Senior Cybersecurity Engineer - Compliance
Epirus
About Epirus
Epirus is a high-growth technology company developing software-defined high-power microwave (HPM) systems with devastating counter-electronics effects on modern drone threats. The Epirus Leonidas HPM family of products, empowered by innovations in AI and microelectronics, is human-safe and cost-effective. Distinguishing itself from lasers, Leonidas excels against drone swarms while also bending the cost curve back in DoD's favor - taking drone defeat costs from millions of dollars per drone to pennies on the dollar.
Job Summary: Epirus seeks a Cybersecurity Engineer – Compliance to lead the NIST SP 800-171 implementation and maintenance to obtain Cybersecurity Maturity Model Certification (CMMC). The candidate should be experienced in assessing current compliance, performing gap assessments, and implementing controls for various government compliance frameworks. This is a hands-on engineering role that requires experience in writing policies, making changes to infrastructure, cross-departmental collaboration, and evangelizing cybersecurity across the organization.
Responsibilities:
- Assess, implement, and maintain Epirus’ CMMC framework and compliance program, including writing guidelines, policies, procedures, and other technical documentation
- Lead CMMC gap assessment, remediations, and formal certification
- Collaborate with other departments and customers to develop tailored policies, and procedures, and inspire enterprise adoption
- Perform administration of cloud and on-premises services such as Azure and AWS
- Implement automation and anti-regression patterns for ongoing compliance auditing and maintenance tasks, such as internal and external audits, risk assessments, incident response, and exposure management
- Develop and maintain network diagrams, vendor lists, system maps, and hardware/software asset lists
Basic Qualifications:
- Must have, or be willing to obtain, a United States security clearance
- Experience with NIST SP 800-171 and CMMC frameworks
- 5+ years of hands-on detection engineering experience
- Previous defense industry experience
- Experience writing System Security Plans (SSP) and Plan of Action and Milestones (POA&M)
- Ability to conduct risk assessments and execute appropriate risk mitigations
Preferred Skills and Experience:
- Experience writing cybersecurity policies
- Experience with using a GRC management platform, ex: Ignyte, Drata, AuditBoard
- Experience working with modern cybersecurity tooling such as vulnerability scanners, SIEM, NIDS/HIDS, XDR/EDR
- Possess industry-relevant certifications: CRISC, CGEIT, CISM, CISSP, Security+, Network+
- Ability to participate in or manage Computer Incident Response Team (CIRT) activities, including computer forensic analysis
ITAR REQUIREMENTS:
- To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
People are the most important part of Epirus – and always come first. We don’t believe in the word impossible and are always asking “why not” as work to usher in a new paradigm of power efficiency. Our fast-growing team is agile, creative, and innovative. We support a culture of constant learning and a sense of belonging among our team members and know that mentorship matters. We embrace diversity, equity and inclusion in the workplace and beyond. To deliver on our mission, we are always looking for problem solvers, changemakers and innovators to join our fast-growing team.