EdgeConneX is seeking a Head of Cybersecurity to serve as the primary architect and defender of the company's digital and operational security landscape. This is a "player-coach" role — you will be hands-on with security engineering and incident response while building the strategy, team, and processes to mature EdgeConneX's security posture from a lean, reactive footprint into an enterprise-grade defense organization.

This role sits at the intersection of IT, OT, and software engineering — working side-by-side with the Senior Director of Cloud Services & Hybrid Infrastructure and the Chief Application Architect to ensure that cloud environments, application platforms, and industrial assets are secured end-to-end. You will own the technical execution of security across threat and vulnerability management, security operations, application and product security, infrastructure and network hardening, and identity and access management.

As EdgeConneX accelerates its AI initiatives, this role will also be responsible for defining the security frameworks and guardrails required to safely deploy AI/ML technologies across the organization.

This role offers significant growth potential as EdgeConneX's security function matures and scales. This position can be based remotely in the U.S., but is preferred to work with the co-located team in our Herndon, VA headquarters.

Responsibilities

Threat & Vulnerability Management

• Own the vulnerability management lifecycle — scanning, prioritization, remediation tracking, and reporting across cloud, on-premise, and OT environments.
• Serve as the final escalation point for technical security incidents and lead incident response efforts.
• Implement and manage a unified security monitoring platform to maximize signal and reduce noise for a lean security team.

Security Operations (SecOps)

• Manage and mature the security operations function, including EDR, SIEM, and threat detection capabilities.
• Establish and enforce security SLIs/SLOs for detection, response, and remediation timelines.
• Build repeatable playbooks for incident response, threat hunting, and forensic investigation.

Application & Product Security

• Partner with the Chief Application Architect and engineering teams to embed security into the software development lifecycle (Secure SDLC) for EdgeOS, Virtual Guard, CMMS, and emerging AI solutions.
• Conduct architectural security reviews of internal and customer-facing applications.
• Define application security standards, including SAST/DAST integration, dependency scanning, and secure coding practices.

Infrastructure & Network Hardening

• Secure EdgeConneX's hybrid environment (AWS, Azure, GCP, and on-premise) in close collaboration with the Director of Cloud Services & Hybrid Infrastructure.
• Harden industrial infrastructure (OT/ICS) and ensure segmentation and monitoring across IT/OT boundaries.
• Architect and advance zero-trust network principles across the enterprise.

Identity & Access Management (IAM)

• Own the IAM strategy — including privileged access management, SSO, MFA, and role-based access controls across cloud and on-premise systems.
• Ensure IAM policies scale appropriately as EdgeConneX expands its multi-cloud footprint and AI infrastructure.

AI Security

• Define security frameworks and governance for AI/ML deployments, including model integrity, data pipeline security, and prompt injection mitigation.
• Partner with application and infrastructure teams to evaluate the security posture of AI platforms, APIs, and third-party AI services.
• Stay current on emerging AI threat vectors and integrate AI-specific controls into the broader security program.

Compliance Partnership

• Act as the technical counterpart to the Risk & Compliance function — translating policy and compliance requirements (SOC 2, ISO 27001) into implementable technical controls.
• Support audit readiness by ensuring security tooling, configurations, and evidence collection meet compliance standards.

Leadership & Budget

• Build and scale the cybersecurity team as the function matures — hiring, mentoring, and developing security engineers and analysts.
• Develop business cases for security tooling and headcount, initially operating within the IT budget with a path toward an autonomous security budget.
• Report security posture, risk metrics, and program maturity to the CIO and senior leadership.

Required Qualifications

• 10+ years in cybersecurity or information security, with at least 5+ years in a leadership or senior technical role.
• Demonstrated hands-on technical depth — ability to perform architectural reviews, lead incident response, configure security tooling, and harden infrastructure.
• Proven experience securing hybrid environments spanning cloud (AWS, Azure, GCP), on-premise, and industrial/OT infrastructure.
• Strong expertise in threat and vulnerability management, security operations, and incident response.
• Deep understanding of zero-trust architecture principles and implementation.
• Experience embedding security into software development lifecycles (Secure SDLC, DevSecOps).
• Working knowledge of IAM strategies including privileged access management, SSO, and MFA at enterprise scale.
• Ability to translate compliance frameworks (SOC 2, ISO 27001) into technical controls and audit-ready configurations.
• Strong communication skills — able to partner effectively with engineering, infrastructure, and executive stakeholders.
• Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.

Preferred Qualifications

• Experience in data center, critical facilities, or industrial/OT technology environments — or demonstrated ability to rapidly learn and adapt to OT/ICS security domains as the landscape evolves.
• Industry certifications: CISSP, CISM, or SANS certifications (GICSP for industrial focus is a significant plus).
• Experience defining security frameworks for AI/ML deployments, including model security, data pipeline protection, and LLM-specific threat vectors.
• Familiarity with securing Kubernetes, containerized workloads, and cloud-native architectures.
• Track record of building a security function from the ground up — scaling team, tooling, and budget.
• Experience working in organizations where security partners closely with a separate GRC function.
• Experience with Agile/DevOps practices at scale.