Skip to main content
aerospace engineering

The Factory That Screws Together Satellites Now Hires Its Own Hackers

By David Yu

Bastrop's Security Postings

SpaceX is recruiting a cluster of product security engineers for its Starlink manufacturing plant in Bastrop County, Texas, putting protective software work on the same footing as the factory line that builds the dishes and satellites.

LinkedIn carried multiple fresh Bastrop postings from SpaceX, with titles ranging from Product Security Engineer and Embedded Security Engineer to their senior counterparts, all carrying the Starlink label and mapping directly to the production stack. A prior senior product security listing drew 38 applicants in two weeks. An earlier March 12 posting for a Product Security Engineer at 858 Farm to Market Road 1209 has since expired.

The security roles serve the build-out, not Falcon rocket propulsion or launch vehicle work at Hawthorne or Starbase. They are factory-floor cybersecurity posts for a consumer and commercial satellite line — a manufacturer now treating secure code as a production input tied to the hardware leaving the line: dishes, gateways, routers. The hires land as Bastrop County commissioners have cleared a path for SpaceX to seek state Enterprise Zone tax breaks tied to the expansion, and as federal zero-trust mandates begin to treat the factory floor as part of the attack surface.

Those jobs sit inside a plant expanding fast. ConnectCRE reported the company is building 1.5 million square feet of Starlink production and warehouse space on the east side of FM 1209, alongside a separate 1.5 million-square-foot solar cell factory. PCMag wrote in 2026 that SpaceX prepares to double the manufacturing output at the Bastrop site. BizJournals said the firm is adding workers by the hundreds and poised to top 2,000 at the site. Texascapitalnews reported the company employs at least 800 people there, with hiring underway toward 1,000, placing it among the county's largest private employers.

The postings define the work without ambiguity. Engineers will design and build security infrastructure for Starlink, including cryptographic services and other security-critical services, and develop security features for the router, dish, gateways, and satellites. Candidate bars are specific: a bachelor's in computer science or another STEM field, or two-plus years of security software development in place of a degree. The listings ask for Python, C++, or Golang.

“We’ve only begun to scratch the surface of Starlink’s potential global impact and are looking for best-in-class engineers to help maximize Starlink’s utility for communities and businesses around the globe,” the Product Security Engineer (Starlink) posting says.

The hiring wave is part of a wider pull: 1,065 open SpaceX roles, with 141 posted in the past week at a median pay near $145,000, spanning a range from $25,000 to $355,000. The Bastrop security listings do not publish pay, but their skill demands match the upper half of that range.

Export rules narrow the field. Applicants must hold U.S. person status under ITAR — citizen, green card holder, refugee, or asylee. For a plant hiring by the hundreds, that constraint decides who can sit on the security bench. The posting also repeats a mission line: “Further our mission of providing secure and reliable Internet to underserved communities.”

A nomination labeled “Bastrop Kit Production Expansion” under the Texas Enterprise Zone Program could bring up to $3.75 million in sales tax refunds paid per employee if program targets are met. The tax refund nomination and the job postings both appeared in 2026, pinning the security hires to that expansion.

Zero-Trust Mandates Hit the Factory Floor

CISA issued Binding Operational Directive 26-03 on May 14, 2026, forcing every civilian federal agency to prove Zero Trust Architecture maturity across five defined pillars before December 31, 2026. The deadline is no longer guidance. It is a compliance line that now reaches the factory floors where satellites get built.

The order builds on CISA's June 2024 zero-trust paper, authored by the public-private Space Systems Critical Infrastructure Working Group. That document mapped how zero-trust tenets apply across space infrastructure from the first welded bracket to end-of-life burn-up. For the first time, federal security language treats the assembly line as part of it, not a trusted safe zone behind a fence.

CISA projects the space economy will more than triple to $1.4 trillion by 2030. Payload Research notes the data exchange in space presents a near-infinite number of attack surfaces, and a breach in a single constellation can cascade into national security failures, transportation outages, energy disruptions, and the economic systems that lean on positioning data.

Perimeter defense lost its footing years ago. CISA Director Jen Easterly said flatly that perimeter-based security no longer works for a distributed federal workforce. Her agency logged more than 40 significant intrusion campaigns in 2025 that exploited implicit trust in legacy network designs. Three agencies already sit under enhanced scrutiny after incidents that exposed zero-trust gaps.

"The blanket application of traditional IT-focused zero-trust capabilities to operational technology is neither reasonable nor feasible," CISA's April 2026 operational technology guidance states.

That caveat matters for manufacturing. Satellite plants run operational technology — programmable systems that move parts, cure composites, and monitor cleanrooms. These systems used to sit offline. They now sync with IT networks for production scheduling and telemetry. The link expands the attack surface and gives threat actors a path from email phishing to physical control.

Threat groups have already shown the pattern. They use living-off-the-land techniques inside IT networks while prepositioning to jump to operational technology. Historical malware such as CrashOverride, Havex, and Trisis manipulated industrial control systems. A facility that screws together Starlink user terminals carries the same class of risk as a pipeline operator.

Why the manufacturing line is now in scope

CISA's 2024 zero-trust paper is explicit: space systems require risk evaluation at every lifecycle stage, manufacture included. The rapid expansion of the space services market pushes companies to ship hardware fast. Racing to launch first, firms skip security steps. As more satellites crowd near-Earth space, terrestrial systems depend on them, and the threat mix widens from cyber criminals to nation-state advanced persistent threats.

Plants like SpaceX's Bastrop Starlink factory sit exactly where the mandate lands. The guidance does not name one company, but it covers any site that builds, integrates, or tests space hardware for government buyers. A security engineer walking that floor now answers to principles drafted in Washington.

The compliance clock drives procurement

The directive sets measurable maturity thresholds instead of general advice. Agencies that miss them face the Federal Cybersecurity Risk Determination Report, which triggers mandatory briefings to agency heads and OMB leadership. Gov.academy reported that industry observers expect the deadline to drive training demand across roughly 100 civilian agencies in scope.

For satellite manufacturers, the effect is indirect but hard. Federal procurement now favors zero-trust-aligned operations. Newer operational technology components can support security logging, secure communication protocols, and identity and access management that legacy machines lack. Network segmentation remains the foundational control on the plant floor.

CISA offers tools to close the gap. Its open-source SIEM, Malcolm, includes Zeek parsers for common OT protocols and supports deep traffic analysis without commercial cost. A Bastrop-scale plant could run it today.

What the research market is producing

Payload Research's 2026 report, sponsored by SpiderOak, surveys the space cybersecurity market — threats, the cost of failure, and the dynamics of the emerging zero-trust sector. The survey inside the report shows security teams reclassifying the factory as a node that must verify every device, not a zone guarded by a gatehouse.

The report's market analysis tracks a shift from perimeter tools to architectures that check identity, device health, and data access continuously. For space manufacturing, that means the shop floor's programmable logic controllers need the same scrutiny as the ground station uplink. A satellite is only as trusted as the line that built it. Plants that treat zero-trust as an IT department problem will fail the 2026 audit and lose federal contracts.

Who Guards the Hardware Now?

SpaceX's Sr. Product Security Engineer posting for Starlink, visible on the company's Zero G Talent page, tasks the hire with integrating security directly into factory processes and maintaining production systems. The Bastrop plant is not just bolting dishes together; it is hiring people who treat the assembly line as an attack surface.

The shift away from pure mechanical backgrounds shows up in the clearance and experience bars. A senior space cybersecurity role posted on unjoblink.org required 12 years of related engineering work, at least 8 of those in current space cybersecurity, plus a TS/SCI clearance from the U.S. government and U.S. citizenship. A traditional aerospace engineer with a decade in propulsion or structures would not clear that gate without a full career pivot. The Starlink security role mirrors this: it demands building security features for hardware and the factory network, not verifying tolerances on a weld.

Compensation follows the scarce skill set. The table below lays out documented pay for security-focused aerospace roles against the general cyber engineer average.

Role Source Salary data Core requirement
Cyber Security Engineer (general) interviewguy.com $96,765/yr average High demand, specialized hiring
Space Cybersecurity Systems Engineer (Senior) unjoblink.org $166,400–$249,600/yr 12 yrs eng, 8 yrs space cyber, TS/SCI
Sr. Product Security Engineer (Starlink) Zero G Talent first-party board (/space-companies/spacex) Upper tiers of SpaceX pay range Integrates security into factory processes

The senior space cyber band sits roughly 70% above the general average. Interviewguy.com data shows hiring cyber security engineers is difficult due to the field's specialization and high demand, which pushes companies to build internal pipelines rather than shop externally.

Boeing's cybersecurity careers page (dated 2026-07-09) describes training support and cites Antara, a Boeing India teammate who used digital learning to upskill into the field. The page also details a "Cyber-Range-In-A-Box" the company deployed so customers could simulate network attacks and find weaknesses. Space Force's civilian careers page requires completion of cyberspace training and mission qualification training for its cyber roles, and charges engineers with repairing and enhancing security programs. The interviewguy.com description adds that cyber engineers must research the latest IT security trends and train staff on prevention strategies.

Boeing profiles a named practitioner: product security engineer Anna Guthrie builds resilient technologies to protect against cyberattacks. Her job title would have been rare on an aerospace plant roster a decade ago, when manufacturing and test engineers ran the floor. Now the security engineer works beside the line, embedding cryptographic controls into dishes and gateways as they come off the bench.

The broader aerospace recruitment market reflects the same bend. ManpowerGroup's Work Intelligence Lab report examines technical candidate recruitment in aerospace and defense, flagging retention challenges and the need for new talent strategies. Octagon Group's 2026 outlook lists embedded software demand and systems engineering shortages as top trends. ClearanceJobs news reports that demand for cleared cyber and aerospace professionals keeps growing as defense contractors answer evolving mission needs. Artificial intelligence is also reshaping how organizations recruit for national security work, per the same source. For a mechanical engineer at Bastrop, the practical next step is learning the basics of cryptographic services or partnering with the new security hires.

Incentives and the Growing Footprint

Bastrop County commissioners unanimously approved a measure allowing SpaceX to apply for state tax incentives through the Texas Enterprise Zone Program, following more than an hour of public comment, Community Impact reported. The vote cleared a path for the company to pull down state-level breaks even as local officials stopped short of direct county subsidies.

The state had already moved first. On March 12, 2025, Governor Greg Abbott announced a $17.3 million grant from the Texas Semiconductor Innovation Fund to SpaceX for an expansion of its Bastrop semiconductor R&D and advanced packaging facility (gov.texas.gov). The award draws from the 2023 Texas CHIPS Act, which set up performance-based incentives for semiconductor research and manufacturing. The expansion is expected to create more than 400 jobs and more than $280 million in capital investment.

State grant sets the baseline

Community Impact documented the limit of local giveaways:

"Boring and Starlink did not ask for or receive incentives from the county for building in the area."

That line underscores that the county's role is permissive, not spendthrift. The commissioners' vote lets SpaceX chase Enterprise Zone benefits — property tax refunds on new investment — but Bastrop itself wrote no local checks. The $17.3 million state grant is the real money on the table, funded by the Texas Creating Helpful Incentives to Produce Semiconductors Act.

The Bastrop footprint is already large. Texascapitalnews.substack.com reported the same. No tenant is bigger than SpaceX, whose site is anchored by a 520,000-square-foot warehouse producing Starlink consumer hardware. Over the next three years the complex will add one million square feet to produce Starlink kits and advanced packaged silicon, per the state grant announcement. When complete, it will be the largest printed circuit board and panel level packaging facility in North America.

Headcount and plant scale

The security-capable plant sits inside this broader manufacturing surge. The local economic response is less about cyber titles and more about raw headcount and capital. Most of Zero G's recent postings are silicon and AI positions in California and Washington, not Bastrop floor jobs, but the Bastrop scale-up still feeds the county's workforce math as the company consolidates Starlink production in the county.

Metric Value Source
Texas Semiconductor Innovation Fund grant $17.3 million Gov. Texas (Mar 12, 2025)
Expected new jobs from expansion >400 Gov. Texas
Capital investment $280 million Gov. Texas
Current Bastrop employment 800–1,000 texascapitalnews
Planned added floor space 1,000,000 sq ft Gov. Texas
County population projection (5 yr) ~130,000 news.constructconnect.com
Resident pushback

Bastrop's population has increased by more than 30% over the past five years, according to the U.S. Census Bureau data cited by Spectrum Local News. The growth tracks Musk-affiliated companies — SpaceX, Starlink, The Boring Company — planting flags east of Austin. News.constructconnect.com projects the county will reach about 130,000 residents within five years. That influx fuels housing demand and strains rural infrastructure.

The expansion gets mixed reviews from the city's residents, Spectrum Local News noted. Public comment at the county commissioner hearing ran past an hour, signaling friction over road traffic and water use. One concern is that high-paying aerospace jobs price out service workers; another is whether the security-capable facility draws extra federal presence. The tension is typical of rural counties suddenly hosting advanced manufacturing.

Bastrop County's next step is administrative: process SpaceX's Enterprise Zone application and monitor the 400-job milestone tied to the state grant. If the hiring holds, the county will have traded an hour of public argument for a permanent seat on the space-manufacturing map.

Vendors and Rivals Follow the Playbook

SpaceX's decision to plant product security engineers at its Bastrop Starlink factory put a zero-trust wedge into space-manufacturing hiring. The move deliberately skipped launch-vehicle propulsion roles and consumer VPN trends. Vendors that sell identity-based networking and the satellite firms competing for constrained engineering talent are now building matching capabilities.

Tailscale, the mesh networking vendor founded in 2019, shows how the supplier side is positioning. As of July 2025, the company reported serving thousands of organizations and more than 10,000 businesses globally, with customers including Microsoft, Telus, The New York Times, SAP, Instacart, and Duolingo (tailscale.com). Its July 2025 survey of 1,000 IT, security, and engineering professionals across North America exposed why legacy remote access no longer fits factory or flight hardware work.

Access infrastructure metric Share of pros
Legacy VPN still primary Two in five (41%)
Say current VPN "works well" One in ten (10%)
Use identity-based access as primary About three in ten (29%)
Manage access controls manually Two-thirds (68%)
Run multiple network security tools Nine in ten (92%)

The numbers explain the vendor pitch. Five in six of those surveyed admit to actively bypassing security controls, while about two-thirds kept access to internal systems after leaving a prior employer and nearly all want to redesign their setup. At companies stuck on VPNs, employees were nearly twice as likely to report broken access or workarounds than those on modern tools. Tailscale's own material states the fix is identity-based authentication enforced at the network layer, so trust is never assumed (tailscale.com).

Engineers are building the pattern themselves. A GitHub project by CyberSec421 published in May 2025 configures secure remote access with Tailscale as a zero-trust VPN, specifying that devices communicate only after authentication and authorization. Another by boyeadesemowo documents a Linux-based Tailscale exit node on VMware ESXi, focused on architecture and trust boundaries for identity-based outbound access. These are not space-plant deployments, but they show the skill set migrating from cloud teams to physical production networks.

Rival satellite manufacturers feel the same pressure. Thales Alenia Space posted 220 roles on Zero G Talent's board in the past seven days, including Senior Software Engineer and Principal Electrical Engineer positions in Austin and Irvine. The volume of software and electrical hires signals teams that must handle sensitive design data under zero-trust rules. Millennium Space Systems, a Boeing Defense unit described as a fast small-satellite company for national security space, builds missions where supply-chain access control is non-negotiable.

Tailscale's survey found 42% believe their access setup will be outdated within two years, and 49% say it is not scalable. Nearly half of companies are consolidating toolsets, with early adopters moving to identity-first and just-in-time models.

The next step is job descriptions. Tailscale's report predicts peer-to-peer mesh architectures that are identity-aware will become default, with AI adjusting policy dynamically from context. Vendors and satellite peers that copy Bastrop's playbook will write zero-trust into the required skills for plant engineers, not just the IT queue.


Working in space? Zero G Talent tracks the openings: see every open Thales Alenia Space role, browse space jobs, openings at SpaceX, and the people building the field.