Cyber Security Engineer jobs at Booz Allen Hamilton

MANTECH seeks a motivated, career and customer-oriented Senior Information System Security Officer (ISSO) to join our team in Huntsville, Alabama. Responsibilities include, but are not limited to: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS and that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Provide liaison support between the system owner and other IS security personnel Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis; Conduct required IS vulnerability scans according to risk assessment parameters Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs). Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for FBI ISs to maintain security Authorized to Operate (ATO); Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR; Working knowledge of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and ATO processes Minimum Qualifications: Must meet one of the following levels of experience: A high school diploma/GED and 7 years' experience, a bachelor's degree in computer science cybersecurity or a related discipline and five years' experience, or a master's degree in computer science cybersecurity or a related discipline and 3 years' experience. Hold at least one of the following Information Assurance Management (IAM) Level III certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or equivalent certifications Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar applications Preferred Qualifications: A bachelor's or advanced degree in Computer Science, Cybersecurity, or other cyber discipline Clearance Requirements: Must have a current/active Top Secret security clearance with eligibility to obtain SCI prior to starting this position. Selected candidate must be willing to undergo a Polygraph. Physical Requirements: Must be able to remain in a stationary position 50% Needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer Often positions self to maintain computers in the lab, including under the desks and in the server closet Frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

Design and implement advanced security architectures across cloud, on-prem, and hybrid environments while driving Zero Trust, SASE, and cloud-native security initiatives. Lead global strategic programs, network modernization efforts, and rapid tactical responses to critical incidents, converting gaps into standards and governance. Develop security reference architectures, HLD/LLD solution packages, and Infra-as-Code-driven delivery models aligned with enterprise transformation goals. Conduct threat modeling, risk assessments, and gap analysis across applications, infrastructure, APIs, containers, and third-party integrations. Implement cloud and DevSecOps security controls, integrating tooling into CI/CD pipelines and enforcing secure coding and IaC policies. Build security automation, SOAR playbooks, and SIEM integrations to streamline detection, vulnerability management, compliance, and response workflows. Enhance detection engineering through custom rules, behavioral analytics, log enrichment, and purple-team/adversary emulation exercises. Provide cross-functional leadership for initiatives involving cloud migration, AI/ML, M&A, and digital modernization, presenting strategies and risk posture to executive stakeholders.

Immediate need for a talented Senior Cloud Security Engineer . This is a 04 months contract opportunity with long-term potential and is located in Elkhorn,NE(Remote). Please review the job description below and contact me ASAP if you are interested. Job ID:25-94911 Pay Range: $90 - $91.19/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Deploy and configure container scanning tools to ensure secure containerized environments. Analyze vulnerabilities identified through SAST, DAST, SCA, and container scans, prioritizing remediation based on risk. Develop and maintain custom scripts to automate security processes and enhance scanning capabilities. Consult with development teams to provide secure coding guidance and assist with remediation strategies. Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage. Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy. Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams. Document findings, create actionable reports, and communicate technical details effectively to stakeholders. Key Requirements and Technology Experience: Key Skills; Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk). Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security). Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration. Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10). Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk). Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security). Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration. Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10). Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance. Strong analytical skills for vulnerability triage and risk prioritization. Excellent communication skills for consulting with development teams and explaining technical findings. Experience integrating security tools into CI/CD pipelines. Familiarity with cloud-native security (AWS, Azure, GCP) and container orchestration (Kubernetes). Knowledge of API security testing and microservices architecture. Exposure to DevSecOps practices and security automation frameworks. Relevant certifications such as OSWE, GWAPT, or CSSLP. Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

DNI is on the lookout for a Senior Cyber Security Analyst - Information Systems Security Manager (ISSM) to deliver expert guidance in Information Systems Security and cybersecurity support for the Enterprise Information Services at the Department of Energy (DOE) Savannah River Operations Office (DOE-SR), located at the Savannah River Site (SRS) in Aiken, SC. Requirements Reports to the Chief Information Security Officer (CISO) and Program Manager. Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks. Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise. Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary. Oversee operational information systems security implementation programs. Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization). Oversee ISSOs to ensure they follow established policies and procedures and timelines. Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR. Ensure approved procedures are used for sanitizing and releasing system components and media as necessary. Ensure proper measures are taken when cyber security incident or vulnerability is discovered. Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures. Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Manage, maintain, and execute the information security continuous monitoring plan. Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization. Other related tasks as assigned. Support information technology (IT) security goals and objectives and reduce overall organizational risk; Advise senior management (e.g., Chief Information Security Officer [CISO] and Chief Information Officer [CIO] on risk levels and security posture.); Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture; Communicate the value of information technology (IT) security. Knowledge, Skills, and Abilities: Highly organized individual with exceptional communication skills, ensuring all stakeholders are consistently informed and updated as required. Excellent written and oral communication skills (writing samples may be requested). Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result. Ability to identify problems, brainstorm and analyze answers, and implement the best solutions. Ability to develop and review security related procedures or processes and reports. Demonstrated ability to provide clear, precise, and factual information to senior leaders, team members, and external stakeholders. Capable of attending all customer-required meetings and promptly providing responses as requested. Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards. Clearance: Must possess (or be able to obtain) a “Q” level security clearance. Education: A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis. Experience: 7+ years in IT security or related field. Authority to Operate Life Cycle (ATO), Risk Management, POAMS & Milestones Certification: Highly desired certifications: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Benefits Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental Matching 401K Short- and Long-Term Disability Pet Insurance Professional Development/Education Reimbursement Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Security, Compliance and Audit Readiness: Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. Provide documentation and evidence for security audits and compliance reviews. Implementation, Operations and Support: Serve as the hands-on engineer for network deployment, upgrades, and incident response. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). SME Leadership and Staff Development: Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. Any other activities reasonably related to the foregoing, as assigned by the Client

About the Company: A Leading Financial Service Client is looking to hire a strong Security Engineer who can lead Red team exercises against a hybrid environment using threat intelligence and the MITRE Telecommunication&CK Framework. Responsibilities: Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.) or the ability to demonstrate equivalent knowledge. Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing. Expert understanding of Red Team concepts, tools, and automation strategies. Expert understanding of MITRE Telecommunication&CK framework tactics, techniques, and procedures. Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability. Expert understanding of Windows and Linux system hardening concepts and techniques.

Role: Cybersecurity Manager Duration: 6+ months Summary: The Cybersecurity Manager leads global cybersecurity operations, incident response, cloud security, and vulnerability management across IT, OT, and cloud environments. This role drives security maturity, manages SOC functions, and ensures compliance with frameworks like ISO 27001, NIST, and ITAR. Key Responsibilities:Lead cybersecurity operations, including SOC oversight, threat detection, and endpoint security. Manage incident response for ransomware, APT, insider threats, and major security events. Oversee vulnerability and patch management programs (Tenable, Automox, CrowdStrike). Strengthen cloud and identity security across Azure, Entra ID, and Microsoft 365. Implement Zero Trust architecture and secure configuration standards. Support compliance efforts (ISO 27001, NIST CSF/800-53/171, ITAR, GDPR, HIPAA, PCI). Lead global cybersecurity teams, contractors, and MSSP partners. Provide executive-level reporting on risk posture, incidents, and security metrics. Requirements:10+ years of cybersecurity experience with leadership responsibilities. Strong background in SOC operations, IR, EDR, SIEM/SOAR, and cloud security. Hands-on experience with Sentinel, XSOAR, CrowdStrike, Defender, Tenable. Knowledge of ISO 27001, NIST, ITAR, and broader regulatory frameworks. Strong communication, team leadership, and cross-functional collaboration skills.

We are seeking a skilled Security Engineer with strong Networking and Compliance experience to join our team in Millennia. This position is required to reside in the vicinity of our Durham, NC Data Center. In this role, you will be crucial in maintaining the integrity and security of our network systems, ensuring privacy and security controls within processes, assets, and data flow within our healthcare-focused environment Responsibilities: · Maintain and manage all processes systems supporting Millennia's security posture. · Monitor, manage, and implement security infrastructure to support organizational needs · Monitor logs and alerts to identify incidents. Perform and or document Root Cause Analysis and remediation on Security Incidents. · Monitor network performance and troubleshoot issues and Security Incidents. · Plan, manage, and execute system upgrades and weekly patches to all endpoints. · Develop and enforce security policies to protect sensitive patient data. · Conduct regular system audits and vulnerability assessments. · Provide technical support for network-related issues to staff and clients. · Maintain documentation of network configurations and procedures. · Stay updated on industry trends and emerging technologies · Collaborate with IT teams to integrate new technologies into existing systems. · Provide hand-on support to our offices and data center. Qualifications: · Strong knowledge of network and security administration, controls, protocols, and best practices. · Experience with SOC2 or HITRUST, and HIPAA Security and Privacy Rule. · Proven experience as a Network Administrator or similar role. · Proficiency in configuring firewalls, routers, and switches, encryption protocols, and certificates. · Familiarity with cybersecurity principles and incident response strategies. · Excellent problem-solving skills and attention to detail. · Exceptional communication skills and ability to work independently and collaboratively in a team-oriented environment. · Experience with cloud computing platforms (AWS, Azure) is a plus. Relevant certifications (e.g., CCNA, CompTIA Security+) are preferred

Immediate need for a talented Information Security Analyst - Lead . This is a 09+ months contract opportunity with long-term potential and is located in Atlanta,GA(Hybrid). Please review the job description below and contact me ASAP if you are interested. Job ID:25-93807 Pay Range: $68 - $68.61/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Act as a liaison between cybersecurity metric owners, data engineers, and governance teams to ensure accurate and timely metric development. Facilitate metric working sessions to define metric name, definition, calculation, system of record, and critical data elements (CDEs). Support the documentation and validation of metric logic and data lineage. Coordinate and lead standing meetings to provide updates, manage timelines, and escalate blockers or data challenges. Review and validate data quality and completeness of metric inputs in coordination with data engineers. Support the development of root cause commentary and trend analysis for metrics that breach established thresholds. Partner with control and process owners to align metrics with applicable frameworks (e.g., NIST CSF, CIS, FFIEC). Prepare clear, concise executive-level summaries and presentations on metric performance and risk trends. Maintain oversight of multiple metrics in different stages of the build lifecycle, ensuring governance and consistency. Contribute to continuous improvement of the metrics program, including standardization, automation, and data quality enhancements. Key Requirements and Technology Experience: Key Skills;Metrics governance/Risk Metrics/Performance Metrics . Bachelor's degree or five years of related experience or an equivalent combination of education and experience In-depth knowledge of principles, practices, theories, and/or methodologies associated with the professional discipline (e.g., information technology, project management, finance, risk management, etc.) Understands foundational concepts of other related professional disciplines. Experience managing small projects Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders. Ability to provide direction and mentor less experienced teammates Strong organizational skills with the ability to manage multiple priorities simultaneously. Excellent written and verbal communication skills, including experience drafting executive summaries. Proficiency in Microsoft Excel, PowerPoint, and collaboration tools (e.g., Teams, SharePoint). 5-7 years of experience in cybersecurity, risk management, technology project coordination, or data analytics. Familiarity with cybersecurity domains (e.g., vulnerability management, DLP, IAM, cloud security, incident management). Working knowledge of risk and performance metric design, including KRIs, KPIs, and operational indicators. Experience gathering and documenting business requirements and translating them into actionable data or metric logic. Basic understanding of SQL or ability to read data dictionaries and data mappings. Exposure to cyber control frameworks such as NIST CSF, ISO 27001, or CIS. Exposure to Agile or iterative project delivery methods. Cybersecurity/Risk management Vulnerability management Stakeholder engagement . Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

Job Title: Technology - Security Analyst Senior Duration: Long term contract Experienced professional responsible for implementing, maintaining, monitoring, and troubleshooting enterprise-wide security systems. Supports 24/7 availability, mentors junior staff, and ensures compliance with security frameworks and policies. ✅ Core Responsibilities: Implement and manage enterprise security systems, including cloud-based (AWS/Azure). Perform security audits, risk analysis, and vulnerability assessments. Conduct log analysis via SIEM tools; respond to security incidents. Lead incident response, threat hunting, and forensic analysis. Maintain firewalls, encryption systems, and endpoint protections. Develop and enforce security policies, SOPs, and compliance protocols. Manage user access, logical security, and secure configurations. Collaborate cross-functionally on infrastructure and software security. Support regulatory compliance with standards (e.g., NIST, COBIT). Train and mentor team members; provide escalated issue resolution. Evaluate and onboard new security technologies. ✅ Technical Skills Required: Operating Systems: Windows (5+ years), Linux is a plus Cloud Platforms: AWS (EC2, IAM, Security), Azure (AD, Sentinel, Security Center) Security Tools: SIEM (e.g., Splunk), Firewalls, IDS/IPS, Endpoint Protection Scripting: PowerShell, Python, VBScript, Regex Frameworks & Compliance: NIST, COBIT, ISO 27001, ITIL Forensics & IR: Evidence gathering, threat profiling, penetration testing Documentation: RFPs, RFIs, policy writing, technical reporting Protocols: TCP/IP, DNS, HTTP/S, LDAP, SNMP, VPN, SSH ✅ Soft Skills & Abilities: Critical thinking and creative problem-solving Leadership in projects and incident response Effective communication (written and verbal) Mentoring and knowledge-sharing Ability to prioritize and work independently under pressure Collaboration across departments and vendors ✅ Educational Requirements: Preferred: Bachelor's degree in CS, InfoSec, or related Alternate: 8 years equivalent experience in system/security administration ✅ Experience Requirements: Minimum: 4 years in security/system admin in enterprise IT Mandatory: 5 years in Windows environment ✅ Required Certifications (any 2 or equivalent): Security & Compliance: GIAC GMON, GPCS, DoD 8570 certs Cloud & Microsoft: AWS: Cloud Practitioner, Solutions Architect, Security Specialty Azure: Fundamentals, Security Ops/Engineer, Solutions Architect MCSE Aviatrix Certified Engineer (ACE)

As an Information Security Engineer specializing in AI Security, you will be at the forefront of protecting our AI systems and data. Your role will involve deep technical expertise in designing, implementing, and maintaining advanced security measures to safeguard our AI infrastructure from sophisticated threats and vulnerabilities. You will be instrumental in ensuring the robustness, confidentiality, and availability of our AI-driven solutions. Key Responsibilities: - Security Architecture Design: Architect and implement robust security frameworks for AI systems, including authoring of secure coding practices and secure design principles. - Vulnerability Assessment: Identify, implement and manage tooling and methodologies for penetration testing on AI models and systems to identify and remediate security weaknesses. - Secure AI Development: Collaborate with data scientists and software engineers to integrate security best practices into the AI development lifecycle, including secure model training, validation, and deployment. Support security engineers in the evaluation of AI systems being developed and implemented. - Compliance and Standards: Keep track of emerging industry standards, regulations, and best practices for AI security, such as NIST, ISO, and GDPR. - Research and Innovation: Stay abreast of the latest advancements in AI security, conduct research, and contribute to the development of innovative security solutions. - Documentation and Reporting: Prepare and document standard operating procedures, protocols, and security reports, including assessment-based findings and recommendations for further system security enhancement. - Advisory and Support: Provide guidance and support on security matters, including answering queries, providing feedback, and advising on best practices - Technical Training and Mentorship: Provide technical training and mentorship to team members and stakeholders on AI security principles and practices. - Experimentation and POCs: Design and execute experiments and proof of concepts (POCs) to validate emerging threats and security solutions. Conduct R&D to explore new methodologies and technologies for enhancing AI security. Qualifications: - Bachelor's or master's degree in computer science, Information Security, or a related field. - Extensive experience in information security, with a strong focus on AI security. - In-depth knowledge of AI technologies, machine learning algorithms, and data protection techniques. - Proven expertise in designing and implementing security measures for AI systems, including secure coding, encryption, and access controls. - Strong analytical and problem-solving skills, with the ability to conduct vulnerability assessments and penetration testing. - Excellent technical communication and collaboration skills to work effectively with diverse teams. - Relevant certifications such as CISSP, CEH, OSCP, or equivalent are highly desirable.

JT4 Point Mugu is seeking an Information Systems Security Specialist. This role is responsible for assessing, developing and implementing programs and controls set in place to help increase cybersecurity within our company. The Information Systems Security Specialist will be detail-oriented, have great problem-solving and analytical skills, and a passion for cybersecurity. JT4, LLC provides engineering and technical support to multiple western test ranges for the U.S. Air Force, Space Force, and Navy under the Joint Range Technical Services Contract, better known as J-Tech II. JT4 develops and maintains realistic, integrated test and training environments and prepares our nation's war-fighting aircraft, weapons systems, and aircrews for today's missions and tomorrow's global challenges. **An ideal candidate will have an active DoD secret clearance** **This position is located at Point Mugu and is not eligible for telework** Job Summary -- Essential Functions/Duties This position is the on-site technical specialist for monitoring information systems and maintaining the environment of operation to include developing and updating System Security Plans, managing and controlling changes to the systems, conducting audits, providing incident response, perpetration for vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Employee will be responsible to perform the following functions/duties: Provides incident handling in conjunction with the Facility Security Office (FSO) and Information Security Officer / Information Systems Security Manager (ISSO/ISSM) Assists in writing and maintaining computer security processes to meet Navy requirements of Risk Management Framework Monitors computer system use and audits logs Makes recommendations for future hardware / software implementations and related process improvements This position requires skills in team building and customer service Provides operational status as required Uses established policies and procedures and subject matter knowledge to complete complex assignments requiring originality and ingenuity performed under minimum supervision with considerable latitude for independent contribution Provides security training and awareness briefings Other duties as assigned. Requirements -- Education, Technical, and Work Experience Associates or higher degree in Computer/Information Technology, or equivalent academic/technical training/certification. Possess two to three years of experience in computer system security and/or related areas of expertise. Must be compliant to DoD 8570.01-M levels and possess or working toward Security+ certification with a CISSP desired. Should have experience with JSIG, NIST 800 and NISPOM, Chapter 8. In addition, an Information Systems Security Specialist must possess the following qualifications: Must possess and apply a broad knowledge of principles, practices and procedures in computer security and information systems and working experience with Microsoft Office, Access, and Visio Must possess experience supporting various system configurations such as Stand Alone, Local Area Networks, and Wide Area Networks Must possess excellent skills in verbal and written communications, planning, and organizing Ability to work under deadlines. Employee is expected to routinely cross fields in the completion of somewhat difficult and varied assignments. Government vehicle is used on an as-needed basis Ability to work in a field environment at remote locations with occasional overnight assignments Must qualify for and maintain a government security clearance Must possess a valid, state-issued driver's license.

As a Network Security DevOps Engineer, you will play a critical role in designing, engineering, and managing the enterprise network security posture. You will ensure that the network infrastructure aligns with corporate security policies and standards, protecting against evolving cyber threats. This role involves operating and maintaining key security technologies-such as firewalls, IDS/IPS, and other advanced controls-while applying DevOps principles to drive automation, scalability, and resilience. You will collaborate closely with network, infrastructure, application, and cybersecurity teams to support and enhance global IT services. Key Responsibilities • Design, implement, and manage network security technologies and services across regions and different infrastructure environments (data centers, offices, edge). • Research and recommend industry best practices and emerging technologies in network security. • Operate and maintain network security appliances (Fortinet, Cisco, Juniper), including upgrades and patching. • Build and manage network security infrastructure using DevOps practices and automation tools. • Contribute to the Zero-Ops infrastructure management vision by developing solutions that reduce manual intervention and improve operational efficiency. • Support security operations: monitoring, analysis, incident response, and vulnerability management. • Evaluate security advisories and vulnerabilities, providing timely recommendations and mitigations. • Participate in ad-hoc vulnerability assessments and incident response. • Coordinate with stakeholders across Cybersecurity, Projects, and internal customers. • Develop and maintain operational processes and documentation for ongoing support. Qualifications • Minimum 3 years of hands-on experience in network security. • Experience with network security platforms: Cisco ASA (CSM), FTD (FMC), FortiGate (FortiManager), Juniper SRX (Junos Space). • Strong understanding of networking fundamentals: TCP/IP, OSI model, routing/switching, ACLs. • Familiarity with security technologies: firewalls, VPNs, IDS/IPS, encryption, authentication, vulnerability management, and incident response. Technical Skills • Deep knowledge of TCP/IP, Internet technologies, IPS/IDS, firewall virtualization, VPNs, NAT, DNS, etc. • Relevant certifications (preferred but not required): Cisco (CCNA/CCNP Security), Fortinet (FCA/FCSS/NSE), CISSP, GIAC. • Automation & DevOps • Strong advantage: experience with GitHub, Terraform, Ansible, Python, REST API, Jenkins, Jinja2, YAML. • Familiarity with CI/CD concepts and tools is a plus. • Cloud • Experience with AWS and Azure network security services. • Soft Skills • Excellent verbal and written communication in English. • Mindset to grow and learn. • Self-motivated, proactive, and able to work independently in a global virtual team. • Strong multitasking and prioritization abilities. • Analytical mindset and a collaborative team player. • On-Call Rotation • Participates in a global 'follow-the-sun' on-call support rotation. Top 3 skill sets/technologies: 1) Network security firewall 2) Automation 3) Cloud (AWS & Azure connectivity)

Job Title: Security Engineer (Mergers & Acquisitions Team) ⏳ Duration: 6 Months MUST HAVE SKILL : 5+ years of proven hands-on Network Security & Administration experience, including firewall management, security controls, and infrastructure protection. Strong hands-on expertise with enterprise-grade firewalls and security appliances from Cisco, Checkpoint, and Palo Alto. Solid Cloud Security experience, including securing hybrid environments, cloud networking, and cloud-based security controls. Deep understanding of encryption and secure connectivity, including TLS/SSL for web traffic, IPsec, and VPN technologies. Certifications : CCNA (Network), CCNP (Security) Job Overview We are seeking an experienced Security Engineer to support Mergers & Acquisitions (M&A) security integration efforts. This role focuses on designing, deploying, and troubleshooting security appliances and controls to securely integrate acquired companies into the existing enterprise network. The ideal candidate will have hands-on expertise with firewalls, security tools, cloud security, and enterprise infrastructure. You will collaborate closely with network, security, and IT teams to ensure seamless integration, maintain business continuity, and uplift the overall security posture. Key Responsibilities • Design & Implementation Deploy new security appliances and complete all configuration, logging, and auditing requirements. Conduct site-by-site assessments and prepare Bill of Materials (BOM) for new firewalls and related equipment. Implement standard controls and approved security exceptions to meet business needs. • Configuration & Maintenance Update, patch, and register firewalls; integrate them into the global management console. Deploy security rule sets, filtering, logging, and audit capabilities in alignment with SOC requirements. Understand custom security needs for each acquired entity and build required policy sets. • Assessment, Monitoring & Troubleshooting Assess current security posture and review reports from internal/external scanning tools. Manage vulnerability scanning, data scanning, and remediation. Troubleshoot firewall issues and analyze security events while coordinating with network teams. • Documentation & Compliance Maintain accurate documentation, network diagrams, configuration logs, and ensure compliance with security standards and best practices. • Collaboration & Support Work closely with networking, systems, and application teams. Liaise with vendors, service providers, and internal teams to support integration and operational requirements. • Capacity Planning Conduct capacity analysis to ensure scalability of security infrastructure as growth continues. • Security Integration Strategy & Roadmapping Build 30/60/90-day security integration plans for newly acquired companies. Create phased upgrade plans, firewall migration paths, and endpoint remediation strategies. Align integration work with long-term enterprise architecture and identify key security priorities. • Automation Automate recurring tasks including vulnerability log analysis, data scanning, reporting, and other routine activities. Required Qualifications Bachelor's degree in Computer Science, Information Technology, Network Engineering, or related field. 5+ years of hands-on security engineering or network security administration experience. Certifications (Preferred) Cisco: CCNA, CCNP Security Checkpoint: CCSA Palo Alto: PCNSA, PCNSE, PCCET General: CompTIA Security+ Technical Skills Strong understanding of network concepts and administration. Deep knowledge of security appliances, software tools, discovery/assessment tools, and threat landscapes. Hands-on experience with enterprise-grade equipment from Cisco, Checkpoint, and Palo Alto. Experience with security monitoring and diagnostic tools. Knowledge of cloud networking, cloud security, and virtualization technologies. Ability to follow precise standards for designing and implementing enterprise security infrastructure. Soft Skills Strong analytical and complex problem-solving skills. Excellent written and verbal communication skills for both technical and non-technical audiences. Strong time-management and prioritization abilities. Ability to work independently and collaboratively within global, cross-cultural teams.

We are seeking a Senior Software Engineer with strong expertise in application security to join a forward-thinking technology team focused on enhancing secure software development practices. This role combines deep technical knowledge with the ability to collaborate across engineering and security teams to ensure robust, secure applications. Role Overview The ideal candidate will have a software development background (Java and JavaScript preferred) and hands-on experience in application security, including vulnerability analysis, remediation strategies, and secure coding principles. This position requires strong communication skills to act as a bridge between development and security teams, driving best practices and influencing architecture decisions. Key Responsibilities Implement and manage software security testing techniques aligned with enterprise standards. Analyze and assess open-source vulnerabilities, including zero-day threats, and determine impact on applications. Develop and execute remediation plans for identified risks, including code refactoring and dependency updates. Champion secure coding practices and lead security reviews across engineering teams. Provide technical designs and recommendations to reduce vulnerabilities and improve security posture. Collaborate with development, architecture, and security teams to integrate security into the software delivery lifecycle. Stay current on emerging threats, tools, and best practices in application and cloud security. Desired Skills & Competencies Strong experience in application security testing and software composition analysis. Knowledge of web application security, cloud security, and container security. Familiarity with OWASP, CWE, CVE standards and vulnerability mitigation techniques. Hands-on experience with tools such as Sonatype, Qualys, SonarQube, and AWS Inspector. Proficiency in Java, JavaScript, and Python. Working knowledge of AWS services, Docker, Terraform, and DevSecOps practices. Excellent communication skills and ability to influence technical and non-technical stakeholders. Preferred Qualifications Bachelor's degree in Computer Science or related field (AWS and security certifications a plus). Experience collaborating with cross-functional teams and driving secure development initiatives. Familiarity with industry-standard tools for code quality, repository management, and CI/CD pipelines.

1. Security, Compliance and Audit Readiness a. Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. b. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. c. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. d. Provide documentation and evidence for security audits and compliance reviews. 2. Implementation, Operations and Support a. Serve as the hands-on engineer for network deployment, upgrades, and incident response. b. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. c. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). 3. SME Leadership and Staff Development a. Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. b. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. c. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. d. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. e. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. 4. Any other activities reasonably related to the foregoing, as assigned by OCSD.

Security Architect / Implementation Engineer Duration: 6 Months contract with possibility of extension We are seeking a highly skilled Security Architect / Security Implementation Engineer with expertise in designing, implementing, and integrating Google Cloud Security Command Center (SCC), Chronicle SIEM, and Cybereason XDR. The candidate will be responsible for architecting the end-to-end solution, implementing GCP native security controls, integrating third-party security tools, and producing detailed design and operational documentation. Key Responsibilities: Design and architect cloud-native security controls in GCP aligned with security and compliance frameworks (CIS, ISO 27001, NIST, etc.). Implement Google Security Command Center (SCC) for threat detection, vulnerability management, and risk insights. Architect and configure Chronicle SIEM for log ingestion, correlation, and advanced threat analytics. Integrate Cybereason XDR with SCC, Chronicle, and other security tools to establish end-to-end threat detection and response workflows. Define use cases, rules, policies, and security playbooks to automate detection and response. Document the solution architecture, design decisions, configuration standards, and integration workflows. Conduct knowledge transfer sessions with security operations and support teams. Collaborate with GCP Cloud Platform teams, SOC teams, and compliance teams to align solutions with enterprise policies. Required Skills & Experience: 8-12 years of overall IT security experience with at least 4-5 years in Google Cloud Security. Proven experience with Google Security Command Center (SCC), Chronicle SIEM, and XDR platforms (Cybereason preferred). Strong knowledge of GCP IAM, VPC Service Controls, Cloud Armor, DLP, Cloud Logging, Cloud Monitoring. Hands-on experience in integrating SIEM, XDR, and native GCP security tools. Experience with Terraform, Deployment Manager, or automation frameworks for security deployment. Strong documentation and presentation skills. Security certifications preferred: Google Professional Cloud Security Engineer, GCP Professional Architect, CISSP, CISM, CCSP.

Information Security Need Local to San Francisco, CA Onsite role Looking for independent folks. Top Skills: KQL - kusto query language - used by different Microsoft security tools like sentinel or defender SPL that Splunk uses General incident response actual incident tickets - resolve actual security incident tickets Requirements • Self-starter, able to readily explore and learn new areas and concepts. • Knowledge and experience normally acquired through, or equivalent to, the completion of a Computer Science or Computer Engineering Bachelor's degree with a minimum of 5 years of job-related experience. • Degrees in Computer Science or Engineering and/or relevant technically focused certifications in Cloud and/or enterprise security architecture such as GCAD or GDSA are advantageous Experience with • AWS commercial or government cloud • Experience securing critical workloads in a cloud environment. • Knowledge and experience with Databricks, Starburst, Collibra and Immuta is advantageous. Job Role Summary Lead and produce system threat models for integration of commercial components into a data lake platform. Help design secure cloud architectures. Propose effective security controls within the environment and identify and mitigate security vulnerabilities. Simplify complex security topics, lead discussion in technical and business teams, communicate risk accurately. Skills • Able to create AWS secure cloud architecture designs • Understand current security threats, techniques, and landscape • System threat modeling of applications and platforms • Able to identify and provide mitigation for security vulnerabilities within applications and application environments based on threat models. • Able to simplify complex security topics for consumption and critical decision making. • Clear and accurate communication • Able to lead/direct discussions with technical and business teams to achieve common goals. • Able to work well within a team and support team goals • Understand cyber security frameworks such as NIST 800-53 • Ability to work on a geographically distributed team across multiple time zones • Familiarity with SAFe a plus Responsibilities • Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture. Ensure these artifacts are in alignment with FRS policy and standards. • Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer. • Work with members of application development teams to review and create secure application and infrastructure designs and patterns. • Assist development teams by reviewing threat models related to applications and related systems. Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc. • Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines. • Assist in identification and integration of security focused tooling into development and operations processes. • Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views. • Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position. • Assist with recruiting activities and administrative work.

Established in 1991, Collabera has been a leader in IT staffing for over 22 years and is one of the largest diversity IT staffing firms in the industry. As a half a billion dollar IT company, with more than 9,000 professionals across 30+ offices, Collabera offers comprehensive, cost-effective IT staffing & IT Services. We provide services to Fortune 500 and mid-size companies to meet their talent needs with high quality IT resources through Staff Augmentation, Global Talent Management, Value Added Services through CLASS (Competency Leveraged Advanced Staffing & Solutions) Permanent Placement Services and Vendor Management Programs. Collabera recognizes true potential of human capital and provides people the right opportunities for growth and professional excellence. Job Description Location: 100 Abbott Park Road, Lake County, Abbott Park, IL 60064 Duration: 6+ months (could go beyond) Roles: • Network Directory and Infrastructure Services Administration. • Knowledge of domain administration and troubleshooting, Active Directory, MS FIM, Exchange, MS Office365 and supporting technologies, MS Azure, NPS, Federation and SQL Server administration required. Responsibilities: • Provide technical Level III problem isolation and resolution for a Global Active Directory Network. • Configures and performs advanced diagnostics on infrastructure components and cloud based applications. • Understands and repairs Domain infrastructure including DNS, DHCP, ADLDS, ADFS and FIM Sync. • Understands and can configure/install Win Server 2008r2/2012r2 technologies for domain controllers and Radius Authentication servers. • Repair and recover from hardware or software failures. • Rotate on-call and must be available to work a varied shift schedule in a 7x24 hour operations center environment. • Initiate major outage communication technical bridges as requested. • Apply fix procedures as instructed for repetitive events as instructed and coordinate with impacted constituencies. Competencies: • Superior knowledge of Active Directory overall and its administrative components. • Perform domain administration for 61,000+ workstations including domain controllers, NPS, Win 2003/2008R2/2012 server hardware, dynamic host configuration protocol (DHCP), domain name servers (DNS) configuration integrated with active directory, desktop configuration and end user support. • Candidate will have worked in an AD environment that has done acquisition and divestiture work, Candidate will have worked with products such as ADMT, and ADLDS and the roles they play in M&A activities such as management of active directory structure in creation, administration of organizational units (OU), containers and sub containers throughout the domain from geographic to organizational standards, while setting policies and permissions. • Candidate should have expert knowledge of Federation protocols including OAuth, SAML, WSFed, and a deep understanding of the IDP and SP roles associated with Federation environments. • Candidate will have worked with Office 365 from an Identity standpoint and have an understanding of Azure Active Directory Sync and Identity Federation for Cloud services. • Expertise should include attribute mapping and troubleshooting as well as rule sets associated with AADSync. • Candidate must be able to correctly configure servers and clients for all services. • Can isolate and repair most DNS and IP service problems. • Understands and uses the appropriate tools in all instances during problem isolation and repair. • Possesses an in depth understanding of communications technologies and can isolate and resolve most infrastructure issues. Qualifications • Associates Degree Minimum, prefer Computer Science or technology area or telecommunications science business minor • Three (3) to six (6) months of specialized technical courses in Win and Active Directory technology's typically provided by vendors, technical societies, or equivalent experience. Additional Information To know more about this position, please contact: Himanshu Prajapat ************ **********************************