We are a rapidly growing, US-based space startup revolutionizing satellite imaging using advanced in-orbit capabilities. Specifically, our expertise lies in leveraging in-space assets for Space Domain Awareness (SDA) and Non-Earth Imaging (NEI). As an international company, we navigate a unique landscape while delivering critical services to our clients. Having recently secured several significant contracts, we are expanding our team to meet the exciting demands of our growth.

To support this next phase, we’re building a high-performing, interdisciplinary team capable of pushing the boundaries of space technology. We’re looking for talented, passionate people who value collaboration, growth, and learning to join us.

HEO is a post-Series A company backed by high-profile venture funds including Airtree, Y Combinator, and In-Q-Tel. We are headquartered in Sydney, Australia, with offices in London, UK, and Washington, D.C., USA.

Role Overview

As HEO USA’s first dedicated Security & DevOps Engineer, you will be the technical architect and lead for our domestic cloud infrastructure. You will lead the critical mission of migrating, securing, and managing sensitive HEO data to our US-based AWS environment.

This role requires a hands-on expert who can build automated CI/CD pipelines while simultaneously architecting a CMMC (Cybersecurity Maturity Model Certification) compliant program from the ground up to support our US government and defense-related contracts.

Key Responsibilities

1. Cloud Migration & Infrastructure (AWS)

• Data Migration: Design and execute the secure transfer of data and services from international AWS regions to US-based regions (e.g., US-East-1 or AWS GovCloud).
• Infrastructure as Code (IaC): Build and maintain the US cloud footprint using Terraform or CloudFormation to ensure repeatable, documented environments.
• Architecture: Optimize the AWS stack for performance, cost, and high availability, ensuring it meets the specific operational needs of the US subsidiary.

2. DevSecOps & Automation

• CI/CD Pipeline Security: Integrate automated security scanning (SAST/DAST) and dependency checking into the deployment pipeline.
• Container Security: Manage and secure containerized workloads (Docker/K8s), ensuring image scanning and runtime protection.
• Monitoring & Logging: Implement comprehensive observability using tools like AWS CloudWatch, CloudTrail, or ELK Stack to ensure real-time threat detection.

3. Cybersecurity & CMMC Compliance

• CMMC Program Development: Architect and implement the technical and administrative controls required for CMMC Level 2 (or higher) compliance.
• Identity & Access Management (IAM): Enforce the Principle of Least Privilege (PoLP) and Zero Trust architecture across all US systems.
• Vulnerability Management: Lead regular patching cycles, vulnerability scans, and coordination of third-party penetration testing.
• Documentation: Maintain the System Security Plan (SSP) and Plan of Action and Milestones (POA&M) required for federal audits.

Required Qualifications & Skills

• Experience: 4+ years in DevOps, Site Reliability, or Security Engineering roles with a heavy focus on AWS supporting federal and public sector programs (preferably DoD and Intelligence Community)
• AWS Mastery: Deep technical proficiency with VPC, IAM, S3, EC2, RDS, and AWS Security Hub. Experience with AWS GovCloud is a significant plus.
• Compliance Expertise: Proven track record of building and maintaining environments compliant with CMMC (Level 2+), NIST 800-171, or FedRAMP.
• Automation Tools: Expertise in Infrastructure as Code (Terraform, Ansible, or CloudFormation) and CI/CD tools (GitHub Actions, GitLab CI, or Jenkins).
• Security Tooling: Hands-on experience with SIEM, EDR, and vulnerability scanners (e.g., Nessus, Qualys, or Snyk).

Preferred Certifications

• AWS Certified Solutions Architect – Associate or Professional
• AWS Certified Security – Specialty
• CISSP (Certified Information Systems Security Professional)
• CMMC Certified Professional (CCP)

Rewards & Benefits

We understand that a competitive offer extends beyond base salary. As a rapidly growing startup, we're committed to building a highly motivated team and believe in sharing our success. We offer a comprehensive total rewards package designed to attract and retain top talent:

• Competitive Base Salary: We offer a strong base salary commensurate with your experience and the significant impact you'll have on our growth.
• Employee Stock Option Plan (ESOP): As an early-stage employee, you'll receive a meaningful grant of employee stock options. This provides you with an ownership stake in our company and the opportunity to share directly in our future success. We believe in aligning your contributions with our collective growth, offering substantial upside potential as we achieve our ambitious milestones.
• Company-sponsored 401(k): Matching contributions vested immediately.
• Comprehensive Healthcare: Your well-being is a priority. We provide a robust employer-sponsored healthcare plan to ensure you and your family have access to quality medical care.
• Generous Paid Time Off: We value work-life balance and offer annual Paid Time Off (PTO) plus additional dedicated sick days.
• Paid Federal Holidays: Enjoy all federal holidays throughout the year, allowing you to recharge and spend time with loved ones.

What We Value:

You’ll love being on our team if you are someone who:

• Thrives in an ambiguous, semi-structured and dynamic environment.
• Upholds the highest level of integrity.
• Is proactive and takes initiative.
• Isn’t afraid to pitch in where the team needs you most.
• Can be depended on to do what they say and uphold their end of the teamwork.
• Is innovative, agile and flexible.
• Fully believe if you’re not having fun doing what you do, you are in the wrong place.

HEO USA is an Equal Opportunity Employer (EOE).

We are committed to providing equal employment opportunities to all qualified applicants and employees without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions, sex stereotyping, transgender status, and gender identity), national origin, age (40 or older), marital status, sexual orientation, disability, genetic information, military or veteran status, or any other characteristic protected by federal, state, or local law.

As a federal contractor, we are committed to affirmative action for protected veterans and individuals with disabilities. We strive to create a diverse and inclusive workforce where all employees feel valued, respected, and have the opportunity to contribute to their fullest potential.

We provide reasonable accommodations to qualified individuals with disabilities and for religious beliefs, practices, or observances, unless doing so would cause undue hardship. If you require an accommodation to participate in the application or interview process, please reach out.