×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Cloud Computing Systems Engineer

Cyber Resilience Architect: Recovery & IaC Lead

Job in Waltham, Middlesex County, Massachusetts, 02254, USA
Listing for: Xometry
Full Time position
Listed on 2026-05-26
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing, Systems Engineer
Salary/Wage Range or Industry Benchmark: 205000 - 233000 USD Yearly USD 205000.00 233000.00 YEAR
Job Description & How to Apply Below

Xometry (NASDAQ: XMTR) powers the industries of today and tomorrow by connecting the people with big ideas to the manufacturers who can bring them to life. Xometry’s digital marketplace gives manufacturers the critical resources they need to grow their business while also making it easy for buyers at Fortune 1000 companies to tap into global manufacturing capacity.

We’re looking for a Staff Cyber Resilience Engineer to lead our defense against the attacks that matter most: ransomware, destructive wipes, and data loss s is a hands‑on technical leadership role. You will own the design and engineering of our Isolated Recovery Environment, set the standard for Infrastructure as Code across the organization, and ensure that if our AWS environment is ever compromised, we can restore operations with certainty and speed.

You will work with a high‑caliber engineering team, have direct influence on our security architecture, and lead recovery exercises that test the organization end‑to‑end.

What You’ll Do Own Our Recovery Architecture
  • Design and build our Isolated Recovery Environment — a hardened AWS account with immutable vaults that break the attacker’s kill chain before it reaches our data.
  • Threat model our environment with a deep understanding of cloud-native attack patterns: IAM privilege escalation, backup deletion, ransomware persistence, and lateral movement across accounts.
  • Validate and continuously improve backup configurations to ensure recoverability, not just existence.
Standardize and Automate Infrastructure
  • Lead our transition to 100% Infrastructure as Code. Every asset (VPCs, IAM roles, security groups) must be defined in Terraform so we can redeploy the entire stack into a clean account via automated pipeline.
  • Build automated recovery workflows that can tear down a compromised environment and bootstrap a fresh, hardened one from verified code and clean data.
  • Write and maintain executable recovery playbooks that detail the exact API calls and CLI commands needed to restore the application — tested, versioned, and runnable, not static documents.
Validate, Test, and Lead Exercises
  • Develop automated scripts (Python or Go) to smoke test recovered data and validate integrity post‑restoration.
  • Lead regular hands‑on recovery drills that simulate total loss of a critical environment and full recovery into a secondary clean account. Own the after‑action process and drive improvements.
  • Act as the resilience authority for the engineering organization — shaping high‑availability architecture decisions, influencing design reviews, and raising the floor on how we think about recoverability.
  • Partner with the Site Reliability Engineering team on multi‑region deployments and high‑availability design, ensuring cyber resilience is embedded in architecture from the start.
  • Champion IaC and immutable infrastructure practices across teams, not just within your own workstream.
What You Bring Required
  • 8+ years of experience in complex cloud environments (any of AWS/GCP/Azure), including at least 3 years in AWS. EKS/Kubernetes experience is a strong plus.
  • Strong Terraform skills. You should be able to modularize complex environments so they are environment‑agnostic.
  • Hands‑on familiarity with the Secure Vault pattern: protecting data in a separate, highly restricted AWS account with tight network controls.
  • Advanced shell scripting and proficiency in either Python or Go to automate restoration tasks that native AWS tooling doesn’t cover.
  • Experience with CI/CD tooling (Scalr, Git Hub Actions, or equivalent) to enable broad adoption of recovery pipelines across the organization.
  • Proven ability to engineer and automate end‑to‑end restoration workflows.
Preferred
  • Hands‑on experience leading technical recovery efforts from an actual cyber attack or destructive incident.
  • Experience with chaos engineering tooling to stress‑test recovery assumptions.
  • Familiarity with NIST SP 800‑34 (Contingency Planning) or similar frameworks.
  • AWS Security Specialty certification or equivalent demonstrated expertise.

The estimated base salary range for new hires into this role is $205,000‑$233,000 annually + annual bonus depending on factors such as job‑related…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search