Austen Group LLC jobs - 21 jobs

This is a placeholder for all internal referral and anyone that has been referred over for clearance. Please do not apply if this is not that case for you as a candidate. You will be automatically rejected.

We are looking for a Backend Security Engineering Case Management Engineer to architect and implement the backend foundation of our next-generation case management platform. This role is focused on backend systems design, data architecture, integration engineering, and workflow enablement, ensuring the platform serves as a scalable, extensible system-of-record for security programs. Responsibilities include collaborating with program architects to design the backend infrastructure for a modern security case management solution, including data models, storage layers, metadata standards, and service orchestration. Establishing engineering standards for API design, data handling, security, error management, and auditability. Designing and implement high-performance APIs, microservices, and system components that support case lifecycle workflows. Building the foundational taxonomy and object models for cases, entities, evidence, workflows, and automation triggers. Driving platform scalability, reliability, and performance through best-practice engineering patterns. Developing backend integrations between the case management platform and security tools such as SIEM, EDR, vulnerability management platforms, threat intelligence sources, identity systems, and ticketing/ITSM platforms. Building and maintaining API services, event pipelines, data ingestion jobs, and synchronization services. Implementing automated backend workflows to support case routing, enrichment, evidence linkage, and cross-platform data federation. Ensuring the platform adheres to industry security practices, including authentication, authorization, and secure data transmission. Maintaining documentation including backend architecture diagrams, schema definitions, integration specs, and operational runbooks. Collaborating with frontend teams, product owners, and platform architects to ensure cohesive end-to-end system design. Basic Qualifications: · 5+ years of backend engineering or platform engineering experience. · Strong proficiency in backend languages (e.g., Python, Java, Go, Node.js). · Demonstrated experience architecting or integrating with workflow, case/ticketing, or automation platforms (e.g., ServiceNow, Jira, TheHive, custom-built systems). · Deep experience designing APIs (REST, GraphQL) and event-driven systems. · Strong skills in integrating complex systems using APIs, message queues, streaming platforms, and ETL pipelines. · Solid knowledge of security engineering concepts, secure coding standards, and platform hardening for highly regulated environments (e.g. DoD, Energy, Finance). · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · Strong architectural and system design capabilities · Ability to translate platform requirements into scalable backend implementations · Strong attention to detail with a focus on reliability and maintainability · Excellent communication and cross-functional collaboration · Database expertise (SQL and NoSQL), schema design, and performance optimization. · Exposure to cloud-native architecture in AWS, GCP, or Azure. · Familiarity with data modeling for security or operational systems.

We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands-on engineering and O&M experience with Suricata and/or other network-based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. What You'll Work On: · Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks. · Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives. · Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging. · Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features. · Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms. · Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning. · Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues. · Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes. · Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement. Basic Qualifications: · Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files. · Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules. · Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (pu TTY, SSH, etc.) · Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards. · Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata. · Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment. · TS/SCI clearance with the ability to obtain a counter-intelligence polygraph. · Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification. · Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date. Additional Qualifications: · Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks. · Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation. · Experience integrating Suricata with Splunk, or other SIEM solutions. · Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments. · Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc. · Ability to be a self-starter, work without considerable direction, and work with a team. · Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

Job Description **Contingent upon award** REQUIRES AN ACTIVE/EXISTING TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK We are seeking a skilled ServiceNow Developer to support a mission-critical government program. This role demands expertise in developing, configuring, and maintaining ServiceNow applications in a secure environment. The ideal candidate will work closely with system owners, engineers, and cyber teams to ensure the platform aligns with ITIL best practices and meets federal compliance requirements. This is a hands-on, in-person position for individuals who thrive in fast-paced environments where technical depth, initiative, and accountability are expected. Responsibilities Design, configure, and customize core applications and modules within the ServiceNow platform (ITSM, ITOM, CMDB, etc.) Develop and maintain custom scripts, business rules, workflows, UI actions, and integrations Participate in Agile sprint planning, standups, and technical backlog grooming Maintain compliance with federal security standards (e.g., NIST 800-53, RMF) Collaborate with stakeholders to gather requirements and translate them into technical solutions Support troubleshooting, platform upgrades, and module implementations Develop custom dashboards and reports for data-driven insights Integrate ServiceNow with external systems via REST/SOAP APIs and MID Servers Ensure platform security, access control, and operational continuity Create and maintain system documentation, test scripts, and training materials as required Required Qualifications 3+ years of hands-on ServiceNow development experience Must have a current Sec+ Proficiency with JavaScript, Glide API, Flow Designer, and modern ServiceNow architecture Experience with at least two ServiceNow modules (e.g., ITSM, ITOM, SecOps, HRSD) Understanding of CMDB design and implementation best practices Familiarity with federal IT environments and security constraints Ability to work independently and as part of a cleared development team Strong communication and documentation skills Preferred Qualifications ServiceNow Certified System Administrator (CSA) - required or must obtain within 90 days Additional certifications (e.g., CIS-ITSM, CIS-Discovery, CAD) Familiarity with automated testing frameworks within ServiceNow Experience with secure enclave development or cross-domain data workflows Familiarity with JIRA, Git, and CI/CD pipelines in classified environments Work Environment & Expectations This is an onsite position supporting a federal customer in a classified space. Candidates must be comfortable working in secure, air-gapped networks.

Lead the design and development of solutions to automate Cyber and Cloud services and activities. Develop and optimize data workflows and solution architectures that allow for intelligent storage, query, and exploration of datasets for Cyber and Cloud operations and engineering. Work closely with clients to develop and integrate highly available, scalable, and secure solutions that integrate security platforms across open source and COTS products. Work on developing extensible, scalable, and secure Cloud-based A&O services that can be adopted and integrated in a wide range of Cybersecurity use cases. Basic Qualifications: · 4+ years of experience in security engineering and architecture for highly regulated industries, including government, healthcare, or financial · 3+ years of experience with software development or scripting, including Python development, and Splunk, including creating searches with Splunk Search Processing Language (SPL), building dashboards, and working with Splunk Enterprise Security (ES) · 2+ years of experience working with REST APIs to integrate Splunk SOAR with other security and IT tools · 1+ years of experience of Linux/Windows logging, administration and debugging support for automation workflows · Experience with network protocols and security principles. · Ability to work on high impact and high visibility projects as part of small, dynamic team · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · Active DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · 1+ year of experience with incident response processes, and security operations center (SOC) workflows · Experience developing and maintaining technical documentation for playbooks and integrations · Experience with other programming languages, including Java, JavaScript, or Ruby · Experience with version control and related software, including Git, CVS, and SVN · Experience integrating developing AWS or Azure cloud-based solutions · Experience delivering solutions in accordance with Agile best practices and the SELC · Experience developing a roadmap for SOAR maturity and expansion meet mission objectives · Knowledge of micro-services concepts and SOAR to ES integration · Splunk Enterprise Certified Architect and Splunk Enterprise Security Certified Admin certifications

Design, deploy, manage, and operationalize enterprise endpoint data protection controls as a Trellix Endpoint Data Loss Prevention (DLP) Engineer. Serve as the technical owner for Trellix EDR/DLP components, ensuring sensitive data is identified, monitored, and protected across the enterprise. Use analytical, engineering, and stakeholder engagement capabilities to assist with information protection strategy. Play a core role in safeguarding the organization's data. Build an enterprise-grade data protection program with visibility across security leadership, risk, and operational teams. Lead enterprise deployment, configuration, tuning, and maintenance of Trellix Endpoint DLP, including policy automation, agent health, and performance optimization. Assist with analyzing, testing, and operationalizing DLP policies, rulesets, classification logic, and incident workflows aligned to data governance requirements. Integrate the Trellix DLP platform with SIEM, SOAR, CASB, CMDB, and identity security tools for end-to-end visibility and automated response. Analyze DLP telemetry, alerts, and incidents to identify data exfiltration patterns, risk signals, and false positives. Partner with legal, compliance, data governance, and HR to define rulesets, thresholds, and exception workflows. Develop engineering playbooks, standard operating procedures, and runbooks for policy lifecycle management. Manage endpoint agent health, upgrades, change control, and enterprise-wide platform stability. Conduct root-cause analysis for user-impact, policy misfires, broken workflows, and e data classification, tagging, and secure data-handling practices. Align DLP implementations with Zero Trust, privacy, and enterprise data protection strategies. Basic Qualifications: · 4+ years of experience in cybersecurity engineering, data protection, or endpoint security · 2+ years of experience with Trellix Endpoint DLP, Trellix ePO, associated modules, agent-based controls, and Windows and Linux endpoint management and troubleshooting · 2+ years of experience developing and deploying solutions for highly regulated industries such as healthcare, finance, federal, defense, and energy · Experience with integration patterns across SIEM, SOAR, and identity security platforms, and broader Trellix or McAfee security stack such as ENS, DLP Monitor, DLP Discover, and ePO · Experience with scripting in PowerShell, Python, or Bash for automation and workflow optimization, creating classification taxonomies, and integrating DLP with enterprise data catalogs · Ability to interpret data movement patterns and policy outcomes · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification such as Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification such as CEH, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date Additional Qualifications: · Knowledge of data loss prevention concepts, endpoint security controls, and data classification models · Possession of strong analytical skills

Job Description This is a placeholder for all internal referral and anyone that has been referred over for clearance. Please do not apply if this is not that case for you as a candidate. You will be automatically rejected.

We are looking for a Backend Security Engineering Case Management Engineer to architect and implement the backend foundation of our next-generation case management platform. This role is focused on backend systems design, data architecture, integration engineering, and workflow enablement, ensuring the platform serves as a scalable, extensible system-of-record for security programs. Responsibilities include collaborating with program architects to design the backend infrastructure for a modern security case management solution, including data models, storage layers, metadata standards, and service orchestration. Establishing engineering standards for API design, data handling, security, error management, and auditability. Designing and implement high-performance APIs, microservices, and system components that support case lifecycle workflows. Building the foundational taxonomy and object models for cases, entities, evidence, workflows, and automation triggers. Driving platform scalability, reliability, and performance through best-practice engineering patterns. Developing backend integrations between the case management platform and security tools such as SIEM, EDR, vulnerability management platforms, threat intelligence sources, identity systems, and ticketing/ITSM platforms. Building and maintaining API services, event pipelines, data ingestion jobs, and synchronization services. Implementing automated backend workflows to support case routing, enrichment, evidence linkage, and cross-platform data federation. Ensuring the platform adheres to industry security practices, including authentication, authorization, and secure data transmission. Maintaining documentation including backend architecture diagrams, schema definitions, integration specs, and operational runbooks. Collaborating with frontend teams, product owners, and platform architects to ensure cohesive end-to-end system design. Basic Qualifications: · 5+ years of backend engineering or platform engineering experience. · Strong proficiency in backend languages (e.g., Python, Java, Go, Node.js). · Demonstrated experience architecting or integrating with workflow, case/ticketing, or automation platforms (e.g., ServiceNow, Jira, TheHive, custom-built systems). · Deep experience designing APIs (REST, GraphQL) and event-driven systems. · Strong skills in integrating complex systems using APIs, message queues, streaming platforms, and ETL pipelines. · Solid knowledge of security engineering concepts, secure coding standards, and platform hardening for highly regulated environments (e.g. DoD, Energy, Finance). · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · Strong architectural and system design capabilities · Ability to translate platform requirements into scalable backend implementations · Strong attention to detail with a focus on reliability and maintainability · Excellent communication and cross-functional collaboration · Database expertise (SQL and NoSQL), schema design, and performance optimization. · Exposure to cloud-native architecture in AWS, GCP, or Azure. · Familiarity with data modeling for security or operational systems.

Work with an expert team focused on implementing and operating next generation security solutions for government and commercial clients. Perform hands-on evaluation, implementation, and operation of leading security Cyber defense tools and technologies. Apply in-depth defense strategies to large and complex networks to rapidly identify vulnerabilities and threats, prioritize response actions, and develop effective countermeasures. Apply thought leadership in a highly collaborative and innovative work environment to solve complex security challenges. You will join a team and engineer solutions to complex challenges for customers using your knowledge of network engineering, system administration and Active Directory. In this role, you'll closely impact mission success, protecting data and networks from malicious payloads and actors. With mentoring, challenging hands-on problem-solving, and opportunities to learn new tools and skills, we focus on growing as a team to make the best solutions for our customers. Basic Qualifications: · Experience architecting and designing IP networks, including developing and documenting network topologies · Experience with network engineering, including physical or logical, such as installation and activation of ports, configuration of switches, and LANS, VLANS, and network FW or appliances or network administration services, such as Active Directory, Guests LANS, and domain management · Knowledge of multi-domain architectures, including data center, WAN, and LAN in virtualized architectures · 1+ years of experience with performing systems administration Windows or Linux Administration, including performing basic troubleshooting and installation or configuration, monitoring system performance or availability, and performing security upgrades · TS/SCI clearance with the ability to obtain a counter-intelligence polygraph. · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification. · Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date. Additional Qualifications: · Experience with deployment or daily maintenance of Forescout CounterACT appliances · Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems · Ability to install and deploy Forescout in a customer environment · Ability to integrate Cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk · Ability to provide support in a Tier II IT operations and maintenance role, including ticket work information updates, issue responses, and remediation · Ability to be a self-starter, work without considerable direction, and work with a team · Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations

Lead the design and development of solutions to automate Cyber and Cloud services and activities. Develop and optimize data workflows and solution architectures that allow for intelligent storage, query, and exploration of datasets for Cyber and Cloud operations and engineering. Work closely with clients to develop and integrate highly available, scalable, and secure solutions that integrate security platforms across open source and COTS products. Work on developing extensible, scalable, and secure Cloud-based A&O services that can be adopted and integrated in a wide range of Cybersecurity use cases. Basic Qualifications: · 4+ years of experience in security engineering and architecture for highly regulated industries, including government, healthcare, or financial · 3+ years of experience with software development or scripting, including Python development, and Splunk, including creating searches with Splunk Search Processing Language (SPL), building dashboards, and working with Splunk Enterprise Security (ES) · 2+ years of experience working with REST APIs to integrate Splunk SOAR with other security and IT tools · 1+ years of experience of Linux/Windows logging, administration and debugging support for automation workflows · Experience with network protocols and security principles. · Ability to work on high impact and high visibility projects as part of small, dynamic team · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · Active DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · 1+ year of experience with incident response processes, and security operations center (SOC) workflows · Experience developing and maintaining technical documentation for playbooks and integrations · Experience with other programming languages, including Java, JavaScript, or Ruby · Experience with version control and related software, including Git, CVS, and SVN · Experience integrating developing AWS or Azure cloud-based solutions · Experience delivering solutions in accordance with Agile best practices and the SELC · Experience developing a roadmap for SOAR maturity and expansion meet mission objectives · Knowledge of micro-services concepts and SOAR to ES integration · Splunk Enterprise Certified Architect and Splunk Enterprise Security Certified Admin certifications

Be responsible for the successful installation, configuration, and integration of the Cyber Asset Attack Surface Management (CAASM) platform within complex client environments. Hold an understanding of IT infrastructure, networking, and security tools to ensure seamless data onboarding and high customer satisfaction. Collaborate closely with clients, project managers, and internal engineering teams to deliver a comprehensive and accurate asset inventory solution. Configure and manage CAASM solution deployment in accordance with the systems engineering lifecycle (SELC). Monitor, design, and onboard new data connections by integrating CAASM with a wide range of third-party security and management tools. Create and maintain deployment scripts and automation processes to streamline installations and enhance data management efficiency. Analyze and interpret complex Cyber datasets to uncover insights, performing exploratory analysis and ensuring data quality, accuracy, and reliability. Document the installation and configuration of production deployments. Perform system monitoring and ongoing daily maintenance for deployed CAASM instances, ensuring system health, data integrity, and adherence to security best practices. Participate in on-call rotation for Production support. Basic Qualifications: · 4+ years of experience architecting, implementing, integrating, and managing COTS solutions for hybrid cloud environments · 3+ years of experience performing systems administration in Windows, Linux, or VMware environments, including performing basic troubleshooting, installation, configuration, monitoring system performance or availability, and performing security upgrades · 3+ years of experience programming and debugging, shell scripting, application containerization, data storage, and retrieval from a variety of sources · 2+ years of experience deploying, hosting, monitoring, and securing solutions for Government customers · Experience with APIs and data pipelines to ingest, normalize, and correlate asset data with vulnerability feeds, threat intelligence, and security findings from multiple sources · Knowledge of scripting languages for automation and troubleshooting, and of APIs with their usage for data integration · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · 2+ years of experience automating workflows securely with COTS products via RESTful API's · 2+ years of experience integrating Axonius or Armis · 2+ years of experience in securing solutions in accordance with Federal regulatory compliance frameworks · Experience supporting Federal DoD and Intelligence Agencies, including supporting large Federal programs · Experience with SAFe Agile methodologies in a scaled enterprise setting · Experience with cloud platforms, particularly AWS and Azure · Knowledge of networking fundamentals · Ability to provide support in an IT operations and maintenance role, including ticket work information updates, issue response, and remediation · Possession of excellent communication and relationship skills to articulate technical topics and build consensus among stakeholders · Possession of strong problem-solving and analytical skills

**Contingent upon award** REQUIRES AN ACTIVE/EXISTING TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK We are seeking a skilled ServiceNow Developer to support a mission-critical government program. This role demands expertise in developing, configuring, and maintaining ServiceNow applications in a secure environment. The ideal candidate will work closely with system owners, engineers, and cyber teams to ensure the platform aligns with ITIL best practices and meets federal compliance requirements. This is a hands-on, in-person position for individuals who thrive in fast-paced environments where technical depth, initiative, and accountability are expected. Responsibilities Design, configure, and customize core applications and modules within the ServiceNow platform (ITSM, ITOM, CMDB, etc.) Develop and maintain custom scripts, business rules, workflows, UI actions, and integrations Participate in Agile sprint planning, standups, and technical backlog grooming Maintain compliance with federal security standards (e.g., NIST 800-53, RMF) Collaborate with stakeholders to gather requirements and translate them into technical solutions Support troubleshooting, platform upgrades, and module implementations Develop custom dashboards and reports for data-driven insights Integrate ServiceNow with external systems via REST/SOAP APIs and MID Servers Ensure platform security, access control, and operational continuity Create and maintain system documentation, test scripts, and training materials as required Required Qualifications 3+ years of hands-on ServiceNow development experience Must have a current Sec+ Proficiency with JavaScript, Glide API, Flow Designer, and modern ServiceNow architecture Experience with at least two ServiceNow modules (e.g., ITSM, ITOM, SecOps, HRSD) Understanding of CMDB design and implementation best practices Familiarity with federal IT environments and security constraints Ability to work independently and as part of a cleared development team Strong communication and documentation skills Preferred Qualifications ServiceNow Certified System Administrator (CSA) - required or must obtain within 90 days Additional certifications (e.g., CIS-ITSM, CIS-Discovery, CAD) Familiarity with automated testing frameworks within ServiceNow Experience with secure enclave development or cross-domain data workflows Familiarity with JIRA, Git, and CI/CD pipelines in classified environments Work Environment & Expectations This is an onsite position supporting a federal customer in a classified space. Candidates must be comfortable working in secure, air-gapped networks.

We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS). Highly qualified candidates will have hands-on engineering and O&M experience with Suricata and/or other network-based IDS capabilities such as Snort, VectraAI, Corelight, etc. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. What You'll Work On: · Designing, deploying, and maintaining IDS/IPS systems across a large enterprise with multiple networks. · Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives. · Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging. · Tuning IDS/IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC-specific acceleration features. · Collaborating with security teams to integrate IDS/IPS with SIEM and other security monitoring platforms. · Troubleshooting installation and operational issues specific to IDS/IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE-Linux policies, and performance tuning. · Identifying and mitigating common pitfalls encountered when deploying IDS/IPS in large-scale enterprise environments, including package dependencies, system resource constraints, and NIC driver/configuration issues. · Provide detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes. · Staying current with Platform IDS/IPS Software releases, NIC driver updates, and community best practices for network interface tuning and IDS/IPS performance enhancement. Basic Qualifications: · Proven experience working with Snort, Suricata, Corelight or other network IDS/IPS systems, including hands-on management of its YAML configuration files. · Strong knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules. · Extensive experience administering Red Hat Enterprise Linux (RHEL) systems, including package management (yum/dnf), kernel module management, SE-Linux configuration, and system optimization via Unix CLI and other remote shell access vectors (pu TTY, SSH, etc.) · Hands-on experience tuning Suricata for high-performance packet capture with Napatech NICs or similar advanced network interface cards. · Familiarity with NIC-specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and offload capabilities, and how to configure them for Suricata. · Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment. · TS/SCI clearance with the ability to obtain a counter-intelligence polygraph. · Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification. · Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date. Additional Qualifications: · Experience with scripting languages (Bash, Python, YAML/Ansible, etc.) to automate Suricata configuration and deployment tasks. · Proficient understanding of network protocols, intrusion detection methodologies, and security event correlation. · Experience integrating Suricata with Splunk, or other SIEM solutions. · Knowledge of containerized deployments of Suricata (Docker/Kubernetes) in enterprise environments. · Detection and Response (NDR) solutions, including Trellix/FireEye, Corelight, Endace, Vectra AI, Dark Trace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, Trend Vision, etc. · Ability to be a self-starter, work without considerable direction, and work with a team. · Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts

We are seeking a seasoned Endace Implementation & Sustainment Engineer to architect, deploy, integrate, and operate Endace packet capture, monitoring, and network recording platforms across a large, distributed enterprise. The ideal candidate has deep experience in network forensics, packet analytics, and telemetry architecture, combined with hands-on familiarity supporting Zero Trust visibility and segmentation strategies. This role owns the end-to-end lifecycle for Endace systems-including design, installation, configuration, maintenance, and long-term optimization-while integrating the platform with SIEM/SOAR, detection engineering, analytics tooling, and broader Zero Trust security controls. Responsibilities include leading the design, deployment, and configuration of Endace appliances for enterprise-scale packet capture. Developing packet capture strategies aligned to network architecture, mission requirements, and Zero Trust visibility controls. Building high-availability, scalable, and resilient Endace clusters across data centers and cloud-connected environments. Integrating Endace with analytics ecosystems (SIEM, SOAR, NDR, EDR, threat intel, investigation platforms). Maintaining and tuning Endace hardware and software for optimal performance, including upgrades, patching, sensor tuning, and storage lifecycle. Troubleshooting packet loss, timing drift, flow indexing issues, clock synchronization, and performance bottlenecks. Monitoring device health, capacity, and telemetry fidelity to ensure consistent, forensically-sound data capture. Managing PCAP retention strategies, indexing policies, and storage allocation across distributed deployments. Aligning Endace visibility architecture with Zero Trust telemetry requirements and continuous verification workflows; Ensuring packet capture and telemetry support identity-aware network segmentation and policy enforcement. Supporting development of traffic baselines, segmentation decisions, and enforcement models using Endace data. Automating deployment, configuration, and sustainment workflows using Ansible, Terraform, or scripting. Building dashboards, runbooks, playbooks, and investigation workflows for SOC, threat hunters, and IR teams. Partnering with network engineering, cloud teams, and security operations to ensure full-spectrum telemetry coverage. Deliverin training and guidance to operational teams on Endace platform usage and best practices. Basic Qualifications: · 5+ years of experience in cybersecurity engineering, network security, or SOC tooling. · Strong understanding of packet analysis, network forensics, deep packet inspection, and PCAP workflows. · Proficiency in Linux administration and scripting (Python, Bash, PowerShell). · Experience supporting regulated or high-security environments (DoD, IC, FedRAMP, PCI, HIPAA). · Familiarity with Zero Trust Architecture, segmentation principles, and identity-centric policy models. · Demonstrated experience integrating Endace with SIEMs, SOAR tools, and investigation platforms. · Solid understanding of core network protocols (TCP/IP, TLS, DNS, HTTP/S, NetFlow/IPFIX, etc.) · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · Proven hands-on experience deploying, configuring, and managing Endace DAG/EndaceProbe solutions in production. · Familiarity with complementary network tools (Zeek, Suricata, Arkime, NDR platforms). · Experience with cloud networking and packet capture strategies in AWS, Azure, or GCP. · Certifications such as CISSP, GCIA, GNFA, GCIH, or vendor-specific credentials. · Strong analytical and problem-solving ability. · Excellent communication and documentation skills. · Able to collaborate with cross-functional technical and non-technical stakeholders. · Comfortable leading architecture conversations and driving platform strategy.

Be responsible for the successful installation, configuration, and integration of the Cyber Asset Attack Surface Management (CAASM) platform within complex client environments. Hold an understanding of IT infrastructure, networking, and security tools to ensure seamless data onboarding and high customer satisfaction. Collaborate closely with clients, project managers, and internal engineering teams to deliver a comprehensive and accurate asset inventory solution. Configure and manage CAASM solution deployment in accordance with the systems engineering lifecycle (SELC). Monitor, design, and onboard new data connections by integrating CAASM with a wide range of third-party security and management tools. Create and maintain deployment scripts and automation processes to streamline installations and enhance data management efficiency. Analyze and interpret complex Cyber datasets to uncover insights, performing exploratory analysis and ensuring data quality, accuracy, and reliability. Document the installation and configuration of production deployments. Perform system monitoring and ongoing daily maintenance for deployed CAASM instances, ensuring system health, data integrity, and adherence to security best practices. Participate in on-call rotation for Production support. Basic Qualifications: · 4+ years of experience architecting, implementing, integrating, and managing COTS solutions for hybrid cloud environments · 3+ years of experience performing systems administration in Windows, Linux, or VMware environments, including performing basic troubleshooting, installation, configuration, monitoring system performance or availability, and performing security upgrades · 3+ years of experience programming and debugging, shell scripting, application containerization, data storage, and retrieval from a variety of sources · 2+ years of experience deploying, hosting, monitoring, and securing solutions for Government customers · Experience with APIs and data pipelines to ingest, normalize, and correlate asset data with vulnerability feeds, threat intelligence, and security findings from multiple sources · Knowledge of scripting languages for automation and troubleshooting, and of APIs with their usage for data integration · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications: · 2+ years of experience automating workflows securely with COTS products via RESTful API's · 2+ years of experience integrating Axonius or Armis · 2+ years of experience in securing solutions in accordance with Federal regulatory compliance frameworks · Experience supporting Federal DoD and Intelligence Agencies, including supporting large Federal programs · Experience with SAFe Agile methodologies in a scaled enterprise setting · Experience with cloud platforms, particularly AWS and Azure · Knowledge of networking fundamentals · Ability to provide support in an IT operations and maintenance role, including ticket work information updates, issue response, and remediation · Possession of excellent communication and relationship skills to articulate technical topics and build consensus among stakeholders · Possession of strong problem-solving and analytical skills

REQUIRES AN ACTIVE, EXISTING TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE We are seeking a highly skilled Arkime (formerly Moloch) Implementation & Sustainment Engineer to design, deploy, operate, and enhance our enterprise packet-capture and deep network visibility capability. The ideal candidate combines hands-on Arkime expertise with strong Zero Trust engineering principles to support threat detection, forensics, segmentation, and continuous monitoring across a complex, distributed environment. You will directly improve the organization's ability to detect threats early, respond faster, and understand network behavior at scale-ensuring that identity-driven, least-privilege policies are backed by deep telemetry and forensic depth This role will drive full lifecycle engineering-from architecture and deployment to tuning, integrations, sustainment, and long-term optimization-while partnering with cross-functional security, network, and platform teams. Key Responsibilities: · Architect, deploy, and configure Arkime clusters, capture nodes, viewer nodes, and storage subsystems. · Design packet capture strategies aligned to network topology, mission requirements, and Zero Trust monitoring needs. · Develop and automate deployment workflows using scripts, orchestration tools, and configuration management. · Integrate Arkime with SIEM, SOAR, EDR, and threat intel platforms to enrich detection and investigation workflows. · Conduct regular tuning of parsers, views, tags, and sessions to support detection engineering and threat hunting. · Perform version upgrades, patching, configuration changes, data lifecycle management, and log retention optimization. · Align Arkime data capture with Zero Trust Architecture (ZTA) telemetry requirements. · Support development of visibility baselines, identity-aware policies, and segmentation enforcement strategies. · Work with network engineering, cloud engineering, and security operations to ensure end-to-end telemetry coverage. · Develop dashboards, queries, workflows, and documentation for SOC, detection engineers, and incident responders. · Provide training, playbooks, and technical expertise to internal engineering and operations teams. Basic Qualifications: · 5+ years of experience in cybersecurity, network security engineering, or security operations. · Strong background in packet analysis, PCAP management, DPI technologies, and network protocols (TCP/IP, DNS, TLS, HTTP, etc.). · Familiarity with Suricata, Zeek, or other packet/flow analysis platforms.

You will directly shape our enterprise Zero Trust program, influence architectural decisions, and help safeguard mission-critical systems by deploying one of the most advanced segmentation platforms in the industry. This is a high-impact engineering role with visibility across security, cloud, and executive leadership. We are seeking an experienced Illumio Zero Trust Segmentation Platform Engineer to lead the design, implementation, and operational support of our enterprise micro-segmentation strategy. This role will own the Illumio Adaptive Security Platform (ASP) across hybrid environments and play a critical part in our Zero Trust initiative, partnering with security architects, cloud engineers, application teams, and IT operations to reduce lateral movement risk and strengthen our overall security posture. Key Responsibilities: · Lead the design, deployment, configuration, and optimization of Illumio Core and Illumio Edge across on-premises, virtualized, and cloud environments. · Architect and implement Zero Trust Segmentation policies, including application dependency mapping, labeling frameworks, enforcement boundaries, and zone-based controls. · Develop Illumio workflows, runbooks, dashboards, and segmentation models for enterprise workloads and critical applications. · Integrate Illumio with SIEM/SOAR, CMDB, C2C, vulnerability scanners, cloud-native controls, and enterprise automation pipelines. · Conduct traffic flow analysis using Illumio VEN telemetry and build policy recommendations to reduce attack surface and limit east-west movement. · Troubleshoot system performance, VEN installation issues, policy conflicts, and platform health across distributed infrastructure. · Partner with application owners to onboard workloads, validate segmentation plans, and support change management processes. · Perform lifecycle management: upgrades, health checks, certificate operations, and policy governance. · Collaborate with security architects to align Illumio policy models with broader Zero Trust and NIST 800-207 strategies. · Contribute to architectural standards, documentation, and enterprise security playbooks. Basic Qualifications: · 5+ years in cybersecurity, cloud security, or infrastructure engineering. · 3+ years of expertise in Linux/Windows systems, virtualization (VMware, Hyper-V), and cloud environments (AWS, Azure, or GCP). · 2+ years of experience with network security (firewalls, routing, segmentation models, TCP/IP). · 2+ years of experience developing and deploying solutions for highly regulated mission-critical environments (finance, healthcare, federal, or energy). · 1+ year experience with infrastructure automation tools (Ansible, Terraform, or similar). · 1+ year experience with REST APIs, scripting (Python, Bash, PowerShell), or automation frameworks. · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · Active DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification within 30 days of start date Additional Qualifications · Prior Hands-on experience deploying and managing Illumio Adaptive Security Platform (ASP) in enterprise environments. · Illumio certifications (e.g., Illumio ASP Professional or Expert). · Experience with CMDB systems (ServiceNow), SIEM/SOAR tools, or vulnerability management platforms. · Strong understanding of Zero Trust principles, micro-segmentation, and lateral movement mitigation · Strong analytical and problem-solving skills with the ability to translate policies into technical controls.

Work with an expert team focused on implementing and operating next generation security solutions for government and commercial clients. Perform hands-on evaluation, implementation, and operation of leading security Cyber defense tools and technologies. Apply in-depth defense strategies to large and complex networks to rapidly identify vulnerabilities and threats, prioritize response actions, and develop effective countermeasures. Apply thought leadership in a highly collaborative and innovative work environment to solve complex security challenges. You will join a team and engineer solutions to complex challenges for customers using your knowledge of network engineering, system administration and Active Directory. In this role, you'll closely impact mission success, protecting data and networks from malicious payloads and actors. With mentoring, challenging hands-on problem-solving, and opportunities to learn new tools and skills, we focus on growing as a team to make the best solutions for our customers. Basic Qualifications: · Experience architecting and designing IP networks, including developing and documenting network topologies · Experience with network engineering, including physical or logical, such as installation and activation of ports, configuration of switches, and LANS, VLANS, and network FW or appliances or network administration services, such as Active Directory, Guests LANS, and domain management · Knowledge of multi-domain architectures, including data center, WAN, and LAN in virtualized architectures · 1+ years of experience with performing systems administration Windows or Linux Administration, including performing basic troubleshooting and installation or configuration, monitoring system performance or availability, and performing security upgrades · TS/SCI clearance with the ability to obtain a counter-intelligence polygraph. · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ year of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree. · DoD 8570 IAT Level II Certification, including Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification. · Ability to obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date. Additional Qualifications: · Experience with deployment or daily maintenance of Forescout CounterACT appliances · Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems · Ability to install and deploy Forescout in a customer environment · Ability to integrate Cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk · Ability to provide support in a Tier II IT operations and maintenance role, including ticket work information updates, issue responses, and remediation · Ability to be a self-starter, work without considerable direction, and work with a team · Possession of excellent verbal and written communication skills, including for coordinating efforts and establishing customer relations

Design, deploy, manage, and operationalize enterprise endpoint data protection controls as a Trellix Endpoint Data Loss Prevention (DLP) Engineer. Serve as the technical owner for Trellix EDR/DLP components, ensuring sensitive data is identified, monitored, and protected across the enterprise. Use analytical, engineering, and stakeholder engagement capabilities to assist with information protection strategy. Play a core role in safeguarding the organization's data. Build an enterprise-grade data protection program with visibility across security leadership, risk, and operational teams. Lead enterprise deployment, configuration, tuning, and maintenance of Trellix Endpoint DLP, including policy automation, agent health, and performance optimization. Assist with analyzing, testing, and operationalizing DLP policies, rulesets, classification logic, and incident workflows aligned to data governance requirements. Integrate the Trellix DLP platform with SIEM, SOAR, CASB, CMDB, and identity security tools for end-to-end visibility and automated response. Analyze DLP telemetry, alerts, and incidents to identify data exfiltration patterns, risk signals, and false positives. Partner with legal, compliance, data governance, and HR to define rulesets, thresholds, and exception workflows. Develop engineering playbooks, standard operating procedures, and runbooks for policy lifecycle management. Manage endpoint agent health, upgrades, change control, and enterprise-wide platform stability. Conduct root-cause analysis for user-impact, policy misfires, broken workflows, and e data classification, tagging, and secure data-handling practices. Align DLP implementations with Zero Trust, privacy, and enterprise data protection strategies. Basic Qualifications: · 4+ years of experience in cybersecurity engineering, data protection, or endpoint security · 2+ years of experience with Trellix Endpoint DLP, Trellix ePO, associated modules, agent-based controls, and Windows and Linux endpoint management and troubleshooting · 2+ years of experience developing and deploying solutions for highly regulated industries such as healthcare, finance, federal, defense, and energy · Experience with integration patterns across SIEM, SOAR, and identity security platforms, and broader Trellix or McAfee security stack such as ENS, DLP Monitor, DLP Discover, and ePO · Experience with scripting in PowerShell, Python, or Bash for automation and workflow optimization, creating classification taxonomies, and integrating DLP with enterprise data catalogs · Ability to interpret data movement patterns and policy outcomes · Active TS/SCI clearance; willingness to take a polygraph exam · Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities. Years of experience may be accepted in lieu of degree · DoD 8570.01-M Information Assurance Technician (IAT) Level II Certification such as Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND Certification · Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support Certification such as CEH, CHFI, CFR, Cloud+, or CND Certification, within 30 days of start date Additional Qualifications: · Knowledge of data loss prevention concepts, endpoint security controls, and data classification models · Possession of strong analytical skills