About Mach Industries

Founded in 2022 Mach Industries is a rapidly growing defense technology company focused on developing next-generation autonomous defense platforms. At the core of our mission is the commitment to delivering scalable decentralized defense systems that enhance the strategic capabilities of the United States and its allies. With a workforce of approximately 220 employees we operate with startup agility and ambition.

Our vision is to redefine the future of warfare through cutting-edge manufacturing innovation at speed and unwavering focus on national security. We are dedicated to solving the next generation of warfare with lethal systems that deter kinetic conflict and protect global security.

The Role

Were seeking an Information Security Analyst II to drive our efforts to build maintain and continuously improve our security and compliance posture across the breadth of our network infrastructure facilities and endpoints. Youll continuously collaborate with cross-functional teams including IT physical security product security GRC software development operations engineering manufacturing and legal to ensure our information security programs exceed both technical and regulatory standards.

The ideal candidate has a cybersecurity background with hands-on expertise in network security tools and cloud environments particularly within regulated and compliance-heavy programs. You are familiar with NIST SP 800-171 CMMC DFARS ATO authorization workflows and/or ISO 27001 and you can translate these requirements into practical auditable security controls that support mission and compliance objectives.

Key Responsibilities

• Monitor triage and investigate security alerts from SIEM EDR/XDR IDS/IPS and other detection tools.

• Respond to security incidents (phishing malware unauthorized access data loss events) perform root cause analysis and document findings.

• Create and refine alert logic detections and security playbooks to improve response efficiency.

• Conduct vulnerability scans validate findings prioritize remediation and track closure.

• Support patch management and secure configuration baselines in partnership with IT and infrastructure teams.

• Assist in threat modeling security assessments and identifying systemic weaknesses.

• Support security controls testing and evidence gathering for audits (SOC 2 ISO 27001 NIST ATO CMMC as applicable).

• Maintain and improve security policies standards and procedures.

• Contribute to risk assessments and third-party/vendor risk reviews.

• Help build security awareness initiatives such as phishing simulation programs and secure behavior training.

• Provide guidance to internal teams on secure processes and best practices.

• Participate in security projects such as MFA rollouts IAM improvements cloud security hardening logging standardization etc.

• Assist with access reviews permissions validation and identity lifecycle processes.

• Partner with engineering and IT to enhance security architecture and controls.

Required Qualifications

• 35 years of experience in information security security operations or a related technical security role.

• Experience working with security tooling (examples: SIEM like Splunk/Elsastic/Sentinel EDR like CrowdStrike/MDE vulnerability tools like Tenable/Qualys).

• Familiarity with incident response processes and frameworks (NIST SANS).

• Strong understanding of common attack techniques and defensive strategies (MITRE ATT&CK).

• Ability to analyze logs network traffic and endpoint activity to investigate suspicious behavior.

• Strong written and verbal communication skills with the ability to write clear incident reports and recommendations.

Preferred Qualifications

• Security certifications (one or more preferred): Security GSEC SSCP CySA CEH CISSP (Associate) Splunk certification Microsoft security certifications etc.

• Experience with cloud security (AWS / Azure / GCP) including logging and access control best practices.

• Familiarity with security automation/SOAR scripting (Python PowerShell) or query languages (KQL SPL).

• Experience supporting compliance frameworks (SOC 2 ISO 27001 NIST 800-53).

• Strong understanding of identity and access management network segmentation and endpoint hardening.

Disclosures

This position may require access to information protected under U.S. export control laws and regulations including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). Please note that any offer for employment may be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations without sponsorship for an export license.

Mach participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.

The salary range for this role is an estimate based on a wide range of compensation factors inclusive of base salary only. Actual salary offers may vary based on (but not limited to) work experience education and training critical skills and business considerations. Highly competitive equity grants are included in most offers and are considered part of Machs total compensation package. Mach offers benefits such as health insurance retirement plans and opportunities for professional development.

Mach is an equal opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race color creed religion sex gender identity sexual orientation national origin disability uniform service Veteran status age or any other protected characteristic per federal state or local law including those with a criminal history in a manner consistent with the requirements of applicable state and local laws. If youd like to defend the American way of life please reach out!

Required Experience:

IC