What you will be doingJoin Neros as a Senior Cybersecurity Engineer and take ownership of the security program that protects our defense technology platforms. You'll build and mature our cybersecurity capabilities from the ground up - architecting detection and response systems, engineering security controls across cloud and endpoint environments, and ensuring compliance with NIST, ISO, and CIS frameworks. This is a high-impact, hands-on role at a fast-moving defense tech startup for a security professional who thrives as both architect and operator.
Responsibilities - Build and operationalize the enterprise cybersecurity program, owning security architecture, detection and response, governance, and automation
- Engineer and manage the security technology stack including Microsoft Defender XDR, endpoint protection platforms, SIEM/MDR solutions, and Azure/M365 security controls
- Lead incident response operations - containment, investigation, remediation - and coordinate with leadership and stakeholders on findings and risk posture
- Perform security audits, vulnerability assessments, and penetration testing to identify and remediate weaknesses across infrastructure, applications, and cloud environments
- Develop and enforce security policies, procedures, and compliance programs aligned to NIST 800-171 and ITAR controls.
- Automate security workflows and build detection logic to improve alert fidelity, operational efficiency, and coverage across the environment
- Establish change control processes, security baselines, and security awareness training programs
You should have the following- 8+ years of progressive experience in cybersecurity engineering, with demonstrated ability to build and operate security programs - not just maintain existing ones
- Deep hands-on expertise with the Microsoft security ecosystem including Defender XDR (Endpoint, M365, Identity, Cloud Apps), Entra ID Protection, and Azure/M365 security controls
- Proven experience deploying and managing MDR/SIEM solutions for 24/7 threat monitoring and SOC operations (e.g., Rapid7, Secureworks Taegis XDR, or equivalent)
- Strong background in incident response - containment, investigation, remediation, forensic preservation, and stakeholder communication
- Working knowledge of compliance frameworks including NIST 800-171, NIST CSF, CIS benchmarks, and PCI DSS, with hands-on experience performing audits and control assessments
- Experience conducting vulnerability assessments and penetration testing across infrastructure, applications, and cloud environments
- Proficiency with endpoint protection platforms, Microsoft security baseline configuration, and change control programs
- Demonstrated ability to automate security workflows using AI-assisted tooling, XDR automation, or scripting
- Strong communication skills - able to translate security risks and technical findings for non-technical leadership and cross-functional teams
- Relevant certifications preferred: MCSA, CISSP (in progress acceptable), CompTIA Security+/CySA+, or equivalent
Nice to have- Experience building a cybersecurity program from scratch at a startup or early-stage company
- Familiarity with ISO standards, 27001 in particular
- Familiarity with network segmentation tools (e.g., Illumio) and next-gen firewall administration (Palo Alto, Zscaler)
- Experience with security awareness platforms (KnowBe4 or equivalent) and phishing simulation programs
- Background in systems administration (Active Directory, Citrix, SCCM, Intune) providing depth of understanding of the environments being secured
- Experience with Tenable.ot or OT security in operational technology environments
- CISSP, SANS GIAC, or advanced Microsoft security certifications
- Eligibility or willingness to obtain a security clearance for potential future classified work
US Salary Range$80,000 - $135,000 USD
The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are considered part of Neros' total compensation package.
