Position Summary STR seeks a skilled Contractor Special Security Officer (CSSO) to lead and maintain compliance for Special Access Programs (SAP) and classified programs at our new Atlanta facility. The CSSO will serve as the primary point of contact for SAP/SCI programs and ensure adherence to all applicable security policies and standards. The CSSO will also perform secondary Facility Security Officer (FSO) duties in support of STR’s Industrial Security Program, overseeing compliance with NISPOM and federal security requirements. ________________________________________ Essential Duties and Responsibilities CSSO Responsibilities (Primary): • Maintain robust security posture and compliance for multiple classified/SAP programs in accordance with DoDM 5205.07, ICD 705, and IC/DOD security policies. • Serve as primary liaison for SAP/SCI program security requirements; partner with STR Program Management and Security disciplines. • Maintain accurate personnel security records in SIMS, JADE, and Scattered Castles. • Conduct self-inspections, support staff assistance visits and manage external/internal program security assessments. • Develop, review, and implement security policies, Standard Operating Procedures, Program Protection (P2), and OPSEC/transportation plans. • Oversee classified material accountability, including Top Secret material. • Write, interpret, and administer DD254s and program documentation. • Review operational requirements and system specifications for incorporation of security measures. • Interpret and apply security classification guidance for programs. • Investigate/document security incidents and implement corrective actions. • Provide security training: initial/refresher briefings, debriefings, and foreign travel briefings. • Attend and participate in security and program meetings. FSO Responsibilities (Secondary): • Ensure full compliance with NISPOM (32 CFR Part 117), FOCI, ITAR, and related government/contractual security requirements. • Oversee the stand-up and management of new cleared facilities, including FCL approval and classified builds. • Manage personnel clearances via DISS/NBIS, eQIP; handle onboarding, briefings, debriefings, and continuous vetting. • Support KMP requirements and maintain Facility Security Clearance (FCL) records. • Oversee physical security systems: access control, alarms, secure storage. • Oversee classified material receipt, storage, transmission, and destruction while maintaining accurate accountability records. • Prepare, issue, and track contract/subcontract DD254 forms. • Conduct annual self-inspections and prepare for DCSA vulnerability assessments. • Develop and deliver security training, including insider threat awareness. • Report security incidents, suspicious contacts, and foreign travel, compliant with federal policies. Required Qualifications • U.S. Citizenship required. • Active Top Secret security clearance with SAP/SCI eligibility. • Minimum 5 years of experience as a CSSO, FSO, or Alternate FSO in the defense industry. • Bachelor’s degree preferred, or equivalent relevant security experience. • Completion of DCSA STEPP FSO Program Management Curriculum. • Demonstrated knowledge of NISPOM, ICD 705, DoDM 5205.07, FOCI, ITAR, and relevant standards. • Proficiency in DISS, NBIS, NISS, eQIP, SIMS, JADE, Scattered Castles, and MS Office. • Experience in interpreting and implementing security classifications, contracts, and incident response/mitigation. • Successful completion of CDSE’s “Intro to SAPs.” • Strong written and oral communication skills; ability to discreetly/diplomatically manage sensitive and complex communications. Preferred Skills • Industrial Security Professional (ISP) or ASIS Certified Protection Professional (CPP) certification. • COMSEC Custodian and/or Insider Threat Program Officer (ITPSO) experience. • Experience in classified information technology and physical/technical security. Key Competencies • Strong independent judgment and compliance orientation. • Expertise in security policy interpretation and development. • Excellent verbal and written communication skills. • Ability to manage complex or sensitive communication scenarios. Physical Demands / Work Environment • Onsite position in Atlanta, GA. • Ability to stand, bend, move throughout the facility for audits/inspections. • Occasional travel (approx. 5–10%) as required. Pay Information Full-Time Salary Range: $125,000.00 to $155,000.00 The salary range listed is based on external market data. Offers are based on factors, such as but not limited to, the candidate’s experience, education, training, key skills/critical skills, security clearances, and prevailing market and business conditions. STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us. STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer. STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info. STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws. If you need a reasonable accommodation for any portion of the employment process, email us at appassist@str.us and provide your contact info. Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.

• Define and execute the Business Units product security strategy aligned with FDA/MDR/524B expectations, and QMS requirements. • Lead and grow a global product security team, fostering collaboration that balances technical rigor with business needs. • Oversee security integration across medical devices, software, mobile applications, embedded devices, and cloud environments • Partner with Regulatory, Quality, Legal, Privacy, and Commercial teams to ensure cybersecurity requirements are built into Class I, II, and III devices, supporting PMA and 510(k) submissions. • Champion secure SDLC, DevSecOps, SBOM generation/validation, and vulnerability management across device and software platforms. • Lead emerging technologies (AI and Quantum Cryptography) for medical devices and that will be impacted by cybersecurity. • Make internal and external policy recommendations to mitigate threats and vulnerabilities. • Lead post-market security activities including vulnerability disclosures, CAPAs, routine cyber patching, and incident response. • Operationalize implementation of J&J's enterprise level Product Security Quality Standards and framework throughout the MedTech portfolio of medical devices and supporting platforms • Act as senior product security SME with customers, hospital IT/IS staff, and clinicians, translating technical requirements into clear business and clinical impact. • Represent product security in FDA and international regulatory inspections, reinforcing trust in our devices. • Advance Product Security J&J enterprise Governance and Quality efforts, including J&J Quality Standards for Product Security and ISRM Product Security Framework. • Lead product security Quality and Regulatory cyber efforts within J&J and through key industry forums (e.g., MDIC, AdvaMed, Health-ISAC) to drive alignment and industry collaboration. • Oversee centralized Product Security penetration testing function serving business unit product security teams to provide real-word risk identification and remediation across MedTech product portfolios. • Scaling centralized DevSecOps function serving business unit product security teams that integrate security tooling, secure development controls, and vulnerability management processes into CI/CD pipelines and engineering workflows.

• Apoiar testes de segurança em aplicações baseadas em LLMs, incluindo cenários de prompt injection, jailbreak, e manipulação de contexto. • Executar casos de teste em agentes internos e user-facing. • Contribuir para a evolução de suítes de testes usando ferramentas como Promptfoo. • Realizar validações funcionais e testes de regressão em serviços de AI Security. • Documentar achados técnicos, evidências, FAQs e boas práticas de forma clara e acionável.

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP • Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors • Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment • Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions • Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience • Drive the organization's transition to a Zero Standing Privilege model for all production environments • Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks • Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity • Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP) • Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders • Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice