Director of Cyber Security

Job Summary

We are seeking a highly technical, data-driven Director of Cyber Security to serve as the right-hand implementor to our CISO. This is a strategic, hands-on role focused on building our Security Operations Center (SOC) from the ground up as an automated audit and observability engine for the entire organization. Your primary mission is to partner with IT, Operations, and Engineering to define the "what" and "why" of our security requirements, particularly for our critical data center infrastructure (OT/BMS, multi-tenant networks). You will then design and build the systems to continuously audit these requirements, transforming metrics from all assets into clear, actionable reports. These reports will be a key tool to show all departments where they are falling short, help them prioritize mitigation, and provide high-level visibility to leadership and the board to act as a forcing function for resource allocation and risk acceptance.

Responsibilities

1. SOC & Security Observability (The "Audit Engine")

• Lead the architecture, build-out, and management of our modern, data-centric Security Operations Center (SOC).
• Develop and manage a security data pipeline
  , performing ETL (Extract, Transform, Load) operations to aggregate metrics from disparate sources (e.g., Cloudflare, Fortinet firewalls, network switches, BMS/OT sensors) into a clean, unified view for analysis.
• Leverage industry-standard tooling (such as Prometheus, Grafana, and other common ETL tools)
  to collect, store, and visualize time-series security data, feeding it into the central SOC platform.
• Integrate security metrics from CI/CD pipelines and web application protection systems (e.g., WAF, DDoS mitigation) into the central SOC platform for continuous monitoring and analysis.
• Integrate performance and uptime metrics from critical web applications into the central SOC platform for continuous monitoring and analysis, identifying and mitigating potential reliability issues.
• Implement and mature our incident response (IR) and vulnerability management programs, using the SOC's data to prioritize real-world risks.

2. Automated Governance & Requirements Definition

• Partner with IT and Operations
  to define and codify security requirements for all critical infrastructure, including:
• Operational Technology (OT):
  Building Management Systems (BMS), HVAC, power, and cooling controls.
• Corporate & Cloud IT:
  Endpoints, servers, and cloud environments.
• Act as a subject matter expert by recommending specific, hardened configurations for key tools, including firewall rule-sets, Cloudflare Security Center settings, and Google Cloud (or other) security best practices.
• Use the SOC's observability platform to
  create automated, continuous audits
  that measure compliance against these defined requirements.
• Support the CISO in all GRC related activities (
  ISO 27001
  and
  SOC 2)
  by providing evidence, operational feedback, and using the compliance frameworks as a data source to measure control maturity.

3. Data-Driven Reporting & Risk Mitigation

• Serve as the CISO's key operational partner
  in executing the organization's security roadmap, with a focus on rolling out the
  CIS Controls
  framework.
• Generate and present clear, high-level reports
  for executive leadership and the Board of Directors.
• These reports will clearly identify systemic risks, departmental gaps in compliance, and resource/prioritization needs, serving as a forcing function to drive mitigation.
• Work collaboratively with department heads to help them understand their specific shortfalls and build plans for remediation.

4. Leadership & Collaboration

• Build productive bridges with Operations and Engineering
  , acting as a solutions-driven partner, not a blocker
• Lead, mentor, and grow a high-performing team of security analysts and engineers
• Translate high-level security goals into actionable project plans, timelines, and data-driven KPIs

Qualifications

Required:

• Experience: 5+ years in a senior cyber security role
• SOC/Observability: Demonstrable, hands-on experience building and/or managing a modern Security Operations Center (SOC) and security stack (SIEM, SOAR, EDR, etc.).
• Data Expertise: Proven experience in building data pipelines and performing ETL operations to collect, transform, and normalize security metrics.
• Tooling Familiarity: Hands-on experience with common observability and data pipeline tools such as Grafana, Prometheus, Logstash, or similar technologies.
• Leadership: Proven ability to be an "implementor" and a "doer"—not just a strategist.
• Collaboration: Exceptional communication skills, with the ability to influence and build consensus with both technical (Ops/Eng) and non-technical stakeholders.

Preferred (Highly Desired):

• Knowledge of web application security, including WAF and DDoS protection.
• Hands-on experience with the SOCFortress stack or similar open-source security platforms.
• Knowledge of industry standard security frameworks, particularly the CIS Controls and NIST Cybersecurity Framework (CSF).
• Familiarity with open-source GRC or security management tools like CISO Assistant.
• Technical background in network engineering, cloud security, or systems administration.
• Strong understanding of data center operations and the security principles (e.g., network segmentation, isolation of BMS/BAS devices).
• Experience with CI/CD security best practices and tools
• Firm grasp of multi-tenant security architecture, including logical isolation (e.g. virtualization, network segmentation, zero trust) and physical access controls.
• Relevant professional certifications (e.g., CISSP, CISM).

Physical Requirements:

There are no physical requirements per say at the same time this role does require cognitive stamina including:

• Must be able to work in a high-stakes, fast-paced environment and make critical decisions under pressure
• Demonstrated ability to lead and maintain focus during extended incident response scenarios
• This role requires high levels of mental acuity and resilience to manage concurrent, complex security challenges

About Us

Patmos Hosting, Inc. delivers Freedom as a ServiceTM, providing organizations with an independent alternative to Big Tech's commercial constraints, censorship, cancellation and deplatforming. Patmos owns and operates datacenter infrastructure with decentralized connectivity, open peering, and free Internet Exchange hosting, ensuring resilience and true independence. Its services span multi-megawatt colocation for AI and hyperscale workloads, GPU/high-performance compute, custom data centers, domains, web and cloud hosting, colocation and tailored website and application development.

Founded in 2022, Patmos is headquartered in Kansas City, MO, with teams and datacenters/locations in Kansas City, Dallas, Phoenix, Denver.

Why Join Us

Be part of a mission-driven company defending free speech and internet freedom.

At Patmos, you'll help protect online expression while ensuring legal compliance. Our team is shaping the future of digital freedom by building secure, high-performance internet infrastructure. We value privacy, innovation, and individual liberty—creating a purpose-driven, collaborative environment where your work matters.

Benefits include:

• Unlimited PTO
• 401(k) match (4%)
• Health, dental, & vision insurance
• Short and long term disability
• Life insurance (company paid and supplemental available)
• Generous parental leave, baby bonuses, marital bonuses, and other family-friendly perks
• 14 observed paid holidays that include solemnities

Patmos is an equal opportunity employer and proud member of the Catholic Benefits Association offering employee benefits that promote the dignity of the human person, the dignity of work, and the common good.