Principal Cloud Security Engineer

OverviewJob DescriptionABOUT ROCKET LABRocket Lab is an end-to-end space company delivering responsive launch services, complete spacecraft design and manufacturing, payloads, satellite components, and more – all with the goal of opening access space. The rockets and satellites we build, and launch enable some of the most ambitious and vital space missions globally, supporting scientific exploration, Earth observation and missions to combat climate change, security, and exciting new technology demonstrations.Our Electron rocket has become the second most frequently launched U.S. rocket annually and has delivered more than 230 satellites to orbit, all while we work to develop Neutron, our upcoming medium-lift, reusable launch vehicle for larger constellation deployment. Our Space Systems business designs and builds our extensive line of satellites, payloads, and their components, including spacecraft that have been selected to support NASA missions to the Moon and Mars and components used on the James Webb Space Telescope.ITRocket Lab/'s IT team is responsible for how our global teams access information and run operations across our computer systems, networks, and devices. Our hardworking IT team is a group of flexible problem-solvers working in a fast-paced environment but who also thrive under the challenge of supporting all of our proprietary systems and people, from finance to launch operations.Principal Cloud Security EngineerBased out of Rocket Lab/'s Conant office in Long Beach, CA the Principal Cloud Security Engineer must demonstrate a firm grasp of cloud-first, automated, API-driven security and statistical risk concepts and communication. They will work on securing all facets of Rocket Lab/'s cloud presence: the wide array of vendor services, code pipelines deploying into prod and non-prod environments, and automation performing an assortment of business-critical operations. They will provide analyses including quantifiable statistical information regarding IT and Cybersecurity risk to business partners with fiduciary responsibility. They will support the IT organization to develop a secure, reliable, and fiercely efficient platform to empower the Rocket Lab/'s objectives as a rapidly growing multinational space company.What You/'ll Get to DoDesign, implement, and maintain security controls for hybrid cloud-based environments, including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS) solutions.Design and develop custom automation in pursuit of cyber team objectives.Provide security support for internal and external design reviews related to security.Conduct security assessments and risk analyses to identify vulnerabilities and develop mitigation strategies for automated infrastructure such as public cloud, CI/CD pipelines, and agentic systems.Work with Infrastructure Operations to implement and manage access management (IAM) solutions to control access to cloud resources and applications.Develop documentation, plans, and proofs of concept for cybersecurity-related platform improvements.Configure and monitor cloud security tools and services.Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), DevOps, and MLOps processes.Maintain systems to stay up-to-date on emerging threats, vulnerabilities, and industry best practices related to DevSecOps/MLOps and recommend proactive measures to enhance security posture.Provide guidance and support to internal teams on security-related matters, including incident response, compliance, and security awareness training.Participate in regular security audits, assessments, and compliance reviews to ensure adherence to regulatory requirements and industry standards.You/'ll Bring These QualificationsBachelor/'s degree in computer science or cybersecurity, or equivalent career experience12+ years experience with scripting such as bash, powershell, or python12+ years experience with configuration management / infrastructure as code such as CFengine, Puppet, Ansible, Cloudformation, TerraformExtensive experience with git-driven version control such as Github, GitLab, Bitbucket, Phorge, etc.Extensive experience in ticketing systems such as Jira, ServiceNowExperience working under ITIL/Change Review systemsExperience with VMDBs like Brinqa or TenableExperience working under US Government compliance regimes (HIPAA, CCTT, NIST, DISA STIG, etc.)Proven experience in cloud security architecture, design, and implementation, with expertise in major cloud platforms such as AWS, Azure, or Google Cloud PlatformStrong understanding of networking concepts, encryption techniques, and secure communication protocolsExtensive experience reading network traffic captures and packet dumps, core dumps, and system logsExtensive experience with CLI scanning tools like Trivy, ClamAV, Trufflehog, OpenSCAP and GrypeHands-on experience with cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command CenterExperience with vendor-agnostic assessment engines like Cloud Custodian, Panther, or PowerPipeExperience with databases like postgresql, sqlite and data formats like parquet and arrowExperience with analytics systems like PowerBI or JupyterThese Qualifications Would Be Nice to HaveAdvanced degree in computer science, compliance, or lawInvolvement with community cybersecurity organizationsExperience with the following:Compiled like C++, rust, or golangSignificant outage / incident managementAWS GovCloud / Azure GCC HighWireshark/tcpdumpCI/CD pipeline securityTier 2 cloud vendorsHybrid cloud engineeringSAST and DAST testingSecrets management / vaults / HSMsVulnerability research / pentests / "red teaming"Organizing CTFsCloud incident response / forensicsLog aggregators like Graylog, ELK, or SplunkSecurity bot developmentAdditional RequirementsSpecific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and the ability to focus.Regularly required to sit, use hands and fingers, operate computer keyboard and controls, and communicate verbally and in writing.Must be physically able to commute to buildings.Occasional exposure to dust, fumes and moderate levels of noise.Base salary and rewards: Base salary is one component of our total rewards package at Rocket Lab. Employees may also receive company equity and a comprehensive benefits package including medical, dental, vision, paid time off, holidays, and retirement plan with company match.Base Pay Range (CA Only) $150,000—$175,000 USDWhat to ExpectWe/'re on a mission to unlock the potential of space to improve life on Earth. It takes hard work, determination, relentless innovation, teamwork, grit, and an unwavering commitment to achieving what others often deem impossible. We pride ourselves on having each other/'s backs, checking our egos at the door, and rolling up our sleeves on all tasks big and small. We thrive under pressure, work to tight deadlines, and our focus is always on how we can deliver, rather than dwelling on the challenges that stand in the way.Important information:For Candidates Seeking to Work in US Offices OnlyTo conform to U.S. Government space technology export regulations, including ITAR, Rocket Lab Employees must be a U.S. citizen, lawful permanent resident (Green Card holder), or be eligible to obtain required authorizations from the U.S. Department of State and/or the U.S. Department of Commerce. Learn more about ITAR here.Rocket Lab provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type. This policy applies to all terms and conditions of employment at Rocket Lab.Applicants requiring a reasonable accommodation for the application/interview process should contact the designated resource for disability accommodations. A response may take up to two business days.For Candidates Seeking to Work in New Zealand Offices OnlyBackground checks will be undertaken prior to any employment offers. These checks will include eligibility to access equipment and data regulated by ITAR.Under ITAR, you may be ineligible if you do not hold certain citizenships. For more information, please refer to ITAR regulations. #J-18808-Ljbffr

Created: 2025-09-21