Cybersecurity Engineer

OverviewIstari is a digital engineering software company enabling our customers to turn the physical world into the digital to accomplish their specific mission or business objectives. Istari was founded with the vision of making open, scalable digital engineering ecosystems a reality – where new technologies and systems are created digitally, free from the real-world constraints of costs and schedules. We are creating the world’s best engineering model sharing platform, allowing our customers to simply and securely integrate their models across different engineering disciplines, organizations, and security levels. At Istari, we are passionate about our mission of creating the world's first open and scalable industrial metaverse. Whether our customers are designing prototypes, performing virtual testing, or training AI and autonomy for complex systems, we know that going digital will save them time, resources, and reduce their environmental impact.While we are a distributed team with most team-members working remotely, we place an emphasis on staying connected and collaborative, prioritizing in-person opportunities to build trust as a team. At Istari, we still believe that trust is best built in-person. To do this, we have an engineering headquarters in Cambridge, MA for focused technical development and several times per year we gather for an off-site that allows us to develop our professional skills and our team relationships.Base pay range$98,400.00/yr - $147,600.00/yrKey ResponsibilitiesLead security design and threat modeling for new and existing systems (cloud, application, data, network)Implement and manage core controls: IAM/SSO, least privilege, network segmentation, encryption and key management, secrets management, endpoint and email securityBuild and operate detection and response capabilities: SIEM/EDR/SOAR, log pipelines, alert tuning, use-case development, threat huntingOwn vulnerability remediation: scanning, triage, risk-based prioritization, remediation with product/IT teams, tracking to closureStrengthen application and cloud security: SAST/DAST/SCA, secure SDLC, CI/CD guardrails, IaC scanning, container/Kubernetes runtime protections, CSPM/CIEMCoordinate and support security testing: internal reviews, penetration tests, red/purple team, tabletop exercises; drive remediation and lessons learnedLead/participate in incident response: triage, containment, eradication, recovery, forensics, root-cause analysis, post-incident reports and runbooksDefine and maintain security standards, baselines, hardening guides, and architecture diagramsMonitor and report security metrics, KPIs/KRIs, and risk posture to stakeholdersSupport audits and compliance efforts (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA) and align controls to frameworks (NIST CSF, CIS Controls)Conduct third‑party/vendor security reviews and support contract/security requirementsDrive security awareness initiatives and phishing simulations; mentor engineers on secure practicesContribute to business continuity and disaster recovery planning and testingAutomate repetitive tasks and integrations to improve scale and reliabilityRequired QualificationsBachelor’s in Computer Science, Engineering, Information Security, or equivalent practical experience3+ years of hands-on cybersecurity engineering, blue team, or security operations experience (adjust years for your level)Strong understanding of networks and protocols (TCP/IP, DNS, HTTP(S)/TLS, routing, VPN, firewalls, Zero Trust concepts)Practical experience with two or more: SIEM, EDR, IDS/IPS, WAF, CSPM/CIEM, vulnerability scanners, SAST/DAST/SCA, PAM/IGA, PKICloud security experience in at least one major cloud (AWS/Azure/GCP): IAM, network security, KMS, logging/monitoring, security servicesProficiency in scripting/automation (e.g., Python, Bash, PowerShell) and exposure to IaC/Config management (Terraform, CloudFormation, Ansible)OS administration and hardening (Windows, Linux, macOS) and endpoint security fundamentalsFamiliarity with MITRE ATT&CK, common attack techniques, and modern detection strategiesExperience participating in incident response and writing/runbook-level documentationKnowledge of cryptography basics (encryption at rest/in transit, key rotation, cert management)Clear communication skills and ability to partner with cross‑functional teamsMust be a US citizen living within the United StatesUnderstanding of cybersecurity principles, practices, and frameworks, including JSIG, NIST 800-171, NIST 800-53, ITAR, and CMMCPreferred QualificationsDevSecOps experience embedding security into CI/CD, artifact signing, and SDLC governanceContainer/Kubernetes security (admission controls, runtime policies, image scanning)Data protection and privacy controls (DLP, tokenization, data classification)Identity security (SSO/MFA, conditional access, PAM, IGA) and Zero Trust architecturesThreat intelligence integration and use-case development; basic digital forensicsSOAR playbook design and automation; custom detections and log enrichmentExperience with regulatory environments (e.g., healthcare, fintech, government)Contributions to security architecture reviews and risk assessments at scaleCertifications a plus: Security+, GSEC, GCIH, GCIA, GCED, CISSP, CCSP, CCSK, OSCP, AZ‑500, SC‑100, AWS Security SpecialtyExperience with tools such as Splunk/Microsoft Sentinel, CrowdStrike/Defender, Qualys/Nessus, Burp/ZAP, Prisma/Aqua/Twistlock, Trivy, Checkov/tfsec, Vault/KMS, Okta/Azure AD, Palo Alto/Fortinet, ElasticActive TS Security ClearanceBenefitsWe offer highly competitive benefits, including:Medical/Dental/VisionEmployee Premiums are 100% Company PaidLife InsuranceFlexible Work HoursUnlimited Paid Time Off (PTO) with federal government holidaysNote - some benefits are not available to interns or contractors.Thank you for your interest in Istari. Expect to hear back from us soon with next steps.Job detailsSeniority level: Not ApplicableEmployment type: Full-timeJob function: Information TechnologyIndustries: Transportation, Logistics, Supply Chain and StorageReferrals increase your chances of interviewing at Istari Digital by 2xLinux Cryptography and Security Engineer #J-18808-Ljbffr