​This is a full-time, remote (US-Remote) Information Systems Security Engineer role at Tyto Athene. This senior technical position is responsible for providing technical security administration and engineering across a wide array of infrastructure, with a critical focus on ensuring compliance with CMMC 2.0, ISO 27k, and other regulatory frameworks.

• ​Location: Remote, United States.
• ​Salary Range: Typically between $90,000 – $125,000 annually (compensation dependent on skills and experience).
• ​Experience: 4 or more years of experience in information systems, cybersecurity compliance, or an IT Security Role.
• ​Key Focus: CMMC 2.0/ISO 27k compliance, firewall/network security, vulnerability management, security monitoring, and incident response.
• ​Background: Requires a Compliance / Risk / Audit background.

​Responsibilities: Compliance, Engineering, and Incident Response

​The engineer ensures the technical security posture is strong, well-documented, and compliant, acting as an operational resource for key security tools.

• ​Compliance & Audit: Ensures compliance with CMMC 2.0, ISO 27k and other frameworks. Tracks and documents system security findings, audit results, and compliance reporting. Works with 3rd party auditors to maintain policies and procedures.
• ​Vulnerability & Risk Management: Perform vulnerability testing, remediation planning, risk analysis, security assessments, and make necessary updates.
• ​Security Administration: Provides technical security administrative duties for infrastructure related to firewalls, encryption, intrusion detection systems (IDS), vulnerability scanning, security monitoring tools, authentication, web filtering, and identity management.
• ​Network Protection: Reviewing network security settings and configurations against industry benchmarks. Define access privileges, control structures, and system hardening guidelines.
• ​Incident Response: Monitor, respond, investigate, and remediate security alerts and/or incidents. Maintain and test the Information Security Incident Response Plan, and related procedures.
• ​MSSP Liaison: Monitors SLAs for responsiveness and coverage and acts as a liaison with the Managed Security Service Provider (MSSP).

​Required Qualifications and Technical Environment

​The role requires a strong compliance background combined with foundational technical knowledge across multi-platform enterprise environments.

• ​Experience: 4+ years experience in information systems, cyber security compliance, or IT Security.
• ​Required Background: Compliance / Risk / Audit background.
• ​Certifications (Required/Preferred):
  • ​Security +
  • ​CISSP or CEH
  • ​Zscaler cert is a plus.
  • ​MCP Windows Server 2022 and MCP Windows 11.
• ​Foundational Knowledge: A foundational understanding of security technologies leveraged to support a large-scale, multi-platform enterprise environment (Windows, Mac, Unix, and mainframe platforms).
• ​Documentation: Familiarity with audit preparation documentation such as System Security Plans (SSPs), Plan of Action & Milestones (POA&M), Certification and Accreditation packages, and Contingency Plans.