Information Systems Security Officer jobs at ASRC Federal

MANTECH seeks a motivated, career and customer-oriented Senior Information System Security Officer (ISSO) to join our team in Huntsville, Alabama. Responsibilities include, but are not limited to: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS and that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Provide liaison support between the system owner and other IS security personnel Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis; Conduct required IS vulnerability scans according to risk assessment parameters Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs). Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for FBI ISs to maintain security Authorized to Operate (ATO); Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR; Working knowledge of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and ATO processes Minimum Qualifications: Must meet one of the following levels of experience: A high school diploma/GED and 7 years' experience, a bachelor's degree in computer science cybersecurity or a related discipline and five years' experience, or a master's degree in computer science cybersecurity or a related discipline and 3 years' experience. Hold at least one of the following Information Assurance Management (IAM) Level III certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or equivalent certifications Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar applications Preferred Qualifications: A bachelor's or advanced degree in Computer Science, Cybersecurity, or other cyber discipline Clearance Requirements: Must have a current/active Top Secret security clearance with eligibility to obtain SCI prior to starting this position. Selected candidate must be willing to undergo a Polygraph. Physical Requirements: Must be able to remain in a stationary position 50% Needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer Often positions self to maintain computers in the lab, including under the desks and in the server closet Frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

MANTECH seeks a motivated, career and customer-oriented Cyber Security Engineer Lead to join our team in Springfield, VA. The Cyber Security Engineer Lead is responsible for the detection, identification, analysis, and reporting of cyber threats, intrusions, anomalous activities, and potential misuse of systems. This role supports the protection of customer's digital assets and sensitive data through the administration, monitoring, and continuous improvement of cybersecurity technologies and processes. Responsibilities include but are not limited to: Threat Detection & Response: Identify, assess, and report potential cyber-attacks, intrusions, and abnormal system behaviors. Participate actively in incident response and recovery activities. Technology Administration: Administer and maintain systems supporting Identity Management, Privileged User Access, Access Control (firewall), End Point Protection, Internet Protection, Vulnerability Scanning, and Security Information and Event Management (SIEM) tools. Mitigation & Remediation: Develop and implement enterprise-level mitigation strategies to address complex vulnerabilities. Operational Support: Ensure proper installation, testing, patching, upgrading, and performance of cybersecurity tools and applications. Maintain system resiliency and availability across all managed technologies. Policy Enforcement & Compliance: Enforce cybersecurity policies, standards, and best practices in alignment with ManTech's security framework and regulatory requirements. Leadership & Collaboration: Lead or participate in cross-functional projects and initiatives. Provide technical mentorship and subject matter expertise to junior team members.; Continuous Improvement: Interpret internal and external cybersecurity trends and business challenges; recommend and implement innovative solutions to strengthen the enterprise security posture. Monitor intrusion detection and prevention systems and other security event data sources; determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. Minimum Qualifications: Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or a related Cyber Security field. Certified Information Systems Security Professional (CISSP) certification (required within 6 months of assignment to the position, otherwise failure to obtain certification within 6 months of assignment to the position may result in removal). 8+ years of relevant cybersecurity experience, including hands-on technical administration and operational security support. Strong analytical and problem-solving abilities Deep knowledge of cybersecurity frameworks, principles, and technologies Proficiency in SIEM, endpoint protection, and identity management tool Must be able to travel up to 25% Preferred Qualifications: Have a good understanding of DISA compliance directives and recommend having knowledge of the JSIG. Ability to lead small teams or projects Excellent communication and influence skills; Strong judgment in identifying and mitigating security risks Correlate data from intrusion detection and prevention systems with data from other sources Clearance Requirements: Must have current/active TS/SCI with the ability to obtain and maintain a Yankee White security clearance Physical Requirements: Must be able to remain in a stationary position 50% The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer. The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

Job Title: Lead SAP Security Consultant Duration: 12 Months plus only on w2 We are looking for a Senior/Lead SAP Security Consultant with strong experience in SAP authorization design, GRC tools, and IAM/SSO integration. The ideal candidate will act as a security architect, lead team members, and support SAP transformation initiatives. Key Responsibilities Lead SAP Security architecture and role design across SAP landscapes. Integrate SAP Security with IAM and SSO platforms for secure access. Manage and mentor the SAP Security team; coordinate with SAP, IT Security, Infrastructure, and external vendors. Build and manage roles using PFCG, and oversee SAP user administration. Work with SAP GRC tools including Firefighter, Access Enforcer, Compliance Calibrator. Required Skills 10+ years of SAP Security experience. Deep expertise in: SAP Authorization & Role Design SAP GRC (Access Control, Firefighter, Access Enforcer) PFCG & user administration IAM & SSO integration Strong leadership and communication skills.

Job Title: Lead SAP Security Consultant Duration: 12 Months plus only on w2 We are looking for a Senior/Lead SAP Security Consultant with strong experience in SAP authorization design, GRC tools, and IAM/SSO integration. The ideal candidate will act as a security architect, lead team members, and support SAP transformation initiatives. Key Responsibilities Lead SAP Security architecture and role design across SAP landscapes. Integrate SAP Security with IAM and SSO platforms for secure access. Manage and mentor the SAP Security team; coordinate with SAP, IT Security, Infrastructure, and external vendors. Build and manage roles using PFCG, and oversee SAP user administration. Work with SAP GRC tools including Firefighter, Access Enforcer, Compliance Calibrator. Required Skills 10+ years of SAP Security experience. Deep expertise in: SAP Authorization & Role Design SAP GRC (Access Control, Firefighter, Access Enforcer) PFCG & user administration IAM & SSO integration Strong leadership and communication skills.

Job Title: Lead SAP Security Consultant Duration: 12 Months plus only on w2 We are looking for a Senior/Lead SAP Security Consultant with strong experience in SAP authorization design, GRC tools, and IAM/SSO integration. The ideal candidate will act as a security architect, lead team members, and support SAP transformation initiatives. Key Responsibilities Lead SAP Security architecture and role design across SAP landscapes. Integrate SAP Security with IAM and SSO platforms for secure access. Manage and mentor the SAP Security team; coordinate with SAP, IT Security, Infrastructure, and external vendors. Build and manage roles using PFCG, and oversee SAP user administration. Work with SAP GRC tools including Firefighter, Access Enforcer, Compliance Calibrator. Required Skills 10+ years of SAP Security experience. Deep expertise in: SAP Authorization & Role Design SAP GRC (Access Control, Firefighter, Access Enforcer) PFCG & user administration IAM & SSO integration Strong leadership and communication skills.

Job Title: Lead SAP Security Consultant Duration: 12 Months plus only on w2 We are looking for a Senior/Lead SAP Security Consultant with strong experience in SAP authorization design, GRC tools, and IAM/SSO integration. The ideal candidate will act as a security architect, lead team members, and support SAP transformation initiatives. Key Responsibilities Lead SAP Security architecture and role design across SAP landscapes. Integrate SAP Security with IAM and SSO platforms for secure access. Manage and mentor the SAP Security team; coordinate with SAP, IT Security, Infrastructure, and external vendors. Build and manage roles using PFCG, and oversee SAP user administration. Work with SAP GRC tools including Firefighter, Access Enforcer, Compliance Calibrator. Required Skills 10+ years of SAP Security experience. Deep expertise in: SAP Authorization & Role Design SAP GRC (Access Control, Firefighter, Access Enforcer) PFCG & user administration IAM & SSO integration Strong leadership and communication skills.

Job Title: Lead SAP Security Consultant Duration: 12 Months plus only on w2 We are looking for a Senior/Lead SAP Security Consultant with strong experience in SAP authorization design, GRC tools, and IAM/SSO integration. The ideal candidate will act as a security architect, lead team members, and support SAP transformation initiatives. Key Responsibilities Lead SAP Security architecture and role design across SAP landscapes. Integrate SAP Security with IAM and SSO platforms for secure access. Manage and mentor the SAP Security team; coordinate with SAP, IT Security, Infrastructure, and external vendors. Build and manage roles using PFCG, and oversee SAP user administration. Work with SAP GRC tools including Firefighter, Access Enforcer, Compliance Calibrator. Required Skills 10+ years of SAP Security experience. Deep expertise in: SAP Authorization & Role Design SAP GRC (Access Control, Firefighter, Access Enforcer) PFCG & user administration IAM & SSO integration Strong leadership and communication skills.

Immediate need for a talented Senior IT Quality Assurance Analyst . This is a 06+ Months contract opportunity with long-term potential and is located in Columbus, OH (Remote). Please review the job description below and contact me ASAP if you are interested. Job Diva ID: 25-94603 Pay Range: $60-$62 /hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Establishes readiness, specifies skill needs, analyzes risk, provides estimates and plans work for testing efforts. Participates in requirements reviews, design reviews, systems analysis and testing review discussions. Determines scope and focus of testing effort and creates Test Strategy and risk analysis to guide testing efforts. Prepares test tools, automation and environment assets to support testing effort. Creates, uses and maintains automated scripts to increase efficiencies in testing, including troubleshooting problems with scripts. Tests systems or system components utilizing black box testing methods. Validates the function of system under test and observes results from various external and internal interfaces. Gathers test activity information during execution and prepares summarized information about the testing effort. Communicates regularly with project members and advocates for resolution of high priority problems with Project Sponsors, Service Manager and Project Manager. Maintains assigned test assets and recognizes gaps in current test assets, identifying ways to create needed assets. Creates effective ways to display data using various modeling, reporting, statistical perspectives and trending methods. Performs in-depth analysis by weighing relevance and accuracy of information to provide alternative solutions while appropriately incorporating input from others. Provide on the job support to others on a variety of testing topics. Provides guidance on complex issues to others as needed Collaboration & Communication: Works effectively with cross-functional teams (security, architecture, infrastructure) Can explain technical findings and recommendations to non-technical stakeholders Curiosity-driven problem solving Thrives on figuring things out without a full map Resilience in ambiguity Comfortable making progress with partial information Bias toward action Identifies and executes remediation steps without waiting for perfect clarity Key Requirements and Technology Experience: Skills; SQL Server Always Encrypted (AE), OWASP Top 10, Data-at-rest and data-in-transit encryption SQL AE experience Comfortable working with SQL Server Always Encrypted (AE) Schema analysis and remediation for encryption compatibility Experience designing security-focused test cases Ability to validate encryption implementation and data protection mechanisms Familiarity with automated testing frameworks that support security validation Application Security Expertise Deep understanding of OWASP Top 10 and secure coding practices Experience with threat modeling and vulnerability remediation Encryption Implementation Hands-on experience with data-at-rest and data-in-transit encryption Familiarity with key management and integration with enterprise security tools Data-Driven Inquiry: Demonstrates ability to analyze data and formulate meaningful questions Brings insights and hypotheses back to the team to guide investigation and decision-making Leads with curiosity to uncover root causes and improvement opportunities Our client is a leading Insurance Industry , and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. By applying to our jobs, you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

JT4 Point Mugu is seeking an Information Systems Security Specialist. This role is responsible for assessing, developing and implementing programs and controls set in place to help increase cybersecurity within our company. The Information Systems Security Specialist will be detail-oriented, have great problem-solving and analytical skills, and a passion for cybersecurity. JT4, LLC provides engineering and technical support to multiple western test ranges for the U.S. Air Force, Space Force, and Navy under the Joint Range Technical Services Contract, better known as J-Tech II. JT4 develops and maintains realistic, integrated test and training environments and prepares our nation's war-fighting aircraft, weapons systems, and aircrews for today's missions and tomorrow's global challenges. **An ideal candidate will have an active DoD secret clearance** **This position is located at Point Mugu and is not eligible for telework** Job Summary -- Essential Functions/Duties This position is the on-site technical specialist for monitoring information systems and maintaining the environment of operation to include developing and updating System Security Plans, managing and controlling changes to the systems, conducting audits, providing incident response, perpetration for vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Employee will be responsible to perform the following functions/duties: Provides incident handling in conjunction with the Facility Security Office (FSO) and Information Security Officer / Information Systems Security Manager (ISSO/ISSM) Assists in writing and maintaining computer security processes to meet Navy requirements of Risk Management Framework Monitors computer system use and audits logs Makes recommendations for future hardware / software implementations and related process improvements This position requires skills in team building and customer service Provides operational status as required Uses established policies and procedures and subject matter knowledge to complete complex assignments requiring originality and ingenuity performed under minimum supervision with considerable latitude for independent contribution Provides security training and awareness briefings Other duties as assigned. Requirements -- Education, Technical, and Work Experience Associates or higher degree in Computer/Information Technology, or equivalent academic/technical training/certification. Possess two to three years of experience in computer system security and/or related areas of expertise. Must be compliant to DoD 8570.01-M levels and possess or working toward Security+ certification with a CISSP desired. Should have experience with JSIG, NIST 800 and NISPOM, Chapter 8. In addition, an Information Systems Security Specialist must possess the following qualifications: Must possess and apply a broad knowledge of principles, practices and procedures in computer security and information systems and working experience with Microsoft Office, Access, and Visio Must possess experience supporting various system configurations such as Stand Alone, Local Area Networks, and Wide Area Networks Must possess excellent skills in verbal and written communications, planning, and organizing Ability to work under deadlines. Employee is expected to routinely cross fields in the completion of somewhat difficult and varied assignments. Government vehicle is used on an as-needed basis Ability to work in a field environment at remote locations with occasional overnight assignments Must qualify for and maintain a government security clearance Must possess a valid, state-issued driver's license.

A financial firm is looking for a Chief Information Security Officer (CISO) to join their team in New York, NY. Compensation: $150-200K Responsibilities: Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements Draft, maintain, and periodically review security-related policies and procedures Establish and chair/co-chair an Information Security / Cyber Risk Committee and contribute to Board-level reporting on cyber risk Develop and maintain the firm's information security governance framework Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties Act as primary security point of contact for external auditors, assessment firms, and key institutional partners Ensure security program alignment with SEC Regulation S-P, Reg S-ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500 Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective Provide security oversight for cloud (AWS) and on-prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs Define and oversee Security Operations Center (SOC) / XDR usage, log management, SIEM, threat detection, and incident handling Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls Partner with business and product teams to ensure client data privacy and secure data flows, including with third-party vendors and partners Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring Evaluate and manage key security vendors Build and lead a small but high-impact security team, scaling capabilities over time Promote a security-first culture through training, awareness programs, and regular communication with staff at all levels Qualifications: Required Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience 7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent) Hands-on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider Strong background in financial services or capital markets (broker-dealer, clearing firm, trading platform, or similar) Understanding of Information security frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001) Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500) Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS) Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs Strong track record of cross-functional leadership, communicating complex security and risk topics to non-technical executives and boards Preferred Experience as CISO, Deputy CISO, or security leader at a broker-dealer, clearing firm, exchange/ATS, or large fintech Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar Experience with AWS security services Familiarity with DevSecOps practices and secure CI/CD pipelines Experience managing data localization and cross-border data separation initiatives

Immediate need for a talented Information Security Analyst - Lead . This is a 09+ months contract opportunity with long-term potential and is located in Atlanta,GA(Hybrid). Please review the job description below and contact me ASAP if you are interested. Job ID:25-93807 Pay Range: $68 - $68.61/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Act as a liaison between cybersecurity metric owners, data engineers, and governance teams to ensure accurate and timely metric development. Facilitate metric working sessions to define metric name, definition, calculation, system of record, and critical data elements (CDEs). Support the documentation and validation of metric logic and data lineage. Coordinate and lead standing meetings to provide updates, manage timelines, and escalate blockers or data challenges. Review and validate data quality and completeness of metric inputs in coordination with data engineers. Support the development of root cause commentary and trend analysis for metrics that breach established thresholds. Partner with control and process owners to align metrics with applicable frameworks (e.g., NIST CSF, CIS, FFIEC). Prepare clear, concise executive-level summaries and presentations on metric performance and risk trends. Maintain oversight of multiple metrics in different stages of the build lifecycle, ensuring governance and consistency. Contribute to continuous improvement of the metrics program, including standardization, automation, and data quality enhancements. Key Requirements and Technology Experience: Key Skills;Metrics governance/Risk Metrics/Performance Metrics . Bachelor's degree or five years of related experience or an equivalent combination of education and experience In-depth knowledge of principles, practices, theories, and/or methodologies associated with the professional discipline (e.g., information technology, project management, finance, risk management, etc.) Understands foundational concepts of other related professional disciplines. Experience managing small projects Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders. Ability to provide direction and mentor less experienced teammates Strong organizational skills with the ability to manage multiple priorities simultaneously. Excellent written and verbal communication skills, including experience drafting executive summaries. Proficiency in Microsoft Excel, PowerPoint, and collaboration tools (e.g., Teams, SharePoint). 5-7 years of experience in cybersecurity, risk management, technology project coordination, or data analytics. Familiarity with cybersecurity domains (e.g., vulnerability management, DLP, IAM, cloud security, incident management). Working knowledge of risk and performance metric design, including KRIs, KPIs, and operational indicators. Experience gathering and documenting business requirements and translating them into actionable data or metric logic. Basic understanding of SQL or ability to read data dictionaries and data mappings. Exposure to cyber control frameworks such as NIST CSF, ISO 27001, or CIS. Exposure to Agile or iterative project delivery methods. Cybersecurity/Risk management Vulnerability management Stakeholder engagement . Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

Role: Cybersecurity Manager Duration: 6+ months Summary: The Cybersecurity Manager leads global cybersecurity operations, incident response, cloud security, and vulnerability management across IT, OT, and cloud environments. This role drives security maturity, manages SOC functions, and ensures compliance with frameworks like ISO 27001, NIST, and ITAR. Key Responsibilities:Lead cybersecurity operations, including SOC oversight, threat detection, and endpoint security. Manage incident response for ransomware, APT, insider threats, and major security events. Oversee vulnerability and patch management programs (Tenable, Automox, CrowdStrike). Strengthen cloud and identity security across Azure, Entra ID, and Microsoft 365. Implement Zero Trust architecture and secure configuration standards. Support compliance efforts (ISO 27001, NIST CSF/800-53/171, ITAR, GDPR, HIPAA, PCI). Lead global cybersecurity teams, contractors, and MSSP partners. Provide executive-level reporting on risk posture, incidents, and security metrics. Requirements:10+ years of cybersecurity experience with leadership responsibilities. Strong background in SOC operations, IR, EDR, SIEM/SOAR, and cloud security. Hands-on experience with Sentinel, XSOAR, CrowdStrike, Defender, Tenable. Knowledge of ISO 27001, NIST, ITAR, and broader regulatory frameworks. Strong communication, team leadership, and cross-functional collaboration skills.

The Deputy, Global Information Security Officer is responsible for leading the security strategy roadmap, consulting with security solution partners and defining company security policies and standards. Will have oversight of global security operations, incident response and both US and international Aerospace and Defence (A&D) security and compliance. The right candidate will have the required presence, confidence, and knowhow to quickly gain trust, credibility, and respect. They will have a proven record of taking a fact-based approach to the assessment of the current state of operations and the implementation of pragmatic solutions to address business needs. They will extract maximum value from existing technology investments while leveraging industry trends to introduce new and relevant technologies to deliver the necessary protection to the enterprise. Detailed Description: Performs tasks such as, but not limited to, the following: Drive the overall security strategy for Celestica, aligning security initiatives with business objectives, influencing stakeholders, and securing buy-in for security investments. Act as a champion for security across the organization, fostering a security-conscious culture and promoting best practices. Provide leadership to the information security organization. Take ownership of the incident response program, including developing and testing incident response plans, coordinating response activities, and conducting post-incident reviews to improve future response capabilities. Leverage data analytics to inform security strategy, identify threats, and measure the effectiveness of security controls. This includes promoting a data-driven security culture within the team. Drive improvements and efficiencies within the security operating model including identifying areas for optimization, streamlining processes, and championing change. Drive the development and implementation of security standards and policies. This includes ensuring compliance with relevant regulations and industry frameworks, and staying abreast of emerging security threats and best practices. Actively scans laws, guidelines, and regulations in all the countries that we operate to ensure that any major exposure on data privacy is addressed or mitigated. Establish, implement and monitor strategic processes to maintain and improve IT solutions, infrastructure and support services. Coordinate with external authorities to assure monitoring posture is at a high level of attentiveness. Accountable for monitoring suspicious network and endpoint activities, and taking corrective actions, as required. Responsible for managing security partners and other third-party security relationships. Appraise CIO/CISO of cybersecurity trends and threats. Responsible for developing and testing threat identification, containment, and recovery plans. Accountability for cybersecurity awareness, training, and internal phishing campaigns. Key liaison and collaboration with physical security. Collaborate on pre-acquisition requirements with stakeholders assuring that security standards are met prior to acquisition. Facilitate the necessary efforts and resources to ensure that duration of exposure to cyber events is addressed rapidly Participate on company world-wide teams to share information, help implement global initiatives, leverage IT resources and investments, and develop future state of company architecture. Build, manage, and mentor a high-performing security team. This includes setting clear goals, providing development opportunities, and fostering a collaborative and innovative work environment. Responsible for maturing the Information Security function and driving discipline on execution of all security initiatives to ensure they are delivered on-time, on-budget, and with quality. Knowledge/Skills/Competencies: Advanced knowledge of project management and Full Project Scope Experience Experience in partnering with the business in promoting cybersecurity initiatives Demonstrated experience implementing Security strategies and solution designs Advanced understanding of virtualized cloud computing environments Performing full security compliance and risk assessments Advanced knowledge of Information Security Penetration Testing, IT Vulnerability Assessments Mastery level of understanding in IT Risk Management and IT Governance/Audit Procedures Advanced understanding of Cybersecurity incident Response Management and advanced experience in incident response activities Advanced understanding of IT Security Architecture Advanced knowledge of Security Standards, Regulations, and Best Practices Extensive knowledge of IT design and deployment, and operations process Knowledge and understanding of the business unit and how decisions impact customer satisfaction, product quality, on-time delivery and the profitability of the unit Information security forensics Knowledge of common information security frameworks and IT controls frameworks, such as NIST 800-171, ISO/IEC 27001, and ITIL Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. Knowledge of global requirements Effectively manage relationships with security vendors, negotiating contracts and ensuring the organization is getting the best value for its security investments. Experience working with customers on security assessments and audits Proven ability to influence and promote safe technology usage, practices and behaviours across all levels of the entire organization by leveraging direct and indirect resources, delivering effective global communication, and enforcing policy attestation and mandatory employee training. Demonstrated understanding of how security decisions impact the business, including customer trust, brand reputation, and revenue generation. Ability to articulate the value of security investments in business terms. Ability to communicate complex security concepts clearly and concisely to a variety of audiences, including senior management, board members, and external stakeholders. This includes building consensus, influencing decision-making, and securing support for security initiatives. Required knowledge of the U.S. GOVERNMENT COMPLIANCE but not limited to, DFAR ************/NIST 800-171, DFARS ************, ************, and ************, CMMC Model Version 2.0 and associated testing requirements, and 48 CFR 52.204-21 Physical Demands: Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required. Typical Experience: 15+ years of IT experience with a proven track record of delivering global capabilities around risk management, information security and progressive IT roles. 5+ years of Senior-level IT Security leadership experience within an organization of comparable scale and complexity, experience in the manufacturing industry is preferred. Knowledge of all aspects of IT business. Typical Education: Bachelor's Degree. Notes: This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

DNI is on the lookout for a Senior Cyber Security Analyst - Information Systems Security Manager (ISSM) to deliver expert guidance in Information Systems Security and cybersecurity support for the Enterprise Information Services at the Department of Energy (DOE) Savannah River Operations Office (DOE-SR), located at the Savannah River Site (SRS) in Aiken, SC. Requirements Reports to the Chief Information Security Officer (CISO) and Program Manager. Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks. Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise. Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary. Oversee operational information systems security implementation programs. Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization). Oversee ISSOs to ensure they follow established policies and procedures and timelines. Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR. Ensure approved procedures are used for sanitizing and releasing system components and media as necessary. Ensure proper measures are taken when cyber security incident or vulnerability is discovered. Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures. Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Manage, maintain, and execute the information security continuous monitoring plan. Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization. Other related tasks as assigned. Support information technology (IT) security goals and objectives and reduce overall organizational risk; Advise senior management (e.g., Chief Information Security Officer [CISO] and Chief Information Officer [CIO] on risk levels and security posture.); Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture; Communicate the value of information technology (IT) security. Knowledge, Skills, and Abilities: Highly organized individual with exceptional communication skills, ensuring all stakeholders are consistently informed and updated as required. Excellent written and oral communication skills (writing samples may be requested). Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result. Ability to identify problems, brainstorm and analyze answers, and implement the best solutions. Ability to develop and review security related procedures or processes and reports. Demonstrated ability to provide clear, precise, and factual information to senior leaders, team members, and external stakeholders. Capable of attending all customer-required meetings and promptly providing responses as requested. Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards. Clearance: Must possess (or be able to obtain) a “Q” level security clearance. Education: A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis. Experience: 7+ years in IT security or related field. Authority to Operate Life Cycle (ATO), Risk Management, POAMS & Milestones Certification: Highly desired certifications: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Benefits Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental Matching 401K Short- and Long-Term Disability Pet Insurance Professional Development/Education Reimbursement Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

" Previous experience in sap security design or basis or development role. " Proficient understanding of sap systems, identity management, auditing tools, modules, and their integration points to effectively manage and control user access " Working and security knowledge tied to sap vulnerability assessment and management, siem and threat management. " Working knowledge of sod (segregation of duties) analysis, sensitive transactions analysis, sap development (includes abap), sap modules, solution manager and transport system, basis component, netweaver, sap-gui, and portals. " Understanding of rfc connections, fiori and workzone security for top-down business role and design. " Strong knowledge of information security principles, frameworks and data protection laws to ensure compliance with the organizations information security policies. " Bachelor's degree in information technology, computer science or a related field. Good to have: cissp, other security certification, or sap security certification.

Delta Information Systems, Inc. is seeking a highly skilled Information Security Specialist to protect and secure critical systems, data, and intellectual property in a fast-paced Aerospace & Defense environment. This role is responsible for implementing and managing security controls, ensuring compliance with strict regulatory requirements, and defending against advanced cyber threats. The ideal candidate will bring deep technical knowledge, strong problem-solving skills, and the ability to work across teams to maintain the confidentiality, integrity, and availability of sensitive information that supports our national security mission. This is a fully onsite position located in Horsham, PA. Key Responsibilities Implement, monitor, and maintain security tools, including firewalls, intrusion detection/prevention systems, endpoint protection, and SIEM platforms. Perform continuous monitoring, vulnerability assessments, penetration testing, and risk analysis of systems and networks. Ensure compliance with DoD, NIST 800-171, CMMC, ITAR, DFARS, and other regulatory frameworks. Champion the company's certification to CMMC Level 2. Develop, document, and enforce cybersecurity policies, procedures, and incident response plans. Support Government and customer security audits, preparing evidence and remediation plans as required. Investigate and respond to cybersecurity incidents, performing root-cause analysis and recommending corrective actions. Collaborate with IT, Engineering, Program Management, and Security teams to embed cybersecurity best practices into operations and product development. Provide cybersecurity awareness training to employees with a focus on handling sensitive defense-related data. Stay current on emerging cyber threats, nation-state tactics, and evolving compliance regulations impacting aerospace and defense. Qualifications Required: Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in information security, IT security operations, or cybersecurity. Strong knowledge of NIST 800-171, CMMC, and DFARS cybersecurity requirements. Experience developing, implementing and achieving CMMC compliance. Experience supporting DoD or government contracts with cybersecurity compliance needs. Hands-on experience with security infrastructure: SIEM, IDS/IPS, endpoint security, and network monitoring tools. Strong understanding of Windows, Linux, and cloud environments (Microsoft Office 365, Deltek Costpoint). Excellent analytical, documentation, and communication skills. U.S. Citizenship (required due to defense industry regulations). Preferred: Active security clearance (Secret or higher), or ability to obtain one. Relevant certifications: CISSP, CISM, Security+, CEH, or GIAC. Experience with RMF (Risk Management Framework) and STIG compliance. Familiarity with secure software development, DevSecOps practices, or classified system security. Compensation Competitive salary Outstanding benefits package 100% Paid Coverage for Medical, Dental, and Vision 401(k) Employer Match Employee Stock Ownership Program (company funded) Life Insurance (company funded) Short-Term Disability (company funded) Long-Term Disability (company funded) Vacation & Sick Holidays: 11 days HealthCare FSA Dependent Care FSA What We Offer Opportunities for training, certifications, and career growth. A mission-driven culture where your work contributes to national security. Exposure to advanced technologies and programs critical to the aerospace and defense sector. About Delta Information Systems, Inc. Delta Information Systems (DIS) is an industry-leading supplier of high-quality aerospace telemetry products for Flight Test, Missile Test, Range Safety, Launch Support and Satellite Command and Control applications. Their products address the complete telemetry chain from Data Acquisition, Storage, Transport and Distribution to Telemetry Processing and Display. DIS customers include all DoD entities, all Major Primes, Integrators, Gov Labs, Aircraft & Missile Manufacturers, & Launch Facilities. In addition, Delta Information Systems (DIS) designs and develops sophisticated electronic equipment that is specifically designed to reliably operate in harsh environments. They deliver critical video communications capability for manned and unmanned Intelligence, Surveillance and Reconnaissance (ISR) programs.

Job Title: Technology - Security Analyst Senior Duration: Long term contract Experienced professional responsible for implementing, maintaining, monitoring, and troubleshooting enterprise-wide security systems. Supports 24/7 availability, mentors junior staff, and ensures compliance with security frameworks and policies. ✅ Core Responsibilities: Implement and manage enterprise security systems, including cloud-based (AWS/Azure). Perform security audits, risk analysis, and vulnerability assessments. Conduct log analysis via SIEM tools; respond to security incidents. Lead incident response, threat hunting, and forensic analysis. Maintain firewalls, encryption systems, and endpoint protections. Develop and enforce security policies, SOPs, and compliance protocols. Manage user access, logical security, and secure configurations. Collaborate cross-functionally on infrastructure and software security. Support regulatory compliance with standards (e.g., NIST, COBIT). Train and mentor team members; provide escalated issue resolution. Evaluate and onboard new security technologies. ✅ Technical Skills Required: Operating Systems: Windows (5+ years), Linux is a plus Cloud Platforms: AWS (EC2, IAM, Security), Azure (AD, Sentinel, Security Center) Security Tools: SIEM (e.g., Splunk), Firewalls, IDS/IPS, Endpoint Protection Scripting: PowerShell, Python, VBScript, Regex Frameworks & Compliance: NIST, COBIT, ISO 27001, ITIL Forensics & IR: Evidence gathering, threat profiling, penetration testing Documentation: RFPs, RFIs, policy writing, technical reporting Protocols: TCP/IP, DNS, HTTP/S, LDAP, SNMP, VPN, SSH ✅ Soft Skills & Abilities: Critical thinking and creative problem-solving Leadership in projects and incident response Effective communication (written and verbal) Mentoring and knowledge-sharing Ability to prioritize and work independently under pressure Collaboration across departments and vendors ✅ Educational Requirements: Preferred: Bachelor's degree in CS, InfoSec, or related Alternate: 8 years equivalent experience in system/security administration ✅ Experience Requirements: Minimum: 4 years in security/system admin in enterprise IT Mandatory: 5 years in Windows environment ✅ Required Certifications (any 2 or equivalent): Security & Compliance: GIAC GMON, GPCS, DoD 8570 certs Cloud & Microsoft: AWS: Cloud Practitioner, Solutions Architect, Security Specialty Azure: Fundamentals, Security Ops/Engineer, Solutions Architect MCSE Aviatrix Certified Engineer (ACE)

Security Architect / Implementation Engineer Duration: 6 Months contract with possibility of extension We are seeking a highly skilled Security Architect / Security Implementation Engineer with expertise in designing, implementing, and integrating Google Cloud Security Command Center (SCC), Chronicle SIEM, and Cybereason XDR. The candidate will be responsible for architecting the end-to-end solution, implementing GCP native security controls, integrating third-party security tools, and producing detailed design and operational documentation. Key Responsibilities: Design and architect cloud-native security controls in GCP aligned with security and compliance frameworks (CIS, ISO 27001, NIST, etc.). Implement Google Security Command Center (SCC) for threat detection, vulnerability management, and risk insights. Architect and configure Chronicle SIEM for log ingestion, correlation, and advanced threat analytics. Integrate Cybereason XDR with SCC, Chronicle, and other security tools to establish end-to-end threat detection and response workflows. Define use cases, rules, policies, and security playbooks to automate detection and response. Document the solution architecture, design decisions, configuration standards, and integration workflows. Conduct knowledge transfer sessions with security operations and support teams. Collaborate with GCP Cloud Platform teams, SOC teams, and compliance teams to align solutions with enterprise policies. Required Skills & Experience: 8-12 years of overall IT security experience with at least 4-5 years in Google Cloud Security. Proven experience with Google Security Command Center (SCC), Chronicle SIEM, and XDR platforms (Cybereason preferred). Strong knowledge of GCP IAM, VPC Service Controls, Cloud Armor, DLP, Cloud Logging, Cloud Monitoring. Hands-on experience in integrating SIEM, XDR, and native GCP security tools. Experience with Terraform, Deployment Manager, or automation frameworks for security deployment. Strong documentation and presentation skills. Security certifications preferred: Google Professional Cloud Security Engineer, GCP Professional Architect, CISSP, CISM, CCSP.

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work ASRC Federal has an exciting opportunity for an Information System Security Engineer (ISSE) in Dayton, Ohio. Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. **Responsibilities:** + Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations. + Automate threat assessment and reporting activities. + Analyze and report system and organizational security posture trends to the ISSM/ISSO. + Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities. + Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. + Plan and recommend modifications or adjustments based on exercise results. + Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM + Audit support responsibilities + Analyze and report organizational security posture trends to the ISSM/ISSO + Analyze and report system security posture trends to the ISSM/ISSO + Apply security policies to meet security objectives of the system to the ISSM/ISSO + Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO + Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO + Assess the effectiveness of security controls and reports findings to the ISSM + Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements + Ensure all systems security operations and maintenance activities are properly documented and updated as necessary + Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM + Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed + Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation + Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM + Plan and recommend modifications or adjustments based on exercise results or system environment + Properly document all systems security implementation, operations and maintenance activities and updates necessary + Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities + Verify and update security documentation reflecting the application/system security design features + Verify minimum security requirements are in place for all applications + Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data + Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements + Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents + Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective + Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks + Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident + Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package + Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks. + Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system. + Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum + Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum + Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures + Monitors and investigates security breaches + Educates employees or clients about security procedures and programs + Other duties as assigned **Requirements:** + Must have a DoD Top Secret w/ SCI eligibility. + Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. + Security+ Certification + 5+ years related experience in SCI/SAP environments. + Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience. + 8-12 years demonstrated performance in related technology. Additional or Preferred Qualifications + 5+ years leadership experience in relevant area of business. We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. **_EEO Statement_** _ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law._ **Job Details** **Job Family** **Information Technology** **Job Function** **Information Security** **Pay Type** **Salary**