tooling (Terraform or equivalent) — enough to partner effectively with the Cloud Infrastructure Engineer on joint design work, not necessarily to own runtime operations. Demonstrated ability to influence architectural decisions across engineering teams through design reviews and written design documents. Demonstrated history of holding yourself and your teammates to a high standard, even when it creates discomfort. U.S. person status required due to ITAR/EAR constraints on the work.

Preferred Qualifications

Hands-on experience with AWS GovCloud, Azure Government, or other regulated cloud environments. Prior FedRAMP Moderate or High authorization experience. Experience with edge-to-cloud security architectures in industrial or manufacturing settings. Familiarity with air-gapped deployment models. Background that includes both greenfield security architecture and mature-platform hardening. Apply To This Job