Senior Security Engineer

About The Position

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or a related field.
• 7+ years of experience in cybersecurity engineering roles, preferably in aerospace, defense, or other regulated industries.
• Deep understanding of NIST 800-171, DFARS, and ITAR compliance requirements.
• Extensive track record as a technical lead and subject matter expert for implementation of cybersecurity projects and initiatives.
• Proven experience in systems hardening, including application of DISA STIGs and CIS benchmarks.
• Hands-on experience with forensic tools and investigative methodologies.
• Familiarity with OT environments and associated security challenges.
• Experience with enterprise DLP, classification, and encryption technologies.
• Excellent communication, documentation, and cross-functional collaboration skills.
• Relevant certifications (e.g., CISSP, GIAC, GCFA, CEH, CKS) are highly desirable.

Nice To Haves

• Experience with cloud-native security tools (AWS, Azure) as well as legacy on-premises solutions.
• Knowledge of Zero Trust and SASE frameworks.
• Scripting and automation skills (Python, Bash, etc.).
• Experience working with government or defense contractors.

Responsibilities

• Serve as a technical lead and subject matter expert for cybersecurity projects and initiatives.
• Design, implement, and maintain security architectures that align with business and regulatory requirements.
• Collaborate with cross-functional teams including IT, engineering, legal, and compliance to ensure security is embedded across systems and processes.
• Conduct risk assessments and threat modeling to identify vulnerabilities and recommend mitigation strategies.
• Develop and maintain security plans, and procedures, support maintenance of policies and standards.
• Monitor and respond to security incidents, ensuring timely resolution and documentation.
• Mentor junior security analysts and leads and contribute to team development and knowledge sharing.
• Stay current with emerging threats, technologies, and industry best practices.
• Support audits, assessments, and reporting for internal and external stakeholders.
• Advocate for security awareness and training across the organization.
• DLP Strategy & ExecutionLead the evaluation, selection, and deployment of modern Data Loss Prevention (DLP) solutions to replace legacy systems, ensuring alignment with compliance and business needs.
• Operational Technology (OT) GovernanceDevelop and enforce security policies and controls for OT environments, including ICS/SCADA systems, with a focus on secure integration in aerospace and defense manufacturing settings.
• Digital Forensics & InvestigationsConduct forensic analysis of security incidents, support internal investigations, and maintain proper chain-of-custody and evidence handling procedures.
• Digital Signatures & Email EncryptionDesign and manage enterprise-wide digital signature and secure email encryption solutions to protect sensitive communications and intellectual property.
• Systems Hardening & STIG ComplianceLead efforts to harden systems across the enterprise, with a strong focus on applying DISA STIGs and other industry benchmarks to ensure secure configurations for Windows and Linux OSes, networking with PAN firewalls and GlobalProtect VPN, O365, TeamCenter, and other organizational systems.
• Classification Suite ReplacementLead the transition from legacy data classification tools to modern, automated classification and labeling solutions that support compliance with NIST 800-171 and ITAR.
• Zero Trust Architecture ImplementationDrive the design and implementation of Zero Trust principles across identity, device, network, and application layers.
• Secure Access Service Edge (SASE)Architect and deploy SASE solutions to unify networking and security services, enabling secure access for distributed and hybrid workforces.
• NIST 800-171 ComplianceEnsure security controls and processes align with NIST 800-171 requirements, supporting DFARS compliance and audit readiness.
• SIEM Configuration and ManagementConfigure and manage log sources, syslog servers; assist with automation development, conduct regular reviews of log sources and event IDs.