Cyber Security Specialist jobs at Cintel

Cyber Engineer Advanced Colorado Springs, CO TRAVEL REQUIREMENTS: Less than 10% 0SUPERVISORY RESPONSIBILITES: No REQUIRED QUALIFICATIONS: U.S. Citizen DoD Secret Security Clearance or interim Ability to evaluate existing cybersecurity methods, recommend improvements, and determine how to test those cybersecurity measures CISSP certification with ISSAP or ISSEP concentration required: CISSP-ISSAP-ISC2 or CISSP-ISSEP-ISC2 DESIRED QUALIFICATIONS: Experience in one or more of the following disciplines: Software Assurance, Hardware Assurance, RMF, SCRM, Criticality Analysis, Risk Assessment Ability to apply knowledge of Information Assurance policy, procedures, and workforce structure to develop, implement, and maintain a secure network environment Ability to provide support to other Information Assurance Managers as well as other senior managers for network operational requirements Excellent oral and written communication skills with ability to brief technical topics to upper management EDUCATION / EXPERIENCE: 20 Years of IT experience, with 15 years of dedicated IASAE experience CULTURE REQUIREMENTS: Engineers, Analysts, and Developers at Cintel, Inc. are highly motivated, technical, and self‐organized. We place a lot of trust in our team members to develop technical solutions for ill‐defined problems (i.e. thrive in an environment where the problem is vague, requirements are lacking, and a solution is not obvious). We need problem solvers. We want our team members to be self‐motivated and eager to learn new skills. If you consider yourself a jack‐of‐all‐trades, and are eager to keep up with the latest trends in technology, you'll fit right in. ABOUT CINTEL, INC: Cintel Inc. is a Small Business providing strategies and services to support an array of Government clients in Software Development, Operational/Tactical and Installation/Facilities Energy, Cyber Security, Modeling and Simulation, Data Science, and Programmatic support. We offer our clients nimble, unique, and value focused solutions with an emphasis on people, connectivity, communication, and teamwork. Our team believes that people drive solutions. By connecting people, information, teams, and experience we deliver solutions that respond to customer needs.

Iridium is an award-winning and innovative satellite communications company with bragging rights to the only network that offers voice and data connectivity anywhere in the world. For over 20 years, Iridium's unique network and services have supported critical communications needs for individuals, businesses, and the evolving Internet of Things. At Iridium, we understand the importance of staying connected and the limitations of traditional communications networks. People across the globe, including first responders, humanitarians, global militaries, scientific researchers, and lone workers, as well as ships, aircraft and remote operations all rely on Iridium to stay connected. We take our responsibility for providing these essential communications very seriously and pride ourselves on offering a reliable lifeline when needed. Likewise, Iridium is committed to providing an exciting and innovative workplace, where employees are challenged to think outside the box and collaborate on new, bold ideas and solutions. Our talented teams are passionate about their work and the impact our company makes around the world. Iridium fosters an empowering and inclusive culture that allows employees to genuinely be their best selves. We are looking for others who want to join this truly unique company that celebrates our employees and provides the opportunity to truly make a difference in the world. What We're Looking For: Iridium is seeking a Cyber Security Specialist to join our team! This person will be responsible for discovering vulnerabilities and risks on IT (Information Technology) and OT (Operational Technology) equipment located both locally and remotely at locations in the US and non-US. This role with ensure ongoing vulnerability scans, monitoring of network traffic, and ensuring hardware and software applications are updated. On the Space Development Agency (SDA) Cyber IT Operations team, as a Cyber Security Specialist, you'll be responsible for ensuring all of the necessary security updates are documented, applied, and reported in a timely manner. You will thrive/succeed in this role if you are able to work independently for specialized Cyber security tasks, and also as a team when new products or solutions are required to be evaluated and proposed to the customer. This position requires an active/current Top Secret Security/SCI Clearance or the ability to obtain a Top Secret Security/SCI Clearance (A U.S. Security Clearance that has been active in the past 24 months is considered active). What You'll Do: Evaluate, implement, and document security for all identified systems and components Support efforts necessary to receive ATO (Authority to Operate) certification from various government customers Document and apply necessary controls to identified Systems to achieve self-certification required to meet 800-171, 800-172, and 800-53 compliance Initiate automation, where possible, to effectively triage and address security alerts Serve as an escalation point for security analysts and admins on the Government Special Services team Engage with Admins and Engineers across various Iridium organizations to respond to and remediate events Respond to service requests and incident tickets within established Service Level Agreements (SLAs) Maintain existing IT security elements; implement upgrades, replacements and new equipment as directed Foster security awareness and ensure security controls are operating effectively Maintain operational reports for Key Performance Indicators as well as weekly and monthly metrics Maintain proper Change Control and Configuration Management processes Maintain all monitoring systems and travel to remote sites to perform scans and gather data not accessible from the home site What You'll Need to Succeed: Bachelor's degree in an Information Technology or Cyber Security field, or a combination of equivalent education and work experience/certifications 5+ years of systems experience required Network and/or Security certifications (CISSP, CISA, CISM, CRISC) Demonstrated proficiencies with security infrastructure Strong communication skills, with the ability to confidently present products, deliverables, analyses, and/or issues Possess an analytical mindset, with the ability to understand a situation or problem and think critically to make decisions or come up with solutions Be comfortable managing upward, including being a proactive communicator and asking for help when needed Have confidence and be able to establish valuable relationships with others Must be able to prioritize key tasks and have a strong sense of ownership over your work Be active in seeking out ways to continuously improve yourself and gain new knowledge Things That Would be Great if You Brought to the Table: Direct experience with Government customers in a classified environment Cloud-based Security control methodologies in both classified and CUI (Controlled Unclassified Information) environments LINUX and/or Windows System Admin CLI experience We'll also need you to: Be able to travel up to 50% including military bases, remote locations within and outside of the US Be able lift up to 50 pounds US Citizenship required Work Environment: This position primarily works in an office setting and is largely sedentary with the majority of the position working with a computer. The role typically requires the use of basic office equipment such as a phone, video, computer, keyboard, mouse, and printer. Iridium is an Equal Opportunity Employer, including individuals with disabilities and protected veterans.

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

GCI embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry. At GCI, we solve the hard problems. As a Cyber Security Analyst, a typical day will include the following duties: Cyber Security vulnerability analyst to help identify, analyze, and mitigate cyber vulnerabilities across networks and systems. Key Responsibilities Collaborate with other cyber defense teams to maintain continuous situational awareness of current and emerging cyber threats. Analyze data to identify and prioritize vulnerabilities and weaknesses in our systems and networks Provided detailed remediation and mitigation plans, track via Key Performance Indicators (KPIs) Conduct research on threat actors, malware, exploit methods, and vulnerabilities to stay up-to-date on current cyber threats. Develop and maintain cyber threat reports and presentations for both technical and non-technical audiences. Provide input on the implementation of processes, procedures, and technological solutions to mature our operational program and team cadence. Respond to internal team and stakeholder inquires on vulnerabilities and related topics. Collaborate with peers to identify and address cyber gaps and develop solutions to address cyber needs. Conduct proactive data gathering to better understand the political, economic, and behavioral aspects of threats, cyber activities, and threat actors. Assist with threat data enrichment, curation, automation, and dissemination within a threat intelligence platform. Required Qualifications: Bachelor's degree or six additional years of relevant experience 8+ years of experience in cybersecurity, vulnerability management, or a related field Strong analytical and problem-solving skills Excellent communication and collaboration abilities Strong understanding of types of vulnerabilities, network attacks, and current industry threats Experience with data analysis and data-driven decision making Familiarity with threat intelligence platforms and tools Ability to travel locally and nationally as needed Desired Qualifications: Degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field Certifications in cybersecurity or related field (e.g. CISSP, CEH) Experience with vulnerability management tools and platforms Strong understanding or risk management principles and practices Experience with process improvement and implementation Experience with tools including: Confluence, ServiceNow, JIRA, Tableau, PowerBI, Excel Salary Range $145,000 - $189000 *A candidate must be a US Citizen and requires an active/current TS/SCI with Polygraph clearance. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

GCI embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry. At GCI, we solve the hard problems. As a Cyber Security Analyst, a typical day will include the following duties: Description GCI is looking for a highly motivated and experienced expert Cyber Security Analyst to join our team. The ideal candidate will have a strong understanding of cyber security principles and practices, as well as experience with a variety of security technologies. In this role, you will be responsible for the overall security of our organization's information systems and networks. Duties and Responsibilities Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. Interprets, analyzes, and reports all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events. Evaluates, tests, recommends, coordinates, monitors and maintains cybersecurity policies, procedures and systems, including access management for hardware, firmware and software Ensures that cybersecurity plans, controls, processes, standards, policies and procedures are aligned with cybersecurity standards Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting cybersecurity risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks. Provides advanced guidance and leadership to less- experienced cybersecurity personnel. May serve as a team or task leader. (Not a people manager) Education Requirement BA/BS (or equivalent experience) Experience Requirement 8-10 years of experience Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

EchoStar is reimagining the future of connectivity. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products. Today, our brands include Boost Mobile, DISH TV, Gen Mobile, Hughes and Sling TV. Department Summary Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow. Job Duties and Responsibilities The Office of the CISO is responsible for defending our corporate and network assets, protecting customer data, and ensuring the resilience of our 5G network fabric. The Lead Analyst for Security Strategy and Administration is a pivotal role that serves as a force multiplier for the CISO and the entire security leadership team. This position is responsible for driving the administrative and strategic rhythm of the security organization, translating strategic objectives into measurable outcomes, and ensuring cross-functional alignment across all security domains. The ideal candidate will possess a unique blend of technical acumen, business insight, and exceptional communication skills, enabling them to interface between deep technical teams and executive leadership. You will be instrumental in articulating the value of our security investments and demonstrating our defensive posture against the evolving threat landscape. Key Responsibilities: * Serve as a primary strategic and administrative partner to the Chief Information Security Officer (CISO), facilitating the execution of key security initiatives and departmental objectives; track high-priority initiatives, identify and mitigate roadblocks, and ensure strategic goals are met * Synthesize and analyze telemetry from our security technology stack to develop comprehensive dashboards and executive-level reports; frame our security posture, threat landscape, and program performance against the NIST Cybersecurity Framework (CSF) 2.0 functions * Orchestrate and facilitate the CISO's leadership rhythm, including staff meetings, quarterly business reviews, strategic planning sessions, and executive briefings; ensure clear documentation of decisions, rigorous tracking of action items, and proactive follow-up to drive accountability * Develop and refine executive-level presentations, internal communications, and board materials * Support the Office of the CISO with budget management, financial forecasting, headcount planning, and strategic vendor relationship management; provide analytical support to ensure we are maximizing the return on our security investments Skills, Experience and Requirements Education & Experience: * Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or a related field * A minimum of 5 years of progressive experience in leadership, strategic planning, technology, or security administration roles in a large enterprise environment * Experience with, or a strong conceptual understanding of, enterprise security technology preferred Skills and Qualifications: * Exceptional ability to synthesize complex quantitative and qualitative data from disparate sources and craft compelling narratives for executive audiences * Proven experience leading cross-functional initiatives and driving complex projects to completion in a fast-paced, matrixed organization * Strategic thinker with a proven ability to solve complex problems, navigate ambiguity, and drive results with a high degree of autonomy * Superior written and verbal communication skills, with an innate ability to modulate content for audiences ranging from deeply technical engineers to the Board of Directors * Demonstrated financial acumen, with experience in budget planning and management preferred * Proven ability to build trust and influence at all levels of an organization preferred Visa sponsorship not available for this role Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session. #LI-JZ2 Salary Ranges Compensation: $96,250.00/Year - $137,500.00/Year Benefits We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits. The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check. Our company is committed to fostering an inclusive and equitable workplace where every individual has the opportunity to succeed. We are dedicated to providing individuals with criminal or arrest records a fair chance of employment in accordance with local, state, and federal laws. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. EchoStar will accommodate the sincerely held religious beliefs of employees if such accommodations are not undue hardships and are otherwise within the bounds of applicable law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. You may redact any information that identifies age, date of birth, or dates of school/graduation from your application documents before submission and throughout our application process. EchoStar will provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities, unless doing so poses an undue hardship on the Company, poses a direct threat of substantial harm to others, or is otherwise not required by law. EchoStar has a more detailed Accommodation Policy that applies to employees. EchoStar endeavors to make echostar.com and jobs.echostar.com accessible to users. Please contact *************** if you would like to discuss the accessibility of our website or need assistance completing the application process. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications. Click the links to access the following statements: EEO Policy Statement, Pay Transparency, EEOC Know Your Rights (English/Spanish)

EchoStar is reimagining the future of connectivity. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products. Today, our brands include Boost Mobile, DISH TV, Gen Mobile, Hughes and Sling TV. **Department Summary** Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow. **Job Duties and Responsibilities** The Office of the CISO is responsible for defending our corporate and network assets, protecting customer data, and ensuring the resilience of our 5G network fabric. The Lead Analyst for Security Strategy and Administration is a pivotal role that serves as a force multiplier for the CISO and the entire security leadership team. This position is responsible for driving the administrative and strategic rhythm of the security organization, translating strategic objectives into measurable outcomes, and ensuring cross-functional alignment across all security domains. The ideal candidate will possess a unique blend of technical acumen, business insight, and exceptional communication skills, enabling them to interface between deep technical teams and executive leadership. You will be instrumental in articulating the value of our security investments and demonstrating our defensive posture against the evolving threat landscape. **Key Responsibilities:** + Serve as a primary strategic and administrative partner to the Chief Information Security Officer (CISO), facilitating the execution of key security initiatives and departmental objectives; track high-priority initiatives, identify and mitigate roadblocks, and ensure strategic goals are met + Synthesize and analyze telemetry from our security technology stack to develop comprehensive dashboards and executive-level reports; frame our security posture, threat landscape, and program performance against the **NIST Cybersecurity Framework (CSF) 2.0** functions + Orchestrate and facilitate the CISO's leadership rhythm, including staff meetings, quarterly business reviews, strategic planning sessions, and executive briefings; ensure clear documentation of decisions, rigorous tracking of action items, and proactive follow-up to drive accountability + Develop and refine executive-level presentations, internal communications, and board materials + Support the Office of the CISO with budget management, financial forecasting, headcount planning, and strategic vendor relationship management; provide analytical support to ensure we are maximizing the return on our security investments **Skills, Experience and Requirements** **Education & Experience:** + Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or a related field + A minimum of 5 years of progressive experience in leadership, strategic planning, technology, or security administration roles in a large enterprise environment + Experience with, or a strong conceptual understanding of, enterprise security technology preferred **Skills and Qualifications:** + Exceptional ability to synthesize complex quantitative and qualitative data from disparate sources and craft compelling narratives for executive audiences + Proven experience leading cross-functional initiatives and driving complex projects to completion in a fast-paced, matrixed organization + Strategic thinker with a proven ability to solve complex problems, navigate ambiguity, and drive results with a high degree of autonomy + Superior written and verbal communication skills, with an innate ability to modulate content for audiences ranging from deeply technical engineers to the Board of Directors + Demonstrated financial acumen, with experience in budget planning and management preferred + Proven ability to build trust and influence at all levels of an organization preferred Visa sponsorship not available for this role **Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session.** \#LI-JZ2 **Salary Ranges** Compensation: $96,250.00/Year - $137,500.00/Year **Benefits** We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits . The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check. Our company is committed to fostering an inclusive and equitable workplace where every individual has the opportunity to succeed. We are dedicated to providing individuals with criminal or arrest records a fair chance of employment in accordance with local, state, and federal laws. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. EchoStar will accommodate the sincerely held religious beliefs of employees if such accommodations are not undue hardships and are otherwise within the bounds of applicable law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. You may redact any information that identifies age, date of birth, or dates of school/graduation from your application documents before submission and throughout our application process. EchoStar will provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities, unless doing so poses an undue hardship on the Company, poses a direct threat of substantial harm to others, or is otherwise not required by law. EchoStar has a more detailed Accommodation Policy that applies to employees. EchoStar endeavors to make echostar.com and jobs.echostar.com accessible to users. Please contact *************** if you would like to discuss the accessibility of our website or need assistance completing the application process. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications. Click the links to access the following statements: EEO Policy Statement (********************************************************************************* , Pay Transparency (*********************************************************************************************************** , EEOC Know Your Rights (English (************************************************************************************ /Spanish (**************************************************************************************************** ) We are an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, disability, or any other basis protected by local, state, or federal law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. U.S. Citizenship is required for certain positions. EEO is the law. At EchoStar, you have the right to request reasonable accommodations. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact ********************. This contact information is for accommodation requests only; you may not use this contact information to inquire about the status of an application.

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

Tyto Athene is searching for a Senior Information System Security Officer (ISSO) to be responsible for the overall handling of information assurance expertise for a large, complex IT infrastructure program in Washington DC. Systems are deployed using a public cloud service provider to deliver advanced capabilities to the Federal government using IaaS, PaaS, and SaaS service models. This role is responsible for researching, generating, and validating security controls that support the customers' Risk Management Framework (RMF) and ICD 503 Security Accreditation. Responsibilities include defining, creating, and maintaining Systems Security Plans (SSP) to support Accreditation and Authorization (A&A) reviews and coordinating with customer security organizations as part of a delivery pipeline to achieve Authority to Operate (ATO). Additionally, ISSOs review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, and assist with implementing changes and documenting upgrades. Responsibilities: Developing and updating security authorization packages in accordance with the client's requirement and compliant with FISMA. Core documents that you will be responsible for are the System Security Plan (SSP), Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan (IRP), Standard Operating Procedures (SOP), Plan of Actions and Milestones (POA&M), Remediation Plans, Configuration Management Plan (CMP), etc. Validate that protective measures for physical security are in place to support the system's security requirements Maintain an inventory of hardware and software for the information system Develop, coordinate, test, and train staff on Contingency Plans and Incident Response Plans Manage emerging and defined risks associated with the administration and use of assigned information systems Coordinate with the client's Cybersecurity Unit to achieve and maintain the information systems' compliance and authorization to operate (ATO) Perform risk analyses to determine cost-effective and essential safeguards Support Incident Response and Contingency activities Able to perform security control assessment using NIST 800-53A publication as well as OMB A-130 and OMB A-123 circulars Conduct Independent scans of the application, network, and database (where required) Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner Coordinate with multiple stakeholders to complete mandatory agency data calls in a timely manner Qualifications Required: Bachelor's Degree or equivalent combination of formal education and experience. Bachelor's Degree may be substituted for 8 additional years of relevant experience. Minimum of 5 years of relevant functional experience as an ISSO or Security Analyst. PMP certification Familiarity with program security responsibilities to include, but not limited to the NIST RMF, audit log reviews, system monitoring, SPAA processes, FISMA requirements, vulnerability & compliance scanning, continuous monitoring activities, security testing and evaluation, and security policies. Understanding of Cloud (Amazon Web Services (AWS) or Azure and FedRAMP is highly desired. Demonstrated an understanding of system administration in understanding permissions, event monitoring, and logging. Thorough understanding and knowledge of FISMA and SA&A process Proficiency in writing technical analysis reports Strong written and oral communication skills Project management (ability to track detailed tasks and ensure timely delivery) Good business acumen Relationship management Ability to work quickly, efficiently and accurately in a dynamic and fluid environment Desired: Understanding and experience with CSAM is a PLUS Knowledge of DISA STIGS, CIS Benchmarks Experience using or interpreting Nessus scans Strategy development Balancing security requirements with mission needs Clearance: TS/SCI Location: Merrifield, Virginia About Tyto Athene Compensation: Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $160,000-$175,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. Benefits: Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave. Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto? Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Tyto Athene is searching for a **Senior Information System Security Officer (ISSO)** to be responsible for the overall handling of information assurance expertise for a large, complex IT infrastructure program in Washington DC. Systems are deployed using a public cloud service provider to deliver advanced capabilities to the Federal government using IaaS, PaaS, and SaaS service models. This role is responsible for researching, generating, and validating security controls that support the customers' Risk Management Framework (RMF) and ICD 503 Security Accreditation. Responsibilities include defining, creating, and maintaining Systems Security Plans (SSP) to support Accreditation and Authorization (A&A) reviews and coordinating with customer security organizations as part of a delivery pipeline to achieve Authority to Operate (ATO). Additionally, ISSOs review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, and assist with implementing changes and documenting upgrades. **Responsibilities:** + Developing and updating security authorization packages in accordance with the client's requirement and compliant with FISMA. Core documents that you will be responsible for are the System Security Plan (SSP), Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan (IRP), Standard Operating Procedures (SOP), Plan of Actions and Milestones (POA&M), Remediation Plans, Configuration Management Plan (CMP), etc. + Validate that protective measures for physical security are in place to support the system's security requirements + Maintain an inventory of hardware and software for the information system + Develop, coordinate, test, and train staff on Contingency Plans and Incident Response Plans + Manage emerging and defined risks associated with the administration and use of assigned information systems + Coordinate with the client's Cybersecurity Unit to achieve and maintain the information systems' compliance and authorization to operate (ATO) + Perform risk analyses to determine cost-effective and essential safeguards + Support Incident Response and Contingency activities + Able to perform security control assessment using NIST 800-53A publication as well as OMB A-130 and OMB A-123 circulars + Conduct Independent scans of the application, network, and database (where required) + Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner + Coordinate with multiple stakeholders to complete mandatory agency data calls in a timely manner **Qualifications** **Required:** + Bachelor's Degree or equivalent combination of formal education and experience. Bachelor's Degree may be substituted for 8 additional years of relevant experience. + Minimum of 5 years of relevant functional experience as an ISSO or Security Analyst. + PMP certification + Familiarity with program security responsibilities to include, but not limited to the NIST RMF, audit log reviews, system monitoring, SPAA processes, FISMA requirements, vulnerability & compliance scanning, continuous monitoring activities, security testing and evaluation, and security policies. + Understanding of Cloud (Amazon Web Services (AWS) or Azure and FedRAMP is highly desired. + Demonstrated an understanding of system administration in understanding permissions, event monitoring, and logging. + Thorough understanding and knowledge of FISMA and SA&A process + Proficiency in writing technical analysis reports + Strong written and oral communication skills + Project management (ability to track detailed tasks and ensure timely delivery) + Good business acumen + Relationship management + Ability to work quickly, efficiently and accurately in a dynamic and fluid environment **Desired:** + Understanding and experience with CSAM is a PLUS + Knowledge of DISA STIGS, CIS Benchmarks + Experience using or interpreting Nessus scans + Strategy development + Balancing security requirements with mission needs **Clearance:** + TS/SCI **Location:** + Merrifield, Virginia **About Tyto Athene** **Compensation:** + Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $160,000-$175,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. **Benefits:** + Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave. Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto? Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law. Submit a Referral (********************************************************************************************************************************************************** **Location** _US-VA-Fairfax_ **ID** _2025-1461_ **Category** _Cybersecurity_ **Position Type** _Full-Time_

Say hello to opportunities. It's not everyday that you consider starting a new career. We're RingCentral, and we're happy that someone as talented as you is considering this role. First, a little about us, we're a $2 Billion annual revenue company with double digit Annual Recurring Revenue (ARR) and a $93 Billion market opportunity in UCaaS, Contact Center and AI-powered adjacencies. We invest more than $250 million annually to ensure our AI-enabled technology and platforms meet or exceed the needs of our customers. RingSense AI is our proprietary AI solution. It's designed to fit the business needs of our customers, orchestrated to be accurate and precise, and built on the same open platform principles we apply to our core software solutions. This is where you and your skills come in. We're currently looking for: Senior Security Trust Analyst Job Description Summary At RingCentral, security, global availability, and always-on reliability are coredifferentiators. RingCentral services must deliver robust functionality that is secure,reliable, and trusted by customers, no matter where they are. RingCentral's CISO team, partners closely with relevant teams such as network, application, and product teams to embed security across our products, services, and third party ecosystems. Within Information Security, the Security Trust team focuses on trust and enablement: creating Security Trust assets that communicate RingCentral's security posture, managing third-party risk, and fostering confidence among customers, partners, and the public. The Security Trust Analyst plays a critical role in helping ensure the security, reliability, and integrity of RingCentral's products, services, and vendors. This role supports both customer assurance and third party risk management (TPRM) by translating complex legal, regulatory, and security requirements into actionable controls, assessments, and documentation that guide customer and sales engagements, and vendor evaluations. This position helps mitigate risk and ensure compliance is integrated into every stage of the customer and vendor lifecycle.This is an exciting opportunity to grow within a security concentration that is quickly evolving and bridges security, risk, and trust. The ideal candidate is a professional who is excited by the explosion of advancements occurring in security, data, and artificial intelligence. As a member of the team, creative thinking, a solid work ethic, and a passion for developing and delivering great solutions are a must. Responsibilities: Customer and Trust Enablement Collaborate cross functionally with Security, Legal, Sales, and Product teams to enable transparent and efficient customer engagements. Review and approve customer facing materials such as RFPs, questionnaires, and whitepapers to verify the accuracy of security and compliance information. Maintain and improve the library of customer assurance materials, including certifications, security summaries, and trust documentation. Translate complex security and compliance topics into clear, customer-friendly language that builds confidence in RingCentral's posture. Third-Party Risk Management (TPRM) Conduct vendor security assessments, including collecting and evaluating security documentation. Identify, document, and track vendor risk through the assessment lifecycle ensuring appropriate remediation and ongoing monitoring. Partner with Legal and Procurement teams to ensure security and risk requirements are integrated into contracting and the vendor management process. Develop reports and metrics to communicate vendor risk trends, remediation progress, and program performance to leadership. Continuously improve assessment workflows to enhance efficiency, transparency, and alignment within RingCentral's risk appetite. Governance and Continuous Improvement Promote adoption of security and trust processes through training, documentation, and communication initiatives. Collaborate with internal Audit and Compliance teams to support audits, certifications, and evidence collection activities. Support the development and maintenance of security policies, standards, and procedures related to vendor management and customer assurance. Identify emerging risks and technologies, process gaps, and opportunities to strengthen RingCentral's overall trust and risk management practices. Qualifications: 5+ years of professional experience in a Security, Risk, or Enablement role with a focus on Governance, Risk, and Compliance (GRC), Third-Party Risk Management (TPRM), or Security Trust. Bachelor's degree in Computer Science, Information Security, or a related technical field,or equivalent practical experience. Strong understanding of enterprise security principles, vendor risk management, and compliance/industry best practices. Demonstrated experience using automation or AI driven tools to streamline security assessments, reporting, or assurance processes. Technical Writing: Exceptional written communication and attention to detail, with the ability to translate complex security concepts into clear, accurate, and customer facing documentation. Proven ability to partner with Sales, Legal, Privacy, and Engineering to improve customer assurance workflows and promote adoption of security initiatives. Strong problem-solving and data analysis skills with the ability to interpret and visualize security metrics for leadership reporting. Strong communication and interpersonal skills with the ability to explain complex security concepts to technical and non-technical audiences. Ability to work independently and as part of a team. Bonus Points (Nice to Have): Relevant security certifications such as CISSP, CRISC, or CISA. Experience working in a fast paced SaaS or cloud based environment. Experience with automation platforms, workflow orchestration, or AI for GRC or TPRM. Familiarity with security and compliance frameworks( e.g., SOC 2, ISO 27001,NIST). What we offer: Comprehensive medical, dental, vision, disability, life insurance Health Savings Account (HSA), Flexible Spending Account (FSAs) and Commuter benefits Voluntary supplemental health coverage and life insurance 401K match and ESPP Paid time off and paid sick leave Paid parental and pregnancy leave Family-forming benefits (IVF, Preservation, Adoption etc.) Emergency backup care (Child/Adult/Pets) Employee Assistance Program (EAP) with counseling sessions available 24/7 Free legal services that provide legal advice, document creation and estate planning Employee bonus referral program Student loan refinancing assistance Employee 1:1 coaching, perks and discounts program RingCentral's Security Team ensures company data is accessible, secure, and optimized in ways that provide maximum competitive advantage. We are constantly discovering, developing and deploying innovations that power productivity and drive better decisions for our customers. Our IT professionals are talented, ambitious, out-of-the-box thinkers who love to learn on the job-planning, deploying and maintaining state-of-the-art technology to deliver flawless performance 24/7/365. RingCentral's work culture is the backbone of our success. And don't just take our word for it: we are recognized as a Best Place to Work by Glassdoor, the Top Work Culture by Comparably and hold local BPTW awards in every major location. Bottom line: We are committed to hiring and retaining great people because we know you power our success. About RingCentral RingCentral, Inc. (NYSE: RNG) is a leading provider of business cloud communications and contact center solutions based on its powerful Message Video Phone™ (MVP™) global platform. More flexible and cost effective than legacy on-premises PBX and video conferencing systems that it replaces, RingCentral empowers modern mobile and distributed workforces to communicate, collaborate, and connect via any mode, any device, and any location. RingCentral is headquartered in Belmont, California, and has offices around the world. RingCentral is an equal opportunity employer that truly values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you are hired in Colorado, the compensation range for this position is between $73,500 and $105,000 for full-time employees, in addition to eligibility for variable pay, equity, and benefits. Benefits may include, but are not limited to, health and wellness, 401k, ESPP, vacation, parental leave, and more! The salary may vary depending on your location, skills, and experience. #LI-IG1

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

EchoStar is reimagining the future of connectivity. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products. Today, our brands include Boost Mobile, DISH TV, Gen Mobile, Hughes and Sling TV. Department Summary Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow. Job Duties and Responsibilities Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session. We are seeking an experienced and highly motivated Compliance Manager to join our Information Security Governance, Risk, and Compliance (GRC) team. You will play a critical role in protecting EchoStar's assets and customer data as this position is crucial for maintaining our organization's alignment with regulatory and industry standards, with a particular focus on Payment Card Industry (PCI) compliance. The ideal candidate will be a GRC professional responsible for developing, implementing, and overseeing our compliance program, ensuring that our systems and processes meet all required obligations. Key Responsibilities: * Involved in leadership of the development and maintenance of the organization's compliance management framework, covering PCI, CPNI, NYDFS and other regulatory requirements * Serve as a key point of contact and subject matter expert for all PCI- and compliance-related activities; including managing the annual PCI Data Security Standard (PCI DSS) assessments, coordinating with Qualified Security Assessors (QSAs), and ensuring continuous compliance throughout the year * Translate regulatory requirements into actionable standards and procedures * Work closely with the GRC and wider Information Security team to identify, assess, and manage risks related to compliance obligations * Coordinate and lead internal and external audits, providing documentation, evidence, and clear communication of control effectiveness * Develop and deliver compliance training programs to internal stakeholders to foster a culture of compliance awareness across the organization * Partner with cross-functional teams, including Legal, IT, and business units, to ensure compliance requirements are integrated into business processes and technology solutions * Implement and maintain continuous monitoring activities to track compliance status and report on outcomes and key metrics to senior leadership Skills, Experience and Requirements Education & Experience: * Bachelor's degree in a relevant field such as Information Technology, Cybersecurity, Business, or a related discipline * A minimum of 5 years of dedicated experience in a compliance or GRC role with a strong focus on PCI DSS * Professional certifications such as PCI Professional (PCI-P) or Internal Security Assessor (ISA) are highly desirable; other relevant certifications (e.g., CISA, CISSP, CRISC) are a plus Skills and Qualifications: * Deep understanding of the PCI DSS standard and its application in a technology environment * Familiarity with NIST frameworks is beneficial * Excellent communication, organizational, and problem-solving skills with the ability to work collaboratively across all levels of the organization * Ability to lead and create strategic plans for the business on regulatory strategy Visa sponsorship not available for this role Salary Ranges Compensation: $110,100.00/Year - $157,300.00/Year Benefits We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits. The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check. Our company is committed to fostering an inclusive and equitable workplace where every individual has the opportunity to succeed. We are dedicated to providing individuals with criminal or arrest records a fair chance of employment in accordance with local, state, and federal laws. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. EchoStar will accommodate the sincerely held religious beliefs of employees if such accommodations are not undue hardships and are otherwise within the bounds of applicable law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. You may redact any information that identifies age, date of birth, or dates of school/graduation from your application documents before submission and throughout our application process. EchoStar will provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities, unless doing so poses an undue hardship on the Company, poses a direct threat of substantial harm to others, or is otherwise not required by law. EchoStar has a more detailed Accommodation Policy that applies to employees. EchoStar endeavors to make echostar.com and jobs.echostar.com accessible to users. Please contact *************** if you would like to discuss the accessibility of our website or need assistance completing the application process. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications. Click the links to access the following statements: EEO Policy Statement, Pay Transparency, EEOC Know Your Rights (English/Spanish)

EchoStar is reimagining the future of connectivity. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products. Today, our brands include Boost Mobile, DISH TV, Gen Mobile, Hughes and Sling TV. **Department Summary** Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow. **Job Duties and Responsibilities** **Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session.** We are seeking an experienced and highly motivated Compliance Manager to join our Information Security Governance, Risk, and Compliance (GRC) team. You will play a critical role in protecting EchoStar's assets and customer data as this position is crucial for maintaining our organization's alignment with regulatory and industry standards, with a particular focus on Payment Card Industry (PCI) compliance. The ideal candidate will be a GRC professional responsible for developing, implementing, and overseeing our compliance program, ensuring that our systems and processes meet all required obligations. **Key Responsibilities:** + Involved in leadership of the development and maintenance of the organization's compliance management framework, covering PCI, CPNI, NYDFS and other regulatory requirements + Serve as a key point of contact and subject matter expert for all PCI- and compliance-related activities; including managing the annual PCI Data Security Standard (PCI DSS) assessments, coordinating with Qualified Security Assessors (QSAs), and ensuring continuous compliance throughout the year + Translate regulatory requirements into actionable standards and procedures + Work closely with the GRC and wider Information Security team to identify, assess, and manage risks related to compliance obligations + Coordinate and lead internal and external audits, providing documentation, evidence, and clear communication of control effectiveness + Develop and deliver compliance training programs to internal stakeholders to foster a culture of compliance awareness across the organization + Partner with cross-functional teams, including Legal, IT, and business units, to ensure compliance requirements are integrated into business processes and technology solutions + Implement and maintain continuous monitoring activities to track compliance status and report on outcomes and key metrics to senior leadership **Skills, Experience and Requirements** **Education & Experience:** + Bachelor's degree in a relevant field such as Information Technology, Cybersecurity, Business, or a related discipline + A minimum of 5 years of dedicated experience in a compliance or GRC role with a strong focus on PCI DSS + **Professional certifications such as PCI Professional (PCI-P) or Internal Security Assessor (ISA) are required** + Additional relevant certifications (e.g., CISA, CISSP, CRISC) are a nice to have **Skills and Qualifications:** + Deep understanding of the PCI DSS standard and its application in a technology environment + Familiarity with NIST frameworks is beneficial + Excellent communication, organizational, and problem-solving skills with the ability to work collaboratively across all levels of the organization + Ability to lead and create strategic plans for the business on regulatory strategy Visa sponsorship not available for this role **Salary Ranges** Compensation: $110,100.00/Year - $165,000.00/Year **Benefits** We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits . The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check. Our company is committed to fostering an inclusive and equitable workplace where every individual has the opportunity to succeed. We are dedicated to providing individuals with criminal or arrest records a fair chance of employment in accordance with local, state, and federal laws. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. EchoStar will accommodate the sincerely held religious beliefs of employees if such accommodations are not undue hardships and are otherwise within the bounds of applicable law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. You may redact any information that identifies age, date of birth, or dates of school/graduation from your application documents before submission and throughout our application process. EchoStar will provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities, unless doing so poses an undue hardship on the Company, poses a direct threat of substantial harm to others, or is otherwise not required by law. EchoStar has a more detailed Accommodation Policy that applies to employees. EchoStar endeavors to make echostar.com and jobs.echostar.com accessible to users. Please contact *************** if you would like to discuss the accessibility of our website or need assistance completing the application process. This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications. Click the links to access the following statements: EEO Policy Statement (********************************************************************************* , Pay Transparency (*********************************************************************************************************** , EEOC Know Your Rights (English (************************************************************************************ /Spanish (**************************************************************************************************** ) We are an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, disability, or any other basis protected by local, state, or federal law. All qualified applicants with arrest or conviction records will be considered for employment in accordance with local, state, and federal law. U.S. Citizenship is required for certain positions. EEO is the law. At EchoStar, you have the right to request reasonable accommodations. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact ********************. This contact information is for accommodation requests only; you may not use this contact information to inquire about the status of an application.

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

GCI embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry. At GCI, we solve the hard problems. As a Data Exploiter, a typical day will include the following duties: JOB DESCRIPTION A qualified Data Exploiter reviews, manipulates, triages, and analyzes large datasets. Candidate is responsible for supporting operational and analytical requirements. Activities include detailed log analysis, network traffic review and vulnerability risk assessment. The individual will be expected to conduct assessments of software tools and systems to identify vulnerabilities, and work with internal and external technical stakeholders to identify solutions to enrich analysis. Able to follow the entire targeting life cycle by engaging in data exploitation of requirements collection, data analysis, summary and documentation, and actionable information dissemination. KEY RESPONSIBILITIES Provide data exploitation and targeting support to the customer. Use a variety of tools and methods to extract information of foreign intelligence, counterintelligence and targeting value from digital data. Create a range of products that inform operations, drive targeting and collection, contribute to intelligence products, and support multiple customer needs. Work with a team to analyze existing software applications and tools, and recommend new technologies and methodologies to improve team performance. Write and update technical documentation such as user manuals, system documentation, training materials, processes and procedures, technical reports and targeting leads. Collaborate cross-functionally with data scientists, engineers, developers, targeters, and analysts. Analyze intrusion artifacts to identify mitigation approaches for potential network defense Provide recommendations for continuous improvement. Work alongside other team members to sustain and advance our organization's capabilities. EDUCATION AND EXPERIENCE Bachelor's degree in Computer Science, Information Technology, or other related discipline, or Equivalent combination of education, technical certifications, training, and work/military experience. REQUIRED QUALIFICATIONS Demonstrated experience conducting in-depth targeting research/analysis on priorities and diverse datasets Demonstrated experience and ability to communicate complex information and concepts to an audience of varying levels of technical experience. Demonstrated experience and ability to sort through, catalog and analyze multiple forms of data using an array of tools and methods to achieve objectives Demonstrated experience in utilizing technical targeting tools Experience reviewing and assessing network traffic and knowledge of the OSI Layers Ability to sift through large amounts of unstructured data for key data points (metadata and artifacts) Knowledge of incident response, containment, and mitigation Knowledge of common cyber-attack methods Demonstrated experience conducting detailed log analysis and system monitoring to understand system status, detect system breaches, and identify other system anomalies Demonstrated experience performing vulnerability identification, risk analysis, and remediation Ability to triage, review, identify, and correlate items of interest from numerous all source datasets Ability to evaluate worldwide security events to assess system impact and/or risk (e.g., zero day exploits, hardware failures, and/or cyber-attacks) Ability to sift through large amounts of unstructured data for key data points (i.e., metadata and artifacts) Identify and document information that can fill critical gaps Create new methodologies / algorithms for data analysis and correlation Create entity / object profiles and derived data sets that enable future opportunities and analytical efforts Prepare a range of tailored products that embody and explain findings Experience with technical collection abilities Must be eligible to obtain the required Security Clearance. DESIRED QUALIFICATIONS Python Scripting Strong understanding of VPNs, VLANs, and TCP/IP Understanding of Linux operating systems Ability to working independently with minimal supervision Experience conducting network traffic analysis Understanding of forensic tools and applications Salary Range $160,000-$200,000 Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

Tyto Athene is searching for an experienced System Engineer, Physical Security to support one of our DoD programs. This individual will be required to operate in a diverse security environment. Responsibilities: Design, install, test and support of DoD physical security systems including, but not limited to, access control, closed-circuit television and intrusion detection. Three (3) years' experience working with and validating engineering drawings in accordance with DoD engineering drawings practices. Ability to troubleshoot LENEL manufactured security system and access control system equipment and software. Provide security engineering support including review and response to technical specifications, scope of work, product selection, surveys with customer interview, design, technical writing and implementation of Electronic Security Systems. Evaluate new COTS products, identifies form fit function (FFF) replacements for end of life (EOL) equipment, reviews maintenance trouble tickets and research solutions. Maintains As-Builts to include inside and outside plant, fiber optic infrastructure, CCTV, IDS, ACS, head end and other related Electronic Security Systems. Develop Installation Design Packages (IDP) that are SIPH compliant for Electronic Security Systems such as PACS, IDS/PIDS, VMS, and other related low voltage systems for highly sensitive areas such as SCIF. Qualifications Required: Ability to obtain a CI polygraph Bachelor's degree in electrical or mechanical engineering and a minimum seven (7) years' experience; OR a minimum of ten (10) years' experience if candidate does not have a degree CompTIA Security+ certified LENEL Certified Expert (LCE) Clearance: Active TS/SCI clearance is required. Candidates must have this clearance in order to be considered. About Tyto Athene Compensation: Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $130,000-$140,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. Benefits: Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave. Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto? Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Number of positions: 1 Length: 12Months + Work Address: Richmond, VA 23219 Immediate interviews Web Cam Interview Elect - Cybersecurity Engineer Is Remote. Seeking an Azure Senior Security Engineer (Cybersecurity Engineer 3) with minimum 5 years experience to work with an existing software development team. You will be working with our more established contractors and staff to focus on several web and Windows applications used both by internal staff and constituents of the Commonwealth of Virginia. The candidate will need expertise in all aspects of IT security and cloud security and experience working in an Agile/Scrum development environment interacting with technical and non-technical stakeholders. Candidate will need to have extensive knowledge of cybersecurity practices, industry security standards, and regulatory standards. A bachelors degree and/or applicable recognized industry certifications are strongly desired and will help you stand out in this position. using mobile and responsive design practices, so a familiarity with these methodologies would be a plus. Required/Desired Skills Candidates must have ALL the Required skills in order to be considered for the position. Desired or Highly Desired skills are a PLUS but may NOT be required. Skill Matrix (Please fill the last two columns of this matrix) Experience with Business workflow processes Required / Desired Amount of Experience Years of Experience Last Used 5+ years in IT security or cloud security roles required. Required 5 Years 3+ years of hands-on experience securing Azure environments Required 3 Years Bachelors degree in Computer Science, Cybersecurity, or related field or equivalent work experience required. Required 5 Years Relevant certifications (MS Certified Cybersecurity Architect Expert, Azure Security Engineer Associate (SC-300), CompTIA Security+, CISSP, CISM Highly desired 5 Years Experience with Azure Security Services (Azure Defender, MS Sentinel, Azure Key Vault, Azure Policy and Blueprints, Azure Security Center) required. Required 5 Years Experience with Azure Active Directory (AAD), including conditional access, MFA, and identity protection required. Required 5 Years Extensive knowledge of PIM and RBAC required Required 5 Years Experience with NSGs, ASGs, VPN, ExpressRoute, and hybrid connectivity security required Required 5 Years Ability to implement and moitor compliance with regulatory standards such as NIST, ISO 27001, GDPR, etc. is required Required 5 Years Extensive knowledge of threat modeling and vulnerability management, SIEM/SOAR tuning and response workflows, and security alert triage and forensics Required 5 Years Ability to perform scripting and automation using PowerShell, Bicep, ARM templates, or Terraform Required 5 Years Ability to perform perform integration with CI/CD pipelines for secure deployments (GitHub Actions, Azure DevOps) Required 5 Years Ability to create and deliver security architecture reports and documentation Required 5 Years Experience in risk assessment and mitigation strategies Required 5 Years