IT Systems Engineer in Cincinnati

Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.

We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.

Job DescriptionJob Description 
Position Title: IT Systems Engineer
Reports to: Director of Finance with line into Compliance
Direct reports: 1 (IT Specialist)
Location: Cincinnati, OH (Hybrid option after introductory period)

Luxfer Magtech specializes in developing, manufacturing, and supplying a broad range of products that safeguard and protect, from infrared countermeasure flares that protect pilots from incoming missiles and chemical response kits designed to help safeguard life in chemical warfare attacks, to nutritious food and beverage options for militaries and first responders.
Summary:
We’re hiring a Systems Engineer to lead and execute our NIST 800-171 and CMMC Level 2 compliance initiatives. This role bridges hands-on IT engineering, security control implementation, and program management. You’ll own the technical roadmap, stand up and harden the environment (e.g., GCC High/M365, Entra ID/Intune/Defender), implement and validate controls, maintain documentation (SSP, POA&M, policies), as well support day-to-day IT operations.

Key Responsibilities:
Compliance & Security Engineering (40%)

• Lead technical implementation of NIST 800-171 and CMMC L2 controls across endpoints, , network, and SaaS.
• Stand up and administer compliant enclaves (e.g., Microsoft 365 GCC High), including Entra ID/Conditional Access, MFA, RBAC/least privilege, Intune device compliance, BitLocker, Defender for Endpoint/Office/, and logging/retention.
• Engineer FIPS-validated encryption at rest/in transit; implement secure configuration baselines (CIS/NIST); enforce vulnerability management SLAs (scan, prioritize, remediate, verify).
• Build/maintain centralized logging and alerting (e.g., Microsoft Sentinel or equivalent SIEM), including detections for CUI handling and incident response playbooks.
• Implement secure backup & recovery (3-2-1, immutable/air-gapped copies, tested restores, RPO/RTO targets).

Program & Project Management (25%)

• Own the network compliance program plan with milestones, dependencies, and budget; drive cross-functional execution with IT, Security, Compliance, Operations, Legal and other key stakeholders.
• Maintain the SSP, POA&M, SPRS score, system boundary diagrams, data flows, and control evidence.
• Coordinate external partners (MSP/MSSP, auditors, assessors) and manage Statements of Work.
• Prepare for assessments (readiness reviews, objective evidence, control owner coaching).

Policy, Documentation & Governance (15%)

• Draft, update, and enforce policies/standards/SOPs (access control, media protection, incident response, change mgmt, asset mgmt, BYOD, data retention, secure development, etc.).
• Establish configuration management and change control processes with complete audit trails.
• Train users on CUI handling, phishing, secure collaboration, and incident reporting.

Core IT Operations (15%)

• Oversee lifecycle, privileged access management, SSO, and conditional access.
• Administer Windows endpoints/servers, patching, GPO/Intune baselines, application packaging, and certificate management.
• Support network security (VLANs, firewalls, VPN/Zero Trust, DNS security) and SaaS governance (DLP, eDiscovery, sensitivity labels, data classification).
• Manage corporate hardware assets including PCs, laptops, tablets (iOS/Android), Zebra/industrial handhelds, scanners, and production-floor business hardware.
• Oversee configuration, deployment, inventory accuracy, preventative maintenance, and support for cameras and security camera systems (direct oversight and contractor coordination).
• Maintain lifecycle and warranty management processes for all IT hardware (procurement, imaging, deployment, repairs, replacements, and decommissioning).

People Leadership (5%)

• Manage and coach one direct report; set goals, delegate work, review performance, and develop necessary skills aligned to the future network system roadmap.
• Establish runbooks, escalation paths, and coverage plans.
• Perform other duties as assigned to support the IT, security, and compliance mission of the organization.

Required Qualifications:

• 3–5+ years in systems engineering or security engineering within corporate IT, including hands-on M365/Entra ID/Intune administration.
• Demonstrated experience implementing NIST 800-171 or CMMC controls end-to-end (policy → tech control → evidence).
• Strong knowledge of DFARS 252.204-7012, incident reporting, CUI handling, and audit readiness.
• Proficiency with Windows client/server, Group Policy/Intune, Defender suite, SIEM (Sentinel ), vulnerability scanners (Defender TVM, Tenable, or Qualys), backup platforms, and PowerShell automation.
• Solid networking fundamentals: TCP/IP, DNS/DHCP, VLANs, VPN/Zero Trust, firewall rules, TLS/PKI.
• Hands-on experience supporting standard corporate endpoint hardware, including Windows PCs, laptops, and iOS/Android mobile devices, along with responsibility for routine hardware lifecycle processes (procurement, imaging, deployment, warranty coordination, and decommissioning).
• Proven project management ability (timelines, risks, budgets, vendors) and proficient documentation skills.

Qualifications:

• Experience with GCC-High tenant builds/migrations and FedRAMP services.
• Prior work in defense/regulated manufacturing (ITAR/EAR awareness).
• Certifications: Security+ or CySA+, Microsoft (SC-200/SC-300/MD-102/AZ-500), CISSP, CCSP, or PMP.
• Exposure to—or direct experience with—industrial tablets, Zebra handheld scanners, and other ruggedized production-floor devices commonly used in manufacturing environments.
• Exposure to EDR/XDR tuning, DLP/sensitivity labels, eDiscovery, and data classification.

Benefits:

• Medical, Vision, Dental *Start on the 1st day of the following month after being hired*
• 401k with Company match of up to 6%!
• 12 Company Paid Holidays
• Additional PTO
• Luxfer Group (NYSE: LXFR)

We are committed to a safe, drug-free work environment and pre-employment drug screening, physical and background checks are required prior to starting.

This position requires access to our export-controlled commodities, technical data, technology, and services. These items are restricted under the International Traffic in Arms Regulations (ITAR) to U.S. , Lawful Permanent of the U.S., and properly licensed foreign persons. Therefore, employment is contingent on compliance with ITAR regulations and successfully obtaining and maintaining the necessary export authorization license from the U.S. Department of Commerce’s Bureau of Industry and Security, U.S. Department of State’s Office of Defense Trade Controls, or other applicable government agency. Candidates must be authorized to work in the US.

Luxfer is an Equal Employment Opportunity (EEO) employer and does not discriminate on the basis of , , , , gender, , veteran status, political affiliation, , marital status, or (in compliance with the Americans with Disabilities Act) with respect to employment opportunities. Women, minorities, and veterans are encouraged to apply.​

Powered by JazzHR

cQ2b3XjVPq

If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.