Mach is a defense manufacturing company that builds munitions to help the United States win future wars. Backed by $85M in funding from top venture firms, our small lean team ideates, designs, manufactures, and sells cutting-edge weapons to the Department of Defense.
Role Summary:
We are seeking a skilled Information Security Engineer to join our team, responsible for protecting our organization’s information systems and data. The primary objective of this role is to implement and maintain security measures that comply with industry standards, including NIST 800-171 and CMMC, while effectively managing risks associated with information security. The successful candidate will play a vital role in conducting risk assessments, responding to security incidents, and a culture of security awareness within the organization.
Key Responsibilities:
- Implement and maintain compliance with NIST 800-171 and CMMC frameworks, ensuring the organization meets all necessary security requirements.
- Conduct comprehensive risk assessments to identify vulnerabilities and implement effective risk mitigation strategies across the organization.
- Stay current with DoD cybersecurity policies, including the Risk Management Framework (RMF), to ensure all practices align with regulatory requirements.
- Utilize SIEM, EDR/XDR, and SOAR tools to monitor, assess, and enhance the security posture of the organization.
- Execute scanning, reconnaissance, and penetration testing to discover weaknesses in security defenses and enhancements.
- Manage and secure cloud services, including but not limited to AWS, Azure, and DISA mil, ensuring compliance with security requirements.
- Develop scripts using bash, shell, PowerShell, and other programming languages to automate security tasks and improve efficiency.
- Lead responses to security incidents, overseeing investigation, containment, eradication, and recovery processes. Conduct post-incident reviews and suggest improvements for future prevention.
- Design and conduct security training and awareness programs to educate staff on security policies and best practices, promoting a security-first culture.
- Maintain detailed documentation of security systems, policies, procedures, and incident reports. Update security documentation as necessary to reflect changes in procedures or regulations.
- Conduct detailed analysis of security events, compile data, and provide insights in written reports, correspondence, or verbal briefings to stakeholders.
Minimum Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.
- Minimum of 5 years of experience in cyber/information security roles, with a focus on risk assessment and compliance.
- Hands-on experience with NIST 800-171, CMMC, and the Risk Management Framework (RMF).
- Proficiency with SIEM tools, EDR/XDR tools, SOAR tools, and cloud security tools. Familiarity with IT networking, Windows, and cloud systems.
- Proficient in bash, shell, PowerShell, Python, and/or basic scripting on Linux and Windows platforms.
- Strong analytical skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment.
Preferred Qualifications:
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar credentials.
- Experience with advanced cybersecurity frameworks and methodologies, including incident response and penetration testing.
- Experience with securing cloud platforms and services, particularly AWS, Azure, and GCP.
Ideal Candidate:
- The ideal candidate is proactive, detail-oriented, and thrives in a dynamic, collaborative environment. They possess a strong understanding of information security principles and the ability to analyze complex security issues. A successful Information Security Engineer will have experience in conducting risk assessments and implementing security measures that are compliant with industry standards. They should be adept at using various security tools and technologies, as well as possess a solid foundation in IT networking and cloud security. Strong communication and training abilities are essential for this role, as the candidate will be responsible for fostering a culture of security awareness within the organization.
Disclosures
This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). Please note that any offer for employment may be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations without sponsorship for an export license.
The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offers may vary based on (but not limited to) work experience, education and training, critical skills, and business considerations. Highly competitive equity grants are included in most offers and are considered part of Mach’s total compensation package. Mach offers benefits such as health insurance, retirement plans, and opportunities for professional development.
Mach is an equal opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. If you’d like to defend the American way of life, please reach out!
