Principal Cloud Security Engineer

ABOUT ROCKET LAB

Rocket Lab is an end-to-end space company delivering responsive launch services, complete spacecraft design and manufacturing, payloads, satellite components, and more – all with the goal of opening access space. The rockets and satellites we build, and launch enable some of the most ambitious and vital space missions globally, supporting scientific exploration, Earth observation and missions to combat climate change, national security, and exciting new technology demonstrations.

Our Electron rocket has become the second most frequently launched U.S. rocket annually and has delivered more than 230 satellites to orbit, all while we work to develop Neutron, our upcoming medium-lift, reusable launch vehicle for larger constellation deployment. Our Space Systems business designs and builds our extensive line of satellites, payloads, and their components, including spacecraft that have been selected to support NASA missions to the Moon and Mars and components used on the James Webb Space Telescope.

IT

Rocket Lab’s IT team is responsible for how our global teams access information and run operations across our computer systems, networks, and devices. Our hardworking IT team is a group of flexible problem-solvers working in a fast-paced environment but who also thrive under the challenge of supporting all of our proprietary systems and people, from finance to launch operations.

PRINCIPAL CLOUD SECURITY ENGINEER

Based out of Rocket Lab's Conant office in Long Beach, CA the Principal Cloud Security Engineer must demonstrate a firm grasp of cloud-first, automated, API-driven security and statistical risk concepts and communication. They will work on securing all facets of Rocket Lab’s cloud presence: the wide array of vendor services, code pipelines deploying into prod and non-prod environments, and automation performing an assortment of business-critical operations. They will provide analyses including quantifiable statistical information regarding IT and Cybersecurity risk to business partners with fiduciary responsibility. They will support the IT organization to develop a secure, reliable, and fiercely efficient platform to empower the Rocket Lab’s objectives as a rapidly growing multinational space company.

WHAT YOU’LL GET TO DO:

• Design, implement, and maintain security controls for hybrid cloud-based environments, including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS) solutions.
• Design and develop custom automation in pursuit of cyber team objectives.
• Provide security support for internal and external design reviews related to security.
• Conduct security assessments and risk analyses to identify vulnerabilities and develop mitigation strategies for automated infrastructure such as public cloud, CI/CD pipelines, and agentic systems.
• Work with Infrastructure Operations to Implement and manage identity and access management (IAM) solutions to control access to cloud resources and applications.
• Develop documentation, plans, and proofs of concept for cybersecurity-related platform improvements.
• Configure and monitor cloud security tools and services.
• Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), DevOps, and MLOps processes.
• Maintain systems to help the team stay up-to-date on emerging threats, vulnerabilities, and industry best practices related to DevSecOps/MLOps and recommend proactive measures to enhance security posture.
• Provide guidance and support to internal teams on security-related matters, including incident response, compliance, and security awareness training.
• Participate in regular security audits, assessments, and compliance reviews to ensure adherence to regulatory requirements and industry standards.

YOU’LL BRING THESE QUALIFICATIONS

• Bachelor’s degree in computer science or cybersecurity, or equivalent career experience
• 12+ years experience with scripting languages such as bash, powershell, or python
• 12+ years experience with configuration management / infrastructure as code such as CFengine, Puppet, Ansible, Cloudformation, Terraform
• Extensive experience with git-driven version control such as Github, GitLab, Bitbucket, Phorge, etc.
• Extensive experience in ticketing systems such as Jira, ServiceNow
• Experience working under ITIL/Change Review systems
• Experience with VMDBs like Brinqa or Tenable
• Experience working under US Government compliance regimes (HIPAA, CCTT, NIST, DISA STIG, etc.)
• Proven experience in cloud security architecture, design, and implementation, with expertise in major cloud platforms such as AWS, Azure, or Google Cloud Platform
• Strong understanding of networking concepts, encryption techniques, and secure communication protocols
• Extensive experience reading network traffic captures and packet dumps, core dumps, and system logs
• Extensive experience with CLI scanning tools like Trivy, ClamAV, Trufflehog, OpenSCAP and Grype
• Hands-on experience with cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center
• Experience with vendor-agnostic assessment engines like Cloud Custodian, Panther, or PowerPipe
• Experience with databases like postgresql, sqlite and data formats like parquet and arrow
• Experience with analytics systems like PowerBI or Jupyter

THESE QUALIFICATIONS WOULD BE NICE TO HAVE:

• Advanced degree in computer science, compliance, or law
• Involvement with community cybersecurity organizations
• Experience with the following:
  • Compiled languages like C++, rust, or golang
  • Significant outage / incident management
  • AWS GovCloud / Azure GCC High
  • Wireshark/tcpdump
  • CI/CD pipeline security
  • Tier 2 cloud vendors
  • Hybrid cloud engineering
  • SAST and DAST testing
  • Secrets management / vaults / HSMs
  • Vulnerability research / pentests / “red teaming”
  • Organizing CTFs
  • Cloud incident response / forensics
  • Log aggregators like Graylog, ELK, or Splunk
  • Security bot development

ADDITIONAL REQUIREMENTS:

• Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and the ability to focus.
• Regularly required to sit, use hands and fingers, operate computer keyboard and controls, and communicate verbally and in writing.
• Must be physically able to commute to buildings.
• Occasional exposure to dust, fumes and moderate levels of noise.

Level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.

Base salary is just one component of our total rewards package at Rocket Lab. Employees may also receive company equity and access to a robust benefits package including: top tier medical HMO, PPO & a 100% company-sponsored medical HSA plan option, dental and vision coverage, 3 weeks paid vacation and 5 days sick leave per year, 11 paid holidays per year, flexible spending and dependent care savings accounts, paid parental leave, disability insurance, life insurance, and access to a 401(k) retirement plan with company match. Other perks include: Discounted employee stock purchase program, subsidized EV charging stations, onsite gym, food and drinks, and other discounts.

Eligibility for benefits may vary based on employment status, please check with your recruiter for a comprehensive list of the benefits available for this role. Benefit programs are subject to change at the company’s discretion.

Base Pay Range (CA Only)

$150,000—$175,000 USD

WHAT TO EXPECT

We’re on a mission to unlock the potential of space to improve life on Earth, but that’s not an easy task. It takes hard work, determination, relentless innovation, teamwork, grit, and an unwavering commitment to achieving what others often deem impossible. Our people out-think, out-work and out-pace. We pride ourselves on having each other’s backs, checking our egos at the door, and rolling up our sleeves on all tasks big and small. We thrive under pressure, work to tight deadlines, and our focus is always on how we can deliver, rather than dwelling on the challenges that stand in the way.

Important information:

FOR CANDIDATES SEEKING TO WORK IN US OFFICES ONLY:

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), Rocket Lab Employees must be a U.S. citizen, lawful U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be eligible to obtain the required authorizations from the U.S. Department of State and/or the U.S. Department of Commerce, as applicable. Learn more about ITAR

Rocket Lab provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment at Rocket Lab, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Applicants requiring a reasonable accommodation for the application/interview process for a job in the United States should contact Giulia Johnson at

FOR CANDIDATES SEEKING TO WORK IN NEW ZEALAND OFFICES ONLY:

For security reasons background checks will be undertaken prior to any employment offers being made to an applicant. These checks will include nationality checks as it is a requirement of this position that you be eligible to access equipment and data regulated by the United States' International Traffic in Arms Regulations.

Under these Regulations, you may be ineligible for this role if you do not hold citizenship of Australia, Japan, New Zealand, Switzerland, the European Union or a country that is part of NATO, or if you hold ineligible dual citizenship or nationality. For more information on these Regulations, click here