Senior Cybersecurity Engineer

Torch Technologies

Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL. Our team provides superior research, development, and engineering services to the Federal Government and Department of War. As one of the nation’s top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: “Lighting the Pathway of Freedom”. And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us!

Torch Technologies has an exciting opportunity for a Senior Cybersecurity Engineer for the Tenants Contract, supporting the Air Force Division at the Air Force Research Laboratory Munitions Directorate’s Integration and Operations Division (AFRL/RWOC) at Eglin AFB, FL. We are seeking a mission-focused Cybersecurity Engineer to work in tandem with network engineering to secure and defend multiple Science & Technology (S&T) networks—advanced, high-bandwidth, and configurable network supporting the research and development needs of scientists, engineers, and collaborative partners.

As a Senior Cybersecurity Engineer your duties include, but are not limited to:

• Collaborate with network engineers to architect secure network topologies for current and future connected and isolated environments, ensuring security is embedded in the design phase.

• Design and deploy security solutions for S&T environments that support continuous research, development, and DevSecOps, working closely with network engineers to implement and maintain these solutions.

• Advise on security planning for long-term initiatives, including SDREN integration and the Weapons Technology Integration Center (WTIC) and other facility projects, in conjunction with network planning efforts.

• Develop security innovation roadmaps aligned with mission goals and emerging technologies, coordinating with network engineers to ensure alignment with network modernization efforts.

• Coordinate with facilities, engineering, and network teams to ensure robust infrastructure supports secure research operations, focusing on the security aspects of network hardware/power/cooling needs and structured cabling.

• Lead security aspects of containerization, virtualization, and orchestration of systems to support laboratory computing, HPC, and edge devices, working with network engineers to implement secure configurations.

• Coordinate with facilities, engineering, and network teams to ensure robust infrastructure supports secure research operations, focusing on the security aspects of network hardware/power/cooling needs and structured cabling.

• Lead security aspects of containerization, virtualization, and orchestration of systems to support laboratory computing, HPC, and edge devices, working with network engineers to implement secure configurations.

•  Engineer multiple S&T networks security architecture in compliance with NIST 800-series, DoW RMF, DISA Security Technical Implementation Guides (STIGs), and cybersecurity best practices, collaborating with network engineers to ensure seamless integration.  Review engineering, architecture, and designs to ensure DoW security policies are met.

• Implement DevSecOps pipelines to automate security scans and CI/CD deployments, working with network engineers to integrate security into existing pipelines.

• Manage ATO package development and collaborate with ISSMs, network engineers, and cybersecurity stakeholders to ensure compliance.  Review and develop RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).

• Integrate identity management and single sign-on solutions across enclaves and hybrid environments, coordinating with network engineers to implement and maintain these solutions. Analyze and tune HBSS policies for assets during integration test events.  Perform verification and troubleshooting across all HBSS modules.  Install updates to HBSS software as released and in compliance with STIG requirements.  Monitor HBSS software to ensure that the clients/servers are operational and reporting properly; test and provide software fixes as needed.  Monitor HBSS for any intrusions or rogues.

• Deploy and maintain security controls for hybrid cloud services and virtualization platforms (e.g., VMware, AWS, Azure), working with network engineers to ensure secure configurations.

• Design and manage security aspects of storage (SAN, EFS, EBS), automation (Terraform, Packer, Ansible), and orchestration (Kubernetes, Docker) solutions.

• Enable secure connectivity between scientific equipment, cloud resources, and virtual desktops, collaborating with network engineers to implement and maintain these connections.

•  Monitor system and network security performance using SIEM platforms, intrusion detection systems, and custom dashboards, working with network engineers to correlate data and identify security incidents. Monitor Security Information and Event Management (SIEM) and Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) for cloud services.

• Document security architectures, procedures, and system configurations with tools like Lucidchart, Visio, and Confluence, ensuring documentation is aligned with network documentation. Maintain system documentation including the ATO and other applicable documents.

• Provide knowledge transfer, mentorship, and technical guidance to engineers and stakeholders on security-related matters, working with network engineers to provide comprehensive guidance. Install, configure, and maintain multiple ACAS Security Centers (SC) and ACAS scanners. Install updates to Tenable software as released and in compliance with STIG requirements.

• Deploy, maintain, and tune Tenable scanners to meet current and future needs. Create, deploy, and manage Tenable scan configurations.

• Ensure that the ACAS scanners and Security Center are operational and reporting properly.

• Perform security compliance and vulnerability assessments specifically developing and applying STIG or CIS baselines for various operating systems, including Windows or RHEL and CentOS. 

• Perform analysis of ACAS and SCAP scans along with STIG checklist to develop POAMs. Run vulnerability scanning tools, such as Trend Micro, ACAS and other commercial and GOTS.

Required Qualifications:

• U.S. Citizenship is required.

• Master’s Degree (in Computer Science, Cybersecurity or a related field).  Relevant experience may be substituted for the degree. 

• 10 Years’ total experience, at least 8 of which is in cybersecurity engineering, architecture or R&D infrastructure. 

• Requires a strong understanding of cybersecurity principles, risk management, and secure computing architectures to protect unclassified, collateral, and Special Access Program (SAP) networking environments critical to weapons technology innovation.

•  Must have experience implementing and managing cybersecurity controls, conducting vulnerability assessments, and ensuring compliance with DoD security policies.

• Must collaborate closely with network engineers to integrate security into network designs, support DevSecOps initiatives, and maintain a robust security posture across isolated and connected enclaves—all while enabling operational excellence and scientific agility.

• Must hold a DoW 8570/8140 IAT Level III (CISSP, CISM, or equivalent).

• Security+, CEH, or other relevant security certifications is required.

•  Expert-level knowledge of cybersecurity principles, risk management, and secure computing architectures.

• Hands-on experience with security tools and technologies, such as SIEM, intrusion detection/prevention systems, vulnerability scanners, and endpoint protection solutions.  Experience with Host-Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), Nessus, Tenable.sc, Tenable.io, NNM, LCE, Nessus Manager, Agents, and Scanner.

• Experience with scripting (Python, PowerShell) and automation tools (Ansible, Chef).

• Familiarity with Risk Management Framework (RMF), Authority to Operate (ATO) documentation, and enclave compliance management.

• Physically able to lift up to 50 lbs; adaptable to fieldwork and hands-on installations.  

• Must have and maintain Secret level Security Clearance and must be Top Secret eligible.

• Must be eligible for Special Access Program (SAP) access.

Schedule: (M-F; 8-5)

Work Location: Onsite at Eglin AFB, FL

Travel: No

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

#LI-AH1

Benefits: 

Torch Technologies is proud to offer a stable and professional work environment, a competitive salary, and an excellent, comprehensive benefit package including: ESOP participation, 401(k) match and safe-harbor contribution, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, Health Saving Accounts and Health Reimbursement Accounts, EAP, education assistance, paid time off, and holidays.  

Applying to Torch Technologies: 

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check. 

­

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law.  Torch Technologies, Inc. participates in E-Verify. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Careers Link as a result of your disability. You can request reasonable accommodations by sending an email to [email protected]. Thank you for your interest in Torch Technologies.