Information security analyst jobs in East Wenatchee, WA

Job Title: “Information Security Specialist” (Cyber security analysis) Duration: 9+ Months (with high possibility of extending into full time) Job Description: This position is in Corporate Information Security and under the direction of the Manager, Third-Party Cybersecurity Assessments. The Cybersecurity Assessment Analyst will perform cybersecurity assessments on new and existing third parties. The Analyst will construct detailed and summary reports of assessments, including customized reports, as needed. The Analyst will work with Subject Matter Experts (SME) to develop and apply risk assessment criteria (aligned with Policy) to new and existing suppliers using internal and external business intelligence. The Analyst will work with Third-Party Risk Management, Privacy and Legal Counsel, Procurement and Contract Managers, Compliance, and Business Owners to develop and maintain an internal service model that informs the business of key risks in a timely manner to limit unnecessary impediments and avoid bureaucracy. Specific responsibilities: - Coordinate the development of information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that company policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the user community - Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors - Serve as the company compliance officer with respect to state and federal information security policies and regulations. Work with the -designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary. Prepare and submit and submit required reports to external agencies. - Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties. - Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities. - Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing. Required Qualifications: Talent management, results focus and inspirational leadership. Essential Functions • Conduct third-party cybersecurity risk assessments, applying established criteria • Support assessment team with quality assurance reviews over work product and reporting • Collaborate with internal partners and third parties to mitigate and otherwise resolve third-party cyber risks • Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards • Demonstrate consistent credibility with business partners and leadership while recommending initiatives, identifying gaps, and potential issues • Continuously demonstrate the ability to work independently while representing the services of the department with the highest level of professionalism • Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so Preferred Qualifications: • Solid background both educationally and via professional experience. No less than 3 years' professional experience in business operations, project/program management, finance, risk management, information security, business analytics or similar. • Experience in large companies and/or complex environments, or providing professional consulting services for them. • Demonstrated abilities in problem-solving and analysis: identifies issues, analyses information to assess root cause and relationships, risks, and potential risk responses. Proven ability to synthesize and summarize complex data into concise recommendations and reports. • Demonstrated strong business writing and professional oral communication skills. • Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment-with only periodic supervision. • Ability to work collaboratively and manage and initiate effective cross-functional relationships. • Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses. Desired • Analytical - Synthesizes complex or diverse information; Collects and researches data; employs intuition and experience to complement data; Designs work flows and procedures. • Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness. Applies feedback to improve performance; Monitors own work to ensure quality • Planning/Organizing - Prioritizes and plans work activities to achieve success; Sets and achieves goals and objectives; Develops realistic action plans • Professionalism - Reacts well under pressure; Keeps commitments; Accepts responsibility for own actions. • Career Growth: Focus on cyber security auditing with potential advancement goals in engineering or threat analysis roles • Self-directed team player with Agile environment experience Education Minimum Required • Bachelor's Degree • Equivalent experience is acceptable. License or Certification Desired: (one of the following): CISA (Certified Information Systems Auditor) GSEC (GIAC Security Essentials Certification) CompTIA - Security+ ECSA - EC-Council Certified Security Analyst SSCP (Systems Security Certified Practitioner) Other: Six Sigma, PMP or Agile certificates Other comments - suppliers: Organizational skills; office suite knowledge; and good communication skills are “must haves”. Cyber security analysis experience is preferred. Additional Information All your information will be kept confidential according to EEO guidelines.

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

We exist to wow our customers. We know we're doing the right thing when we hear our customers say, "How did we ever live without Coupang?" Born out of an obsession to make shopping, eating, and living easier than ever, we're collectively disrupting the multi-billion-dollar e-commerce industry from the ground up. We are one of the fastest-growing e-commerce companies that established an unparalleled reputation for being a dominant and reliable force in South Korean commerce. We are proud to have the best of both worlds - a startup culture with the resources of a large global public company. This fuels us to continue our growth and launch new services at the speed we have been since our inception. We are all entrepreneurs surrounded by opportunities to drive new initiatives and innovations. At our core, we are bold and ambitious people that like to get our hands dirty and make a hands-on impact. At Coupang, you will see yourself, your colleagues, your team, and the company grow every day. Our mission to build the future of commerce is real. We push the boundaries of what's possible to solve problems and break traditional tradeoffs. Join Coupang now to create an epic experience in this always-on, high-tech, and hyper-connected world. Role Overview As our Cyber Security Incident Response Team (CSIRT) for our Seattle office, you will be a part of our special forces within the BlueTeam. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyze, respond and neutralize attacks. The BlueTeam is responsible for the detection and response to credible threats. We work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Coupang systems. BlueTeam CSIRT Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis. The Senior Security Engineer position requires an experienced CSIRT personnel that have expert working knowledge in IR, investigation and hunt techniques, root-cause security flaws and vulnerabilities, quickly assessing the potential cyber threats. Security Engineers are also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices. What You Will Do Analyze and respond to security anomalies, intrusion attempts, and breaches, and root cause analysis, containment, creating the report Threat hunting to find undetected security threat from the SOC using data from end points, servers, clouds, network and other sources Ticket review, and security analysis escalated from SOC Improvement of incident response policies and procedures, and process of SOC. - Analyze and respond to Web security events by CDN security solutions (e.g. Akamai, CloudFlare) Analyze and respond to Email Security events Oncall to response urgent security events or security issues Collaborate effectively with internal teams through efficient communication Minimum Qualifications Bachelors Degree in Computer Science or a related technical field or equivalent professional experience. 2 years of experience in information Security with experience in Cyber Security Incident Analysis Preferred Qualifications 8+ years of experience in information security with at least 5+ years as a Cyber Security Incident Analyst Experience of Host based security investigation (Windows, Linux, Network/Security appliances) Experience of analyzing security event and knowledge of AWS or Cloud environment Experience of analyzing security event from Web security solutions (Akamai, CloudFlare) Experience of analyzing security event from network security and SaaS solutions (IPS/IDS, Network Monitoring solutions, Email Security, O365, etc) Experience of analyzing security event from endpoint security solutions (EDR, HIPS, Anti-Virus, DLP, etc) Experience and skills querying SIEM Solutions for analyzing security events from the logs Skill to analyze big data or big size logs Experience in Automation and Scripting using Bash, Python, PowerShell Proactive and proactive work attitude Pay & Benefits Our compensation reflects the cost of living across several US geographic markets. At Coupang, your base pay is one part of your total compensation. The base pay for this position ranges from $108,000/year in our lowest geographic market to $232,000/year in our highest geographic market. Pay is based on several factors including market location and may vary depending on job-related knowledge, skills, and experience. General Description of All Benefits Medical/Dental/Vision/Life, AD&D insurance Flexible Spending Accounts (FSA) & Health Savings Account (HSA) Long-term/Short-term Disability Employee Assistance Program (EAP) program 401K Plan with Company Match 18-21 days of the Paid Time Off (PTO) a year based on the tenure 12 Paid Holidays Paid Parental leave Pre-tax commuter benefits MTV - [Free] Electric Car Charging Station General Description of Other Compensation "Other Compensation" includes, but is not limited to, bonuses, equity, or other forms of compensation that would be offered to the hired applicant in addition to their established salary range or wage scale. Coupang is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or gender (including pregnancy, gender identity, gender expression, sexual orientation, transgender status), national origin, age, disability, medical condition, HIV/AIDS or Hepatitis C status, marital status, military or veteran status, use of a trained dog guide or service animal, political activities, or affiliations, citizenship, or any other characteristic or class protected by the laws or regulations in the locations where we operate. If you need assistance and/or reasonable accommodation in the recruiting process due to a disability, please contact us at ************************. Requisition # R0064937

At SERVISS, we deliver cutting-edge cybersecurity and IT solutions to government and commercial clients, with a mission to secure systems, data, and critical infrastructure through innovation and expertise. As we expand our capabilities, we're seeking a highly skilled and talented Information Assurance Professional. Position Summary We are seeking a dynamic and versatile Information Assurance Professional to support a high-impact U.S. Government program. The ideal candidate brings a rare balance of hands-on technical acumen and governance expertise-able to move seamlessly between engineering, architecture, and GRC functions. This role is pivotal in ensuring that systems are not only compliant but also resilient, secure, and aligned with federal risk management frameworks. Key Responsibilities · Serve as a trusted IA advisor, bridging technical engineering efforts with cybersecurity policy, governance, and risk management. · Collaborate with system architects and engineers to design secure solutions that meet compliance and mission requirements. · Support the development, review, and maintenance of key authorization documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). · Guide system owners and developers through the Risk Management Framework (RMF) process and associated controls (e.g., NIST 800-53, 800-171, CMMC, FedRAMP). · Translate complex technical risks and mitigation strategies into actionable GRC documentation and executive communications. · Conduct system security assessments, gap analyses, and continuous monitoring activities. · Coordinate with cybersecurity operations, incident response, and engineering teams to align IA strategy with operational realities. · Recommend and help implement security architecture improvements based on evolving threat and compliance landscapes. · Track and report on IA posture, risk status, and compliance progress across multiple systems or program areas. Required Qualifications · 10+ years of experience in information assurance, cybersecurity engineering, or GRC. · In-depth knowledge of federal compliance frameworks (e.g., NIST, FISMA, FedRAMP). · Strong technical foundation with the ability to understand complex systems, architectures, and security configurations. · Excellent verbal and written communication skills, including experience preparing formal security documentation and reports. · Demonstrated ability to work cross-functionally with engineering, architecture, operations, and policy teams. · Bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related field; or Associate's degree with 2+ years of additional relevant experience. Preferred Qualifications · Prior experience supporting U.S. federal agencies or DoD environments. · Professional certifications such as CISSP, CISM, CAP, CCSP, or Security+. · Experience with security automation tools and continuous compliance approaches. · Understanding of Zero Trust principles, DevSecOps environments, and modern system architecture. Why Join SERVISS Our goal as an employer is simple yet profound: to create an environment where you can be your best self, pursue your passions, and enjoy the freedom to thrive both personally and professionally. Your success is our success, and we're committed to supporting you every step of the way. Freedom to Thrive. · Be part of an exciting company with ground floor opportunities to include equity · Highly competitive compensation and best in class benefits · Opportunities for annual performance bonuses, growth incentives, and profit-sharing · 100% of medical, vision, dental, and life insurance premiums covered by SERVISS · 401(k) retirement plan with company match for the first 6% Note: This position is contingent upon contract renewal and funding from the sponsoring federal agency, anticipated end of May 2025.

Join us in stopping bad bots, for good! Kasada protects millions of online users everyday. Founded to stop automated bot attacks, we believe the internet should be a safe place for everyone. Bad bots are highly destructive. They take over accounts, steal content, overload systems and infrastructure and cause billions of dollars in damages every year. Seeking to restore trust in the internet, Kasada stops bots at the very first request including those that have never been seen before. We've grown from a few friends working out of a shipping container under the Sydney Harbour Bridge to now operating globally, we're spread across the world protecting some of the most well-known brands on the face of the earth. We're an innately curious team that's not afraid to bring bold ideas to create better ways of solving problems. We're looking for people who are passionate about solving some of the most difficult and pressing cybersecurity issues, while having fun doing it! The Role We're currently on the lookout for a Senior Security Analyst to join our Security Operations team, focused on taking on complex and high impact unwanted automation for our customers. This role will require you to act as an escalation point for other analysts, handle investigations end to end, and contribute to improving our investigative methods and tooling. Your experience in a similar role in a cyber security environment will be highly regarded. This position will allow you to apply your analytical skills in the fight against bad bots. Working with some of the world's biggest companies, you'll help reduce the damage caused by unwanted automation, while sharing your expertise and supporting our team. This is a remote role, to ensure timezone overlap with our Australia-based team candidates should be located on the West Coast. What you will be doing; Lead complex investigations and in-depth analysis of automated software activity within customer environments, driving cases to resolution. Act as an escalation point for incident response and threat detection, providing expert guidance on challenging or ambiguous cases. Apply and optimise a range of investigative tools and techniques to uncover patterns, anomalies, and root causes. Collaborate across teams to provide clear, actionable advice on complex investigations and contribute to improving detection and response processes. What you will bring; Demonstrable, recent experience in cybersecurity or IT security roles. Significant experience identifying and mitigating security risks in a web application or similar environments. Solid understanding of security frameworks, incident response methodologies, and threat intelligence. Familiarity with analytical security tools (e.g., Splunk, ElasticSearch, SQL, NoSQL databases). Solid knowledge of web technologies (TCP stack, HTTP/S, WebSockets, Browser Architectures, Operating Systems) Subject matter knowledge and awareness of automated cyber security attacks and/or bot groups. Relevant certifications (e.g., CISSP, CISM, CEH, Bachelors degree in a relevant field) are desirable but not essential. Critical and analytical mindset with proven ability to make sound, timely judgments. $140,000 - $175,000 a year The Benefits of being a Kasadian We want to ensure Kasada remains a great place to work and a place to do great work. It's important to us to build an inclusive environment where you can realize your full potential. We are a highly collaborative team regardless of location, placing a strong emphasis on our core values; and we have designed our benefits package so you can thrive, both inside and outside of work: - A stake in Kasada's global success with equity/stock options - Flexible working hours and arrangements - Create a schedule that suits you - Support for growing families - Generous parental leave allowances and resources to help in the lead up, during and after parental leave. - Resources for well-being to support your growth including our EAP - confidential counselling for you and your loved ones - Birthday leave - Wellness leave - An action packed calendar of fun in-person and virtual events Sound interesting? What's next? Hit the apply button and one of our team will set up an exploratory, confidential discussion. We have designed our hiring process to be streamlined and thorough so everyone can make the right call on whether it is the right move for you. We are an inclusive team and this extends to all candidates that interview with us. Interviews are conducted virtually however if you want to come onsite - just ask! When you apply, please tell us the pronouns you use and any adjustments you may need during the interview process, we want to ensure you are set up for success in every conversation. Still with us? Just a little bit more… Research shows that women and other marginalized individuals tend to only apply when they check every box. We're always keen to broaden our perspective, so if you think you have what it takes, but don't necessarily meet every single point above, please still get in touch, we'd love to have a chat and see if you could be a great addition to the team! Please note: Kasada is an e-verify employer (US based applicants only)

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: As a member of the Cyber Remediation Operations team, you will work closely with the Disney Entertainment business teams in protecting Disney's highly respected Disney Entertainment portfolio, including ESPN, Disney+, Hulu, and ABC. Responsibilities of Role: * Review reports, assessments, and findings to develop and prioritize appropriate remediation or corrective action plans. * Collaborate with IT, security teams, business partners, and operational teams to drive remediation of security deficiencies. * Regularly communicate portfolio health results to stakeholders, including technical and non-technical audiences. * Develop and document risk mitigation strategies when compliance cannot be achieved. * Analyze business areas and develop improvement plans to strengthen security posture. * Drive improvement to security baselines, policies and standards. * Verify implemented remediation and corrective action activity achieves compliance with TWDC policies and standards. * Stay updated on evolving cybersecurity threats, vulnerabilities, trends, technologies, and best practices and incorporate them into IT and business practices. * Consolidate data from multiple sources into clear, concise, actionable presentations for senior management, communicating data-driven insights. * Support the on-time delivery of security and compliance initiatives. Must Haves: * Minimum of 5+ Years of related cybersecurity experience * Demonstrated experience facilitating cyber remediation and vulnerability management. * Ability to handle confidential information with integrity. * Ability to work well with individuals and teams with varying technical and business backgrounds. * Understanding of security frameworks and standards. * Strong analytical, problem-solving, and critical-thinking skills with attention to detail. * Established problem-solving skills with an ability to develop creative alternatives to complex problems, as well as continuous process improvement skills. * Experience working in a security program for a large and complex organization. Nice to Haves: * Working knowledge of industry compliance programs such as PCI, SOX, etc. * One or more general security certifications including Security+, CySA+, AWS, GSEC, GICSP, CISSP, or other relevant certifications * One or more vulnerability assessment or auditing certification including CISA, CISM, GCCC, GSNA or other relevant certifications Education: * Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience #DISNEYTECH The hiring range for this position in Glendale, CA is $117,500 to $157,500 per year and in Seattle, WA is $123,000 to $165,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

GW Information Technology (GW IT) provides empowering tools and caring support for all members of The George Washington University (GW) community. We are focused on driving digital transformation and innovation to enable the academic and operational excellence of our students, faculty, staff, and researchers. At GW IT, we are committed to cultivating a team culture that values diversity, inclusion, respect and collaboration, and invests in each of our team members to grow in their technology and career skills. The Senior Cloud Security Analyst is a mid-level position within GW IT's Application Security team that will collaborate on application security risk assessments, threat modeling, vulnerability assessments specific to GW IT's cloud environment. Primary Responsibilities: Experience evaluating security controls and the application of commonly used cyber risk standards and frameworks: e.g., NIST 800-171, NIST -800-53, CIS , OWASP . Familiarity with cloud computing environments (e.g., AWS , Azure) Experience in the secure design of cloud-based solutions to measurable performance and security standards Familiarity with cloud-managed security services such as Amazon Inspector, AWS WAF and Shield, and AWS Directory Service. Ability to translate security risks and misconfigurations into product security rules and controls to map against standards, policies and procedures. Familiarity with AWS and Azure core cloud infrastructure capabilities, features, and services. Review cloud logging reports for events that occur in the cloud environment. Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position Minimum Qualifications Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 5 years of relevant professional experience, OR, a Master's degree or higher in a relevant area of study plus 3 years of relevant professional experience, OR a Bachelor's degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience. Preferred Qualifications 4 years of relevant experience with cloud security requirements Experience working within a distributed team via collaborative tools Certifications: 1+ security certification (e.g., CISSP ) Familiarity with Linux and Windows in cloud environments Experience in secure design of cloud-based solutions to measurable performance and security standards Ability to perform forensic file system analyses to identify indicators of compromise system timeline Experience evaluating log data and cloud-hosted virtual machines to detect security incidents and initiate appropriate steps as a first responder Experience assessing cloud-based security controls using security tools and threat modeling Work Schedule Monday - Friday, 8am - 5pm (occasional evenings and weekends)

A Senior Cyber Intrusion Detection Analyst is needed to provide advanced incident response and monitoring support. This is a hybrid position based in Washington, D.C., covering 5th shift work (7am7pm Saturday & Sunday, Friday 11pm7am, and Tuesday 7am3pm). Responsibilities Respond to cyber incidents, including SOC incident response calls and emails. Serve as Subject Matter Expert (SME) in investigations escalated from SOC Tier I & II analysts. Investigate phishing attempts and other potential cyber threats. Collaborate with SOC federal staff and Incident Handlers to triage, contain, and remediate incidents. Participate in Splunk engineer working groups to improve alerting rules and reduce false positives. Work closely with Threat Hunt and Security Intelligence teams to strengthen SOC capabilities. Follow established incident response procedures, while identifying process improvement opportunities. Manage incidents involving enterprise systems and sensitive data, including PII breaches. Detect, collect, analyze, and report cybersecurity incidents. Investigate and remediate malware infections. Analyze a variety of logs and alerts (firewall, IDS, malware, HIPS, PCAP, proxy, Windows/Active Directory, etc.) to identify anomalous activity and document findings. Conduct advanced log and malicious code reviews to support containment and recovery. Assist with cybersecurity workforce development by reviewing tickets and annotations. Required Qualifications Bachelors degree with 8+ years of cybersecurity experience (or equivalent). At least 6 years of intrusion detection examination experience. Experience with a wide range of security technologies and logging data, including WANs, IPS/IDS/HIPS, web logs, raw data logs, and event reviews. Strong knowledge of Splunk SIEM with 3+ years of advanced analytics experience (queries, Grep skills, firewall ACL review, Snort IDS events, PCAPs, and web server logs). Strong written and verbal communication skills. One or more advanced certifications, such as: CERT Certified Computer Security Incident Handler CEH (Certified Ethical Hacker) CISSP GCIH (Certified Incident Handler) GISF (Information Security Fundamentals) Clearance Must be able to obtain and maintain a Public Trust clearance. Working Place: Washington, D.C., District of Columbia, United States Company : 2025 Sept 11 Virtual Career Fair - GovCIO

Avint, LLC is seeking a highly skilled and mission-driven Information System Security Officer (ISSO) to join our team. The ideal candidate will bring deep technical expertise, hands-on experience securing complex systems, and a strong understanding of U.S. Government cybersecurity standards. This role requires a cybersecurity professional who can confidently lead system authorization activities, oversee compliance efforts, and ensure the security and integrity of both cloud and on-premises environments. Candidates must be U.S. citizens with an active Top Secret clearance and SCI eligibility, hold a DoD 8570 certification (such as CISSP or Security+), and be comfortable working on-site in Washington, D.C. or across the DC Metro area five days per week. This position also requires the ability to travel domestically and internationally up to 25%. Requirements Position Requirements: U.S. citizenship Active U.S. DoD Top Secret clearance with SCI eligibility Active DoD 8570 certification (e.g. CISSP, Security+) Be on site in Washington, DC or customer location in the DC Metropolitan area 5 days per week Ability to travel domestically and internationally up to 25% of the time Background in systems administration, software development, systems engineering, and/or deep familiarity with Linux operating systems Experience with risk management framework (RMF) software systems (eMASS, Xacta, etc) Experience with information system scanning utilities (Nessus, OpenSCAP, etc) Experience with cloud and on premises environments Experience assessing and authorizing IT systems against U.S. Government standards such as FISMA, FedRAMP, and NIST SP 800-53 Benefits Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, and generous time off and Federal Holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development! Salary range $110,000 to $115,000

Be Challenged and Make a Difference In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture. Description of Task to be Performed:AnaVation is seeking a mid-level ISSO for our mission critical customer in Washington, DC. You will work as part of a highly talented team providing security compliance expertise on high priority projects. Daily duties include, but are not limited to:· Developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages resulting in an authority to operate (ATO) for IT systems.· Creating and maintaining SSPs and supporting documentation in accordance with agency guidelines and directives. This includes writing implementation statements, creating supporting documentation (e.g., contingency Plans, Incident Response Plans, Account Management Plans, etc.), and performing self-assessments, while working with system stakeholders.· Develop, coordinate, test, and train personnel on Incident Response Plans and Contingency Plans.· Ensuring that information systems are accredited, maintain their ATO, and are being continuously monitored.· Performing risk assessments for government systems, to include cloud-based systems.· Performing security control assessments to include collecting supporting artifacts/evidence and interviewing system owner/owner representatives.· Having an in-depth knowledge of the Risk Management Framework (RMF).· Maintaining and tracking system POA&Ms.· Conducting vulnerability management and analysis.· Reviewing and analyzing government policy.· Improving on processes and procedures and making recommendations to improve the security posture of the agency's IT systems and applications. This position requires a Top-Secret clearance with SCI eligibility and the ability to obtain a CI Poly. This position is on-site in Washington DC with no remote option.Required Qualifications: Bachelor's in Computer Science, or other related analytical, scientific, or technical discipline 4+ years' experience with NIST, FISMA, and Security Assessment & Authorization. Knowledgeable on various security-related NIST publications (e.g., SP 800-53r5, SP 800-53A, SP 800-18r1, etc.) In-depth knowledge of information security principles, methodologies, and best practices. Experience in conducting risk assessments and implementing security controls. Proficiency in using security tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability management tools. Knowledge of incident response procedures. Obtain a CI Poly. Can be on-site 5 days a week. Preferred Qualifications: Desirable Qualifications (Education/Certificates, Experience, Physical, etc.): Certifications: CISSP FedRAMP and Cloud experience (e.g., Azure, AWS, Oracle (OCI)) Hands-on experience using a Governance, Risk, and Compliance tool, such as CSAM or eMASS. Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyst against NIST SP 800-53 Revision 5 security controls. Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems. Understand the applicable artifacts used as evidence to assess compliance. Experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., BigFix, SCCM, ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware. Ability to evaluate data flows, network diagrams, and logical security boundaries. Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources. Benefits · Generous cost sharing for medical insurance for the employee and dependents · 100% company paid dental insurance for employees and dependents · 100% company paid long-term and short term disability insurance · 100% company paid vision insurance for employees and dependents · 401k plan with generous match and 100% immediate vesting · Competitive Pay · Generous paid leave and holiday package · Tuition and training reimbursement · Life and AD&D Insurance About AnaVation AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team. If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you! AnaVation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support. BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce. We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first. JOB SUMMARY: Business Operational Concepts (BOC) is currently seeking an Information Systems Security Officer (ISSO) to work with our government client. The selected candidate will serve as a technical and governance subject matter expert responsible for integrating cybersecurity risk management with system and infrastructure engineering. This position bridges the traditional gap between GRC and technical implementation by ensuring security is designed, implemented, and continuously monitored throughout the system development life cycle (SDLC). DUTIES AND RESPONSIBILITIES: The incumbent collaborates with system owners, developers, cloud and DevSecOps engineers, and security control assessors to ensure the confidentiality, integrity, and availability of agency information systems in alignment with federal requirements (e.g., FISMA, NIST RMF, FedRAMP, and OMB guidance). Requirements QUALIFICATIONS: Required (Minimum) Qualifications - Education, Certification, Experience, and Skills Risk Management and Governance (40%) Serve as the primary technical lead for system-level RMF activities, including security categorization, control selection, implementation, and assessment. Develop and maintain system security documentation (SSPs, SARs, POA&Ms) and ensure continuous authorization (O-ATO) compliance. Conduct risk assessments to identify vulnerabilities, evaluate likelihood and impact, and recommend mitigation strategies. Support annual FISMA audits, OIG reviews, and internal compliance assessments with defensible technical evidence. Develop standardized risk metrics and dashboards that link system vulnerabilities to enterprise risk posture. Security Engineering and Architecture Integration (35%) Embed security engineering practices into system design and cloud architectures, ensuring 'security-by-design' and 'Zero Trust' principles. Partner with system engineers and developers to integrate security controls in CI/CD pipelines, automation scripts, and infrastructure-as-code deployments. Validate security control implementations through technical testing, configuration review, and vulnerability analysis. Conduct secure architecture reviews and provide technical consultation on encryption, access control, and network segmentation. Collaborate with SOC and vulnerability management teams to ensure findings inform risk posture and remediation planning. Continuous Monitoring and Technical Validation (15%) Develop and maintain continuous monitoring strategies and implement automated data feeds from scanners, SIEM, and cloud tools into GRC systems. Validate and verify that implemented controls are operating as intended and produce desired security outcomes. Track and report control effectiveness and residual risks to leadership. Policy, Audit, and Training Support (10%) Support updates to cybersecurity policy, SOPs, and agency guidance to reflect emerging threats and technologies. Provide training and mentoring to system owners and developers on secure design and RMF requirements. Support external audits by providing technical explanations and evidence of control effectiveness. Knowledge, Skills, and Abilities (KSAs) Security Engineering: Knowledge of systems design, cloud infrastructure, encryption, access control, and secure configuration management. Risk Management: Knowledge of the principles and tools used for risk assessment and mitigation. Compliance & Governance: Expertise in NIST SP 800-37, SP 800-53, SP 800-53A, FIPS 199/200, FedRAMP, and OMB A-130. Vulnerability Management: Ability to analyze vulnerability data, interpret scanning results, and evaluate technical mitigations. Automation & Tools: Familiarity with GRC platforms (e.g., Archer, ServiceNow IRM, Xacta) and technical tools (e.g., Nessus, Splunk, AWS Config, Prisma). Communication: Skill in articulating technical risks and recommendations to both executive and technical audiences. Collaboration: Ability to partner effectively across multidisciplinary teams including developers, engineers, and policy staff. U.S. Citizenship required. Active Public Trust or higher clearance (or ability to obtain). Bachelor's degree in Computer Science, Information Systems, Engineering, or equivalent experience. 3-5 years of experience in security engineering, GRC, or cybersecurity risk management. Preferred Qualifications - Education, Certification, Experience, Skills, Knowledge, and Abilities Desired Certifications: CISSP, CISM, CAP, CGRC, CEH, Security+, or Cloud Security certifications CLEARANCE REQUIREMENTS: Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.)

Who We're Looking For (Position Overview):This role is critical in ensuring the security posture of mission-critical applications and infrastructure across multiple network enclaves (Unclassified, Secret, Top Secret). The ISSO will be responsible for developing, maintaining, and enforcing security policies, implementing cybersecurity controls, managing Authority to Operate (ATO) documentation, and conducting continuous monitoring and risk assessments in compliance with FISMA, NIST, DOJ, and other federal mandates.What Your Day-To-Day Looks Like (Position Responsibilities): Serve as the principal cybersecurity advisor to system owners and stakeholders. Design, analyze, and test of information security systems, products, cloud architectures and cloud solutions. Provide recommendations and/or alternatives to mitigate impact of system security boundary changes as part of any potential re-architecting and/or re-design activities. Develop, implement, and evaluate security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability. Perform risk analysis, vulnerability assessments, and security audits to identify and address potential weaknesses in cloud environments. Follow all appropriate security authorization process for requesting and maintaining an Authority to Operate (ATO). Responsible for ensuring operational security is maintained for assigned information systems. Ensure systems are operated, maintained, disposed of in accordance with security policies and practices. Perform Security Incident Reporting and Response. Coordinate with the Office of the Chief Information Officer (OCIO), Security Division, and others to provide documentation to the system Certification and Accreditation process. Ensure audits and reviews are responded to with accurate information. Perform system access control responsibilities. Participate in the change management process for assigned applications. Work with Product Owner, Product Manager, OCIO, Security Division, and other stakeholders to ensure security concerns are addressed during all phases of system lifecycle. Perform continuous system security monitoring. Implement and manage cloud-native and third-party security tools for monitoring, threat detection and vulnerability management. Act as a SME on Cloud Security while applying methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. Provides reports to superiors regarding effectiveness of data security and makes recommendations for the adoption of new procedures. Draft and keep updated information security documentation to include System Security Plan, Information System Contingency Plan, Plan of Actions and Milestones (POA&M), Privacy Threat Assessment, Privacy Impact Assessment, and Configuration Management Plan. Responsible for ensuring the implementation and maintenance of annual security controls assessments. Assist with FISMA System audits as necessary. Leverage necessary vulnerability assessment and scanning tools including Nessus and ACSA to identify vulnerabilities, Splunk tools to monitor, detect and rectify misconfigurations. Working directly with development, platform, and infrastructure teams on security problems. What You Need to Succeed (Minimum Requirements): Top Secret (TS) Clearance with SCI eligibility. 3 - 5 years of experience required. Extensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMA. Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure. Analyze logs using Splunk and AWS tools. Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk. Work with GRC tools such as Xacta/JCAM Hold at least one of the following security certifications. Example: Security +, CGRC, CASP, CISSP Experience using Atlassian suite tools such as JIRA/CONFLUENCE Experience with Agile Methodologies/SAFe Expertise on Information Security Principles, processes and guidelines Able to obtain and maintain an Authority to Operate (ATO) for Information Systems. Experience with scanning tools such as Tenable Nessus Ability to work on multiple projects with various timelines, at times very short deadlines. Ideally, You Also Have (Preferred Qualifications): Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security - Specialty, or other relevant certifications. Experience in a high-side or multi-enclave (U/S/TS) environment. Experience working with Agile development teams and CI/CD pipelines. Familiarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible). Familiarity with NIST 800-53 Rev. 5 #CJ

NXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes. To support our customers needs; we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management and Business Process Services and Solutions. Job Description Information System Security Officer / ISSO duties include: Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications Evaluation of the assigned information systems' security control compliance with the federal requirements and the client's monitoring strategy Management of emerging and defined risks associated with the administration and use of assigned information systems Coordination with the client's Cybersecurity Unit to achieve and maintain the information systems' compliance and authorization to operate (ATO) Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package Performing annual assessments to ensure compliance with the client's policies and standards Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented Ensuring information system security requirement are addressed during all phases of information systems lifecycle Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policies Generate and interpret documentation needed to address the items detailed within the GRC tool Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client's monitoring strategy Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client's information system monitoring strategy Support the integration/testing, operations, and maintenance of systems security Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities Provides system operation support, administers hardware and software inventory Qualifications Required Skills • B.A. or B.S. in Computer Science or a related field • System authorizations and configuration management • Experience creating or modifying information security documentation • Experience testing and documenting information security controls (NIST SP 800-53) Additional Information Active Public Trust clearance, adjudicated within past 5 years. Must have worked on US Federal Government Projects.

Guide security policy and participate in broader Information Security governance efforts. Develop and maintain the Information Security Management System (ISMS) in collaboration with regional information security SMEs and technical consultants. Oversee and manage the ISMS and recommend appropriate mitigating controls. Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant interest holders. Provide valuable expertise and leadership directly to the governing Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics. Facilitate a committee of Information Security SMEs across the Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional perspective to achieve optimal solutions. Collaborate with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as support other future phase projects. Conduct regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats. Support external IT security audits and assessments that focus on operation. Develop, update, implement, and conduct information security training programs to support the ISMS objectives. Manage approvals for Identity and Access Management (IAM) and Access Control Administration. Act as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; play an interest holder and oversight role if the plan is invoked by other partners or vendors. Participate in information security incident investigation and response efforts; perform root-cause analysis when incidents occur and prepare incident reports. Evaluate change requests to determine potential impacts to Information Security, including IT systems, processes, policies, and provide appropriate input to the Change Management process. Coach future Regional Operations Team (ROOT) information security personnel as the ISMS becomes complete and mature. Keep up to date on latest information security trends, "best practices", threats, and countermeasures. Required Skills and Qualifications: Enterprise-level information security plans, policies, standards, guidelines, methods, and practices based on current industry standards, best practices, tools, and techniques. Information Security Management Systems, and applicable industry standards (ISO 27001/2). Pertinent federal, state, and local laws, codes, and regulations; particularly those that affect information security for payment systems. Environments subject to the Payment Card Industry Data Security Standard (PCI DSS), including compliance-related duties. Knowledge and understanding of developing and administering information-security standards, practices, audits, risk management, and policy compliance. Information Security Audit principles and practices. Knowledge of one or more governance frameworks such as COBIT 5, ISO, NIST, or COSO. Strong understanding of IT Service Delivery (ITIL) core processes and methodologies. Principles, methods, and techniques used in the facilitation of managing projects and leading teams. Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography. In-depth knowledge of security software threats and vulnerability mitigation techniques. Working knowledge of cloud platforms such as Azure/ AWS and relevant security controls. Establishing and maintaining collaborative working relationships with other department staff, management, vendors, and other interest holders. Documenting and explaining risks, recommendations, and incident data to technical interest holders. Interpreting and administering information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies. Leading or supporting an Information Security Management System. Generating metrics and preparing reports to facilitate decision-making on security-related activities. Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports. Responding to inquiries with effective oral and written communication. Researching, analyzing, and evaluating new security processes, products, and techniques. Excellent time management skills including the ability to prepare, prioritize, and complete work plans. Working effectively under pressure, meeting deadlines, and adjusting to changing priorities. Writing of technical documentation and standards, including skill in English usage, spelling, grammar, and punctuation Required Certifications or Licenses: At least one of the following (in valid status): Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). Certified Information Security Auditor (CISA). Other industry relevant certifications in the fields of information security, project management, auditing and/ or risk management, such as the Certification in Risk and Information Systems Control (CRISC) Preferred Skills and Qualifications: Knowledge of Governance, Risk, and Compliance (GRC) tools. Principles of leadership, supervision, training, and performance evaluation. Extensive knowledge of risk-based methodologies, and one or more of the following frameworks: ISO 27001/2:2017, 27005:2011, and 31000; PCI-DSS; or NIST 800-53. Duration:11/07/2025 to 2/28/2026 Location: Downtown Seattle (Hybrid) M-F: 8 AM to 5 PM Hybrid: 3 days work onsite Pay: $75 per hour

Bellevue Telecommunications Services Exp 10-15 years Deg Bachelors Relo Bonus Job Description The Information Security Manager, working with in Corporate Information Security Team will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking and web based technologies. They will be responsible for understanding the Business Unit's processes and priorities and working with them to manage business impact and threats, through a risk based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations Qualifications Ideal Candidate will have: Candidate must have strong technical, influential and organizational skills. Prefer six years' experience in information security related discipline, in addition to several years' relevant systems and/or network administration experience. Expert relationship building and partnering skills, including persuasion, negotiation and consensus building. Experience translating emerging IT and business trends into meaningful risk reduction opportunities. Demonstrated ability to work effectively in a complex matrixed environment. Outstanding verbal and written communication skills. Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement. Ability to translate security requirements into business risks and impacts. Experience with high level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services and SOA. Strong understanding of encryption, obfuscation and/or tokenization technologies or compensating controls. Appropriate industry certifications, such as CISSP, CISA or CCIE. Preferred skill: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline. Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred. Skills and Qualifications: A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance. Experience in telecommunications, internet service provider, or application service providers a plus. The ability to apply Information Security principles to business solutions. Extensive experience planning and deploying both business and technology security initiatives. Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners. This includes written and verbal communications as well as visualizations. The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business. Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus. Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI. Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks. Understanding of Local (Wired & Wireless), Wide area, and mobile networks. A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS. Strong background and experience in IP Networking and Routing Protocols. Fluency in the use of all MS Office applications, including SharePoint services. Qualifications · Preferred: Any of the following CISSP, CISA, CISM, C-RISC, CCNA, CCIE, Six Sigma Yellow/Green/Black Belt Education Minimum Required High School Diploma/GED Education/Vocational Training/Experience Preferred Bachelor's degree in Computer Science, Information Technology or related field from an accredited 4-year college or university 10 years of system, network, and application design and architecture experience. Preferably in the wireless communications space CISSP and or CISM Certification (required; experience may be substituted for Cert requirements (4 years minimum) CISA Certification (preferred but not required; experience may be substituted for Cert requirements (4 years minimum) Responsibilities What you will do: Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to its customers, and implementing measures to combat the threat. Understand the operations of the business and comprehend how these create value and risk for the organization. Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes. Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity. Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to the business. Make risk-based decisions on a daily basis that has the potential to impact our ability to operate and communicate. Ensure the information and network security controls for us are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups. Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Interact with internal audit, third party auditors, and appropriate regulatory bodies. Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication and maintenance. Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems and architectures. Additional Information All your information will be kept confidential according to EEO guidelines. Direct Staffing Inc

At PLEXSYS, our teams design, build and deliver Live, Virtual, and Constructive (LVC) innovation and training solutions to customers around the world. With over 200 employees in seventeen states and four foreign countries, we contribute our success to enabling better training…everyday…across the globe. As an employee of PLEXSYS, you'll find a culture that empowers you to achieve your professional objectives, give your personal best, and work with other highly passionate individuals. Our core values of integrity, excellence, teamwork and agility drive our daily decisions, identify our focus areas, and inspire our organizational culture. GENERAL DESCRIPTION The Information System Security Officer (ISSO) is responsible for ensuring the appropriate operational security posture for information systems and as such, works in close collaboration with the ISSM, CPSO, and FSO. The ISSO must have detailed knowledge and expertise required to manage the security aspects of an information system and is assigned the day-to-day responsibility for assigned systems. Responsibilities include implementation of the requirements of Risk Management Framework, including the Joint Special Access Program (SAP) Implementation Guide (JSIG), NIST 800-53, or other security requirements as assigned. This position will report to the Corporate Information Assurance Manager and work in close collaboration with the AFSO and FSO. The ISSO is responsible for developing and updating the security authorization package, managing and controlling changes to the system, and assessing the security impact of those changes. Ensure systems are operated, maintained, and disposed of following security policies and procedures as outlined in the security authorization package. Report all security-related incidents to the ISSM. Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure audit records are collected, reviewed, and documented. Duties also include physical and environmental protection, personnel security, and incident handling. DUTIES & RESPONSIBILITIES Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirement Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirements Conduct vulnerability scans and analysis Conduct maintenance on the networks, systems, and hardware Perform software upgrades on networks, systems, and hardware Perform security assignments in accordance with the Automated Information System requirements and local regulations Understand and follow NISPOM/ODAA/RMF/JAFAN/ICD/NIST/JSIG classified system accreditation and certification requirements Other duties as assigned REQUIREMENTS Bachelor's degree in related field or 4 years' experience in related field DoD 8570 compliant, IAT Level II Experience with Windows based administration of Information Systems Ability to work within compliance standards; previous experience with RMF, HIPAA , PCI DSS, or equivalent compliance standard preferred Strong experience in networking, active directory, centralized logging solutions, vulnerability scanning and anti-virus solutions Experience with security audits for information systems Strong communication and problem-solving skills Ability to work in both a team environment as well as independently Must be organized and detail oriented Ability to obtain and maintain Top Secret clearance with the ability to obtain approval for SAP/SCI access DESIRABLE Have previous experience with DoD Security Regulations and Policies PERKS As a PLEXSYS employee, you can expect certain advantages; such as advancement based on performance, competitive wages, valuable benefits and a great working environment. Our team is committed to ensuring an environment that empowers individuals to realize their full potential by providing opportunities and necessary support to achieve personal and professional goals. Medical/Vision/Prescription/Dental Benefits Life, AD&D and Long Term Disability Coverage Paid Holidays, Military Leave, and Paid Time Off 401k Plan with eligibility from first day of employment Education reimbursement for job-related courses for full-time employees PriceClub/COSTCO/Sam's Club annual membership

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Minimize attack surfaces by removing as many unnecessary components as possible from kernelspace and userspace Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Create OS-level attestation and integrity monitoring systems Apply security patches, develop patches for custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Serve as a subject matter expert for OS security questions and designs Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with secure boot technologies Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

Required Qualifications A Bachelor's degree and three (3) years professional experience OR a combination of education and experience totaling seven (7) years from which comparable knowledge and abilities are acquired. Preferred Qualifications Experience developing operational information security procedures and technical training materials. Demonstrated experience with working within formal project management frameworks. Experience with the Splunk application, to include developing searches, reports, and other automated routines. Experience with security reviews of firewall, file system, and other forms of access control lists. Experience with digital forensics software and processes. Demonstrated ability to appropriately prioritize multiple tasks, projects, or assignments. Expert knowledge of Windows, Linux, and Apple operating systems.