Principal Software Engineer, Product Security

Company: Spire
Location: Boulder
Posted on: January 18, 2026

Job Description:

Job Description Job Description We're leveling up our security engineering on a solid foundation: a standardized AWS developer platform, established toolchain for satellite software, ISO 27001 certification, and ongoing business with government customers across the world. To push toward CMMC Level 2 compliance for CUI handling in our defense-relevant environment, we're seeking a senior technical lead to own product security strategy and execution. The core responsibility will be to shift security left and integrate it throughout all our development processes: embedding automated controls like SBOMs, scanning, and secure pipelines into CI/CD; maintain standard libraries and infra for authn/authz and logging. You will also work on monitoring tools for operational services, and where control inheritance is insufficient, you'll help teams figure out how to align their systems with NIST 800-171/CMMC and other security objectives. This is a senior, hands-on IC role with leadership: you'll code, configure, and debug while mentoring and tasking a small team of security engineers. As the technical leader of our Product Security Team you'll work closely with our chief software engineer to align security objectives and software roadmap, with our AWS infra team for cloud hardening, with our dev tooling team for satellite software security, as well as with the cybersecurity/GRC group. Lean setup with bureaucracy primarily handled by GRC and TPM teams, just impact through code and architecture, building on what we already do well. As part of the role you may also engage in discussions with peers at government entities and other bodies on security related matters. Key Responsibilities: Security Controls in SDLC: Integrate security automation into our pipelines (e.g., GitHub Actions/ArgoCD for SAST/DAST/SCA, SBOM, vuln scanning). Strengthen Shared Libraries and Infra: Evolve standard libraries/infra for authn/authz and logging and other run-time security concerns. Advance CMMC Compliance: Hands-on implementation to meet/exceed CMMC Level 2 controls (AC, IA, SC, SI families)—e.g., encryption, secure configs, monitoring—leveraging our ISO 27001 base and federal experience. Perform Reviews and Models: Conduct security architecture reviews, code audits, and threat modeling. Identify/fix issues like API vulns or supply chain risks. Team Guidance: Mentor and assign work to security engineers, advancing secure practices via code reviews, pair sessions, and tooling. Optional: Management for hiring/reviews if interested. Define the security perimeter within software architectures to establish clear trust boundaries where security requirements will be enforced across all components. Conduct detailed vulnerability impact assessments to accurately determine the severity and business risk of identified findings, guiding effective remediation priorities. Required Qualifications: Experience: 10 years in software/security engineering, 6 in sec-focused roles. Shipped secure cloud systems (AWS), CI/CD security, and compliance projects (CMMC/FedRAMP/NIST). Technical Expertise: Mastery of container security (Docker/K8s), tools (Trivy/Snyk/Falco/OPA), languages for tooling (Python/Rust). Modern attacks/defenses. Security Acumen: Fluency in threats (injection, lateral moves), controls (800-53 mappings), DevSecOps. SBOMs, zero-trust, SIEM-fed logging. Interpersonal Skills : ability to engage with staff internally in a constructive way and represent Spire externally Preferred Skills: AWS sec services (GuardDuty, Security Hub, Config), IaC (Terraform). Embedded/satellite sec (secure boot, updates). Open-source sec contribs. Relevant certs (CSSLP/OSCP/GIAC) if reflecting real expertise. Leadership Fit : Proven mentoring, leading initiatives, influencing in small teams. Bonus Other: Cleared for sensitive data; regulated industry exp (defense/aerospace). Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office. Access to US export-controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. LI-DC1 The anticipated base salary range for this position is listed below. Final base salary for this role will be based on the location, skills, experience and qualifications. In addition to base compensation, this role may be eligible for annual equity awards and our employee benefits program, including vacation, sick, and personal time off; optional medical, dental, vision, life, and disability coverage; a 401(K) plan; health and wellness reimbursement program; and participation in Spire's Employee Stock Purchase Plan. Salary Range $202,500—$238,500 USD Global Perks ? Name Your Satellite Program (NYSP) Launch Attendance Generous Time Off Policy Education Assistance Program Employee Assistance Program (EAP) Employee Stock Purchase Program (ESPP) Family Leave Fitness Reimbursement Employee Referral Program Healthy snacks & beverages in every office About Spire We improve life on Earth with data from space. Spire Global is a space-to-cloud analytics company that owns and operates the largest multi-purpose constellation of satellites. Its proprietary data and algorithms provide the most advanced maritime, aviation, and weather tracking in the world. In addition to its constellation, Spire's data infrastructure includes a global ground station network and 24/7 operations that provide real-time global coverage of every point on Earth. Spire is Global and our success draws upon the diverse viewpoints, skills and experiences of our employees. We are proud to be an equal opportunity employer and are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or veteran status. To help maintain a safe and secure workplace for Spire employees, all candidates who receive a conditional offer will be required to complete a background check. This may include criminal history and employment verification. Please take a moment to review Spire's Global Data Privacy Notice for Employees, Contractors, Candidates and Visitors, as well as Spire's Privacy Policy. Kindly be advised that communication regarding your application may come from @spire.com, @recruiting.spire.com, or from Candidate.fyi (our scheduling tool).

Keywords: Spire, Castle Rock , Principal Software Engineer, Product Security, IT / Software / Systems , Boulder, Colorado