Cybersecurity Engineer - job 1 of 2

About Commonwealth Fusion Systems: 

Commonwealth Fusion Systems is on a mission to deliver the urgent transition to fusion energy.

Combining decades of research, top talent and new technologies, we’re designing and building commercially viable fusion power plants. And working with policymakers and suppliers to build the energy industry of the future. 

We’re in the best position to make it happen. Since 2018, we’ve raised over $2 billion in capital – more than any other fusion energy company in the U.S.

Now we’re looking for more thinkers, doers, builders, and makers to join us. People who’ll bring new perspectives, solve tough problems, and thrive as part of a team. 

If that’s you and this role fits, we want to hear from you.

Join the power movement as a Cybersecurity Engineer

CFS is seeking a highly skilled and experienced Cybersecurity & Compliance Engineer to join the dynamic IT organization. This critical role offers a unique opportunity to directly shape and uphold the highest standards of security and data privacy for our cutting-edge solutions.

As the primary driver for internal compliance, you will be instrumental in maturing and maintaining our robust cybersecurity compliance posture across a diverse portfolio of industry standards, including ISO 27001. The Cybersecurity Engineer integrates security requirements into IT systems, conducts vulnerability assessments, maintains secure baselines, and implements best practices while collaborating with architects. You will collaborate extensively across the IT organization and with broader CFS teams, benefiting from the deep compliance and security expertise that exists within the wider organization. This ensures our innovative solutions not only meet but consistently exceed stringent regulatory requirements. You will use the expertise and credentials gained through these compliance efforts to strategically support all employees across all sites. This position demands a blend of deep technical expertise in compliance and privacy, exceptional cross-functional communication skills, and a proactive, strategic approach to safeguarding sensitive data and fostering trust.

Your leadership and hands-on contribution will be vital in ensuring our organization remains at the forefront of security and compliance, protecting sensitive data and building unwavering trust with our employees.

• Ensure safe use of cloud services by developing cloud infrastructure security standards
• Deploy tools to monitor compliance of cloud infrastructure
• Perform ongoing assessments to monitor cloud infrastructure compliance and vulnerabilities
• Perform security assessment of new cloud infrastructure platforms
• Integrate security requirements into IT systems.
• Conduct regular vulnerability assessments and penetration testing to identify potential risks and weaknesses.
• Develop and implement effective remediation strategies for identified security gaps.
• Implement system hardening and compliance
• Implement and integrate static and dynamic code analysis tools
• Research and evaluate Cybersecurity tools and methodologies
• Collaborate with cyber and product architects to harden platforms and tool chains
• Define and enforce secure-by-default software engineering practices
• Ensure compliance documents remain up-to-date, including system policies, procedures, controls, data maps, and customer documentation. Model efficiency in your own work, and arm subject matter experts with content, tools, and direction to minimize their effort

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field; additional experience, certifications or training may be considered in lieu of degree
• 3-5 years of relevant IT/ DevOps/Security Engineering experience
• Self-starting individual with the right attitude, aptitude to identify, take ownership of and solve challenging problems
• Interest in continual learning and development of the team and themselves
• Ability to work collaboratively and independently to develop creative solutions
• Passion for securing and maintaining IT and OT systems critical to national and international security
• Project management skills
• Great numerical and analytical skills
• Possess Excellent problem-solving skills
• Have attention to detail and excellent communication skills, both written and verbal
• Have an agile mindset to provide solutions quickly with an incremental value to customers

• Beginner to intermediate Windows, Linux and Networking skills
• Familiarity with tools like Rapid7/Metasploit, CrowdStrike, Snyk and KnowBe4
• Experience in hardening modern operating systems and implementing security engineering best practices.
• Familiarity with cloud security platforms such as AWS, Azure, or Google Cloud.
• Experience with NIST Cybersecurity Framework, ISO 27001, NIST 800-171 (CMMC), or Risk Management Framework (RMF)

• Ability to occasionally lift up to 50 lbs
• Perform activities such as typing, standing, or sitting for extended periods of time
• Willingness to occasionally travel or work required nights/weekends/on-call
• Work in a facility that contains industrial hazards including heat, cold, noise, fumes, strong magnets, lead (Pb), high voltage, high current, pressure systems, and cryogenics

#LI-Hybrid

At CFS, we excel in fast-paced environments, driven by our values of integrity, execution, impact, and self-critique. As we grow, we’re eager to bring on mission-driven folks who offer diverse perspectives and fresh ways to tackle challenges.

We value diversity deeply and are proud to be an equal opportunity employer by choice. We consider all qualified applicants equally, regardless of race, color, national origin, ancestry, citizenship status, protected veteran status, religion, physical or mental disability, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law.