• Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification. • Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation. • Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers. • Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking. • Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation. • Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk. • Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting). • Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes. • Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance. • Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices. • Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress. • Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.

• Oversee the full lifecycle delivery of physical security infrastructure projects within active data center construction and retrofit environments. • Manage the execution of physical security scopes including CCTV systems, access control systems, visitor management systems, fencing and perimeter protection, vehicle gates and barrier systems, lobby access portals and turnstiles, emergency safety devices, security equipment racks and servers, and structured cabling. • Coordinate directly with onsite Construction Managers, General Contractors (GCs), security integrators, cabling vendors, and cross-functional stakeholders. • Ensure all physical security systems are installed in accordance with approved design drawings, project specifications, organizational standards, and applicable code requirements. • Drive project schedule adherence and proactively identify schedule risks, installation deficiencies, resource constraints, and execution gaps. • Monitor day-to-day field activities to ensure quality installation practices and proper workmanship. • Partner closely with internal Physical Security Design and Engineering teams to validate project designs prior to execution. • Review construction drawings, low-voltage drawings, equipment layouts, and device placement documentation for constructability and alignment with operational requirements. • Identify design conflicts, scope gaps, or infrastructure deficiencies and coordinate remediation with the appropriate stakeholders. • Ensure all designs align with corporate safety, operational, and physical security standards. • Support value engineering discussions and design optimization efforts where applicable. • Lead and oversee commissioning activities for all physical security systems and supporting infrastructure. • Coordinate and validate device functionality testing, system integration testing, network connectivity verification, server and storage validation, access control functionality, CCTV camera image verification, alarm functionality testing, failover and redundancy testing, and end-to-end operational testing. • Develop and manage commissioning schedules and readiness activities. • Identify commissioning failures, document root causes, and directly manage remediation efforts through successful completion. • Ensure all commissioning documentation, test results, and turnover packages are complete and properly archived. • Document and track all project blockers, risks, installation deficiencies, commissioning failures, and design-related issues. • Drive issue resolution and coordinate escalation to responsible internal teams, vendors, integrators, or construction stakeholders. • Maintain detailed punch lists and remediation tracking logs through project closeout. • Proactively communicate project risks and mitigation strategies to leadership and project stakeholders. • Attend and actively participate in project kickoff meetings, construction coordination meetings, commissioning reviews, and weekly progress meetings. • Lead project meetings when required and provide clear status updates to stakeholders. • Submit detailed weekly project status reports to management outlining project progress, schedule status, risks and blockers, open action items, commissioning status, safety concerns, resource constraints, and upcoming milestones. • Build and maintain strong working relationships with internal teams, vendors, integrators, and operational stakeholders.

• Du entwickelst unsere AWS-Infrastruktur weiter und sorgst für einen stabilen, skalierbaren und sicheren Betrieb, natürlich mit Fokus auf Security. • Du betreust unsere SIEM-Lösung in Elastic, integrierst die anderen Teams und hältst diese am Laufen. • Bei Architekturentscheidungen und der Einführung neuer Projekte bist du von Anfang an dabei und bringst deine Ideen ein. • Du führst eigene Security Assessments oder PenTests durch und koordinierst unseren Fachpartner bei der Durchführung. • Du arbeitest eng mit Entwicklerteams, Architekten und Fachbereichen zusammen auf Augenhöhe und im direkten Austausch. • Du baust, dokumentierst, testest und bringst Dinge zum Laufen.

• Design and maintain end-to-end data security architecture across Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform. • Define and enforce enterprise data classification, labeling, and handling standards aligned with Microsoft Purview Information Protection. • Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers. • Lead threat modeling sessions for data pipelines and analytics workloads, identifying and mitigating risks proactively. • Establish a Zero Trust data security model across all data platforms and integration points. • Architect and govern data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security. • Design role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL. • Implement and operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data estates. • Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure. • Oversee encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest / data-in-transit encryption standards. • Partner with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication. • Lead the implementation and tuning of Microsoft Defender for Cloud data security posture management (DSPM) capabilities. • Architect and implement Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, including metastore design, catalog/schema/table-level permissions, and row/column-level security. • Design Databricks workspace security including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists. • Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID. • Implement dynamic data masking and column-level security policies within Unity Catalog to protect PII, PHI, and sensitive financial data. • Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies via Databricks system tables. • Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes. • Conduct security reviews of MLflow models and Feature Store configurations to address data leakage risks in ML pipelines. • Ensure data platform compliance with relevant regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS where applicable. • Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms. • Conduct regular security risk assessments, gap analyses, and maturity evaluations of the data security program. • Develop and maintain security runbooks, policies, and standards documentation for data platform operations. • Coordinate with legal, compliance, and privacy teams to respond to data subject access requests (DSARs) and regulatory inquiries. • Serve as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle. • Lead security architecture review boards for new data initiatives, third-party data integrations, and major platform changes. • Develop and lead a structured mentoring program for junior and mid-level engineers and architects, providing one-on-one coaching, career guidance, and skills development roadmaps tailored to each individual’s growth goals. • Conduct regular knowledge-sharing sessions, lunch-and-learns, and internal workshops to upskill teams on evolving data security threats, tooling, and compliance requirements across the Microsoft and Databricks ecosystems. • Partner with engineering managers and HR to define data security competency frameworks, leveling guides, and certification pathways that support talent development and retention across the data platform organization. • Establish and maintain a community of practice around data security, fostering peer learning, documentation culture, and cross-team collaboration on shared security challenges and architectural patterns. • Collaborate with SecOps and SOC teams to build data-specific detection rules, incident response playbooks, and forensic investigation capabilities. • Present security posture, risk findings, and remediation roadmaps to executive leadership and board-level stakeholders.