This position is the highest technical security position in the Dragos CISO Office, charged with providing subject matter expertise across the entire Dragos cybersecurity environment. As a technical leader, you will develop a detailed understanding of the technical landscape, design and implement security controls to manage risks at an acceptable level, and protect the mission of your peers across the business.
You will help leadership develop cybersecurity plans, and then distill requirements into aggressive but achievable projects and initiatives. Your ability to translate business language into secure technical architectures is key to the future success of the company.
This is a remote position.
- Lead cybersecurity gap assessments against internal and external standards
- Translate cybersecurity goals and objectives into best-practice controls that balance risk management with IT operations
- Propose, business justify, design, implement, and provide Tier-3 support for new security tools
- Assess the current security tool portfolio, proposing changes to meet emerging threats and to otherwise improve capabilities
- Develop security reference architectures, standards, and guidelines
- Create sustainable security environments; train junior security personnel, and participate in security operations
- Lead and conduct security engineering tasks, such as proofs of concept, lab exercises, R&D, and controls testing
- Participate in knowledge sharing via involvement in technical discussions and Knowledge Base documentation with other organizations
- Enhance cybersecurity incident detection, response, and recovery capabilities
- Minimum of 15 years in technical roles, supporting multiple operating systems, network topologies, databases, and applications
- 5+ years of direct cybersecurity experience, with a strong emphasis on engineering secure solutions
- Experience with conducting technical security assessments, including developing or selecting criteria, collecting information, comparing configurations against baselines, discovering and quantifying risks, validating controls, proposing risk treatment options, and producing assessment reports
- Extensive experience with cloud security
- Experience with security automation
- Experience designing secure networks, systems and application architectures
- Ability to professionally communicate security issues to peers, stakeholders and leadership
- Complex user support experience (e.g. engineers, product developers, multi-vertical experts)
Nice to Have
- Experience planning, researching and developing security policies, standards and procedures
- Expertise in Linux/UNIX environments
- Hands on experience with deploying, maintaining and security Network Devices
- Program and Project Management savvy
- Critical Infrastructure and/or DoD
- Start-up Experience preferred
Our mission at Dragos is to protect the world’s most critical infrastructure from adversaries who wish to do it harm. We help defend industrial organizations that provide us with the tenets of modern civilization: running water, functioning electricity, and safe industrial working environments.
We are practitioners who have lived through and solved real security challenges. Our team members have responded to incidents including the Ukraine 2015 power grid attack, analyzed the CRASHOVERRIDE malware responsible for the Ukraine 2016 electric grid attack, analyzed the TRISIS malware responsible for the petrochemical facility attack in 2017, built and led the National Security Agency mission to identify nation-states breaking into ICS, and performed assessments on hundreds of assets around the world.
We offer competitive salaries, equity, and a comprehensive benefits package including medical, dental, vision, disability, 401K and life insurance.
Dragos is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce. Come join us!