STR is hiring a Cybersecurity Manager to lead the technical and compliance role on the Enterprise IT team. The Cybersecurity Manager will be responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, compliant, and available to users in a timely fashion. The Cybersecurity Manager is responsible for designing, implementing, supporting and maintaining policies and security solutions in both operational and customer hosted environments. This position is perfect for an organized, action-oriented team player who exemplifies strong communication skills, technical skills, customer focus, and is capable of prioritizing daily work and support on multiple initiatives simultaneously.

What you’ll do:

• Lead IT/InfoSec projects, identifying and communicating risks specific to the project, and actions necessary for remediation including recommendations for logical access controls, secure application configuration, and general secure data handling processes.
• Support the development, implementation, and management of security policies/procedures to ensure they remain aligned with business objectives/meet regulatory requirements.
• Manage the day-to-day security systems operations, including the log reviews and following up on any security alerts.
• Manage the Incident Response Plan, lead the Incident Response team during all cybersecurity incidents, and represent the InfoSec team on all other security incidents.
• Correlate threat information from various sources, including security incidents raised by the user community such as phishing attempts, malware outbreaks, unauthorized access attempts, as well as security alerting sources.
• Research and assess new threats and security alerts and recommend remedial actions.
• Proactively scan systems and networks to ensure that vulnerabilities are identified and oversee remediation, including the configuration of scan sites, scheduling of scans, production of reports, interpretation and communication of results.
• Provide expertise and support to ensure the company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations.
• Provide support with third party security risk assessments/IT audit and provide tracking for findings, resolution.
• Support the development, implementation, and management of cybersecurity knowledgebase.
• Serve as an internal information security lead and consultant to the organization, providing guidance and support for business inquiries, requests.
• Manage STR’s Business Continuity and Disaster Recovery programs.
• Serve as a primary point of contact with STR’s cybersecurity partner.
• Perform additional duties and projects as assigned.

Requirements

• Ability to obtain a Security Clearance
• BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent
• 5 - 7 years related work experience in information security governance and/or related functions such as IT audit and IT Risk Management
• Expertise in SIEM Management
• Expertise in DFARS compliance and knowledge CMMC controls
• Strong technical background with a variety of information security systems and tools including firewalls, intrusion detection systems, intrusion prevention systems, vulnerability management, intrusion detection and prevention, cloud access security broker, anti-virus/malware, data loss prevention.
• Experience designing and implementing controls within corporate networks to include computer and network security and operating systems such as UNIX, Linux, MAC, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection.
• Excellent analytical skills in order to identify security risks and appropriate measures needed to help mitigate those risks. Must be comfortable in conducting independent research of issues and inquiries to provide guidance when requested.
• Experience with system implementations, identification of security related risks, and development of recommended actions for remediation.
• Experience with Security Incident Response including hands on involvement in detection, analysis, containment, and remediation phases.
• Knowledgeable with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT and knowledge of NIST 800.171 to include development of policies, processes, and procedures within the environment.
• DoD 8570 Certs - CISA, CISM, CRISC, CISSP, or similar security certification.

Your style:

• Your verbal and written communication skills are stellar and allow you to develop positive relationships and effectively communicate with employees, customers, auditors, partners and all levels of management.
• You can be flexible with your work schedule on occasion in order to provide support/complete assigned projects (e.g., upgrades, installations) during non-business hours.
• You’re an effective project manager with the skills and the ability to proactively problem solve.
• You pay attention to detail and can handle and prioritize multiple activities.
• You have the capacity to learn quickly and comprehend highly technical detailed information.
• You’re trusted to handle sensitive information in a highly confidential manner.
• Your demeanor is professional as is your interaction with all customers.
• You enjoy working in a team-oriented environment as well as independently.

All STR employees may be subject to COVID-19 vaccination requirement in response to Executive Order 14042 and accompanying Task Force Guidance, unless a medical or religious accommodation is formally approved by STR.

STR is a rapidly growing technology company with locations north of Boston, MA, Arlington, VA and near Dayton, OH. We specialize in advanced research and development for defense, intelligence, and national security, trying to understand how to protect our society: from stopping malicious botnet attacks, to understanding cyber vulnerabilities, providing next generation sensors, radar, sonar, communications, and electronic warfare to developing artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, but you go home at night knowing that you pushed the forefront of technology and made the world a little safer. We recognize that the world is changing, that it is becoming more connected than ever before, making things change faster than before, and reshaping society in the process. We all want to understand this changing world and leave it better for our work.

STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.

STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at [email protected] and provide your contact info.

Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.