Director of Enterprise Cybersecurity

We are seeking a strategic and results-driven Director of Cybersecurity to lead all aspects of STR’s enterprise cybersecurity programs, policies, and implementation. The Director will oversee the development, implementation, and continuous improvement of strategies to safeguard critical information systems and ensure compliance with Department of Defense (DoD) regulations and industry best practices. 

In this high-impact role, the Director of Cybersecurity will serve as a leader, advisor, and innovator responsible for building a proactive security organization capable of identifying, mitigating, and responding to threats while integrating technology and process solutions that keep STR secure and resilient. This position requires exceptional leadership skills, deep technical expertise, and the ability to collaborate across teams to align security posture with business objectives. 

Location: Woburn, MA, on-site, hybrid, (minimum 3 days/week in Woburn office)

Key Responsibilities:

Strategic Leadership 

• Refine our comprehensive, forward-looking enterprise cybersecurity strategy that aligns with STR’s mission, business goals, and compliance requirements.
• Define and monitor key performance indicators (KPIs) to measure security program effectiveness and ROI.
• Partner with executive leadership to advise on security investments, risk mitigation strategies, and incident response readiness.
• Manage cybersecurity risk as part of the enterprise risk management program, and update and present changes to the risk committee. 

Cybersecurity Operations 

• In collaboration with the Director of Enterprise Infrastructure, oversee the implementation and monitoring of technical and operational security controls to protect STR’s assets across on-premises and cloud environments.
• Review enterprise vulnerability management programs, including proactive scanning, risk prioritization, and remediation tracking.
• Working with the Director of Enterprise Infrastructure, oversee the implementation and continuous improvement of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, cloud security controls, and data loss prevention solutions.
• Partner with the Director of Enterprise Infrastructure, to optimize network and perimeter security strategies to include secure network design and best practices for multi-platform environments (Windows, Linux, Mac, etc.). 

Governance, Risk, and Compliance (GRC) 

• Ensure company-wide compliance with NIST 800-171, DFARS, CMMC, and other applicable DoD/federal cybersecurity regulations.
• Lead internal and third-party IT audits, including tracking findings, managing resolutions, and driving continuous improvements.
• Develop, review, and implement cybersecurity policies, procedures, and standards to maintain security integrity while enabling business growth.
• Serve as a primary point of contact for customers, regulators, and compliance bodies regarding enterprise cybersecurity audits and inquiries. 

Incident Response and Threat Management 

• Oversee the ongoing improvement and operation of STR’s Enterprise Incident Response Plan and lead the team in managing and mitigating security incidents, including phishing, malware outbreaks, and breaches.
• Direct threat intelligence and risk assessment activities to evaluate emerging vulnerabilities and proactively implement preventive controls. 

Collaboration and Team Development 

• Build, mentor, and lead a high-performing, cross-functional cybersecurity team, fostering a culture of innovation and accountability.
• Work effectively across departments, including IT, Engineering, procurement, contracts, and legal, to ensure security requirements are met. 

Additional Responsibilities 

• Assess and optimize relationships with external cybersecurity partners.
• Conduct regular briefings on the status of security programs, emerging threats, and risk mitigation actions.
• Identify and deploy cutting-edge cybersecurity tools and technologies for continuous improvement. 

Required Qualifications 

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s degree preferred).
• 10+ years of leadership roles in information security governance, risk management, and compliance, with at least 5 years leading enterprise cybersecurity teams.
• Current CISSP, CISM, or equivalent DoD 8570 certifications
• Experience with CMMC requirements and auditing
• Strong technical expertise in implementing security frameworks (e.g., NIST 800-171, CIS, ISO, ITIL) and risk management methodologies.
• Deep knowledge of enterprise IT systems, cloud infrastructure security, and secure network architecture.
• Demonstrated success in building operational cybersecurity teams and fostering a collaborative culture.
• Experience leading security incident response efforts, including hands-on involvement in detection, analysis, containment, and recovery phases.
• Knowledge of emerging trends, technologies, and threats in cybersecurity.
• Must possess an active Secret clearance or ability to obtain a clearance, which requires U.S. Citizenship. 

Preferred Qualifications 

• Master’s degree in Cybersecurity, Business, or related field.
• Experience in the aerospace, defense, or government contracting environment.
• Expertise in supply chain risk management for secure systems and products.
• Familiarity with cloud security models, such as AWS GovCloud, Microsoft GCC High, Google Cloud, and other cloud applications.
• Proven ability to develop and deliver executive-level metrics, dashboards, and reports to inform risk-based decisions. 

Why Join Us 

At STR, you will lead cutting-edge cybersecurity initiatives that protect critical infrastructure, business operations, and national security. This role offers the opportunity to be a transformational leader in delivering secure IT environments that enable mission success for the warfighter and strengthen national resilience. 

Pay Information 

Full-Time Salary Range: $214,000 to $250,000

The salary range listed is based on external market data. Offers are based on factors, such as but not limited to, the candidate’s experience, education, training, key skills/critical skills, security clearances, and prevailing market and business conditions.

STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.

STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.

STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at appassist@str.us and provide your contact info.

Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.