Chief Information Security Officer (CISO)

Company Description

ProDex Labs is building the AI-native operating system for American manufacturing. Our platform pairs a live discrete-event simulation engine with Dexter, our operations agent — so factory planners can model their operation, generate schedules, and test what-if scenarios in seconds instead of weeks. We're a small, well-funded seed-stage team headquartered in NYC, deployed at defense primes (L3Harris, HighCom Armor) and commercial leaders (Alimentos Prosalud, Time Manufacturing), with multiple government and commercial engagements in flight. SOC 2 Type 1, deployed in ITAR-controlled facilities, Tradewinds Awardable.

Backed by Palantir Startup Fellowship, Valor Equity Partners (Antonio Gracias), The General Partnership, Sunflower Capital, and Parallel VC.

Role Description

Our security posture is what lets Dexter run inside L3Harris and HighCom Armor today — and our FedRAMP roadmap is what will let us run inside every defense prime after them. The person who owns this is one of the most consequential hires we'll make this year. There is no security org at ProDex yet. You build it.

We're hiring our first CISO. You'll own the full security posture of the company — internal infrastructure, customer-facing trust, the SOC 2 Type 2 → CMMC L2 → FedRAMP Moderate → IL4 → IL5 roadmap, the ITAR program, and the security conversations that get us through the door at every defense prime in the country. You'll write detections, sit on-call, walk a 3PAO through our SSP yourself, and personally answer the hard questions in a customer's security questionnaire. This is a builder seat, not an auditor seat.

We deploy inside ITAR-controlled facilities. Our customers' auditors will sit across from you. The bar is real, and the work is real.

What You'll Own

The compliance roadmap, with concrete dates: SOC 2 Type 2 in 2026, CMMC Level 2 in 2027, FedRAMP Moderate ATO by 2028, IL4 and IL5 after that — and the SSPs, POA\&Ms, and 3PAO relationships behind each one The ITAR program and the working relationship with our FSO, including US-person enforcement, TAA-controlled environments, and the readiness work for facility clearance

Internal security: IAM, endpoint, SIEM, secrets management, vendor risk — at our stage, you are personally configuring Okta, Wiz, and CrowdStrike, not buying them through a team

The customer trust surface: security questionnaires, prime/sub assessment cycles (DD-254s, supplier flowdowns), trust portal, and the audit calls themselves Insider threat and counterintelligence posture — table stakes when we sit inside defense-prime facilities

The security architecture for hybrid, on-prem, and air-gapped deployments — including how Dexter is allowed to operate in classified-adjacent environments Eventually: hiring and leading a small security team as we scale through Seed, Series A, and B

You Probably Look Like

You've taken at least one of SOC 2 Type 2, CMMC, FedRAMP Moderate, or FedRAMP High across the finish line at a startup — not at a Fortune 500, where you had a team of 40 doing the work for you You're a practitioner first. You read detections. You've written incident reports yourself.

• You can hold your own in a deep technical conversation with the engineering team
• You've sold security to a defense customer before — either as the CISO presenting to a prime, or as the lead on a customer audit cycle that closed a deal
• Background at a serious defense-tech or gov-tech company (Anduril, Shield AI, Palantir, Scale Federal, Rebellion, SpaceX, a defense prime, a federal SI), or as a tactical IR/detection engineer who moved into leadership
• Comfort with the speed of a sub-15 team — the kind of person who treats a customer escalation as something to fix today, not refer to a Jira board

• Bonus: active or recent TS/SCI clearance; DoD CIO/CISO experience; FSO certification; prior work on AI/model-security or weapons-system security.

About This Seat

This is our first CISO. You will report directly to the CEO and sit on the leadership team. The scope above is what you'll own from day one — there is no precedent to inherit, no team to manage initially, and no buffer between you and the customer. The upside is that everything you build is yours. The trade-off is that the work is real and the timelines are external.

If your last role was approving slide decks or signing off on someone else's work, this is not the role for you.

Logistics

• NYC, in-office (5 days)
• $200K – $300K \+ meaningful equity, commensurate with experience
• U.S. citizenship required — clearance-eligible candidates strongly preferred; current TS/SCI is a major plus
• We sponsor and pursue facility clearance as needed

Our Process

We build fast, we ship fast, and we hire fast — if we identify a strong fit early you could potentially have an offer in-hand the same week.

• You'll meet with our CEO for an initial call
• From there a working session with the CTO and COO together — security at our stage touches all three
• A deep technical conversation with one of our engineers and a walkthrough of our current posture, including the gaps
• A short take-home or a working session on a real compliance or customer-audit scenario
• Offer-stage

This is one of the most consequential hires we'll make this year. If you've built a security program from zero at a company that sells to the US government — and you'd rather do it again than manage one that already exists — we'd like to talk.