Founding Security Engineer – Governance, Risk & Compliance (GRC)

At Sift, were redefining how modern machines are built, tested, and operated. Our platform gives engineers real time observability over high frequency telemetry, eliminating bottlenecks and enabling faster, more reliable development.

Sift was born from our work at SpaceX on Dragon, Falcon, Starlink, and Starship, where scaling telemetry, debugging flight systems, and ensuring mission reliability demanded new infrastructure. Founded by a team from SpaceX, Google, and Palantir, Sift is built for mission critical systems where precision and scalability are nonnegotiable.

As Sift’s first dedicated Security Engineer, you will not just maintain a security checklist, you will define the posture, architecture, and practices that keep our products and infrastructure secure in the most demanding environments. You will be both hands on and strategic, building controls, automating compliance, and working directly with customers, auditors, and internal teams to inspire confidence in our platform.

About the Role

The Security Engineer – GRC will own Sift’s security posture end to end, blending technical security engineering with governance, risk, and compliance leadership. You will set the standard for how we protect our systems and data, ensuring we are ready to meet and exceed the expectations of aerospace, defense, and enterprise customers.

Your Impact:

• Set the Standard: Establish a best in class security posture across our product and infrastructure. Make security a competitive advantage, not just a compliance checkbox.

• Lead Compliance by Design: Translate frameworks like SOC 2, NIST 800 171, CMMC, and FedRAMP into actionable engineering and operational practices. Oversee our Risk Management Framework (RMF) lifecycle and apply security standards across cloud, on prem, and air gapped environments.

• Engineer the Controls: Architect and deploy security tooling, secure CICD pipelines, and observability systems. Implement zero trust networking, encryption, and access control across environments.

• Enable the Team: Provide approachable, relevant training to engineers and operations teams. Guide secure procurement and use of third party tools and libraries.

• Earn Trust Externally: Represent Sift’s security posture clearly and credibly to customers, partners, auditors, and government stakeholders.
  

• In This Role, You’ll

  • Design, implement, and maintain secure cloud native infrastructure (AWS GovCloud, Kubernetes, OpenShift, on prem, and air gapped)

  • Build secure CICD pipelines with integrated scanning and policy enforcement

  • Deploy and manage observability and security tooling (SIEM, EDR, Datadog, ELK, Prometheus, Grafana)

  • Implement zero trust networking, VPNs, and encryption best practices

  • Maintain policies, procedures, and documentation that withstand customer and auditor scrutiny

  • Lead security readiness for customer and government requirements

  • Provide security awareness training for internal teams and be the point of contact for all security questions
    

  • The Skillset You’ll Bring

    • 5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries

    • Hands on experience securing AWS and Kubernetes based environments, with strong infrastructure as code practices

    • Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800 171, CMMC, FedRAMP, or ISO 27001

    • Deep understanding of network, endpoint, and identity security principles

    • Experience with security tooling and integration into operational workflows

    • Ability to translate compliance requirements into clear, actionable engineering work

    • Strong communication skills, able to represent security posture to technical and non technical audiences

    • Excited to operate as a team of one early on, with the vision to build and lead a security function over time
      

    • What We’re Looking For

      • Someone motivated by the responsibility of securing technology that supports national security and high stakes engineering programs

      • A builder who can balance pragmatism with rigor in a fast moving startup environment

      • A collaborator who can partner across engineering, operations, and go to market teams to make security part of the culture

      • Someone comfortable engaging directly with customers, auditors, and partners to explain and advocate for our security posture

      • Location:

        The Sift team is based in El Segundo. We collaborate in person two times per week, Monday and Thursday. We work closely with hardware companies, many of which are based in LA, building everything from autonomous vehicles to spacecraft. As a customercentric company, being nearby for site visits and collaboration is essential. Sift is open to relocating you to LA.

        Salary range: $170,000 $220,000 per year. Plus equity and benefits.

        Eligibility:

        US Person Required: Must be a U.S. Citizen or Green Card Holder due to ITAR (International Traffic in Arms Regulations) EAR (Export Administration Regulations) compliance requirements.