ForgeApply · Job listing
Senior Identity & Auth Engineer
Trueanomalyinc
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
OUR MISSION
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
OUR VALUES
• Be the offset. We create asymmetric advantages with creativity and ingenuity.
• What would it take? We challenge assumptions to deliver ambitious results.
• It’s the people. Our team is our competitive advantage and we are better together.
YOUR MISSION
Software is the central nervous system for True Anomaly's engineering and product thesis. As we deploy our space operations platform into classified environments, identity and authorization become critical technical challenges requiring deep specialization. True Anomaly is seeking a highly experienced Senior Identity & Authorization Engineer to build the multi-tenant identity infrastructure that enables secure operations at IL6 (SECRET) and beyond. You'll deploy and integrate Kubernetes-native identity platforms, implement fine-grained authorization models for space operations, and provide deep technical expertise on identity/auth during compliance processes. Working closely with our security and platform teams, you'll evaluate and integrate modern authorization frameworks (ReBAC, SPIFFE/SPIRE, OPA), build policy-as-code enforcement systems, and ensure our identity architecture meets the rigorous standards required for classified environments.
You do not need to have experience building space ground systems or experience in aerospace. You'll have ownership of challenging, greenfield problems and a chance to fundamentally impact the outcome of future conflict (and the future of the company), all while enjoying world-class benefits including platinum healthcare, flexible work hours/location, highly competitive compensation and a generous stock options package.
RESPONSIBILITIES
• Architect and deploy Kubernetes-native identity and authorization infrastructure for IL6 (SECRET) multi-tenant environments
• Serve as a technical authority for identity/auth controls during ATO processes, documenting and evidencing compliance for IdP components
• Design and implement multi-tenant isolation strategies ensuring zero lateral movement between customer/program boundaries
• Evaluate, deploy, and harden self-hosted IdPs (Keycloak, Dex, Authentik, etc.) for classified Kubernetes clusters
• Design authorization models (RBAC, ABAC, ReBAC) for space operations use cases with fine-grained access control requirements
• Implement workload identity frameworks (SPIFFE/SPIRE, K8s projected tokens) and service mesh authentication (Istio, Linkerd, Cilium)
• Build policy-as-code systems (OPA/Gatekeeper, Kyverno, Cedar) for automated compliance enforcement at runtime
• Integrate with government identity systems (CAC/PIV, LDAP, Active Directory) and legacy SAML 2.0 applications
• Collaborate with security team on secret management strategy (HashiCorp Vault, Azure Key Vault) with encryption key lifecycle for IL6 environments
• Work with application teams to define authentication/authorization contracts for microservices
• Partner with customers and government auditors during ATO processes to demonstrate compliance and address findings
• Stay current on emerging identity/auth technologies and evaluate applicability to classified environments
QUALIFICATIONS
• Clearance: Eligible for TS/SCI clearance (U.S. citizen or lawful permanent resident), active clearance strongly preferred
• Experience: 10+ years in platform/security engineering with 5+ years focused on identity, authentication, or authorization systems
• Multi-Tenant Architecture: Designed and implemented proper tenant isolation (zero lateral movement, strong security boundaries) for SaaS, defense, or high-assurance systems
• Kubernetes Production Experience: Deployed and operated production Kubernetes clusters with 3+ years experience
• Identity Infrastructure: Production experience deploying/operating at least one K8s-native IdP (Keycloak, Dex, etc.) or enterprise IAM system
• Authorization Design: Implemented RBAC, ABAC, or ReBAC authorization models in production systems
• Zero Trust Principles: Deep understanding of NIST SP 800-207 and practical zero trust architecture patterns
• Compliance Frameworks: Working knowledge of NIST 800-53, CMMC Level 3+, or FedRAMP High requirements
• Scripting/Automation: Proficiency in Python, Go, or Bash for automation and tooling
PREFERRED SKILLS AND EXPERIENCE
• Active TS/SCI clearance (or ability to start immediately upon clearance grant)
• IL4/IL5 deployment and operations experience (IL6 is nice-to-have but not required)
• ATO Experience: Participated in at least one ATO process for NIST 800-53, CMMC, FedRAMP, or IL4/IL5 systems
• Experience with modern authorization frameworks (SpiceDB, Authzed, OpenFGA, Ory Keto)
• SPIFFE/SPIRE workload identity implementation experience
• Service mesh authentication (Istio, Linkerd, Cilium) in production
• HashiCorp Vault or enterprise secret management in classified or high-assurance environments
• CAC/PIV card integration and PKI certificate management
• Policy-as-code (OPA/Rego, Kyverno, Cedar) for runtime enforcement
• Experience in aerospace, defense, intelligence community, or national security space
• Startup or fast-paced environment experience (balance velocity with compliance rigor)
Nice-To-Have:
• CISSP, CCSP, or other security certifications
• Contributed to open-source identity/auth projects (Keycloak, Dex, OPA, SPIFFE, etc.)
• Experience with cross-domain solutions (CDS) or multi-level security (MLS) systems
• Kubernetes CKS (Certified Kubernetes Security Specialist) certification
• Previous experience at defense prime, IC contractor, or FAANG Gov (A
Salary insight
The midpoint of this range ($188k) is about 23% above the median disclosed salary for Los Angeles roles listed on ForgeApply ($153k across 1,170 jobs).
Based on live postings with disclosed pay on ForgeApply; refreshed daily. Not an estimate of this employer's offer.
Ready to apply to Trueanomalyinc?
Apply in about a minuteSimilar jobs
- Senior Identity Engineer — Crunchyroll · Remote
- Senior Identity Engineer — Smithrx · Remote
- Senior Identity Management Engineer — Aurorainnovation · Seattle, Washington
- Senior Identity Management Engineer — Aurorainnovation · Pittsburgh, Pennsylvania
- Senior Identity Management Engineer — Aurorainnovation · Mountain View, California
- Senior Identity Security Engineer — Palantir · Palo Alto, CA
- Senior Identity Security Engineer — Palantir · Washington, D.C.
- Senior Identity Security Engineer — Palantir · New York, NY
More like this: More jobs at Trueanomalyinc · Browse all jobs