Hermeus is an aerospace and defense technology company founded to radically accelerate air travel by delivering hypersonic aircraft. The company aims to develop hypersonic aircraft quickly and cost-effectively by integrating hardware-rich, iterative development with modern computing and autonomy. This approach has been validated through design, build, and test of the company’s first combined turbojet-ramjet engine and is now being scaled through its first flight vehicle program, Quarterhorse. Hermeus is also developing Darkhorse — an uncrewed hypersonic aircraft designed to deliver unique asymmetric capabilities to the warfighter.
As the Cybersecurity Engineer you will analyze, plan, implement, maintain, troubleshoot and enhance Hermeus growing complex systems and networks. Ideally, you would possess a wide range of security experience as well as expert knowledge of the NIST 800 series 800-53, 171) and CMMC 2.0 compliance in a Federal Government Contracting environment.
Responsibilities:
- Develop event response documentation and Standards, including diagrams for system environments, cloud operations, and security tools
- Review our architecture and design through a security lens to provide actionable, timely requirements and recommendations
- Serve as a subject matter expert for security tools, applications, and processes
- Analyzes and oversees the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information security management frameworks such as NIST 800-171 and CMMC 2.0.
- Work directly with team leads, IT and Engineers both on policy and technical implementation of technologies.
- Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance.
- Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends to IT or executive management.
- Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders, including law enforcement.
- Oversees the administration of authentication and access controls, including security/access roles, and access permissions to information assets.
- Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes mitigation of risk; oversees risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
Knowledge, Skills and Abilities:
- Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, or equivalent combination of education and work experience
- 8+ years of solid, diverse experience in Cyber Security Engineering and Incident Response
- Experience deploying and customizing security tools such as vulnerability scanners, static analyzers, IDS/IPS, firewalls, and endpoint security monitoring
- Strong Experience securing Cloud Applications using industry standard frameworks
- Must possess an active Top Secretclearance or be eligible to obtain one
- Ability to lead, motivate and direct team members, cross-functional partners and Engineering teams; and strong performance management skills to include coaching, goal setting, holding team members across multiple levels accountable
- Ability toperform Information System Security Engineer/Manager (ISSE/ISSM) functions for classified infrastructure
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles from technical teams to senior executives
- Extensive experience with enterprise security solutions (Endpoint Detection and Response, Security information and Event Management, IT services management and Cloud, etc.)
- Extensive experience with intrusion detection methodologies and techniques for detecting host and network-based intrusions
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Extensive experience withpreviousinformation classification programs and procedures for information compromise
- Proven experience in an information assurance, IT Risk and Compliance, information security, IT & Security audit, collaborating with external auditors (3PAOs) or other similar IT role involving IT security and compliance
EQUAL OPPORTUNITY
Hermeus is an Equal Opportunity Employer. Employment decisions at Hermeus are based solely on merit, competence, and qualifications, without regard to race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability, or any other legally protected status.