Salary Range: 120000 to 160000 (Currency: USD) (Pay period: per-year-salary)

🚀 About the role

• Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal’s success due to our product and industry. You would need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner.
• Plan & Execute: Translate compliance requirements (e.g., NIST 800-53, NIST 800-171, CMMC) into technical actions and policies to meet a stringent standard of government- and enterprise-defined information security. Oversee the RMF lifecycle management. Apply technology standards to classified, air-gapped environments.
• Manage the Network: Oversee network design, configuration, and administration. Handle endpoint device management across Nominal’s locations and assets. Includes VPNs or firewalls, SSIDs, malware/antivirus software, system configurations, software allowlisting / blocklisting, etc. to guarantee secure IT systems.
• Coach Our Team: Create and deliver approachable, relevant trainings to ensure all employees are equipped to maintain high technical standards of information security and compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries.
• Communicate the Standard: Prepare communications for government partners, auditors, and customers that satisfactorily explain Nominal’s technical security posture, both for our software platform and IT systems/endpoints, as well as inspire confidence in our secure product and business practices.

🔍 We’re looking for someone with

• 4+ years of experience in topics such as DevSecOps and infrastructure, Risk Management Framework (RMF), information technology (IT), information security, cybersecurity, incident management, and root cause analysis.
• Knowledge of modern software development techniques and processes and their security (CI pipelines, microservice architectures, cloud and container-based deployments).
• Experience with systems administration, including network setup (VPN, SSIDs, firewalls), endpoint device protection, attack monitoring & logging (EDR & SIEM), software allowlisting / blocklisting, encryption & secure protocols, and more.
• Experience working with the DoD and extensive knowledge of federal contracting and data requirements, including ATO, NIST 800-171, CMMC, IL4/5, FedRAMP, NISPOM, RMF, etc.
• Familiarity with a variety of deployment styles, including cloud, on-prem, air-gapped, and hybrid.
• Organization, attention to detail, and strong writing skills to build out associated documentation that would stand up to questioning and scrutiny by customers, government officials, and auditors.
• Process management and relational skills to work with employees from across the organization to ensure ongoing delivery of our security and compliance posture.


Preferred qualifications include:
• CISM / CISSP or equivalent IAM level III certification
• Bachelor’s degree in Information Systems, Cybersecurity, or related field
• Experience with AWS / Cloud, Microsoft Azure, Microsoft Government Community Cloud (GCC)

✨ Benefits/Perks

• Medical, dental, and vision insurance with 100% of premiums covered
• Unlimited PTO /sick leave
• Free lunch, snacks, and coffee
• Professional development stipend
• Quarterly company retreats