We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Cybersecurity Compliance & Operations Specialist - Aerospace Industry

Hytek Finishes
life insurance, parental leave, paid time off, paid holidays, short term disability, long term disability, tuition reimbursement, 401(k), profit sharing
Jul 06, 2026
Cybersecurity Compliance & Operations Specialist

Reports to: IT Manager

Location: Kent, WA

Type: Exempt, Full-Time


Schedule: *100% Onsite: Monday - Friday

Salary Range for position: $115,000 - $150,000; placement within this range will be based upon previous experience, certifications, technical depth, CMMC and NIST SP 800-171 experience, SOC coordination experience, and facility cybersecurity experience

Full benefits package includes Medical, Dental, Vision, 401(k) matching, Performance Share incentive compensation (Profit Sharing Plan), 3-weeks paid time off to start, paid community service day, tuition reimbursement, parental leave, short term disability, long term disability, life insurance, long-term care plan options, 10 paid holidays, and onsite health services that includes access to a massage therapist.

Role Overview

The Cybersecurity Compliance & Operations Specialist helps build, operate, and continuously improve the organization's internal security program. This hands-on role supports multiple security domains, including security operations, identity and access management, endpoint and network defense, vulnerability management, vendor risk, compliance, incident readiness, and employee security enablement. The position works closely with IT, facility leadership, corporate IT leaders, third-party security partners such as Cyderes, and business teams to reduce cyber risk, protect information systems, operational technology, networks, endpoints, and data, and support reliable business and production operations. The role supports CMMC readiness and applicable regulatory or contractual requirements, including protection of Federal Contract Information and Controlled Unclassified Information where applicable, and is ideal for someone with broad IT and security experience who wants to grow into a senior internal security role over time.

What We Offer

  • Opportunity to strengthen cybersecurity practices in a hands-on facility environment
  • Collaboration with IT and business leaders on security and resiliency initiatives
  • Exposure to a broad range of infrastructure, endpoint, cloud, identity, and operational technology security needs
  • Continuing education benefits up to $5,250 annually toward coursework, certifications, and professional development related to the role
  • Ability to make a visible impact by improving security awareness, incident readiness, and risk reduction across the facility



The Ideal Candidate

  • Has strong technical judgment, sound risk awareness, and a practical approach to balancing security with business operations
  • Is proactive, detail-oriented, and comfortable investigating alerts, identifying root causes, and following issues through to resolution
  • Can communicate effectively with technical teams, facility stakeholders, corporate IT leaders, and security partners to provide context, align priorities, and drive response or remediation actions to completion
  • Understands CMMC compliance and can help translate compliance requirements into practical policies, procedures, technical controls, evidence collection, and day-to-day operating practices
  • Communicates clearly with technical and non-technical audiences and can explain security risks in business terms
  • Is comfortable working in a fast-paced facility environment where priorities may shift based on operational needs or emerging threats



Key Responsibilities

  • Support day-to-day security operations, including SIEM and EDR alert triage, log review, incident investigation support, documentation of findings, and coordination of corrective actions.
  • Serve as the facility focal point for SOC coordination by validating alerts, gathering local system or user context, coordinating containment and remediation, tracking response actions, and communicating status through closure.
  • Help administer identity and access management systems, including SSO, MFA, directory services, onboarding, transfers, offboarding, periodic access reviews, and cleanup of stale accounts or excessive entitlements.
  • Maintain and improve endpoint security across the fleet, including EDR health, patch management, configuration baselines, disk encryption, and security tool coverage.
  • Assist with network security tasks such as firewall rule reviews, VPN administration, segmentation support, misconfiguration monitoring, and coordination with IT or facility stakeholders.
  • Support vulnerability management by coordinating scanning, prioritizing findings, working with system owners on remediation, and tracking metrics and risk trends over time.
  • Contribute to compliance readiness by helping implement controls, collect evidence, maintain policies, complete customer security questionnaires, support audits, and track gaps, risks, and remediation activities.
  • Support vendor risk management by reviewing third-party security documentation, tracking risk acceptances, and maintaining related records.
  • Coordinate with corporate IT leaders and third-party security vendors, including Cyderes, on SOC workflows, remediation planning, vendor follow-up, reporting, and continuous improvement of security operations.
  • Prepare clear executive summaries, status updates, and remediation briefings for Hytek and corporate leaders, translating technical findings, risks, actions, owners, and timelines into business-focused language.
  • Lead or coordinate incident readiness exercises, including hard-down scenarios, backup and recovery practice activities, tabletop exercises, lessons learned, and follow-up remediation to improve operational resilience.
  • Build and deliver employee security awareness content, including phishing simulations, onboarding training, internal guidance, and practical support for suspicious emails, lost devices, or access questions.
  • Document processes, runbooks, standards, incidents, and corrective actions so the security program can scale as the company grows.



Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field, or equivalent combination of education and relevant experience.


  • 3 or more years of experience in information security, cybersecurity, IT operations, network security, systems administration, or a closely related field, with hands-on exposure to multiple security domains.
  • Working knowledge of common security tools and technologies, including SIEM, EDR, vulnerability scanners, firewalls, patching tools, identity providers such as Okta or Entra ID, directory services, MFA, and cloud platforms such as AWS, Azure, or GCP.
  • Solid fundamentals in networking, operating systems, authentication protocols, endpoint security, logging, and security monitoring.
  • Ability to investigate security alerts, follow defined SOC escalation, incident response, evidence preservation, and communication procedures, document findings, recommend corrective actions, and support incident response activities.
  • Ability to support CMMC readiness activities, including control implementation, evidence collection, gap tracking, risk documentation, remediation follow-up, and customer security questionnaire responses.
  • Working knowledge of NIST SP 800-171 security requirements and their relationship to CMMC compliance expectations for defense contractors and subcontractors; familiarity with additional compliance expectations such as ITAR, NIS2, Cyber Essentials, Cyber Essentials Plus, DCPP, ISO/IEC 27001, or customer-specific requirements is helpful.
  • Comfortable scripting in Python, PowerShell, Bash, or similar tools for automation, reporting, and ad hoc security or IT tasks.
  • Strong written and verbal communication skills, with the ability to explain security concepts, risks, remediation plans, and business impacts to technical, non-technical, and executive audiences.
  • Self-directed, detail-oriented, and comfortable working across teams in a fast-moving facility environment where priorities may shift based on operational needs or emerging threats.
  • Strong documentation skills and proficiency with Microsoft Office applications.
  • High degree of integrity with the ability to work with confidential company, customer, employee, and security information discreetly and appropriately.
  • Willingness to participate in an on-call rotation and be available after hours to support emergent security or operational needs.
  • Must be authorized to work in the U.S. An export license may be required to work in all areas of the facility for non-U.S. persons.
  • Must be able to pass a pre-employment drug screening.



Preferred Experience / Certifications

  • Industry certification such as CISSP, CISM, CISA, CRISC, CCNP Security, CCIE Security, CompTIA Security+, Network+, CySA+, SSCP, GSEC, or similar.
  • Experience supporting cybersecurity in a manufacturing, aerospace, industrial, or facility-based environment.
  • Experience implementing or maintaining CMMC, NIST SP 800-171, DFARS cybersecurity requirements, System Security Plans, Plans of Action and Milestones, or related audit evidence.
  • Experience supporting or leading audits, compliance assessments, or customer security reviews.
  • Experience working with or supporting a SOC, managed detection and response provider, or centralized incident response team.
  • Familiarity with SOC workflows such as alert triage, escalation handling, incident ticketing, containment coordination, remediation tracking, post-incident follow-up, and reporting metrics.
  • Familiarity with NIST Cybersecurity Framework, CIS Controls, incident response practices, risk assessments, security policy development, and offensive security concepts or tooling.


  • Experience with Microsoft 365 security tools, Active Directory or Entra ID, endpoint detection and response, SIEM/logging tools, vulnerability scanning platforms, cloud security posture management, and identity governance tools.
  • Knowledge of operational technology, industrial control systems, or segmented plant networks.



Essential Mental/Physical Demands

Ability to sit or stand in an office and facility environment for extended periods. Extensive use of hands for computer, keyboard, mobile device, and other office equipment. Ability to move throughout the facility to inspect equipment rooms, network closets, production areas, and workstations as needed. Ability to lift and carry up to 25 lbs. on an occasional basis. Occasionally exposed to moving mechanical parts, fumes, airborne particles, and moderate noise levels typical of a manufacturing or facility environment.

Application Process

Please apply at www.hytekfinishes.com/careers with an up-to-date resume and your current contact information. If you are a qualified candidate, we will set you up with a 30-minute phone call with a recruiter to learn more about your experience and to tell you more about the job, compensation, and benefits. The recruiter will reach out should we move forward with the next steps.

Hytek Finishes is an equal opportunity employer. It is Hytek's policy to make all employment decisions without regard to an individual's sex, gender (including pregnancy, childbirth, breast feeding, and related conditions), sexual orientation, gender identity, gender expression, race (including traits historically associated with race, including hair texture and protective hairstyles such as braids, locks and twists), creed, religion (including religious dress and grooming), color, national origin, ancestry (including association, affiliation, or participation with persons or activities related to national origin, English-proficiency or accent or immigration status), physical or mental disability, medical condition, genetic information, marital or domestic partner status, age, veteran or military status, and any other categories protected by applicable state, local, or federal law. M/F/Disability/Protected Vet

Department: IT-012993
This is a non-management position
This is a full time position

Applied = 0

(web-77cf7d65c7-4rhzf)