The Cybersecurity Engineer will design, implement, and manage security architecture and controls for cloud-native products, focusing on threat detection, incident response, and compliance efforts.
[ABOUT ISTARI DIGITAL]
Istari is a digital engineering software company enabling our customers to turn the physical world into the digital to accomplish their specific mission or business objectives.
Istari was founded with the vision of making open, scalable digital engineering ecosystems a reality – where new technologies and systems are created digitally, free from the real-world constraints of costs and schedules. We are creating the world’s best engineering model sharing platform, allowing our customers to simply and securely integrate their models across different engineering disciplines, organizations, and security levels.
At Istari, we are passionate about our mission of creating the world's first open and scalable industrial metaverse. Whether our customers are designing prototypes, performing virtual testing, or training AI and autonomy for complex systems, we know that going digital will save them time, resources, and reduce their environmental impact.
While we are a distributed team with most team-members working remotely, we place an emphasis on staying connected and collaborative, prioritizing in-person opportunities to build trust as a team. At Istari, we still believe that trust is best built in-person. To do this, we have an engineering headquarters in Cambridge, MA for focused technical development and several times per year we gather for an off-site that allows us to develop our professional skills and our team relationships.
[VALUES]
At Istari, we live by our values, which include:
Purposeful Autonomy
We value letting people self-organize and self-motivate.
Our flat structure and lack of meeting clutter are meant to empower individuals and teams to be proactive.
Our autonomy is measured, goal-oriented, and results-driven – not meandering.
Clear objectives help us prioritize our time.
Smart Transparency
We believe in honest-but-kind communication, transparency, and open-door policies.
We love learning about challenges and tackling them early, not hearing good or bad news late.
We share work-in-progress across our team.
Fast feedback keeps autonomy purposeful.
Continual Curiosity
At Istari, we love learning to do things ourselves.
We ask, read, share, teach – even watch YouTube videos – to learn new skills to solve problems.
When we make breakthroughs, we write them down.
Writing focuses ideas, helps us learn, and helps us share.
Equal Opportunity
Istari is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
We are seeking a highly experienced Cybersecurity Engineer to join our Istari team. This role focuses on designing, implementing, and operating security architecture and controls that protect our cloud-native products and platform. The ideal candidate has deep expertise across cloud security, threat detection and response, and DevSecOps, with a passion for enabling secure innovation in a fast-paced environment. This role focuses on designing, implementing, and managing scalable infrastructure that supports our products. The ideal candidate will have deep expertise in cloud technologies and a passion for driving innovation in a fast-paced environment.
Key Responsibilities
- Lead security design and threat modeling for new and existing systems (cloud, application, data, network)
- Implement and manage core controls: IAM/SSO, least privilege, network segmentation, encryption and key management, secrets management, endpoint and email security
- Build and operate detection and response capabilities: SIEM/EDR/SOAR, log pipelines, alert tuning, use-case development, threat hunting
- Own vulnerability remediation: scanning, triage, risk-based prioritization, remediation with product/IT teams, tracking to closure
- Strengthen application and cloud security: SAST/DAST/SCA, secure SDLC, CI/CD guardrails, IaC scanning, container/Kubernetes runtime protections, CSPM/CIEM
- Coordinate and support security testing: internal reviews, penetration tests, red/purple team, tabletop exercises; drive remediation and lessons learned
- Lead/participate in incident response: triage, containment, eradication, recovery, forensics, root-cause analysis, post-incident reports and runbooks
- Define and maintain security standards, baselines, hardening guides, and architecture diagrams
- Monitor and report security metrics, KPIs/KRIs, and risk posture to stakeholders
- Support audits and compliance efforts (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA) and align controls to frameworks (NIST CSF, CIS Controls)
- Conduct third‑party/vendor security reviews and support contract/security requirements
- Drive security awareness initiatives and phishing simulations; mentor engineers on secure practices
- Contribute to business continuity and disaster recovery planning and testing
- Automate repetitive tasks and integrations to improve scale and reliability
Required Qualifications
- Bachelor’s in Computer Science, Engineering, Information Security, or equivalent practical experience
- 3+ years of hands-on cybersecurity engineering, blue team, or security operations experience (adjust years for your level)
- Strong understanding of networks and protocols (TCP/IP, DNS, HTTP(S)/TLS, routing, VPN, firewalls, Zero Trust concepts)
- Practical experience with two or more: SIEM, EDR, IDS/IPS, WAF, CSPM/CIEM, vulnerability scanners, SAST/DAST/SCA, PAM/IGA, PKI
- Cloud security experience in at least one major cloud (AWS/Azure/GCP): IAM, network security, KMS, logging/monitoring, security services
- Proficiency in scripting/automation (e.g., Python, Bash, PowerShell) and exposure to IaC/Config management (Terraform, CloudFormation, Ansible)
- OS administration and hardening (Windows, Linux, macOS) and endpoint security fundamentals
- Familiarity with MITRE ATT&CK, common attack techniques, and modern detection strategies
- Experience participating in incident response and writing/runbook-level documentation
- Knowledge of cryptography basics (encryption at rest/in transit, key rotation, cert management)
- Clear communication skills and ability to partner with cross‑functional teams
- Must be a US citizen living within the United States.
- Understanding of cybersecurity principles, practices, and frameworks, including JSIG, NIST 800-171, NIST 800-53, ITAR, and CMMC.
Preferred Qualifications
- DevSecOps experience embedding security into CI/CD, artifact signing, and SDLC governance
- Container/Kubernetes security (admission controls, runtime policies, image scanning)
- Data protection and privacy controls (DLP, tokenization, data classification)
- Identity security (SSO/MFA, conditional access, PAM, IGA) and Zero Trust architectures
- Threat intelligence integration and use-case development; basic digital forensics
- SOAR playbook design and automation; custom detections and log enrichment
- Experience with regulatory environments (e.g., healthcare, fintech, government)
- Contributions to security architecture reviews and risk assessments at scale
- Certifications a plus: Security+, GSEC, GCIH, GCIA, GCED, CISSP, CCSP, CCSK, OSCP, AZ‑500, SC‑100, AWS Security Specialty
- Experience with tools such as Splunk/Microsoft Sentinel, CrowdStrike/Defender, Qualys/Nessus, Burp/ZAP, Prisma/Aqua/Twistlock, Trivy, Checkov/tfsec, Vault/KMS, Okta/Azure AD, Palo Alto/Fortinet, Elastic
- Active TS Security Clearance.
BENEFITS
We offer highly competitive benefits, including:
Health and Family
- Medical/Dental/Vision
- Employee Premiums are 100% Company Paid
- Life Insurance
- Flexible Work Hours
- Unlimited Paid Time Off (PTO) with federal government holidays
Financial
- Competitive Compensation
- 401k
- Company Stock Options
- Home Office Setup Budget
Learning
- Reimbursement for approved trainings and subscriptions
- Conferences (travel, lodging, and fees)
Note - some benefits are not available to interns or contractors.
Thank you for your interest in Istari. Expect to hear back from us soon with next steps.
Top Skills
Ansible
Aqua
AWS
Azure
Azure Ad
Bash
Burp
Checkov
CloudFormation
Crowdstrike
Defender
Elastic
Fortinet
GCP
Kms
Microsoft Sentinel
Nessus
Okta
Palo Alto
Powershell
Prisma
Python
Qualys
Splunk
Terraform
Tfsec
Trivy
Twistlock
Vault
Zap
Similar Jobs
Biotech
The Senior Cybersecurity Engineer will advance security practices, manage SOC operations, enforce compliance, and oversee cybersecurity tools and risk assessments.
Top Skills:
800-171Azure AdBashCylanceDelinea Secret ServerEdrFirewallsMicrosoft DefenderMicrosoft Entra IdMimecastNist Csf 2.0Nist Sp 800-53OktaPalo AltoPowershellPythonSIEMVulnerability ScannersWiz Cnapp
Artificial Intelligence • Healthtech
The role involves enhancing cybersecurity for the company's IT infrastructure, managing projects, securing cloud and on-prem systems, and leading security operations and automation.
Top Skills:
AutomationAWSEndpoint SecurityGoogle WorkspaceIamLinuxScriptingSharepointSIEMSsoWindows
Healthtech • Telehealth
Lead the AI Security team to implement and manage security controls for AI and ML environments, ensure compliance, and mentor junior engineers.
Top Skills:
AIAWSAzureGCPIaasMlPaasPyTorchSaaSScikit-LearnSiem ToolsTensorFlow
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
