Information Systems Security Engineer

Description

Reusable launch systems are the key to seamlessly connecting Earth and space. Security and compliance with applicable frameworks are foundational to these efforts. As an Information Systems Security Engineer in Stoke Space’s Information Technology department, you’ll be the person ensuring that our information security posture meets our rapidly growing needs and achieves our ISO 27001:2022 compliance obligations while facilitating a successful startup culture as we race towards our first launch of Nova.

We are a small and motivated team, and you will work across the entire Stoke organization and across product teams to define our ISMS scope, perform risk assessments, and implement security controls as necessary. Additionally, you will align our ISO 27001:2022 controls with our other GRC frameworks including NIST and FedRAMP. 

You must be ready to stay focused, move fast, self-direct, and learn on the fly. 

Responsibilities

• Lead the development, implementation, and continuous improvement of the ISO/IEC 27001:2022-compliant ISMS
• Own the risk assessment process, including identifying, evaluating, and treating information security risks
• Define, document, and enforce security policies, standards, and procedures in alignment with ISO 27001:2022 Annex A controls
• Monitor and analyze security systems and alerts to identify suspicious activities and respond to potential threats
• Conduct regular security audits and vulnerability assessments to identify and mitigate potential risks
• Align the organization’s ISO 27001 implementation with complementary security frameworks such as NIST 800-53, NIST 800-171, FedRAMP and SOC 2, where applicable
• Collaborate with cross-functional teams to integrate security controls into business processes, IT systems, and engineering development
• Stay current with changes to ISO standards, emerging threats, and evolving compliance obligations
• Assist with hands-on system administration tasks, particularly those related to security configurations
• Perform additional duties as assigned to support organizational goals and objectives

Qualifications

• Exceptional understanding of IT infrastructure, including applications, networks, servers, storage, and cloud technologies
• Strong analytical and problem-solving skills to identify, address, and mitigate security risks and issues
• Bachelor’s degree in Computer Science, Cybersecurity or related field
• 5+ years of experience in Information Security field 
• Deep understanding of ISO/IEC 27001:2022, including Annex A controls and risk-based implementation
• Excellent written and verbal communication 

Preferred Qualifications

• Relevant certifications such as ISO/IEC 2700:2002 Lead Implementer, CISSP, or CISA
• Knowledge of other frameworks (e.g., NIST 800-53/171, SOC 2) is a plus
• Experience in aerospace and/or manufacturing organizations
• Prior experience working in a startup environment, demonstrating adaptability, resourcefulness, and a hands-on approach to security management

Benefits

• Equity – We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees. 
• Comprehensive benefits program including subsidized medical, dental, and vision insurance 
• Company-paid life and disability insurance 
• 401(k) plan with employer match 
• 4 weeks’ Paid Time Off  
• Holidays – 10 days (including an end-of-year closure) 
• Paid Family/Parental Leave  
• On-site gym or monthly wellness stipend (depending on location) 
• Dog friendly offices! 

Compensation

Target Levels:

• Level 3 range: $127,200 - $190,800 
• Level 4 range: $152,600 - $229,000 

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis. 

Your actual level and base salary will be decided based on your specific experience and skill level.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.