IT Security Specialist

This is a hybrid role and requires 3 days in the office in Ann Arbor, Michigan.

The National Center for Manufacturing Sciences (NCMS) is a cross-industry technology development consortium, dedicated to improving the competitiveness and strength of the U.S. industrial base. As a member-based organization, it leverages its network of industry, government, and academic partners to develop, demonstrate, and transition innovative technologies efficiently, with less risk and lower cost.

NCMS enables world-class member companies to work effectively with other members on new opportunities – bringing together highly capable companies with providers and end-users who need their innovations and technology solutions. NCMS members benefit from an accelerated progression of idea creation through execution.

The IT Security Specialist is responsible for designing, implementing, and maintaining the organization’s security posture across cloud, applications, and enterprise environments. This role combines deep technical expertise with risk management, governance, and strong cross-functional collaboration to protect systems, data, and infrastructure while enabling business objectives.

• Design, implement, and manage cloud security architectures across AWS (Amazon Web Services), Azure (Microsoft Azure), and GCP (Google Cloud Platform) with a focus on IAM (Identity and Access Management), secure containerization using Kubernetes(K8s), and multi-cloud environments.
• Monitor, detect, and respond to security threats using AI (Artificial Intelligence)-driven tools and automation, including SOAR (Security Orchestration, Automation, and Response) and SIEM (Security Information and Event Management) platforms to optimize detection and response workflows.
• Lead incident response and digital forensics efforts, including threat analysis, root-cause investigations, and post-incident remediation.
• Conduct forensic analysis to determine the origin, scope, and impact of security incidents, and lead coordinated incident response “war room” scenarios when required.
• Integrate security and Dev Ops (Development and Operations) practices into the SDLC (Software Development Lifecycle), ensuring security controls are embedded from design through deployment.
• Identify, evaluate, and mitigate security risks to align with business goals and operational priorities through formal risk management and security assessments.
• Support and maintain compliance with relevant regulatory and security frameworks, including GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), NIST (National Institute of Standards and Technology), CMMC (Cybersecurity Maturity Model Certification), FedRAMP (Federal Risk and Authorization Management Program), and ISO 27001 (International Organization for Standardization 27001).
• Partner with legal, compliance, and business stakeholders to translate regulatory requirements into practical technical controls.
• Contribute to the development and maintenance of security policies, standards, and procedures.
• Clearly communicate complex technical security concepts to non-technical stakeholders, leadership, and executive audiences.
• Demonstrate strong analytical thinking and problem-solving skills, applying critical analysis to complex, ambiguous, and unstructured security challenges to identify root causes and develop effective, risk-informed solutions.
• Collaborate cross-functionally to ensure security initiatives support operational efficiency and innovation.
• Perform other duties as assigned.

• Must be a citizen of the United States.
• Must have or be eligible to obtain a government security clearance.
• Must be fully vaccinated against COVID-19 unless legally exempt.
• Flexibility to work a hybrid schedule; three days in office & two days home.
• At least 5 years’ experience in Information Technology and Cloud Security roles with increasing responsibility for architecture, implementation, and incident response.
• Demonstrated experience designing, implementing, and securing cloud environments across…