Cyber security analyst jobs in Knoxville, TN

Knoxville, TN | Cybersecurity Engineer | Full-time We are actively recruiting a Cybersecurity Engineer for our client in Knoxville, TN. This is a hybrid direct placement opportunity that will require some onsite work in Knoxville. The successful candidate will be responsible for the design, implementation, and ongoing management of advanced cybersecurity measures to protect sensitive data, systems, and networks. This role involves hands-on work with a wide range of security technologies, development and enforcement of security protocols, and proactive risk mitigation. The engineer collaborates with cross-functional IT teams to integrate security solutions into enterprise projects and ensure compliance with applicable regulatory requirements, including HIPAA. Must have a minimum of five years' experience in cybersecurity engineering, with a proven track record in designing and implementing security solutions within an enterprise environment. Due to client request, candidates must be eligible to work in the United States without sponsorship. Equal Opportunity Employer/Veterans/Disabled

We are seeking a Cybersecurity Engineer with strong, hands-on experience implementing Data Loss Prevention (DLP) solutions, specifically using Azure Purview and Microsoft Intune. This role requires a technical practitioner who has directly deployed, configured, and operationalized security controls-not just monitored events. The engineer will design and implement secure architectures across cloud and hybrid environments, conduct threat modeling, integrate security into new platforms, and ensure alignment with industry best practices and regulatory frameworks such as NIST 800-53, FISMA, and FedRAMP. The ideal candidate must have 10+ years of experience that brings advanced knowledge of cloud security, IAM, encryption, authentication protocols, and modern DevSecOps practices. Additional responsibilities include developing reusable security patterns, performing architecture reviews, enhancing automation, and partnering with IT teams to mature the organization's security posture. Strong communication skills, deep technical proficiency, and experience with Azure/AWS infrastructures are essential for success in this role. This is an onsite direct hire opportunity in Arlington, VA, no contract, no sponsorship. Relocation assistance provided within the US. LI #HP-1

We are currently seeking a Cybersecurity Engineer to become part of the Federal Strategic Cyber group. Location: Arlington, VA. This is a full-time, working on-site role. The DSCM program encompasses cyber security, data analytics, engineering, technical, managerial, operational, logistical and administrative support to aid and advise DOS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. Those supporting the DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges. About the Role Support the Security Standards & Baselines (SSB) section within the Technology, Innovation, and Engineering (TIE) Office. Identify and provide solutions to enhance and/or streamline processes and automate work flow. Need to have a strong technical background and expertise in various areas of cybersecurity. Promote awareness of security issues among management and ensure sound security principles are reflected in organizations' visions and goals. Communicate complex security concepts to both technical and non-technical stakeholders, including senior management. Possess strong problem-solving and decision-making abilities to guide the organization in making informed security decisions. Perform extensive research and documentation of security threat vectors. Provide guidance and coaching to team members. Create bulletins, alerts, and/or advisories related to published or developmental standards and/or security principal documents. Ensure that rigorous application of information security/information assurance policies, principles, and practices are implemented in the delivery of all IT services. Evaluate a wide array of existing, new, modified, and/or emerging technologies and develop recommended security configuration baselines documents that implement Departmental policy, technical security solutions, and industry best practices in alignment with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) as much as possible. Respond to various technical and policy questions from a wide range of customers/users with guidance and clarifications. Promote awareness of cybersecurity standards and principles among the customer stakeholders, coworkers, and the Department users. Collaborate with fellow team members and various internal and external stakeholders to share information and knowledge to establish and maintain a productive line of communication. Streamline processes to improve efficiency of Mission goals. Manage information and updates in SharePoint repositories. Keep awareness of items involving fellow team members to provide back up support and coverage as needed. Qualifications: Bachelor's degree and a minimum of 5 years' of relevant experience. An additional 4 years of experience will be considered in lieu of degree/education. Either possess or obtain prior to start date ONE of the following certifications: CAP, CASP+ CE, CCISO, CCNA-Security, CISM, CISSP (or Associate), CISSP (or Associate), CND, CSSLP, CySA+, GICSP, GSEC, GSLC, Security+ CE, SSCP, PPDA, Agile IC, SNOW App Dev. Experience with DISA STIG - Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG). Experience developing and executing research plans. Experience working with Windows Server on an enterprise level. Experience managing Active Directory in a multi-domain environment. Experience working with server/application virtualization on an enterprise. Demonstrated excellence in business acumen, team orientation and strong customer service skills. U.S. citizenship required. Active Secret security clearance. Ability to obtain a final Top Secret security clearance. Highly Desired: Experience with process automation. Technical writing skills. Engineering/maintaining database infrastructure including SQL and Oracle experience. Active Directory Federation Services (ADFS), Azure, Active Directory experience. Experience developing and managing virtualized IT systems. Networking technologies experience. Configuration and/or administrating enterprise mobile device deployments experience. Experience working with Red Hat Enterprise Linux servers on an enterprise level. For any questions regarding this job announcement or the status of your application, please contact our Director of Recruiting, Mr. Brian Jennings, via email at ********************.

The Cybersecurity Engineer is responsible for the technical implementation and management of cybersecurity measures. This role involves extensive hands-on work with security technologies, developing and maintaining security protocols, and ensuring the protection of sensitive data. The Cybersecurity Engineer collaborates within the various IT teams to integrate security solutions into business projects and solutions, while supporting overall compliance with HIPAA regulations. Technical Implementation: Architect, deploy, and maintain enterprise-grade security technologies, including firewalls, intrusion detection/prevention systems, encryption platforms, and vulnerability management tools. Implement and support security controls for network infrastructure such as routers, switches, and wireless access points. Configure, administer, and secure Active Directory and Azure AD environments. Deploy and oversee endpoint protection platforms and Security Information and Event Management (SIEM) solutions. Manage Microsoft 365 security capabilities, including conditional access, data loss prevention (DLP), and advanced threat protection. Evaluate, test, and recommend new security tools, processes, and technologies to strengthen the organization's security posture. Security Operations: Continuously monitor systems for security events, investigate alerts, and respond to incidents with appropriate documentation. Perform ongoing risk assessments and vulnerability scans to identify exposures and drive remediation efforts. Lead technical response efforts during security incidents or breaches in coordination with the incident response team. Administer and monitor Identity and Access Management (IAM) systems to ensure secure and appropriate access. Conduct routine vulnerability assessments and threat analysis to support continual improvement. Perform digital forensics and incident response activities as needed. Compliance: Ensure adherence to HIPAA and all applicable regulatory and security standards. Design and implement technical safeguards that protect sensitive information and support organizational objectives. Collaboration: Partner with IT and business teams to embed security controls into systems, applications, and workflows. Educate and support staff on cybersecurity awareness, best practices, and evolving threats. Documentation: Create and maintain accurate documentation for security configurations, procedures, and incident activity. Remain informed on current cybersecurity trends and recommend enhancements to existing controls. Security Audits: Plan and conduct scheduled and ad-hoc security audits to validate adherence to security policies and standards. Security Standards and Policies: Develop, review, and update security policies and standards in alignment with industry best practices and regulatory requirements. Security Infrastructure Maintenance and Monitoring: Configure, troubleshoot, and maintain security-related hardware and software. Implement and manage monitoring tools to detect intrusions and potential security breaches. Security Strategy Development: Support the planning, execution, and ongoing refinement of the organization's information security strategy. Adhere to organizational policies, procedures, and safety standards; complete required training annually; contribute to performance goals and quality improvement initiatives. Perform additional duties as assigned. Minimum Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline required. Minimum Experience: Ten (10) years of overall IT experience, including at least five (5) years of hands-on cybersecurity leadership with demonstrated success designing, engineering, and deploying security solutions in an enterprise environment. Certifications: Relevant industry certifications such as CISSP, CISM, CISA, CCSP, CEH, Microsoft Azure Engineer, or equivalent are required.

Immediate need for a talented Information Security Analyst - Lead . This is a 09+ months contract opportunity with long-term potential and is located in Atlanta,GA(Hybrid). Please review the job description below and contact me ASAP if you are interested. Job ID:25-93807 Pay Range: $68 - $68.61/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Act as a liaison between cybersecurity metric owners, data engineers, and governance teams to ensure accurate and timely metric development. Facilitate metric working sessions to define metric name, definition, calculation, system of record, and critical data elements (CDEs). Support the documentation and validation of metric logic and data lineage. Coordinate and lead standing meetings to provide updates, manage timelines, and escalate blockers or data challenges. Review and validate data quality and completeness of metric inputs in coordination with data engineers. Support the development of root cause commentary and trend analysis for metrics that breach established thresholds. Partner with control and process owners to align metrics with applicable frameworks (e.g., NIST CSF, CIS, FFIEC). Prepare clear, concise executive-level summaries and presentations on metric performance and risk trends. Maintain oversight of multiple metrics in different stages of the build lifecycle, ensuring governance and consistency. Contribute to continuous improvement of the metrics program, including standardization, automation, and data quality enhancements. Key Requirements and Technology Experience: Key Skills;Metrics governance/Risk Metrics/Performance Metrics . Bachelor's degree or five years of related experience or an equivalent combination of education and experience In-depth knowledge of principles, practices, theories, and/or methodologies associated with the professional discipline (e.g., information technology, project management, finance, risk management, etc.) Understands foundational concepts of other related professional disciplines. Experience managing small projects Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders. Ability to provide direction and mentor less experienced teammates Strong organizational skills with the ability to manage multiple priorities simultaneously. Excellent written and verbal communication skills, including experience drafting executive summaries. Proficiency in Microsoft Excel, PowerPoint, and collaboration tools (e.g., Teams, SharePoint). 5-7 years of experience in cybersecurity, risk management, technology project coordination, or data analytics. Familiarity with cybersecurity domains (e.g., vulnerability management, DLP, IAM, cloud security, incident management). Working knowledge of risk and performance metric design, including KRIs, KPIs, and operational indicators. Experience gathering and documenting business requirements and translating them into actionable data or metric logic. Basic understanding of SQL or ability to read data dictionaries and data mappings. Exposure to cyber control frameworks such as NIST CSF, ISO 27001, or CIS. Exposure to Agile or iterative project delivery methods. Cybersecurity/Risk management Vulnerability management Stakeholder engagement . Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

Essential Duties and Responsibilities: Working with security tools and API integration work including writing scripts and development of automation around detection and remediation activities. Given the growing nature of the organization, you will work closely with other internal and external groups and may also assist in other security activities as necessary in response to assessments and/or audits. Implementing and operating vulnerability management and security log collection and monitoring tools, analyzing data from those tools and providing recommendations for security improvements to existing processes and technology, and participating in and leading incident response efforts. Identification and remediation of OS and network security weaknesses and vulnerabilities Respond to internal and/or external reports, events, and incidents (e.g. scanning, hacking, phishing) Qualifications: Bachelor's in computer science (or equivalent) degrees Minimum of 5+ years of documented information security work experience At least 5+ years of system/network security experience, including threat modeling, threat assessments, risk identification techniques, penetration testing Detailed knowledge of network and Web related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols) Atalla HSM experience (knowledge of transaction encryption) and Imperva, SecureSphere, WAF, and DB experience. Experience with planning, deployment, and operation of large enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, MDM etc. Demonstrated experience with malware remediation. Experience in one or more technical forensic tools Experience with Splunk from systems deployment and endpoint configuration to log analysis and interpretation. Ability to identify signs of intrusion or infection on a variety of systems. Expertise in administration of enterprise OS's Ability to move seamlessly between a hacker / attacker mindset and a security engineer / defender mindset Hands on experience with Nmap, vulnerability scanners, ZAP, Kali, MetaSploit, Wireshark, Kismet, Aircrack-ng Penetration testing experience Application and database security experience, including code reviews Network and security engineering experience, including log and network traffic capture analysis IT security certifications (SANS GIAC, CISSP, CCNA Security, CCNP Security, RHCSA or RHCE, MCP or MCSE ) are a plus Experience with advanced malware technologies is a plus. MerchantE does not provide visa sponsorship for this position. Candidates must be legally authorized to work in the United States without current or future sponsorship.

ABOUT THE ROLE Individual is able to work without assistance; provides leadership for others; able to manage highly complex work efforts; may have advanced education; has extensive industry experience. The IT Security Analyst monitors and advises on information security issues related to the systems and workflow at an agency to ensure the internal IT security controls for an agency are appropriate and operating as intended. Coordinates and executes IT security related projects for the agency. Coordinates response to information security incidents. Develops and publishes Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance with Commonwealth IT Security policies, standards, and guidelines. Conducts campus-wide data classification assessment and security audits and manages remediation plans. Collaborates with IT management, Internal Audit, and VITA to manage security vulnerabilities. Creates, manages and maintains user security awareness. Conducts security research and keeps abreast of latest security issues. Prepares IT security documentation, including department policies and procedures, agency notifications, Web content, and alerts.

Role: Information Security Analyst/IAM Analyst Duration: 12+ months Interview: PH/MS Teams This position supports the Central Access Provisioning team within IAM Operations. Resources will assist during a transition from manual access processes to increased automation, flexing across IAM functions to address capacity gaps and operational needs. Required Experience 2+ years in IAM / Information Security / Access Management Hands-on experience with at least one IAM tool (SailPoint, Okta, CyberArk, Ping, Microsoft Entra ID) Working knowledge of authentication standards (LDAP, SAML, OAuth, OpenID, SCIM) Experience supporting access provisioning, deprovisioning, and identity lifecycle activities Exposure to security frameworks such as NIST, ISO, SOX, or PCI What We're Looking For Strong IAM operations background (not architect-level) Ability to work onsite and interact with business and security stakeholders Candidates who can start quickly and operate in a high-volume IAM environment Best Regards, Shubhangi Pokhriyal Technical Recruiter Sibitalent Corp 118 Carolynn Lane, Murphy, TX 75094 ****************** Email: *************************

WorkForce Unlimited is searching for a proactive Security Analyst to analyze vulnerabilities, optimize security tools, and help our client stay ahead of emerging threats. The Security Analyst is responsible for independently managing third-party vulnerability data sources, executing scans using proprietary tools, and collaborating with IT teams to prioritize mitigation efforts. The role involves leveraging vulnerability management tools to generate metrics and reports that track progress and effectiveness. Additionally, the Security Analyst may contribute to reviewing project scopes to recommend security benchmarks, optimizing security tool alerts and policies, and integrating logs and large data sets into existing systems. Role Responsibilities Analyze vulnerabilities from various sources and input them into the vulnerability management tool using approved methods to ensure a complete overview of exposures. Evaluate existing vulnerabilities to identify problem areas or opportunities for mass-mitigation. Communicate with cross-functional teams to explain risks, opportunities, or required actions. Escalate vulnerabilities that exceed defined time-to-resolve thresholds. Configure vulnerability scanning tools and manage ongoing scan schedules. Collect and maintain departmental metrics and KPIs. Identify opportunities to apply AI technologies to improve vulnerability management processes. Technical Qualifications Strong familiarity and prior experience with: HTTP, PKI, digital signatures/encryption, SMTP, DNS, CWEs, CVEs, and related security frameworks. Vulnerability and security scanning tools such as Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei, or similar. Web application scanning and web application firewalls (WAFs). Containers and associated security considerations. CIS Benchmarks, STIGs, or other security hardening standards. Additional desirable skills or experience: Authentication and identity protocols: SAML, Kerberos, OAuth, OIDC, LDAP. Scripting and automation using PowerShell and Python. CI/CD tools such as Jenkins. Splunk data onboarding (indexes, sourcetypes, data models, forwarders, apps, HECs). Log ingestion and transport technologies: Azure Event Hubs, Kafka, syslog. EDR/XDR tools such as Microsoft Sentinel, Microsoft Defender, CrowdStrike, or similar. General Qualifications Ability to conduct independent research, analyze data, and produce clear plans of action. Strong systematic thinking and troubleshooting skills. Ability to create clear and detailed documentation of designs and processes for diverse technical audiences. Excellent communication skills, including the ability to clearly articulate requirements, priorities, and project status. Education Requirements Bachelor's Degree in Information Technology or a related field is preferred but not mandatory.

Apex Systems is looking to hire a Application Security Engineer for our financial client we support. Qualified candidates will have the following experience and skills: Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk). Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security). Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration. Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10). Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance. Strong analytical skills for vulnerability triage and risk prioritization. Excellent communication skills for consulting with development teams and explaining technical findings. Locations: MUST BE LOCATED IN ONE OF THE FOLLOWING STATES TO BE CONSIDERED - NC, SC or GA Onsite expectation: REMOTE Pay range: $80-$85/HR w2 Note: We are unable to consider C2C or third-party submissions. If you are interested, please apply here or email an updated copy of your resume to ************************ Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet' as well, which an Apex team member can provide. EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at ******************************** or ************. Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

STRATEGIC STAFFING SOLUTIONS HAS AN OPENING! This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below. “Beware of scams. S3 never asks for money during its onboarding process.” Job Title: Information Security Engineer- Automation (Cisco ISE) Location: Charlotte, NC 28262/ Raleigh, NC 27607 Onsite Work Contract Length: 24+ Months Pay: 75-80 an hr on W2 About the Role We are seeking a highly motivated Information Security Engineer to design and implement automation solutions that streamline and enhance management of the Cisco Identity Services Engine (ISE) platform. This role is ideal for a proactive, self-directed engineer who thrives in complex environments and enjoys building scalable, secure automation that reduces manual effort and improves operational efficiency. You will play a key role in developing automation workflows, integrating systems via APIs, and collaborating with cross-functional teams to translate business and security requirements into reliable, maintainable solutions. Key Responsibilities Design, develop, and implement automation workflows to support Cisco ISE configuration, policy updates, and operational tasks Build and maintain Python-based automation scripts and Ansible playbooks aligned with business and security requirements Develop application and system integrations using RESTful and/or SOAP APIs, including authentication mechanisms (OAuth, JWT), data transformation, and error handling Create secure, scalable API integrations with internal systems and third-party services Utilize API testing tools such as Postman and Swagger to validate functionality, performance, and security compliance Integrate automation solutions with external platforms (e.g., HashiCorp Vault) for secure credential and secrets management Develop custom tooling to simplify administrative processes and reduce manual day-to-day operational tasks Collaborate with internal stakeholders to gather requirements and deliver scalable automation solutions Document automation architecture, workflows, and usage guidelines to support maintainability and knowledge transfer Troubleshoot, optimize, and enhance automation scripts for reliability, scalability, and performance Required Qualifications Strong experience managing network infrastructure as code Advanced Python development skills Proven experience building Ansible playbooks based on business and operational requirements Hands-on experience creating and maintaining technical documentation (automation architecture, READMEs, runbooks) Ability to work independently, adapt to evolving requirements, and navigate complex or ambiguous processes with minimal supervision Nice-to-Have Qualifications Experience with Cisco Identity Services Engine (ISE) Background in network engineering or network security Work Location & Schedule This is a hybrid role requiring 3 full days per week onsite (8 hours per day) at one of the following locations:

In this contingent resource assignment, candidate may: Participate in low to moderately complex initiatives and identify opportunity for process improvements within Information Security Analysis. Review and analyze basic or tactical Information Security Analysis assignments or challenges that require research, evaluation, and selection of alternatives, related to low-to-medium risk deliverables. Present recommendations for resolving low to moderately complex situations and exercise some independent judgment while developing understanding of function, policies, procedures, and compliance requirements. Provide information to client personnel in Information Security Analysis. Required Qualifications: 2 plus years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education. Desired Qualifications: Hands-on experience with IAM Tools (SailPoint, Okta, CyberArk, Ping, Microsoft Entra ID) Experience with authentication standards (LDAP, SAML, OAuth, Open ID, SCIM). Experience with security compliance frameworks (ISO, NIST, SOX, PCI) Ability to interact with various layers of leadership Ability to prioritize work, meet deadlines, and achieve deliverables Strong organizational, multi-tasking, and prioritizing skills Customer service focus with the ability to respond to requests in a timely manner Intermediate Microsoft Office (Word, Excel, Outlook, PowerPoint, Access, and Project) skills Pay Range: $40- $45 The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision and 401K contributions as well as any other PTO, sick leave, and other benefits mandated by appliable state or localities where you reside or work.

Jr. Security Analyst Our client is currently looking for a Jr. Security Analyst to join their team in a long term contract capacity focusing on an increase in compliance and audit work heading into the new year. This person will be brought on to support an established information security and compliance team. This role is ideal for someone looking to grow in TPA (Third Party Assessment), audit support, compliance operations, NIST frameworks, and GRC practices. Below is a breakdown of what our enterprise client is looking for in their potential candidate! Key Responsibilities Support Third Party Assessments (TPAs) by gathering evidence, tracking documentation, and helping review vendor security controls. Participate in internal and external audit readiness tasks including evidence collection, control testing preparation, remediation tracking, and audit log review coordination. Assist with vulnerability scan reporting, ticket creation, and follow-up with technical teams on remediation tasks. Support intake, documentation, and status tracking of new compliance and security projects. Help maintain dashboards, risk registers, and compliance reporting metrics within the GRC tool. Participate in annual assessment activities including contingency plan exercises, incident response tests, access reviews, and other required security program tasks. Assist with audit log reviews and routine monitoring processes as assigned. Maintain structured, accurate documentation to support continuous compliance efforts. Minimum Qualifications 1-3 years of experience in security, IT, audit, or compliance support roles (internships or rotational experience accepted). Foundational knowledge of NIST frameworks, FISMA requirements, or other security compliance standards (HIPAA, SOC 2, ISO 27001 a plus). Experience with GRC platforms (ServiceNow, Archer, OneTrust, ZenGRC, etc.) OR strong interest in learning. Strong attention to detail with the ability to create, edit, and maintain structured documentation. Proficiency with Microsoft Office and basic workflow tracking tools (Excel, SharePoint, Confluence, Smartsheet, etc.). Familiarity with basic cybersecurity terminology and frameworks (e.g., CIS Controls). Experience supporting compliance evidence collection or policy documentation. Interest in security governance, risk, and compliance as a long-term career path.

*****NO C2C OR THIRD PARTY INQUIRIES***** Senior Security Engineer 3x Per Week Onsite Minimum if Hybrid Top skills/tools, etc. that are MUST haves: Recent Palo Alto experience Palo Alto SME Nice to haves: Prisma Access Job Summary You will provide guidance and technical support to clients deploying our security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Your thorough understanding of our product integrations contributes to the development of new principles and concepts - providing detailed analysis around what's working, what's not, and what could be better. You enjoy implementation work, are proactive about resolving potential concerns, and operate well around strict best practices that enable our clients on their road to a more secure digital world. You're creative, innovative, and you love a challenge - learning how integrations might work better around new products and technologies. Responsibilities Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution Configure, implement, and maintain Security Operating Platform Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall Test and validate the migration environment Coordinate and execute cutover to production Provide guidance on code upgrades Facilitate the development of new application and threat signatures Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases Some travel may be required, dependent on customer request You work with the customer's security & network teams to build confidence across the business units impacted by the change to Palo Alto Networks Experience High level of experience with Panorama and log collectors NGFW Global Protect BS in Computer Science, MIS, business, or equivalent education/training/experience Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching) Minimum of 3 years' experience leading security solutions in large environments) Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products You're experienced in internetworking, LAN, and WAN technologies You have a good understanding of Internet protocols and applications Possess the following industry certifications: CISSP, CCNA, CNSE, JNCIE-SEC You effectively handle multiple projects and work calmly in high pressure

Title: Application Security Engineer Clearance Required: Public Trust Position Type: Full-Time About the company: At VivSoft, we aim to solve complex federal problems using emerging and open technologies in a collaborative and rewarding environment. VivSoft is a diverse team of strategists, engineers, designers, and creators experienced in building high performance effective softwares, with impactful organizational design and organizational dynamics for software delivery. We build secure Software Factories based on DoD reference designs and NIST Frameworks for Cloud and DevSecOps. These factories deliver AI/ML Applications, Data Science Platforms, Blockchain and Microservices for DoD, Healthcare and Civilian Agencies Job Summary: We are seeking an Application Security Engineer to support the modernization of a large-scale enterprise software development platform. This role focuses on securing CI/CD pipelines, enforcing DevSecOps best practices, and implementing automated security testing throughout the SDLC. The engineer will work closely with development and platform engineering teams to embed security into reusable templates, GitHub Actions, and deployment workflows, ensuring applications are built and deployed securely across environments. Key Responsibilities: Using GitHub Advanced security, review security findings of the organization. Review, validate, and approve request to remediate security findings. Review, validate, and approve request to dismiss security findings. Collaborate with Federal POC and FDIC security team to create and implement application security processes and standards. Identify gaps and design solutions to improve application security at the FDIC. Provide guidance to FDIC developers in regard to remediating findings when needed. Required Skills: Bachelor's degree in Computer Science, Engineering, Information Technology, or related field, or equivalent professional experience. Proficiency in at least one or two major enterprise languages (e.g., Java, .Net, C#, JavaScript) to effectively review code and understand development context. Experience integrating security tools (SAST/DAST/SCA) into CI/CD pipelines to automate vulnerability scanning. Proficient in conducting and interpreting results from SAST (Static Analysis Security Testing) DAST (Dynamic Analysis Security Testing) Manual Code Review for security flaws Deep understanding of the OWASP Top 10 and other common application security attack vectors (e.g., injection, XSS, broken access control). Knowledge of security considerations for large, complex enterprise architectures, which may include Cloud Security (AWS, Azure, or GCP), API security, and microservices.

Vulnerability Management Specialist will perform the following: Defines, maintains, and enforces application security best practices Conduct vulnerability assessment and manual/automated code reviews Demonstrate vulnerabilities to application owners and provide mitigation recommendations Proficient in any SAST, DAST, and OSA tools. In depth knowledge with any programming language like Java, .NET, C#, etc. Performs and conducts penetration tests and manual/automated code reviews. Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement In depth Knowledge of Secure Coding best practices and OWASP top 10, SANS 25, CVE, etc. Identify AppSec related tools/conduct tool analysis, and provide recommendations Vulnerability Management Specialist will have at least five years of working knowledge and hands-on experience with five or more of the following tools: BurpSuite, SonarQube, OWASP/Maven, Fortify, Tenable, STIG Viewer, AWS Security Hub, AWS Inspector, ePO, ServiceNow, Jira, ADO, eMASS or equivalent GRC Tools. Experience in infrastructure and container scanning Minimum Qualifications Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline and a minimum of 5 years of working knowledge and hands-on equivalent relevant experience. Candidates must have a Security+ certification or similar Candidates must have an active secret security clearance. Position requires on-site work in Alexandria VA 2-3 days/week. Other Job Specific Skills Working knowledge and hands-on experience with the following: BurpSuite SonarQube OWASP/Maven Fortify, Tenable STIG Viewer AWS Security Hub AWS Inspector ePO, ServiceNow Jira ADO eMASS or equivalent GRC Tools

Come Forge the Future of Machine Identity Security for Operational Technology & Industrial Control Systems Where: Tysons, VA (Hybrid) Supporting: Our CTO At Corsha we're not just selling software; we're fundamentally reshaping how the most critical industrial and operational technology (OT) systems are secured. We're a cyber startup in the DC area, driven by a mission to bring trust, resilience, and identity to the operational systems that power our world - from factories to power grids. We're building the future of machine identity security, and we need a dynamic technical evangelist to join our front lines. Tired of the Status Quo? Ready to Secure the Unseen? Here's your Opportunity: If you're an engineer who thrives on solving hard problems, isn't afraid to get your hands dirty with industrial control systems and sees the immense potential of cybersecurity in unconventional environments, then read on. We move fast, we build for impact, and we need a security visionary to help us secure the machines that matter most. Your Mission: Secure the Industrial Edge We're looking for an OT Security Engineer to be a foundational engineer for our Machine Identity Platform (mIDP), specifically tailored for the unique and challenging landscape of OT systems. Your mission: implement, integrate, and defend the security infrastructure that underpins our cutting-edge solutions, with a heavy emphasis on industrial control systems and OT networks. This isn't just about keeping the lights on. It's about building security architectures that are inherently secure, highly available, and resilient against the most sophisticated threats, often in environments where traditional IT paradigms simply don't apply. You'll be bridging the gap between cutting-edge cybersecurity technologies and the operational realities of factories, power plants, and critical infrastructure. What You'll Be Forging: Architect and Implement OT Security Solutions: Design, deploy, and manage secure architectures for our mIDP, specifically tailored for OT environments. This includes network segmentation, routing, switching, firewall configurations, and intrusion detection systems. ICS/OT System Integration: Be the subject matter expert for integrating our mIDP with industrial control systems. This involves understanding and working with common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). Machine Identity Integration: Collaborate closely with our product and engineering teams to integrate security configurations with our mIDP, ensuring seamless and secure authentication and authorization for OT devices and applications. OT Network Hardening: Implement and enforce robust security best practices, including vulnerability management and access control for OT networks. Troubleshooting and Optimization: Proactively monitor, troubleshoot, and resolve complex security issues across ICS and OT environments. Identify and implement optimizations to enhance system performance, reliability, and security. Automation and Tooling: Develop and implement automation scripts and tools (e.g., Python, Ansible) to streamline provisioning, configuration management, and operational tasks. Documentation and Knowledge Sharing: Create comprehensive documentation, runbooks, and contribute to internal knowledge sharing to ensure maintainability and scalability of our infrastructure. Stay Ahead of the Curve: Continuously research and evaluate new cybersecurity technologies, security trends, and best practices, particularly as they relate to OT and industrial control systems. Collaborate and Mentor: Work closely with cross-functional teams (software engineers, security analysts, product managers) and provide mentorship to junior team members. What You'll Bring: 5+ years of intense experience in OT security or a related role, with a proven track record in complex, high-performance, and high-stakes environments. Deep, demonstrable expertise in industrial control systems and OT environments. You've implemented security products and solutions in real-world ICS/OT environments. Strong proficiency in network security principles: Firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), network access control (NAC), and secure communication protocols. Extensive hands-on experience with OT network architectures and protocols. You're comfortable with physical hardware and understand the nuances of industrial networks. Rock solid understanding of cybersecurity principles: vulnerability management, threat modeling, and incident response. Empathy for OT/ICS environments: You totally get the unique security challenges of Operational Technology, and understand common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). This isn't just a "nice-to-have"; it's critical. Proficiency in scripting and automation: Python, Ansible, or similar languages for automating security provisioning and operations. A relentless problem-solver: You thrive on diagnosing and resolving intricate security issues under pressure, with an unwavering focus on root cause analysis. Exceptional communication and collaboration skills: You can articulate complex technical concepts clearly and work seamlessly with cross-functional teams. Bachelor's degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience. Self-starter with an insatiable curiosity: You're eager to learn, adapt, and drive solutions in a rapidly evolving, high-impact startup environment. Bonus Points For: Experience with specific machine identity solutions (PKI, certificates, secrets management). Hands-on experience with Kubernetes Knowledge of software-defined networking (SDN) solutions. Relevant industry certifications (e.g., CISSP, GICSP, CISM). Experience in a fast-paced startup environment. Why Forge your Path with Corsha? Real-World Impact: Your work won't just sit on a server; it will actively defend the critical operational systems that underpin our society. This is an opportunity to make a tangible, immediate difference. Bleeding Edge: Be at the forefront of securing the intersection of cybersecurity, machine identity, and OT. We're defining the future, not just following trends. Growth & Ownership: This is a startup - your contributions will directly shape our product, our culture, and our success. You'll work with incredible people that care and have impact. Culture of Innovation: Join a team of brilliant, passionate engineers dedicated to solving the hardest problems. We foster a collaborative, intellectually stimulating, and supportive environment. Competitive Compensation & Benefits: Wellness days, Generous PTO, Company-covered healthcare, 401k matching, paid parental leave, and of course snacks, lunches, and sustenance. Ready to step up and secure the critical future of identity? Join Our Mission Today. Reach out to us with your resume and why you think you'd make a stellar Corshian to *****************. We are an Equal Opportunity Employer and reasonable accommodations may be made to enable individuals with disabilities.

Job Posting Title: Cloud Security Engineer - SRE Job Profile: Technical Project Management - Advisor II We are seeking a skilled and motivated Cloud Security Engineer - SRE to join our dynamic team. The ideal candidate will possess a strong technical background in systems administration, cloud computing, and infrastructure as code, with a particular focus on solution engineering/site reliability. This role will involve collaborating with cross-functional teams to enhance our security posture and streamline processes through automation. Technical Skills • Programming and Scripting: Strong proficiency in languages like Python, Go, Bash, or Ruby. SREs often need to write automation scripts and build tooling. • Systems Administration: Deep understanding of operating systems (Linux/Unix), file systems, processes, and system configurations. • Infrastructure as Code (IaC): Experience with IaC tools like Terraform, Ansible, or Chef to manage infrastructure. • Cloud Computing: Knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform, including services like EC2, S3, Kubernetes, and serverless functions. • Containers and Orchestration: Expertise in containerization (Docker) and container orchestration (Kubernetes, OpenShift). • Networking: Understanding of networking concepts, including DNS, firewalls, load balancing, and VPNs. • Monitoring and Observability: Experience with monitoring and observability tools like Prometheus, Grafana, Datadog, or New Relic. Ability to set up and maintain monitoring dashboards, alerts, and logs. • Continuous Integration/Continuous Deployment (CI/CD): Familiarity with CI/CD tools like Jenkins, GitLab CI, GitHub Actions, or CircleCI. • A strong understanding of HashiCorp Vault and Terraform will make you stand out. 2. Problem-Solving and Troubleshooting • Incident Management: Ability to manage and respond to incidents, perform root cause analysis, and implement post-mortem reviews. • Automation: Focus on automating repetitive tasks to improve efficiency and reduce human error. • Performance Tuning: Skills in identifying and resolving performance bottlenecks in systems and applications. 3. Collaboration and Communication • Teamwork: Ability to work closely with cross-functional teams, including software engineers, product managers, and DevOps teams. • Documentation: Skill in creating clear and comprehensive documentation for systems, processes, and incident reports. • Communication: Effective communication skills for interacting with stakeholders and explaining technical concepts to non-technical audiences. 4. Reliability and Scalability • Service-Level Objectives (SLOs) and Service-Level Agreements (SLAs): Understanding of setting, monitoring, and maintaining SLOs and SLAs for system reliability. • Scalability: Knowledge of best practices for designing and scaling systems to handle increased loads and demands. • Redundancy and Resilience: Experience in designing systems with redundancy and fault tolerance to minimize downtime. 5. Security and Compliance • Security Best Practices: Understanding of security principles, such as access control, data encryption, and secure coding practices. • Compliance: Familiarity with compliance standards like GDPR, HIPAA, or PCI-DSS, depending on the industry. Minimum Job Qualifications: • Bachelor degree in business or equivalent work experience • 10 years of previous program leadership and/or relevant consulting experience • Knowledge of and demonstrated experience in program management framework, knowledge groups & life cycle • 5+ years' experience in driving large scale data center consolidation efforts • Minimum 5 years' experience with matrix management of cross-functional processes and teams • Proficient with Project Management tools

CADRE is relied upon for delivering superior insight and leadership to solve the nation's most critical national security challenges in the most demanding environments. is located in Northern Virginia with flexible core hours. The Network Analyst (NA) will be responsible for daily substantive work to the Senior Management Team. The NA will also be a member of multidisciplinary teams. The Network Analysis team is composed of Network Analysts covering three distinct areas of industry and a candidate is likely to be a subject matter expert in only one or two areas: Telecom and data transport and switching engineering in support of traditional telcos Data center network engineering in support of intra- and inter-data center transport. Network architect or cellular network engineering for 3G, 4G, and/or 5G to include core network (EPC and 5G) and radio network engineering Duties: This Network Analyst performs the following core functions: Coordinate with the customer's other multidisciplinary teams to provide timely and accurate network analysis regarding the logical and physical routes of key telecommunications networks within a designated area Work with appropriate members and organizations to evaluate the role and value of potential network operations Display a mastery of relevant network operations, principles and best practices across various projects Employ their mastery creatively to support the multidisciplinary teams in providing direct mapping and graphics inputs into the customer's modeling tool as well as in modeling briefings Display subject matter expertise on complex projects Perform other duties as assigned at the direction of Project Management Required Qualifications: Ability to obtain and maintain a TS/SCI with poly Bachelor's degree preferred, in a STEM discipline (e.g. Computer Science, Cyber Security, Engineering, Mathematics, or Statistics). Other degrees are acceptable with a strong analytic and technical acumen. No degree + fourteen (14) years relevant experience Associate's degree and twelve (12) years relevant experience. Bachelor's degree and ten (10) years relevant experience. Minimum of 10 years (current) of commercial/industry experience in one of the following roles: Facility engineer or network planner (TDM and/or Data) Large scale networking engineering across multiple packet fabrics, such as google B4 Core network engineer, or radio network engineer with experience in 3G, 4G and/or 5G engineering OR equivalent NSA experience. Strong understanding of network technologies, protocols, systems and equipment to include one or more of the following: SONET/SDH, OTN, MSAN, MSPP, MPLS/IP-MPLS, VoIP, IP Multimedia Services (IMS), DWDM, ROADM, Software Defined Networks (SDN) WAN and LAN, multi fabric networks, mesh networks, Session Border Controllers, fabric management, radio access network, front haul, back haul, BGP, OSPF, ISIS, SIP, 5G/LT/LAN interworking, VoLTE, SRVCC, DRVCC, ETSI MANO, OSS/BSS Experience in commercial/industrial telecommunications networks, providing physical and logical network routes to answer strategic requirements. Working knowledge of Network Management Systems (NMS) in the network and or Network Function Virtualization and SDN Working knowledge of one or more of the following: Public Switched Telephone Network (PSTN) Data networks (IP, MPLS, traffic engineering, OpenFlow) Dedicated/Private communications networks both traditional voice and VOIP VOIP networks, softswitches, SBCs Fiber optic cable, characteristics, engineering, installation and maintenance RF related technologies such as cellular technologies, microwave, millimeter wave and VSAT Gigabit-capable Passive Optical Network (GPON) technology Strong analytical skills Ability to work with large volumes of data Computer and database skills Desired Qualifications: Active TS/SCI with poly with most recent BI/Polygraph dates within the last five years Foreign language capability is not required but is considered a plus