EXO1000EXO
Information Security Engineer
Job description
Position Overview
This position will serve as a member of the Exostar Information Security Office and will report to the Manager of Governance & Engineering. This role is responsible for designing and implementing technical security controls across application, cloud, identity, and PKI environments. The successful candidate will work directly with DevOps, application, and operations teams to engineer controls and satisfy security framework requirements. This role is ideal for a security engineer who can assess architecture, identify control gaps, implement remediation, and technically validate implementation effectiveness.
This role is ideal for candidates that have a skillset focused on engineering credibility, architectural judgment, and the ability to operate confidently with technical teams, auditors, customers, and leadership.
Responsibilities: Your day if you join us
Security Architecture & Control Implementation
- Assess, design, and provide guidance on secure architecture for cloud environments, including IAM, PKI, access, network, and platform services.
- Engage directly with infrastructure, platform, and development teams to translate security requirements into implementable technical designs and controls.
- Review proposed system changes, architecture diagrams, network flows, identity integrations, and control implementations for security implications.
- Develop technical control implementation guidance, including diagrams, control narratives, configuration expectations, and test procedures.
- Provide hands-on engineering support for control effectiveness through configuration review, evidence inspection, technical testing, log review, and remediation verification.
- Perform threat modeling and security risk assessments and coordinate actionable mitigation strategies.
Compliance Engineering & Governance
- Provide engineering support for controls aligned to frameworks such as PKI, identity certification, CMMC L2, FedRAMP Moderate, ISO/IEC 27001, IAM, SOC 2, etc.
- Produce technical control descriptions that reflect security architecture, implementation, and operational behavior to create defensible control narratives to auditors and customers.
- Produce SSPs, POA&Ms, control narratives, and audit responses where engineering interpretation is required.
- Support audits and customer assessments by explaining technical controls, gathering defensible evidence, and validating that evidence against control intent.
- Improve the repeatability and quality of evidence collection, control validation, and remediation tracking.
Qualifications
You are a great fit for this role if you
- 5+ years of hands-on experience evaluating secure architecture and implementing security controls in cloud environments.
- Experience evaluating system architecture, network diagrams, data flows, identity integrations, and technical design documentation.
- Experience performing threat modeling, technical risk assessments, security design reviews, and control gap assessments.
- Experience integrating security into the SDLC, including CI/CD pipelines, Agile delivery, and DevSecOps practices.
- Experience collaborating with engineering, infrastructure, DevOps, cloud, IAM, and operations teams to drive remediation to closure.
- Strong understanding of network security concepts, including segmentation, firewalls, proxies, DNS, TLS, VPN/IPSec, routing, ingress/egress control, and secure network design.
- Experience with identity and access technologies such as Active Directory, Entra ID/Azure AD, SAML, OIDC, MFA, privileged access, role-based access control, and identity federation.
- Demonstrated experience authoring technical control narratives, technical audit documentation, and supporting evidence.
- Experience supporting audits and assessments such as SOC 2, ISO 27001, etc.
- Strong written and verbal communication skills with the ability to explain technical concepts to auditors, leadership, and business stakeholders.
- Significant experience using Jira and Confluence.
- Ability to pass background investigation to attain and maintain Trusted Role access to company systems.
Preferred Qualifications
You are exactly who we are looking for if you
- CMMC CCA or CCP certification.
- FedRAMP audit lead or hands-on control implementation experience
- CISSP and other similar technical certifications
- Experience implementing Governance, Risk, and Compliance (GRC) tools
- Experience with managing, securing, and auditing Public Key Infrastructure (PKI), including the certificate lifecycle management.
- End-point Protections (HIPS/HIDS)
- Demonstrated experience designing multi-tier, highly available, multi-threaded, scalable architectures.
- Experience with web application programming, Java, APIs, or application-adjacent security engineering.
- Secure development frameworks (e.g. OWASP SAMM, Microsoft Security Development Lifecycle, IBM Secure Engineering Framework, etc.)
- Business Continuity and Disaster Recovery planning
- Data Loss Prevention (DLP)
- Data Labeling and Information Rights Management
Education
- Bachelor's degree from an accredited university in IT related discipline
Exostar - The Company: Exostar's cloud-based platforms create exclusive communities within the Aerospace and Defense, Life Sciences, and other highly regulated industries where members securely collaborate, share information, and operate compliantly. Within these communities we build trust. By analyzing community data, we provide insights and intelligence, enabling organizations to make better, timelier decisions, to mitigate risk, and operate more efficiently. • We believe in employee development: we promote internally and provide training and educational assistance • We provide a fun, engaged workplace, with social and community-building events • We offer comprehensive benefits and flexible time off plans
Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race, color, religion, sex, national origin, age, marital status, disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting, hiring, compensation, promotion, training, benefits, transfers and working conditions.


