Information assurance analyst jobs near me - 2,152 jobs

DirectViz Solutions, (DVS) is a rapidly growing government contractor that provides strategic services that meet mission IT needs for government customers. DVS offers competitive compensation, comprehensive medical plans, 401k match, PTO accrual, professional development reimbursement, corporate-funded technology certifications, and employee recognition programs. At DVS, we recognize that our employees are our number one resource. If you are a problem-solving people-person, apply today! Location Washington, DC Position Lead Cyber Threat Analyst Location: Washington, DC Position Summary The Lead Cyber Threat Analyst serves as the technical and operational lead for enterprise cybersecurity operations, overseeing approximately 63 systems and ensuring compliance with all federal security standards. This role drives the organization\'s threat detection, analysis, and response strategy, leads the Computer Security Incident Response Center (CSIRC), and manages enterprise security monitoring tools within the Enterprise Security Operations Center (ESOC). The position requires deep expertise in cybersecurity frameworks, threat intelligence, and vulnerability management, combined with strong leadership, analytical, and communication skills to guide analysts, coordinate incident response, and safeguard sensitive financial and operational systems. Key Responsibilities Lead enterprise-wide cybersecurity operations across ~63 systems, ensuring continuous protection and compliance with federal security standards. Oversee daily security monitoring, analysis, and response activities within the ESOC. Direct 24/7 CSIRC operations, including incident triage, containment, and recovery. Develop and maintain comprehensive security documentation, including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), and RMF artifacts. Conduct annual Security Control Assessments (SCAs) and evaluate new systems and applications. Identify, track, and remediate vulnerabilities and risks across enterprise environments. Develop and maintain a real-time Cyber Threat Dashboard for senior leadership reporting and situational awareness. Lead the Vulnerability Management Program, including prioritization, patching, and remediation oversight. Monitor and analyze network traffic for potential intrusions, unauthorized activity, and anomalous behavior. Manage security tools, threat intelligence feeds, and automation solutions supporting the ESOC mission. Provide training, mentoring, and technical guidance to cybersecurity analysts and SOC staff. Oversee incident handling involving Personally Identifiable Information (PII) and ensure proper documentation and escalation. Collaborate with cross-functional and government stakeholders to align operations with NIST, FISMA, and organizational security policies. Support the protection and compliance of financial systems under the OCFO through proactive risk management. Maintain system and application security posture, ensuring ongoing compliance and operational integrity. Qualifications Bachelor\'s degree in Computer Science, Information Technology, Engineering, or a related field. Minimum of 10 years of progressive IT or technology experience, including at least 5 years within the past decade supporting large-scale federal technical contracts. At least 7 years of cybersecurity experience, with 5 years focused on threat analysis in SOC or CSIRC environments supporting government systems. Required Certification: Certified Information Systems Security Professional (CISSP). Preferred Certifications: GIAC Certified Intrusion Analyst (GCIA), Certified Ethical Hacker (CEH), CompTIA Cybersecurity Analyst (CySA+). Required: Information Technology Infrastructure Library (ITIL) 4 Foundation certification. Strong understanding of cybersecurity frameworks and principles (NIST 800-53, FISMA, RMF, ISO 27001). Proven experience with enterprise risk management, incident response, and vulnerability remediation. Excellent analytical and problem-solving skills, with strong attention to detail. Effective communication and interpersonal skills to collaborate across technical, executive, and federal teams. Ability to lead multiple projects simultaneously and deliver results under tight deadlines. Physical and Mental Qualifications Be able to maintain awareness during scheduled working hours. Prolonged periods sitting or standing at desk and working on a computer (mouse and keyboard). Able to lift up to 15 pounds. Excellent verbal and written communication; good command of the English language. Execute tasks independently and work as a team. Learns and memories routine tasks. Strong organizational, grammar, business correspondence, and self-management skills. Candidates must be able to perform the essential functions of the position satisfactorily. If requested, reasonable accommodation will be provided for employees with disabilities. DVS retains the right to change or assign other duties to this position. Equal Opportunity DirectViz Solutions, LLC (DVS) is an equal opportunity employer and prohibits discrimination and harassment against any employee or applicant for employment because of race, color, sex (including pregnancy), age, gender identity, creed, religion, national origin, sexual orientation, marital status, genetic information, disability, political affiliation, protected veteran status, or any other status protected by federal, state or local law. DVS has a zero-tolerance policy for harassment, threats, coercion, discrimination, and intimidation. Employees may file a complaint or exercise any right protected by Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, as amended, Section 4212 of the Vietnam Era Veterans Readjustment Assistance Act of 1974, or the Veterans Employment Opportunities Act of 1998. #J-18808-Ljbffr

A government contracting firm in Washington DC is seeking a Security Engineer to support federal customers. This is a hybrid position requiring onsite work four to six days a month. The ideal candidate will have a strong background in security processes, active directory management, and Azure ecosystem. Applicants should possess a bachelor's degree and relevant certifications, with 7+ years of IT experience, including 3 years in cybersecurity. A competitive salary between $100,000 and $110,000 is offered. #J-18808-Ljbffr

Evolver Federal is seeking a Lead Cyber Threat Analyst to fulfil a requirement for a potential government client. The Lead Cyber Threat Analyst is responsible for identifying, analyzing, and mitigating advanced cyber threats targeting federal systems and critical infrastructure. This role focuses on proactive threat hunting, intelligence analysis, and developing strategies to detect and disrupt adversary tactics, techniques, and procedures (TTPs). The Lead Cyber Threat Analyst will lead a team of analysts, collaborate with SOC and incident response teams, and provide actionable intelligence to strengthen the organization's cybersecurity posture. This position requires deep expertise in threat analysis, malware research, and adversary emulation within highly regulated environments. Responsibilities Lead cyber threat analysis and intelligence operations to identify emerging threats and vulnerabilities. Conduct proactive threat hunting across enterprise and cloud environments using advanced analytics. Analyze adversary TTPs and develop detection strategies aligned with MITRE ATT&CK framework. Oversee malware analysis, reverse engineering, and forensic investigations for complex incidents. Integrate threat intelligence feeds into SOC workflows and detection platforms. Leverage AI-driven threat detection techniques to enhance predictive and adaptive security capabilities. Apply Zero Trust principles across detection, response, and access control strategies to strengthen enterprise resilience. Implement cloud-native security solutions to safeguard workloads and data in multi-cloud environments. Prepare and deliver executive-level threat reports, risk assessments, and strategic recommendations. Collaborate with SOC, incident response, and engineering teams to enhance detection and response capabilities. Maintain and update threat intelligence platforms and knowledge bases. Support development of playbooks for threat hunting and incident response automation. Ensure compliance with federal cybersecurity frameworks (NIST 800-series, RMF, TIC 3.0). Mentor and coach junior analysts to develop technical expertise and career growth. Manage cross-functional SOC projects, ensuring alignment between threat analysis, incident response, and engineering teams. Drive process improvements and best practices across SOC operations to enhance efficiency and resilience. Basic Qualifications Bachelor's Degree in Computer Science, Information Management (IM), Information Technology, Engineering, or equivalent with 6 years of technical experience and 4 years' experience in IT Solutions at senior management Certified Information Systems Security Professional (CISSP) Certified Security Analyst, Certified Ethical Hacker, or similar certifications Project Management Institute (PMI) Project Management Professional (PMP) (Highly Recommended) Information Technology Infrastructure Library (ITIL) 4 Foundation 10 years of successful enterprise experience in an IT or technology-related field, with the last 5 years, on large government technical BPAs/contracts US Citizen with the ability to pass a comprehensive government background check Preferred Qualifications Experience managing or supporting cybersecurity operations, including SOC functions, in a federal or highly regulated environment Experience leading cybersecurity programs within federal civilian agencies Master's degree in a technical or management-related field GIAC (GCTI, GCFA) or AWS/Azure security certifications Knowledge of RMF, NIST 800-series, OMB A-130, and TIC 3.0 policies Experience with performance-based contracts and cross-functional team leadership Strong communication skills, including experience delivering executive briefings and incident communications Expertise in threat intelligence platforms (TIPs) and SIEM tools (Splunk, Elastic). Familiarity with SOAR platforms and automation for threat detection and response. Experience with malware reverse engineering and memory forensics. Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and threat modeling methodologies. Hands-on experience with cloud threat analysis (AWS, Azure, GCP) and container security. Ability to lead advanced threat hunting campaigns and mentor junior analysts. Understanding of nation-state threat actors and advanced persistent threats (APTs). Experience integrating threat intelligence into vulnerability management and risk scoring. Knowledge of scripting languages (Python, PowerShell) for automation and custom detection. Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law. Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. #J-18808-Ljbffr

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril's family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years. ABOUT THE TEAM Anduril employs a variety of networks and networking infrastructures to support global operations. Information Systems Security Managers are in charge of directly supporting business lines that wish to deploy Anduril products in classified environments. Information Systems Security Managers lead lean teams of Information Systems Security Officers to enable the program personnel to create contract deliverables. Well versed in Information Technology and the Risk Management Framework, Information Systems Security Managers are the driving force of Anduril's classified deployments. Forward thinkers capable of managing Business Line needs as well as critical thinking skills in order to drive customer requirements are the best candidates for a Information Systems Security Manager. ABOUT THE JOB WHAT YOU'LL DO Provide expertise in documenting security controls to reduce the administrative cost of deploying Anduril's products into operational environments. Partner with program and security teams to coordinate security artifacts in support of classified deployments. Apply technology standards from the commercial space in classified, air-gapped environments. Collaborate with Information System Owners to understand key stakeholders' needs and provide complex technical solutions to meet contractual obligations. Tailor NIST 800-53 controls to determine applicability to the network environment and oversee the implementation of Continuous Monitoring for respective programs. Define, document, and conduct security scanning on Anduril's products and accredited information systems. Scope, shape, and orchestrate the development of features to ensure products meet compliance goals. REQUIRED QUALIFICATIONS Design, develop, and implement secure systems and networks per NIST RMF, JSIG, and other industry standards. Integrate security best practices into Anduril's Software Development Lifecycle (SDLC) and infrastructure design, collaborating with internal IT and engineering teams. Conduct security risk assessments, vulnerability assessments, and audits to identify and mitigate threats. Recommend and implement security solutions, such as IDS/IPS, encryption protocols, and secure communications technologies. Develop and enforce access controls, encryption strategies, and other technical measures to safeguard systems. Maintain and update System Security Plans (SSPs), POA&Ms, and other accreditation documentation. Security Management (ISSM): Manage the organization's security posture, ensuring compliance with internal policies and external regulatory frameworks. Oversee Authorization and Accreditation (A&A) processes to obtain/maintain system Authority to Operate (ATO). Lead incident response efforts, including investigation, root cause analysis, containment, and reporting. Conduct regular audits, continuous monitoring, and risk assessments to ensure ongoing compliance and system resilience. Collaborate with government security officials, stakeholders, and teams to address security gaps and improve controls. Develop and deliver security awareness training and ensure adherence to security best practices. Provide leadership and mentorship to security team members, fostering a culture of cybersecurity excellence. Currently possesses and is able to maintain an active U.S. Top Secret security clearance. PREFERRED QUALIFICATIONS Experience with application security paradigms such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). As well as the tools needed to perform these actions. Proven experience in securing micro-services architecture, including implementing best practices and compliance with DoD cybersecurity standards. Experience with cybersecurity in unmanned and ground control system within DoD environments. Experience with containerization and kubernetes along with the best practices for securing them. Experience with Cloud Service Providers (CSPs) and the various tools they offer for implementing security and compliance best practices. US Salary Range $150,000 - $225,000 USD The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process. Anduril is an equal-opportunity employer committed to creating a diverse and inclusive workplace. The Anduril team is made up of incredibly talented and unique individuals, who together are disrupting industry norms by creating new paths towards the future of defense technology. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process. If you are someone passionate about working on problems that have a real-world impact, we'd love to hear from you! To view Anduril's candidate data privacy policy, please visit ********************************************** #J-18808-Ljbffr

A well-respected law firm in Washington, DC is seeking an experienced Information Security Engineer to enhance its security operations. This role offers the flexibility to work entirely remote or on-site. The ideal candidate will have a strong background in information security, excellent communication skills, and the ability to collaborate remotely. Competitive salary range is $122,000 to $160,000 annually, with additional benefits available. #J-18808-Ljbffr

A leading technology solutions provider in Bethesda, MD is seeking a Cyber Security Engineer to deliver expertise and support in cloud and on-premises security infrastructures. The ideal candidate will have a minimum of a BS degree and 8+ years of relevant experience, coupled with strong analytical and problem-solving skills. This position requires an active TS/SCI clearance and at least one IAT Level II certification. Opportunities for additional responsibilities and certifications available. Join a team that values innovation and collaboration. #J-18808-Ljbffr

Your growth matters to us - explore our career development opportunities. BE EMPOWERED TO SUCCEED Connect with others in our people‑first culture and enhance our collective ingenuity. SUPPORT YOUR WELLBEING Learn how we'll support you as you pursue a balanced, fulfilling life. YOUR CANDIDATE JOURNEY Discover what to expect during your journey as a candidate with us. IDS and IPS Cyber Security Engineer We are seeking an experienced Network Intrusion Detection Engineer to join our cybersecurity team. The ideal candidate must possess strong Linux engineering expertise with experience managing YAML configuration files, and how these configurations integrate and influence the Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS). You will leverage hands‑on engineering and O & M experience with Suricata or other network‑based IDS capabilities such as Snort, VectraAI, or Corelight. You will play a critical role in deploying, tuning, and maintaining the IDS within a complex enterprise IT environment, primarily running on Red Hat Enterprise Linux. Work with us as we secure and protect our nation's most sensitive capabilities. The Opportunity What You'll Work On: Designing, deploying, and maintaining IDS / IPS systems across a large enterprise with multiple networks. Developing, reviewing, and optimizing YAML configuration files to ensure optimal detection capabilities and minimal false positives. Understanding and managing the interaction between YAML configuration and its runtime engine, including rule loading, protocol decoding, and logging. Tuning IDS / IPS for optimal performance with NICs, including configuring Direct Memory Access (DMA), RSS queues, interrupt coalescing, and leveraging any NIC‑specific acceleration features. Collaborating with security teams to integrate IDS / IPS with SIEM and other security monitoring platforms. Troubleshooting installation and operational issues specific to IDS / IPS on Red Hat Enterprise Linux, addressing compatibility, kernel module requirements, SE‑Linux policies, and performance tuning. Identifying and mitigating common pitfalls encountered when deploying IDS / IPS in large‑scale enterprise environments, including package dependencies, system resource constraints, and NIC driver or configuration issues. Providing detailed documentation and runbooks for Suricata configuration, tuning NICs, and deployment processes. Staying current with platform IDS / IPS software releases, NIC driver updates, and community best practices for network interface tuning and IDS / IPS performance enhancement. You Have: Experience working with network IDS / IPS systems such as Snort, Suricata, or Corelight, including hands‑on management of YAML configuration files. Experience administering Red Hat Enterprise Linux (RHEL) systems, including package management, such as yum or dnf, kernel module management, SE‑Linux configuration, and system optimization via Unix CLI and remote shell access vectors, such as PuTTY or SSH. Experience tuning Suricata for high‑performance packet capture with Napatech NICs or advanced network interface cards. Experience with NIC‑specific features such as DMA, Receive Side Scaling (RSS), interrupt moderation, and off‑load capabilities, and how to configure them for Suricata. Experience troubleshooting Suricata's interaction with NIC drivers and kernel modules in an enterprise environment. Knowledge of configuration structure, syntax, and how it controls detection rules, logging, and output modules. Active TS/SCI clearance; willingness to take a polygraph exam. Associate's degree and 5+ years of experience supporting IT projects and activities or Bachelor's degree and 3+ years of experience supporting IT projects and activities or Master's degree and 1+ years of experience supporting IT projects and activities. DoD 8570 IAT Level II Certification, including Security+ CE, CCNA‑Security, GSEC, SSCP, CySA+, GICSP, or CND Certification. Ability to obtain a DoD 8570 Cyber Security Service Provider - Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND Certification, within 60 days of start date. Nice If You Have: Experience with scripting languages, such as Bash, Python, YAML, or Ansible to automate Suricata configuration and deployment tasks. Experience integrating Suricata with Splunk or other SIEM solutions. Experience with Detection and Response (NDR) solutions, including with Trellix or FireEye, Corelight, Endace, Vectra AI, Darktrace, Cisco Security Network Analytics, Open XDR, Fortinet FortiNDR, or Trend Vision. Knowledge of network protocols, intrusion detection methodologies, and security event correlation. Knowledge of containerized deployments of Suricata, such as Docker or Kubernetes, in enterprise environments. Ability to be a self‑starter, work without considerable direction, and work with a team. Possession of excellent verbal and written communication skills, including client briefings and coordinating efforts. Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required. Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well‑being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page. Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract‑specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date. Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud. Work Model Our people‑first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely. If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility. If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role. Commitment to Non‑Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law. #J-18808-Ljbffr

A technology solutions provider seeks a Senior Backend/Middleware Engineer to develop secure, high-performance API and middleware solutions. This remote role requires expertise in Java and Spring Boot, with responsibilities including designing RESTful APIs and implementing security protocols. Ideal candidates will have experience with OAuth 2.0, OpenID Connect, and authorization principles. Benefits include health insurance, 401(k), and paid time off. #J-18808-Ljbffr

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in‑office culture with specific requirements for office‑based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role‑specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Bank of America is one of the world's leading financial institutions, serving over 66 million consumers and small businesses. Company success is only possible with a strong cyber defense, which enables Bank of America to safely conduct global operations across the United States and in approximately 35 countries. Our primary goal is to safeguard not only the company, but our clients and their trust. The Malware Defense Team is looking for top talent who would like to join one of the most advanced cybersecurity teams in the world. Responsibilities In-depth analysis of malware, including authoring analysis reports. Tracking malware campaigns, malicious actors, and related infrastructure. Creation of tools and scripts to assist in the analysis of malware analysis. Field escalations of potentially malicious files and websites from teams within Malware Defense. Required Qualifications Strong direct experience of analyzing malware. Intermediate to advanced malware analysis skills. Experience creating innovative ways to track progression of malware families, infrastructure, and campaigns conducted by e‑crime, and cyber espionage actors. Experience creating tools and scripts to accelerate malware and threat analysis. Background in network traffic analysis - WireShark, Fiddler, proxy logs, etc. Experience analyzing malicious web content such as ClickFix, ClearFake, SocGholish, etc. Experience authoring YARA, Suricata, and EKFiddle detection rules. Experience with penetration testing and/or adversary emulation is a plus. Able to work independently on tasks, but also work well within a team environment. Desired Qualifications Experience analyzing malware targeting Linux, Android, and IOT platforms. Skills Cyber Security Data Privacy and Protection Problem Solving Process Management Threat Analysis Business Acumen Data and Trend Analysis Interpret Relevant Laws, Rules, and Regulations Risk Analytics Stakeholder Management Access and Identity Management Data Governance Encryption Information Systems Management Technology System Assessment Shift: 1st shift (United States of America) Hours Per Week: 40 Pay Transparency details US - CO - Denver - 1144 15th St - Denver GIS (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540) Pay and benefits information Pay range $95,700.00 - $144,900.00 annualized salary, offers to be determined based on experience, education and skill set. Discretionary incentive eligible. This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry‑leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve. #J-18808-Ljbffr

A leading technology consulting firm is seeking a DevSecOps Architect with over 12 years of experience in building secure and scalable solutions. The role demands strong proficiency in automation tools, cloud security, and container orchestration. Ideal candidates will possess cloud certifications and an active TS/SCI Clearance. This position offers the opportunity to work in a fast-paced environment while collaborating effectively with both technical and non-technical stakeholders. #J-18808-Ljbffr

The Information Technology Department of Arnold & Porter has an opening for an Information Security Engineer in the Washington, DC office or may work 100% virtual/remote in a firm-approved U.S. state as part of the “Gideon” office. The Information Security Engineer is a technical security expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter. Under the direction of the Manager of Information Security, the Information Security Engineer helps to ensure the overall security posture of the firm, and is expected to be involved in day-to-day security operations and contribute to ensuring the integrity and availability of the firm's IT and application infrastructure and the confidentiality, integrity, and availability of the firm's data in support of enterprise IT objectives and client service delivery needs. Responsibilities Security Operations Performing security log and event analysis using EDR, SIEM and log aggregation systems. Monitoring and proactively executing the vulnerability management program to prevent or reduce IT hygiene risk issues from impacting production systems. Maintaining and managing security toolsets such as Application control systems, EDR/AV, Email Security platform, Attack simulation platform, Threat intelligence/hunting, and Security related artificial intelligence tools. Supporting security incident response and investigation efforts as directed. Helping validate and track IT operational activities to ensure compliance with policy, standards, and other applicable requirements. Researching and identifying security vulnerabilities and relevant industry/cybersecurity trends for follow-up and action. Regularly reporting and tracking IT security events and metrics along with remediation activities. Helping support third‑party risk management efforts as assigned. Helping support the firm security awareness training program as assigned. Helping support the firm's IT Compliance efforts as assigned. Participating in IT Security on‑call rotation. Security Engineering & Architecture Advising and assisting with planning of security systems and standards by evaluating network and security technologies, developing security requirements for the enterprise infrastructure, and maintaining overall user access and data protection control. Reviewing newly requested applications and SaaS and application changes for security impacts and possible remediation to address security risk. Actively participating in the enterprise Change Advisory Board (CAB). Conducting research and providing recommendations on methods, software, and technologies to mitigate risk exposures. Helping to develop and contribute to security policies, standards and procedures. Qualifications Education/Experience Four‑year college degree preferred; equivalent experience will be considered. Minimum of three (3) years of experience in Information Security, or equivalent experience in IT-related fields with secondary security responsibilities. Technical Skills Experience and understanding of Windows, Unix/Linux, and Active Directory. Solid understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, and routing protocols. Experience and technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, application security, and cloud security. Proficient in Windows operating systems, Microsoft Office Suite, and related software. Skilled in leveraging artificial intelligence tools for daily work. Strong remote collaboration capabilities. Communication & Writing Communicate complex technical information clearly to non-technical audiences. Excellent oral and written communication, including reports, business correspondence, and procedure manuals. Effective presenter to diverse groups, including managers, clients, and the public. Ability to identify and apply the appropriate method of communication. Professionalism & Judgment Strong personal initiative, judgment, and professionalism. High level of confidentiality and discretion. Exceptional client service for both internal and external stakeholders. Problem‑Solving & Strategic Focus Strong problem‑solving skills and strategic thinking. Ability to define goals, prioritize tasks, and follow through to achieve results. Detail‑oriented with excellent organizational and time‑management skills. Capable of handling multiple tasks in fast‑paced environments. Flexibility & Commitment Reliable, dependable, and motivated. Flexible to work additional hours as needed. Willingness to travel (1-4 weeks per year, or more if required). The anticipated base salary for this position is $122,000 to $160,000. The actual base salary offered will depend on a variety of factors, including, without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. The firm may provide a discretionary bonus annually. Arnold & Porter is an equal opportunity employer that does not discriminate on the basis of race, color, creed, religion, national origin, sex, pregnancy and childbirth (including breastfeeding and related medical conditions), age, marital or partnership status, familial status, sexual orientation, gender, gender identity, gender expression, transgender, physical or mental disability, medical condition, family leave status, citizenship status, immigration status, ancestry, genetic information, military or veteran status, or any other characteristic protected by local, state or federal laws, rules or regulations. Our Firm's equal opportunity policy applies to all employment practices and terms and conditions, including, without limitation, recruitment, employment, assignment, training, compensation, benefits, promotions, disciplinary action and terminations. For purposes of the firm's Anti-discrimination and Anti-harassment Policies, the term "race" includes, without limitation, traits historically associated with race, including, but not limited to, hair texture and protective hairstyles, such as braids, locks, and twists. #J-18808-Ljbffr

A high-tech company is seeking a Lead Security Engineer to oversee cybersecurity operations within the DC area. The ideal candidate will lead efforts to ensure compliance with federal security standards while managing vulnerabilities and incidents. Qualifications include a Bachelor's in Cybersecurity, 8-10 years of relevant experience, and necessary security clearances. The position offers a competitive benefits package, including health and retirement plans, within an office setting with occasional travel expectations. #J-18808-Ljbffr

A leading cybersecurity firm is seeking an Information Systems Security Engineer (ISSE) to support secure, mission-focused information systems in a high-impact government environment. The ISSE will work on cybersecurity controls design, implementation, and maintenance, ensuring systems meet federal requirements. The ideal candidate will have 3-5 years in cybersecurity, TS Clearance, and practical experience with NIST RMF as well as familiarity with various security tools. This role offers the opportunity to contribute significantly to the security of government missions. #J-18808-Ljbffr

Novacoast Staffing is currently assisting a financial government institution in its search for an experienced Firewall Security Engineer that is experienced in Palo Alto Firewalls for a contract role that is expected to go a minimum of 2 years with option to extend. This is a hybrid role with a few days onsite in Alexandria VA and a pay range of 60-68/ hour. To qualify for this role, you must be able to pass an extensive federal background check. Qualifications To qualify for this position, you must have at least 5 years of experience with Palo Alto Next Generation firewalls, Zero Trust, and strong knowledge of advanced firewall features such as Wildfire, App-ID, User-ID, Global Protect, Security, and NAT policies, within Cloud environments. Responsibilities In this role, you will be responsible for the design, administrations, and management of Palo Alto Firewalls using Centralized Panorama Management. You will also be responsible for configuration and troubleshooting IPSEC site-to-site VPNs and SSL decryption on Palo Alto Firewalls. Requirements 5+ years experience with Palo Alto next-generation Firewalls and working in cloud and Zero Trust environments Strong knowledge of advanced firewall features such as Wildfire, App-ID, User-ID, Global Protect, Security and NAT policies Expert level knowledge in the design, administration of Palo Alto Firewalls using Centralized Panorama Management Expert level knowledge in configuration and troubleshooting IPSEC Site-to-Site VPNs US Citizenship is required due to the position being with a Federal Client If this role is aligned with your next career move, submit your resume today for immediate consideration! Job Type: Contract Pay: $60.00 - $68.00 per hour #J-18808-Ljbffr

A leading AI research company in San Francisco is hiring a Security Engineer, specializing in application security. Responsibilities include conducting security assessments, developing security tools, and collaborating with development teams to integrate security best practices throughout the software development lifecycle. The ideal candidate has extensive experience in cybersecurity and strong programming skills. This role offers a hybrid work model with relocation assistance. #J-18808-Ljbffr

Conviso Inc is looking for ISSO Officer for onsite Job. This role comes with benefits, 401K & some accrued PTO. The Ideal must have hands-on technical and analytical experience supporting the RMF lifecycle, cybersecurity monitoring, continuous authorization, and security control assessments. Are you open to new opportunities & could this be of interest? On Site Job at 3 locations - Albuquerque NM, Las Vegas NV, Germantown MD Active Top-Secret Clearance Required Title: Information System Security Officer (ISSO) Minimum 3 years as an ISSO Required Skills: ISSO personnel must understand and interpret data from security tools and apply NIST frameworks with precision. Capabilities include: Proficiency in NIST SP 800-37, 800-53, 800-60, FIPS 199, CNSSI 1253. Ability to perform risk assessments, system categorization, and control selection. Experience with eGRC tools (e.g., Archer) for documentation, continuous monitoring, and POA&M management. Responsibilities: Prepare: Support enterprise, mission, and system-level RMF readiness, establish tailored baselines, identify assets, assess risks, and determine system placement in the enterprise architecture. Categorize Information Systems: Perform FIPS 199 categorization, develop SSP subsections, register systems, and ensure early engagement with developers to integrate cybersecurity impact analysis. Select Security Controls: Document, implement, and validate selected controls, incorporating security architecture, privacy requirements, and common control inheritance. Assessment: Develop assessment plans, test controls, produce SARs, document findings, and support POA&M development. Data Calls: Provide timely and accurate evidence and responses using approved tools. Internal & External Assessments: Support audits, collaborate with internal and external partners, and perform self-assessments. Program-Level Documentation Support: Maintain program policies, adjudicate comments, and assess the impact of federal directives and legislation.

A technology firm is seeking a Software Engineer to design, develop, and integrate secure computing environments supporting critical mission objectives. The role requires experience in full-stack development, AWS services, and Infrastructure-as-Code tools. Ideal candidates will collaborate with cross-functional teams and possess strong scripting skills. Preferred certifications include AWS Certified Solutions Architect. This position is based in Washington, D.C. #J-18808-Ljbffr

A financial services company in McLean is looking for an experienced Senior Product Manager to lead Cloud Software Defined Networking efforts. This role focuses on driving innovative solutions and requires at least 5 years of experience in product management along with a strong educational background in quantitative fields. The position offers competitive salaries and benefits while promoting a collaborative work environment. #J-18808-Ljbffr

Clearance: Active Secret Employment Type: Full-Time We are seeking a Principal Cloud Security Engineer to lead the design, automation, and enforcement of security across large-scale federal cloud environments. This role focuses on cloud security architecture, DevSecOps automation, and secure platform enablement in a multi-cloud ecosystem. The ideal candidate is highly technical, self-directed, and comfortable operating as the senior security authority for cloud platforms. You will define secure patterns, implement guardrails at scale, and embed security directly into infrastructure and CI/CD pipelines. Key Responsibilities: Cloud Security Architecture: Design and guide secure architectures across AWS, Azure, and GCP, including GovCloud and restricted environments Define and enforce security baselines aligned with NIST 800-53, FedRAMP, and CIS Benchmarks Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads DevSecOps & Automation: Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning) Implement policy-as-code guardrails using tools such as AWS SCPs, Azure Policy, and cloud-native governance services Develop automated remediation and enforcement workflows to reduce manual security effort Governance, Compliance & Visibility: Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts Partner with compliance teams and auditors on evidence collection and continuous monitoring Implement centralized logging, monitoring, and incident response across cloud environments Technical Leadership: Serve as the senior cloud security SME for engineers, architects, and stakeholders Mentor engineers on secure cloud development and DevSecOps practices Translate complex security concepts to both technical and non-technical audiences Required Qualifications: Active Secret clearance 8+ years in cybersecurity or cloud engineering, including 5+ years focused on cloud security Deep hands-on experience securing AWS, Azure, or GCP (experience in at least two preferred) Strong Infrastructure as Code experience (Terraform strongly preferred) Experience integrating security into CI/CD pipelines (GitHub Actions, GitLab, or similar) Proficiency in Python, Go, PowerShell, or Bash Strong understanding of IAM, networking, encryption, key management, and cloud-native security services Ability to operate independently and define security priorities without daily direction Preferred Qualifications: Experience securing GovCloud, DoD IL5/IL6, or other regulated cloud environments Kubernetes and container security experience Zero Trust architecture implementation experience ServiceNow integrations for security workflows Cloud security certifications (AWS Security Specialty, Azure Security Engineer, etc.) What Makes This a True Principal Role: Highly hands-on and deeply technical Owns security outcomes rather than executing predefined tasks Heavy DevSecOps and IaC focus Large-scale, multi-cloud environment Architecture and influence matter as much as implementation