IT and SecOps

IT and SecOps | Nox Metals | Detroit, MI

American factories deserve a supply chain that moves as fast as they do. The next generation of American manufacturing is being built right now. Nox Metals is the supply chain behind it.

Nox Metals is a technology company in Detroit supplying aluminum plate, bar, and rounds to aerospace and defense manufacturers. We use software and automation to supply metal to American factories faster than the industry thought possible.

We need an IT and SecOps lead to own every laptop, every account, every network, every endpoint, and every byte of customer data. Our customers are aerospace and defense manufacturers. Their security expectations are our floor, not our ceiling. Nox Metals is an employer with real opportunity for long term career growth, this is a place to build a career, not just hold a job.

You will:

• Own IT and SecOps end to end as a solo IC across the entire company, office, factory, and field

• Own CMMC compliance end to end, build it, run it, audit it, certify it, defend it

• Own NIST 800-171 controls, DFARS 7012 cyber requirements, and all customer-driven security obligations

• Build and maintain the System Security Plan (SSP), POA&M, and every artifact CMMC and customer audits demand

• Own identity and access management, SSO, MFA, provisioning, deprovisioning, least privilege across every system

• Own endpoint management, MDM, EDR, patching, encryption, and asset inventory across every laptop, desktop, and shop floor device

• Own network infrastructure, firewalls, segmentation between IT and OT, VPN, Wi-Fi, and remote access

• Own the OT side of the house, segment and harden CNC controllers, saw HMIs, and PLCs from the corporate network

• Own cloud security across our SaaS stack, Supabase, GitHub, Microsoft 365, and every tool we run

• Own backup, disaster recovery, and business continuity, test it, do not just document it

• Run vulnerability management, log monitoring, and incident response, fix it once and fix it for good

• Own employee onboarding and offboarding from an IT and security standpoint, day one access ready, day-of departure access cut

• Run security training and phishing simulations across the company

• Build dashboards and reports on patch compliance, endpoint health, identity hygiene, and incident metrics

• Partner with the software team to embed security into NOX NEST, WAYNE, and our internal tools

• Always ask questions, never guess when something is unclear

• Look at every process and figure out how to make it better

• Work safely every shift and hold your teammates to the same standard

You should be:

• 3 to 4+ years owning IT and security in a manufacturing, defense, aerospace, or comparable regulated environment

• Deep experience owning CMMC, NIST 800-171, and DFARS 7012 from the inside, you have built the SSP, run the controls, and passed assessments

• Fluent in identity, endpoint, network, cloud, and OT security as a single integrated stack

• Experienced segmenting IT and OT networks in a real factory, not just on paper

• Comfortable as a solo IC, you own the function end to end and pick the tools we run on

• Cracked with software, scripting, and automation, you do not click through 200 user accounts when a script will do it

• Calm under pressure when an incident happens, methodical when running root cause

• High attention to quality, every control, every log, every access review

• Always thinking about how to make processes better, you do not accept "this is how we have always done it"

• Absolutely customer obsessed, our security posture is how customers trust us with their data and their parts

• A team player with a good attitude, you make the company better for everyone around you

• Someone who takes ownership, if it has a chip in it, it is your responsibility

• Precise under pressure and reliable, security does not bend for a deadline

• Organized and detail oriented, audit-ready every day, not just on audit day

• Committed to safety, you follow every protocol, wear your PPE, and never cut corners that put people at risk

• High agency, you handle big items alone and ask for help when needed

• Low ego, you do the unglamorous work because it needs to get done

• Able to lift up to 50 lbs and handle physical IT work, racks, cables, shop floor hardware

• Not afraid to work outside normal hours when America demands it

• Never says "that's not my job"

Nice to have:

• Experience in metals, aluminum, or aerospace/defense supply chains

• CISSP, CISM, Security+, or comparable security credentials

• Hands-on experience with Microsoft 365 GCC or GCC High environments

• Background segmenting and hardening OT networks (CNC, PLC, HMI environments)

• Track record passing a CMMC Level 2 third-party assessment

• Comfortable using AI tools to work faster and smarter

This role is full time, in person in Detroit.