Cyber Security Manager

Hermeus is an aerospace and defense technology company founded to radically accelerate air travel by delivering hypersonic aircraft. The company aims to develop hypersonic aircraft quickly and cost-effectively by integrating hardware-rich, iterative development with modern computing and autonomy. This approach has been validated through design, build, and test of the company’s first combined turbojet-ramjet engine and is now being scaled through its first flight vehicle program, Quarterhorse. Hermeus is also developing Darkhorse — an uncrewed hypersonic aircraft designed to deliver unique asymmetric capabilities to the warfighter.

As the Cyber Security Manager you will be responsible for driving the overall Strategy for Cyber Security for Hermeus. This role requires a deep understanding of Cyber Security Frameworks across commercial and DoD regulations.

The person in this role must have and maintain a Top Secret Security Clearance.

• Collaborate and execute the strategic vision for the Cyber Security Organization.
• Work across multiple teams including our Engineering, IT and Security teams to manage the organizational Security vision and lead the maturation of our Cyber security posture.
• Ensure Hermeus' successful annual delivery of Cyber security Maturity Model Certification (CMMC) LVL 2 reports along with any additional security-related industrial or regulatory compliance frameworks we adopt in the future (e.g., ISO 27001).
• Oversee the execution of our growing Classified Information System infrastructure program.
• Maintain up-to-date knowledge of the Cyber security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Mentor technical team to lend expertise toward driving solutions. Lead the development of in-depth technical documentation and process training materials in collaboration with internal users and departments.
• Oversee the strategic improvement and operation of the following processes: identity and access governance, policy management, disaster recovery, business continuity, and employee security awareness.
• Develop, coordinate, and drive strategies to advance Hermeus’ risk management maturity, including risk assessments, tracking risks, issues/exceptions/remediation management, and third-party risk management.
• Develop, coordinate and represent Cyber security on change control activities and ensure proposed changes are in alignment with security best practices.
• Manage relationships with third-party vendors to ensure adherence with Security best practices.

• 5+ years of people leadership experience managing resources in the past with a strong history as a leader with excellent communication and analytical skills.
• Strong understanding of security principles, practices, and frameworks, including experience at various levels of security including physical, network, application, data, IAM, human, cloud, and others.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Strong presentation and communication skills and ability to speak with Senior Leadership and C-Level Executives.
• CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification.

• Experience of network design, mobile security, network and firewall security technologies and vulnerability management, scanning.
• Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten.
• Experience managing project through the full system development lifecycle.
• Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies.
• High degree of skill and knowledge in managing and part taking in incident response, Intrusion Prevention Systems, Intrusion Detection Systems, SEIM, Endpoint security solutions.

We encourage you to apply even if you have skillsets and experience outside of our current needs as we're always open to connect and discuss future opportunities.