Cyber Security Engineer

Who we are

Neros is a defense technology company rebuilding America’s drone industrial base. We design and manufacture high-performance unmanned systems that are tested in combat, iterated at startup speed, and built at massive scale. Our team culture is fast, hands-on, and obsessed with closing the gap between design and deployment.

As drones transform the character of warfare, Neros is delivering the systems the West needs to compete on the modern battlefield and deter the adversaries of democracy. We’re hiring engineers, operators, and builders who want to move fast, take on extreme ownership, and get capability into the hands of warfighters in months, not years.

What you will be doing

Join Neros as a Senior Cybersecurity Engineer and take ownership of the security program that protects our defense technology platforms. You'll build and mature our cybersecurity capabilities from the ground up — architecting detection and response systems, engineering security controls across cloud and endpoint environments, and ensuring compliance with NIST, ISO, and CIS frameworks. This is a high-impact, hands-on role at a fast-moving defense tech startup for a security professional who thrives as both architect and operator.

Responsibilities

• Build and operationalize the enterprise cybersecurity program, owning security architecture, detection and response, governance, and automation
• Engineer and manage the security technology stack including Microsoft Defender XDR, endpoint protection platforms, SIEM/MDR solutions, and Azure/M365 security controls
• Lead incident response operations — containment, investigation, remediation — and coordinate with leadership and stakeholders on findings and risk posture
• Perform security audits, vulnerability assessments, and penetration testing to identify and remediate weaknesses across infrastructure, applications, and cloud environments
• Develop and enforce security policies, procedures, and compliance programs aligned to NIST 800-171 and ITAR controls.
• Automate security workflows and build detection logic to improve alert fidelity, operational efficiency, and coverage across the environment
• Establish change control processes, security baselines, and security awareness training programs

You should have the following

• 8+ years of progressive experience in cybersecurity engineering, with demonstrated ability to build and operate security programs — not just maintain existing ones
• Deep hands-on expertise with the Microsoft security ecosystem including Defender XDR (Endpoint, M365, Identity, Cloud Apps), Entra ID Protection, and Azure/M365 security controls
• Proven experience deploying and managing MDR/SIEM solutions for 24/7 threat monitoring and SOC operations (e.g., Rapid7, Secureworks Taegis XDR, or equivalent)
• Strong background in incident response — containment, investigation, remediation, forensic preservation, and stakeholder communication
• Working knowledge of compliance frameworks including NIST 800-171, NIST CSF, CIS benchmarks, and PCI DSS, with hands-on experience performing audits and control assessments
• Experience conducting vulnerability assessments and penetration testing across infrastructure, applications, and cloud environments
• Proficiency with endpoint protection platforms, Microsoft security baseline configuration, and change control programs
• Demonstrated ability to automate security workflows using AI-assisted tooling, XDR automation, or scripting
• Strong communication skills — able to translate security risks and technical findings for non-technical leadership and cross-functional teams
• Relevant certifications preferred: MCSA, CISSP (in progress acceptable), CompTIA Security+/CySA+, or equivalent

Nice to have

• Experience building a cybersecurity program from scratch at a startup or early-stage company
• Familiarity with ISO standards, 27001 in particular
• Familiarity with network segmentation tools (e.g., Illumio) and next-gen firewall administration (Palo Alto, Zscaler)
• Experience with security awareness platforms (KnowBe4 or equivalent) and phishing simulation programs
• Background in systems administration (Active Directory, Citrix, SCCM, Intune) providing depth of understanding of the environments being secured
• Experience with Tenable.ot or OT security in operational technology environments
• CISSP, SANS GIAC, or advanced Microsoft security certifications
• Eligibility or willingness to obtain a security clearance for potential future classified work

US Salary Range

$80,000 - $135,000 USD

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are considered part of Neros' total compensation package.

We’re an equal opportunity employer. We welcome all applicants without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.