Security Engineer

Company Overview

Qarbon Aerospace is a world class manufacturer of cutting-edge composite components and assemblies for the Aerospace and Space industry’s most advanced commercial and military aircraft. Qarbon Aerospace has the capabilities and resources to solve the market’s toughest challenges On-Time with Quality Assured.  As a US-based company with more than 100 years of experience and 1.6 million square foot of state-of-the-art facilities, we assure quality into every fiber, letting our customer’s ideas and our employee’s passion take flight.

Security Engineer Principal Position Overview

The Security Engineer is a foundational, high-impact role within the Cybersecurity, Compliance & Governance team. This is an entry-level position intentionally designed as a ground-floor opportunity — the expectation is that the right candidate will grow with the organization as its security posture matures. The individual in this role will serve as an all-encompassing security practitioner, supporting risk management, system hardening, compliance documentation (with emphasis on CMMC), data loss prevention, identity and access governance, and day-to-day security operations.

This is a rare opportunity for a motivated early-career professional to build deep expertise across multiple security domains, work alongside experienced compliance and governance professionals, and position themselves for rapid advancement into senior security engineering, compliance, or security architecture roles.

Key Responsibilities

Risk Management & Security Assessments

• Assist in the identification, evaluation, and documentation of cybersecurity risks across systems, processes, and vendors.


• Support the development and maintenance of the organization’s risk register.


• Participate in security assessments, vulnerability scans, and penetration test follow-ups; track remediation activities.


• Help evaluate third-party and supply chain security risks.

CMMC Compliance & Documentation

• Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and related artifacts required for CMMC compliance.


• Assist in mapping organizational controls to NIST SP 800-171 and CMMC Level 2 (and Level 3 where applicable) requirements.


• Participate in internal CMMC readiness reviews and support coordination with Certified Third-Party Assessment Organizations (C3PAOs).


• Support audit preparation activities and maintain audit trails and evidence packages.


• Keep configuration and system documentation current, accurate, and audit-ready.

Data Loss Prevention – Microsoft Purview & Netwrix

• Assist in the administration and tuning of DLP policies within Microsoft Purview to protect sensitive and controlled unclassified information (CUI).


• Monitor DLP alerts, investigate policy violations, and escalate incidents as needed.


• Support Netwrix deployments for file activity monitoring, data classification, and access auditing.


• Maintain documentation for DLP configurations, policy exceptions, and incident response activities.

Identity, Access & Account Governance

• Review and analyze user account permissions, group memberships, and privileged access rights across systems and applications.


• Support user access reviews (UARs) and assist in the enforcement of least-privilege principles.


• Assist in the management and auditing of service accounts, shared accounts, and administrative credentials.


• Monitor for dormant accounts, over-provisioned permissions, and access anomalies; escalate and remediate findings.


• Support identity lifecycle management processes including provisioning, modification, and de-provisioning.

Security Configuration & Hardening

• Maintain and review baseline security configurations (CIS Benchmarks, STIG guidance) for endpoints, servers, and cloud assets.


• Support CMDB hygiene and ensure system documentation remains current and accurate.


• Assist in tracking deviations from approved baselines and follow through on remediation.

Security Operations Support

• Monitor security tooling dashboards and escalate alerts per defined procedures.


• Assist in the development and maintenance of security policies, procedures, and standards documentation.


• Support incident response activities including evidence collection, timeline development, and post-incident reporting.


• Participate in security awareness training coordination and phishing simulation programs.

Experience and Education Qualifications

Required:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field — OR equivalent work experience / military service.


• 0–3 years of experience in an IT, security, or compliance-related role (internships and co-ops count).


• Foundational understanding of networking concepts (TCP/IP, DNS, VPN, firewalls) and operating systems (Windows, Linux).


• Familiarity with cybersecurity frameworks (NIST CSF, NIST 800-171, ISO 27001) at a conceptual level.


• Strong written and verbal communication skills — this role produces a significant volume of documentation.


• High attention to detail; ability to manage multiple tasks and track open items to closure.


• U.S. Citizenship required (position requires access to controlled unclassified information / CUI).

Preferred:

• CMMC Certified Assessor (CCA) or CMMC Registered Practitioner (RP) credential — highly preferred.


• Industry certifications: CompTIA Security , CompTIA CySA , (ISC)² CC or SSCP, EC-Council CEH.


• Hands-on experience with Microsoft Purview (DLP, Compliance Manager, Sensitivity Labels).


• Hands-on experience with Netwrix Auditor or similar file/directory auditing tools.


• Experience with vulnerability scanners (Nessus/Tenable, Qualys, OpenVAS).


• Familiarity with SIEM platforms (Microsoft Sentinel, Splunk, QRadar).


• Prior experience preparing documentation for CMMC, FedRAMP, SOC 2, or similar audits.


• Experience with identity and access management platforms (Active Directory, Azure AD / Entra ID).


• An active security clearance is highly preferred. Candidates without an active clearance may still be considered but must be eligible to obtain and maintain one.

What does Qarbon Aerospace have to offer?

• Company Paid Benefits available immediately upon employment.
  
  
  
  • Basic Life Insurance 
  
  
  • Short-Term Disability (STD) & Long-Term Disability (LTD)
  
  
  • 12 Paid Holidays
  
  
  • Flex Time Off
  
  


• Medical/Prescription Insurance


• Dental & Vision Insurance


• Critical Illness Insurance / Hospital Indemnity Insurance / Accident Insurance


• Life Insurance and AD&D Insurance


• Savings and Spending Accounts
  
  
  
  • Health Flexible Spending Account (FSA)
  
  
  • Dependent Care FSA
  
  
  • Health Savings Account (HSA)
  
  


• Immediate vesting on 401(k) Plans


• Tuition Reimbursement