• Ensure that all information systems are managed, operated, and used IAW DISA STIGS and other applicable policies and procedures. • Support all ACPs (ACF2, RACF and CA TSS) utilized by the information systems. • Provide access control and account provisioning for all information systems. • Use DISA approved tools to plan, conduct, review, analyze, and correct findings in support of STIG reviews SRR. • Provide audit and inspection support for the government to include providing artifacts and evidence. • Support COOP exercises (Simulated and Table Top) exercises. • Grant and maintain access and account profiles for both individual and system resources. • Promptly report security violations IAW with specific security requirements for reporting incidents and violations. • Use DISA approved tools and follow policies for Change, Incident and Service Requests.

• Design, implement, and administer enterprise information security solutions. • Serve as a Tier‑3 escalation point for monitoring and responding to security incidents. • Implement controls and processes to meet internal and customer audit requirements. • Develop internal and customer‑facing security standards, policies, and procedures. • Execute incident response activities in accordance with the Ensono Incident Response Plan. • Evaluate, test, and deploy security application upgrades and patches. • Deliver consultative expertise on emerging threats, vulnerabilities, and risk mitigation strategies. • Document project plans, including timelines, milestones, and deliverables. • Mentor new and existing members of the security organization. • Provide recommendations and contribute to the development of security product roadmaps. • Partner with product owners to ensure alignment between solutions and security product offerings.

• Implement and maintain cloud security frameworks • Ensure compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL-4/IL-5 security mandates • Configure and manage Identity and Access Management (IAM) solutions • Conduct vulnerability assessments, security monitoring, and incident response • Develop and maintain System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M)

Role Overview NetBox Labs is hiring a Director of Security & IT to lead and scale security across our products, platform, AI initiatives, and corporate environment. Reporting to the CTO, this is a technical leadership role that owns DevSecOps, Product Security, AI Security & Risk, and Corporate IT / GRC. You will define how we build secure software, operate secure infrastructure, adopt AI responsibly, and run a mature internal IT and compliance function. This is not a governance-only CISO role; it is a leadership role embedded alongside engineering that shapes long-term security direction. What You’ll Do Security Architecture & Platform Strategy - Define and continuously evolve security architecture across our multi-tenant SaaS platform, on-prem product, and distributed agent systems. - Establish security design principles for multi-tenant isolation, IAM, secrets management, and cloud boundaries. - Embed security into engineering workflows through strong partnership with Engineering Directors and Principal Engineers. - Own governance, risk, and compliance strategy, including SOC 2 maturity and audit readiness. Own AI Security & Risk - Treat AI security as a first-class security domain and partner with our AI leaders to shape secure AI product strategy from inception. - Define guardrails for internal AI usage, including data access boundaries, vendor risk, model retention policies, and prompt leakage risks. - Anticipate how AI changes privilege models, data routing, and attack surface area. - Ensure AI adoption increases leverage without creating uncontrolled data exposure. Lead DevSecOps & Security Engineering - Define how security is embedded into CI/CD pipelines, infrastructure-as-code, identity systems, secrets management, and software supply chain workflows in partnership with platform and product engineering teams. - Guide the design of logging, detection, and response capabilities across our cloud and developer environments. - Oversee penetration testing programs and ensure findings translate into durable engineering improvements. - Build and grow the DevSecOps capability over time, including hiring dedicated engineers to own security tooling and automation. Lead Corporate IT & Governance, Risk & Compliance - Directly manage and coach the IT/InfoSec Manager and help mature the corporate IT, governance, risk, and compliance function. - Ensure endpoint security, vendor access, onboarding/offboarding, and internal systems meet strong security standards. - Align IT operations and compliance processes with engineering-driven security architecture. Required Experience - 10+ years in security, security engineering, or infrastructure/platform engineering roles. - Experience leading or building security programs in a high-growth B2B SaaS company. - Experience leading or mentoring security or infrastructure engineers. - Strong understanding of modern cloud and platform architectures and how security integrates into them. - Experience partnering closely with engineering teams to embed security into software development and infrastructure workflows. - Experience securing multi-tenant SaaS products and customer-facing platforms. - Experience operating within security and compliance frameworks such as SOC 2. - Ability to translate security risk into pragmatic engineering decisions and business tradeoffs. - Demonstrated hands-on use of modern AI tools internally or in product contexts, with a proactive and progressive approach to identifying and addressing emerging AI security risks. - Experience scaling security functions in a 50+ engineer organization. Nice to Have - Experience securing distributed agent-based or edge systems. - Experience with model vendor risk and data retention controls. - Familiarity with observability systems and telemetry pipelines. - Background in networking or infrastructure automation. - Experience scaling security functions in a 50+ engineer organization. Our culture and values: - We own and solve problems with high attention to detail. - Our open source contributors, users, customers & team are all part of our community. When our community wins, we win. - We prioritize simplicity and think twice before adding complexity - Clear communication helps keep our team aligned and collaborating smoothly. About NetBox Labs: NetBox Labs helps companies build and manage complex networks. We help customers accelerate network automation by delivering open, composable products and supporting the network automation community. NetBox Labs is the commercial steward of open source NetBox, the world’s most popular network source of truth, and Orb, the next-generation open source network observability platform. Our products include NetBox Enterprise, a fully supported self-managed NetBox with advanced features, and NetBox Cloud, a secure, scalable, and reliable SaaS edition of NetBox. NetBox powers thousands of companies, and NetBox Labs is backed by investment from Notable Capital (formerly GGV), Grafana Labs CEO Raj Dutt, Flybridge, IBM, Salesforce Ventures, and Mango Capital.