Senior IT & Security Engineer (USA)

DroneShield

Warrenton, Virginia

JOB DETAILS
SKILLS
Access Control, Administrative Skills, Alliance/Partner Management, Application Integration, Budgeting, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Community Cloud, CompTIA Security+, Computer Security, Continuous Improvement, Cryptography, Customer Escalations, Customer Support/Service, Endpoint Security, Establish Priorities, Firewalls, GNU C Compiler, Government, Hardware Administration, Help Desk, IT Service Management (ITSM), ITIL (IT Infrastructure Library), Identity Data Management, Incident Management, Incident Response, Information Technology & Information Systems, Machine Tool, Management of Information Systems/Technology (MIS), Manufacturing Data Management, Microsoft Access Database, Microsoft Product Family, Mobile Devices, Network Administration/Management, Network Integration, Network Security, Network Support, Operational Audit, Operations Security (OPSEC), Presentation/Verbal Skills, Recruiting/Staffing Agency, Risk, Security Information and Event Management (SIEM), Security Monitoring, Security Patches, Service Delivery, Service Level Agreement (SLA), Single Sign-On (SSO), Software Administration, Software Patches, System Integration (SI), Technical Support, Technical Writing, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), VPN (Virtual Private Network), Writing Skills
LOCATION
Warrenton, Virginia
POSTED
30+ days ago


About the role

The Senior IT & Security Engineer is the primary local owner for the Warrenton office’s IT operations and security engineering, with responsibility for supporting CMMC / NIST 800-171 control implementation and audit readiness. This role is hands-on and spans end-user support, identity and endpoint administration, network and security operations, local incident response, and compliance execution. The position works closely with DroneShield’s global IT and Security teams in Sydney, which provide broader governance, shared services, and partnership on global initiatives.


This is a high-ownership, hands-on role requiring strong technical depth, sound judgment, clear prioritization, and the ability to operate across IT operations, security engineering, and compliance.


Responsibilities, Duties and Expectations 

  • Partner with global IT and Security teams to deliver reliable, secure IT services for the U.S. office and support the company’s broader security and compliance strategy.
  • Own local IT service delivery, including ticket intake, prioritization, escalation, user communication, and SLA performance. Provide hands-on support for hardware, software, collaboration tools, and access issues, and serve as the primary escalation point for complex local IT and security incidents.
  • Administer identity and access controls across users, devices, and applications using Microsoft Entra ID, including SSO, Conditional Access, MFA, and role-based access controls.
  • Integrate business applications into the identity and security stack using SSO, MFA, Conditional Access, and modern authentication mechanisms such as FIDO2 passwordless authentication.
  • Administer and continuously improve endpoint security controls, including device compliance, patching, system hardening, vulnerability remediation, encryption, and EDR / MDM tooling.
  • Support and manage network security, including firewall management, secure network integrations, VPNs, and segmentation.
  • In coordination with the Global Security Team, lead local incident triage and response activities for the U.S. office, including investigation, containment, remediation, evidence gathering, lessons learned, and post-incident reporting.
  • Partner with the Global Security Team, business stakeholders, vendors, and external assessors to support CMMC / NIST 800-171 readiness activities, including technical control implementation, evidence collection, remediation tracking, and audit support.
  • Help plan and manage the local IT and security budget, including tooling, hardware lifecycle, vendor services, and investment recommendations aligned to business and compliance priorities.


Qualifications, Experience and Skills 

  • 7+ years of experience across IT infrastructure, service management, and security-conscious operational environments.
  • Hands-on experience in a security operations, systems security, or security engineering role, including incident response and control implementation.
  • Working knowledge of CMMC 2.0 / NIST SP 800-171 requirements, with practical experience supporting implementation, evidence collection, remediation, or assessment readiness activities.
  • Hands-on experience with security and device-management platforms such as EDR, SIEM, vulnerability management, and MDM / Intune.
  • Experience managing firewalls, VPNs, network security, and secure system integrations.
  • Proven hands-on experience with identity and access management using Microsoft Entra ID, including SSO, Conditional Access, MFA, group / role-based access, and application integration.
  • Strong background in endpoint security, patch management, and system hardening using Mobile Device Management (MDM) platforms such as Microsoft Intune.
  • Experience participating in or leading incident response, investigation, containment, and remediation activities.
  • Comfort working across both hands-on user support and higher-order security / compliance priorities in a small-team, high-accountability environment.
  • Excellent written and verbal communication skills.


Preferred Experience

  • Experience updating policies, procedures, standards, and technical documentation to support audit readiness and operational consistency.
  • Experience working in the United States Defense Industrial Base.
  • Experience supporting organizations requiring facility clearances.
  • Experience with Microsoft Government Community Cloud (GCC) platforms.
  • Security or IT certifications (e.g., CISSP, CISM, Security+, CMMC-RP, ITIL).
  • Experience developing and maintaining IT and security budgets.
  • Practical understanding of governance, risk, and compliance concepts and how they translate into technical and operational controls.


Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.


About the Company

D

DroneShield