Role Description Security Operations and Enablement Engineering is the layer between what the security organization needs and what the core platform provides. As a SO&E Engineer, you will close that gap by taking requirements surfaced by Operations and building the workflows, automations, and tooling that make detection and response faster, more consistent, and more scalable. This is not a role that waits for tickets. You will be in the room where operational problems get diagnosed, then own the technical execution that solves them. The work is varied by design. On any given week that might mean: - Building a dashboard that gives leadership real operational visibility - Automating a manual process that is costing analysts time - Translating a fuzzy operational complaint into a scoped, buildable requirement AI and agentic workflows are part of the toolkit here, but the through line is pragmatic problem solving: find what is slowing the security organization down and build something that fixes it. Qualifications - 5+ years building workflow automations, internal tooling, or operational infrastructure in a technical environment, ideally within security or a similarly complex domain - Demonstrated ability to operate across organizational functions — translating operational pain from non-technical stakeholders into precise, scoped technical requirements without significant back-and-forth - Proficiency in Python or similar scripting languages, with the ability to write clean, maintainable code that establishes patterns others can build on - Experience building and maintaining API integrations to connect tools and systems that don't talk to each other out of the box - Familiarity with security operations tooling including SIEMs, ticketing systems, and alerting platforms, sufficient to understand how analysts work and where automation creates real leverage - Experience building dashboards and reporting tooling sufficient to create meaningful operational visibility without relying on a dedicated BI team - Comfort operating in an ambiguous, fast-moving environment where the function is still being defined — able to set technical direction without a fully established playbook Requirements - Own and evolve the SO&E technical strategy, including how the function identifies, prioritizes, and delivers against operational gaps that the core platform does not address - Serve as the primary technical translator for requirements surfaced by SOC and Support Operations Managers, turning operational pain points into scoped, buildable solutions against a prioritized backlog - Partner with the Director to translate Product and operational priorities into scoped technical requirements, ensuring SO&E delivery is sequenced against the gaps that matter most to the business - Translate operational requirements into precise technical solutions including workflow automations, API integrations, internal tooling, and custom dashboards — and establish the standards others build to as the function scales - Build and maintain reporting and dashboard infrastructure that gives operators and leadership meaningful visibility into security performance and workflow health - Identify and drive toil reduction across SOC and Support workflows through automation, tooling improvements, and smarter use of existing capabilities including AI where appropriate - Evaluate new platforms and technologies against backlog needs, with a bias toward solutions that keep the team tool-agnostic and avoid unnecessary dependency - Establish and document technical standards across the build lifecycle that support long-term scalability and create a foundation for the function to grow on Benefits - 100% remote work environment - since our founding in 2015 - Generous paid time off policy, including vacation, sick time, and paid holidays - 12 weeks of paid parental leave - Highly competitive and comprehensive medical, dental, and vision benefits plans - 401(k) with a 5% contribution regardless of employee contribution - Life and Disability insurance plans - Stock options for all full-time employees - One-time $500 reimbursement for building/upgrading home office - Annual allowance for education and professional development assistance - $75 USD/month digital reimbursement - Access to the BetterUp platform for coaching, personal, and professional growth

• Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification. • Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation. • Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers. • Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking. • Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation. • Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk. • Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting). • Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes. • Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance. • Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices. • Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress. • Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.

• Oversee the full lifecycle delivery of physical security infrastructure projects within active data center construction and retrofit environments. • Manage the execution of physical security scopes including CCTV systems, access control systems, visitor management systems, fencing and perimeter protection, vehicle gates and barrier systems, lobby access portals and turnstiles, emergency safety devices, security equipment racks and servers, and structured cabling. • Coordinate directly with onsite Construction Managers, General Contractors (GCs), security integrators, cabling vendors, and cross-functional stakeholders. • Ensure all physical security systems are installed in accordance with approved design drawings, project specifications, organizational standards, and applicable code requirements. • Drive project schedule adherence and proactively identify schedule risks, installation deficiencies, resource constraints, and execution gaps. • Monitor day-to-day field activities to ensure quality installation practices and proper workmanship. • Partner closely with internal Physical Security Design and Engineering teams to validate project designs prior to execution. • Review construction drawings, low-voltage drawings, equipment layouts, and device placement documentation for constructability and alignment with operational requirements. • Identify design conflicts, scope gaps, or infrastructure deficiencies and coordinate remediation with the appropriate stakeholders. • Ensure all designs align with corporate safety, operational, and physical security standards. • Support value engineering discussions and design optimization efforts where applicable. • Lead and oversee commissioning activities for all physical security systems and supporting infrastructure. • Coordinate and validate device functionality testing, system integration testing, network connectivity verification, server and storage validation, access control functionality, CCTV camera image verification, alarm functionality testing, failover and redundancy testing, and end-to-end operational testing. • Develop and manage commissioning schedules and readiness activities. • Identify commissioning failures, document root causes, and directly manage remediation efforts through successful completion. • Ensure all commissioning documentation, test results, and turnover packages are complete and properly archived. • Document and track all project blockers, risks, installation deficiencies, commissioning failures, and design-related issues. • Drive issue resolution and coordinate escalation to responsible internal teams, vendors, integrators, or construction stakeholders. • Maintain detailed punch lists and remediation tracking logs through project closeout. • Proactively communicate project risks and mitigation strategies to leadership and project stakeholders. • Attend and actively participate in project kickoff meetings, construction coordination meetings, commissioning reviews, and weekly progress meetings. • Lead project meetings when required and provide clear status updates to stakeholders. • Submit detailed weekly project status reports to management outlining project progress, schedule status, risks and blockers, open action items, commissioning status, safety concerns, resource constraints, and upcoming milestones. • Build and maintain strong working relationships with internal teams, vendors, integrators, and operational stakeholders.

• Du entwickelst unsere AWS-Infrastruktur weiter und sorgst für einen stabilen, skalierbaren und sicheren Betrieb, natürlich mit Fokus auf Security. • Du betreust unsere SIEM-Lösung in Elastic, integrierst die anderen Teams und hältst diese am Laufen. • Bei Architekturentscheidungen und der Einführung neuer Projekte bist du von Anfang an dabei und bringst deine Ideen ein. • Du führst eigene Security Assessments oder PenTests durch und koordinierst unseren Fachpartner bei der Durchführung. • Du arbeitest eng mit Entwicklerteams, Architekten und Fachbereichen zusammen auf Augenhöhe und im direkten Austausch. • Du baust, dokumentierst, testest und bringst Dinge zum Laufen.