other
Posted Apr 26IT and SecOps
at Nox Metals
Detroit, United StatesOn-site
Requirements
- experience owning CMMC, NIST 800-171, and DFARS 7012 from the inside, you have built the SSP, run the controls, and passed assessments - Fluent in identity, endpoint, network, cloud, and OT security as a single integrated stack - Experienced segmenting IT and OT networks in a real factory, not just on paper - Comfortable as a solo IC, you own the function end to end and pick the tools we run on - Cracked with software, scripting, and automation, you do not click through 200 user accounts when a script will
- Experience in metals, aluminum, or aerospace/defense supply chains - CISSP, CISM, Security+, or comparable security credentials - Hands-on
- experience with Microsoft 365 GCC or GCC High environments - Background segmenting and hardening OT networks (CNC, PLC, HMI environments) - Track record passing a CMMC Level 2 third-party assessment - Comfortable using AI tools to work faster and smarter This role is full time, in person in Detroit.
Additional details
- IT and SecOps | Nox Metals | Detroit, MI American factories deserve a supply chain that moves as fast as they do.
- The next generation of American manufacturing is being built right now.
- Nox Metals is a technology company in Detroit supplying aluminum plate, bar, and rounds to aerospace and defense manufacturers.
- We use software and automation to supply metal to American factories faster than the industry thought possible.
- We need an IT and SecOps lead to own every laptop, every account, every network, every endpoint, and every byte of customer data.
- Our customers are aerospace and defense manufacturers.
- Their security expectations are our floor, not our ceiling.
- Nox Metals is an employer with real opportunity for long term career growth, this is a place to build a career, not just hold a job.
- You will: - Own IT and SecOps end to end as a solo IC across the entire company, office, factory, and field - Own CMMC compliance end to end, build it, run it, audit it, certify it, defend it - Own NIST 800-171 controls, DFARS 7012 cyber requirements, and all customer-driven security obligations - Build and maintain the System Security Plan (SSP), POA&M, and every artifact CMMC and customer audits demand - Own identity and access management, SSO, MFA, provisioning, deprovisioning, least privilege across