Information security analyst jobs in Ellicott City, MD

We are seeking multiple mid-level (5 years minimum) Cyber Defense Incident Responders that are available to work the midnight shift (11pm-7:30am) in a Security Operations Center. Clearance Requirements: Top Secret w/SCI Location: Washington, D.C. Job Description: Coordinate incident response functions. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Perform cyber defense trend analysis and reporting. Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Track and document cyber defense incidents from initial detection through final resolution. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Coordinate with intelligence analysts to correlate threat assessment data. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Basic Qualifications- To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below: Bachelor's degree or higher 5+ years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling Must have,one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP). Strong written and verbal communication skills. Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of system administration, network, and operating system hardening techniques. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. Demonstrated ability to interact effectively with senior management and leadership. Ability to design incident response for cloud service models. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Desired Skills Experience identifying, capturing, containing, and reporting malware. Skill in preserving evidence integrity according to standard operating procedures or national standards. Strong securing network communications experience. Recognizing and categorizing types of vulnerabilities and associated attacks. Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). Experience performing damage assessments. Skill in using security event correlation tools and design incident response for cloud service models.

Senior Security Engineer (Information Security Analyst IV) Clearance: Public Trust (U.S. Citizen or Green Card Holder; 3+ years U.S. residency required) Business Unit: Digital Modernization Role Summary The Senior Security Engineer supports the Department of Transportation's (DOT) Cybersecurity mission by enhancing and maintaining the security posture of DOT information systems and infrastructure. These systems play a critical role in safeguarding U.S. critical infrastructure, including highways, bridges, and roadways. This position provides advanced security engineering, participates in strategic security design, and delivers technical expertise for integrated security systems and endpoint protection. The role requires independent decision-making, leadership, and the ability to guide less experienced staff. It also involves complex problem-solving, interaction with senior federal leadership, and contributions that directly impact mission and schedule outcomes. Key Responsibilities Implement endpoint protection profile changes to address external threats and enforce security requirements. Coordinate with application, infrastructure, and engineering teams to troubleshoot endpoint protection software issues. Integrate endpoint security data with security log aggregation tools, including SIEM platforms. Participate in cybersecurity incident handling activities as requested. Stay current on emerging threats, vulnerabilities, and industry best practices related to endpoint security. Work assigned cybersecurity and security operations ITSM (ServiceNow) tickets through completion. Participate in Cybersecurity and Security Operations (SecOps) meetings. Collaborate on cybersecurity solutions that enhance the DOT's security posture. Configure, validate, and test secure systems and physical controls to detect security weaknesses. Contribute to strategic security design efforts, translating business and security requirements into technical solutions. Recommend policy changes and guide others in achieving departmental cybersecurity objectives. Required Technical Skills Endpoint protection management solutions (hands-on experience). Proven understanding of Federal cybersecurity requirements, including FISMA and the NIST 800 series. Ability to articulate endpoint security concepts to non-technical stakeholders. Demonstrated experience collaborating across cross-functional cybersecurity teams. Ability to evaluate complex security problems and apply judgment within established practices and policies. Experience with integration of endpoint security data into SIEM or log aggregation tools. Experience working security operations tickets within ServiceNow. Knowledge of security systems, secure configuration, validation, and testing methodologies. Preferred / Nice-to-Have Skills Foundational understanding of: Application and technology stacks Cloud-based systems Operating systems Databases Networking Firewalls Data Loss Prevention (DLP) Endpoint security software Network IDS/IPS Host-based IDS/IPS General cybersecurity best practices and industry standards Qualifications & Experience 9+ years of experience in Cybersecurity or related IT fields. Bachelor's degree + 9 years OR Master's degree + 7 years of experience Technical Certifications (one or more required): Network+ Security+ SSCP GISF ISACA Cybersecurity Fundamentals Or similar technical cybersecurity certification Ability to obtain and maintain a Public Trust clearance. Benefits (employee contribution): Health insurance Health savings account Dental insurance Vision insurance Flexible spending accounts Life insurance Retirement plan All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Develops acceptance criteria for cybersecurity architecture. Investigates computer and information security incidents to determine extent of compromise to national security information and automated information systems. Assists with defining security objectives and system-level performance requirements. Researches and stays abreast of tools, techniques, countermeasures, and trends in computer network vulnerabilities. Configures and validates secure systems, tests security products/systems to detect computer and information security weaknesses. Maintains the computer and information security incident, damage and threat assessment programs. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Involved in the periodic conduct of a review of each system's audits and monitors corrective actions until all actions are closed. Supports the development of integrated system solutions ensuring proprietary/confidential data and systems are protected. Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Minimum Qualifications Bachelor's Degree in Computer Science or a related field or equivalent experience. 2-4 years of experience in systems security. Other Job Specific Skills Must be able to communicate effectively and clearly present technical approaches and findings. Exercises a limited degree of latitude in determining technical objectives of assignments. Excellent attention to detail. Must be able to balance multiple tasks simultaneously. #cjpost

Role: Cybersecurity Engineer III Contract Job Responsibilities / Typical Day in the Role Implement design reviews to evaluate security controls Identify and communicate opportunities to enhance the security posture of Client Build and / or manage enterprise security platforms effectively Communicate effectively across all levels of management to articulate Client security goals and vision. Identify and communicate opportunities to enhance the security posture of Client Build and / or manage enterprise security platforms effectively (SAAS, on premise or in Cloud) Communicate effectively across all levels of management to articulate Client security goals and vision. Have a team player mentality; strive to contribute to team cohesion however can work independently if the need arises Plan, design, engineer and implement security-related technologies Understanding technical security issues, their implications within Client business units and able to effectively communicate them to management and other business leaders. Configure, troubleshoot, and maintain security infrastructure - including software and hardware in cloud environments, as well as on-premises. Conduct security audits and assessments to regularly determine the effectiveness of security platforms and identify areas of improvement. Host and operating systems hardening, auditing, monitoring and logging with appropriate security controls and best practices while meeting security best practices and business goals Research and explore emerging security technologies and determine their appropriate use within the company. Prepare, document, and create standard operating procedures and protocols. Crosstrain and mentor other team members as needed Must Have Skills / Requirements Implementing advanced cyber security technology in a complex environment 5+ years of experience; Hands-on experience in security engineering, hands-on experience in building, designing, and maintaining enterprise security tools. Scripting experience (using Python, Go, or other equivalent languages) 5+ years of experience. Hands-on Experience with automation technologies 3+ Years of experience; Terraform, Ansible, CloudFormation, etc. Linux Experience. 5+ years of experience; Ability to construct and maintain complex network infrastructures. Technology requirements: Engineer and administer security platforms including SIEM/SOAR systems, endpoint detection and response, vulnerability management, anomaly detection, and cloud analysis. Experience in managing the Brinqa vulnerability management platform and experience with Groovy programming language Must have 5+ years of scripting experience (using Python or other equivalent languages) Hands-on Experience in public cloud infrastructures like AWS (Amazon Web Services) Nice to Have Skills / Preferred Requirements Security and Cloud certifications are a plus. (CISSP, Splunk Admin, AWS Solution architect). Media/entertainment or distributed global network experience. Soft Skills Hands-on technical experience with networking and computing system architectures, specifically, the security aspects thereof. Thorough understanding of information security principles, techniques, principles, policy frameworks, and best practices Hands-on technical experience with compliance and regulatory frameworks and how they affect architecture designs and review

We are seeking a Cybersecurity Engineer with strong, hands-on experience implementing Data Loss Prevention (DLP) solutions, specifically using Azure Purview and Microsoft Intune. This role requires a technical practitioner who has directly deployed, configured, and operationalized security controls-not just monitored events. The engineer will design and implement secure architectures across cloud and hybrid environments, conduct threat modeling, integrate security into new platforms, and ensure alignment with industry best practices and regulatory frameworks such as NIST 800-53, FISMA, and FedRAMP. The ideal candidate must have 10+ years of experience that brings advanced knowledge of cloud security, IAM, encryption, authentication protocols, and modern DevSecOps practices. Additional responsibilities include developing reusable security patterns, performing architecture reviews, enhancing automation, and partnering with IT teams to mature the organization's security posture. Strong communication skills, deep technical proficiency, and experience with Azure/AWS infrastructures are essential for success in this role. This is an onsite direct hire opportunity in Arlington, VA, no contract, no sponsorship. Relocation assistance provided within the US. LI #HP-1

Chief Information Security Officer (CISO) The Chief Information Security Officer is a senior executive responsible for defining and overseeing the enterprise-wide vision, strategy, and execution of information security programs that safeguard all organizational data and technology. Reporting directly to the CEO and/or Board of Directors, the CISO plays a pivotal role in managing security risk across both the Academic/Research and Clinical/Patient Care operations of the integrated university and hospital system. Position Details Salary: $250-2750k Type: Full-time, direct hire Location: Washington DC, onsite 3 days a week Strategic Direction & Executive Leadership Build and execute a long-term cybersecurity vision that supports the institution's academic initiatives, research priorities, and clinical mission. Lead and develop the security department, offering coaching, structure, and direction to cybersecurity personnel and partner teams. Establish the organization's security policies, governance models, and standards to ensure consistent risk management practices. Oversee financial planning for cybersecurity, including technology investments, service contracts, and budget management. Risk Oversight & Regulatory Alignment Supervise all risk assessments, compliance reviews, and internal/external audits, ensuring timely closure of any identified risks. Maintain adherence to all regulatory requirements applicable to both sectors: Hospital/Clinical: HIPAA/HITECH, CMS guidelines, and relevant state-level data protection rules. University/Research: FERPA, NIST SP 800-171 for research compliance, and PCI DSS for payment and donation processing. Direct the institution's incident management program-coordinating preparation, testing, and response efforts during cybersecurity events affecting either environment. Operational Security Management Lead the selection, deployment, and ongoing support of cybersecurity technologies (e.g., SIEM tools, firewalls, intrusion detection systems, endpoint protection). Oversee vulnerability assessments, penetration testing initiatives, and continuous monitoring activities. Work closely with IT, engineering, research teams, and clinical technology leaders to incorporate secure design principles into all systems and projects. Communication, Influence & Education Act as the organization's primary authority on cybersecurity matters for executives, trustees, faculty, students, clinicians, and administrative teams. Create and oversee training and awareness programs tailored to the specific needs of academic users, researchers handling sensitive data, and clinical professionals. Provide routine briefings to senior leadership and the Board on emerging risks, ongoing initiatives, and the overall security posture. Required Qualifications Education: Bachelor's degree in Computer Science, Information Systems, or a related technical field (Master's preferred). Professional Background: At least 10 years of progressive cybersecurity experience. Minimum 5 years serving in a senior leadership capacity (e.g., CISO, Security Executive, VP of Cybersecurity). Dual-sector experience: Strong understanding of both healthcare and higher-education cybersecurity and regulatory environments. Certifications: One or more required-CISSP, CISM, or equivalent. Key Skills & Core Competencies Advanced knowledge of enterprise security design, network and cloud protection strategies, and modern risk evaluation techniques. Strong familiarity with frameworks such as NIST Cybersecurity Framework, ISO 27001, and the MITRE ATT&CK model. Outstanding leadership presence with the ability to collaborate, influence, and guide diverse groups across a complex institution. Demonstrated success in leading security incident response efforts and handling high-pressure situations. Proven ability to implement practical, scalable security practices in environments balancing open research culture with rigorous patient data protection requirements.

Veteran Owned Firm Seeking a Junior Information Systems Security Officer (ISSO) for an Onsite role in Washington, DC My name is Stephen Hrutka, and I am the owner of a Veteran Owned management consulting firm in Washington, DC focused on Technical/Cleared Recruiting for the DoD and IC. HRUCKUS helps other Veteran-Owned businesses recruit for positions across the VA, SBA, HHS, DARPA, and other cutting-edge R&D related defense agencies. We seek to fill a Junior Information Systems Security Officer (ISSO) position in Washington, DC. The ideal candidate is a DMV resident who holds active TS/SCI clearance with CI-Poly eligibility, a minimum of 3 years of ISSO experience, at least 5 years in a computer science or cybersecurity-related role, hands-on familiarity with tools such as Nessus or NMAP, and a core certification such as CISSP, GISP, or CASP. If you're interested, I'd be glad to provide more details about the role and further discuss your qualifications. Thanks, Stephen M Hrutka Principal Consultant HRUCKUS LLC Executive Summary: HRUCKUS is looking for an experienced Jr. ISSO for an onsite role in Washington, DC. The program provides support in the areas of Cybersecurity and Management to improve the Information Assurance (IA) posture of a federal customer. The contract's support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Key Responsibilities: Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis Conduct required IS vulnerability scans according to risk assessment parameters. Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an agency's IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed, and entity type Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary Ensure that new entities are created in the GRC application with the security categorization of agency ISs Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS Perform an independent review of the System Security Plan (SSP) and make approval decisions Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official Schedule security control assessments in coordination with the system owner. Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number Advise the agency Authorizing Official of IS vulnerabilities and residual risks. Ensure that all POA&M actions are completed and tested Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official Ensure the removal and retirement of agency ISs being decommissioned, in coordination with the SO, ISSO, and ISSR. Required Qualifications: Current U.S. Government Top Secret Clearance w/ SCI and a CI-Polygraph eligibility At least 3 years serving as an Information Systems Security Officer (ISSO) at a cleared facility Minimum of 5 years of work experience in a computer science or cybersecurity-related field Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WeblInspect, Network Mapper (NMAP), and/or similar applications. Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP) Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level I proficiency Preferred Education: A bachelor's and/or advanced degree in computer science, business management, or IT-related discipline. Details: Job Title: Jr. Information Systems Security Officer (ISSO) Location: Washington, DC 20535 Clearance Requirement: Active Top-Secret Clearance w/ SCI and a CI-Polygraph eligibility Assignment Type: Full-time, Onsite Salary Range: $70,000 - $95,000 per year with benefits: Competitive salary for well-qualified applicants Relocation assistance available for highly qualified candidates 401(k) plan Annual performance bonus Certification and advanced degree attainment bonuses Student Loan / Tuition reimbursement Health Care Insurance (medical, dental, vision) Up to four weeks of paid vacation 11 Federal Holidays, and 3 Floating Holidays Team bonding events

Employment Type: Full-Time Strategies SteerBridge Strategies is a CVE-Verified, Service-Disabled Veteran-Owned Small Business (SDVOSB) delivering a broad spectrum of professional services to the U.S. Government and private sector. Backed by decades of hands-on experience in federal acquisition and procurement, we deliver agile, best-in-class commercial solutions that drive mission success. Our strength lies in our people-especially the veterans whose leadership, discipline, and dedication shape everything we do. At SteerBridge, we don't just hire talent-we empower it. We cultivate meaningful career paths for those who have served and for those who share our commitment to excellence, innovation, and service. Position Overview SteerBridge Strategies is seeking a highly accomplished Security Architect to support our Modern Disability Claims (MDC) initiative-a transformative effort to modernize claims processing systems for the Department of Veterans Affairs (VA). This mission-critical project enhances the security, reliability, and operational efficiency of systems entrusted with sensitive Veteran information. As the Security Architect, you will serve as a strategic and technical authority, guiding cybersecurity architecture across cloud and hybrid environments, ensuring compliance with federal and VA mandates, and fortifying the systems that safeguard the data of those who have served our nation. This is a rare opportunity to apply your expertise at scale while shaping the future of secure digital services for millions of Veterans. Key Responsibilities Architect secure, scalable, and resilient solutions across cloud and hybrid infrastructures supporting VA claims systems. Partner with engineering, infrastructure, and compliance teams to embed secure design principles throughout the system lifecycle. Develop, maintain, and continuously refine System Security Plans (SSPs); lead all phases of the ATO process. Interpret and apply NIST 800-53, NIST 800-171, FedRAMP High, and VA-specific cybersecurity requirements across system and data environments. Lead full RMF lifecycle activities-from system categorization through continuous monitoring and ongoing authorization. Conduct comprehensive risk assessments, gap analyses, and vulnerability remediation planning. Oversee the creation of cyber policies, technical documentation, audit-ready control evidence, and security reporting. Coordinate and participate in security audits, penetration tests, incident response actions, and forensic investigations. Serve as a subject matter expert in data protection, encryption technologies, identity/access controls, and secure SDLC best practices. Collaborate with ISSOs, ISSEs, and federal security teams to ensure seamless security alignment and compliance. Required Qualifications U.S. Citizenship required Bachelor's or Master's degree in Cybersecurity, Information Systems, or a related field Active Secret clearance or ability to obtain one 10+ years of cybersecurity architecture experience in federal or large enterprise environments Deep expertise in NIST 800-171, NIST 800-53, FedRAMP, and federal cybersecurity frameworks Proven experience developing ATO packages and leading security authorization activities Strong background in system hardening, network security, encryption protocols, and secure SDLC Experience architecting secure solutions in AWS, Azure, and/or GCP environments Exceptional written and verbal communication skills with the ability to produce audit-ready documentation Experience coordinating with ISSOs, ISSEs, federal security teams, and cross-functional engineering groups Preferred Qualifications Certifications such as CISSP, CAP, CISM, or equivalent Cloud architecture experience or cloud-related certifications Familiarity with VA security requirements, VAEC, and Veteran-focused IT systems Hands-on experience designing solutions to FedRAMP High baselines Benefits Health Insurance Dental Insurance Vision Insurance Life Insurance 401(k) Retirement Plan with Company Matching Paid Time Off (PTO) Paid Federal Holidays A competitive salary commensurate with experience will be offered. Equal Opportunity Commitment SteerBridge Strategies is proud to be an Equal Opportunity Employer. We are committed to fostering a diverse and inclusive workplace where all qualified applicants and employees are treated with respect and dignity-regardless of race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation, or any other characteristic protected by law. We also provide reasonable accommodations for individuals with disabilities. If you require assistance during the application process, please reach out so we can support your needs.

We are seeking a hands-on Solutions Architect who will also serve as the Information System Security Engineer (ISSE) for key cybersecurity systems supporting the Department of Veterans Affairs (VA). This role is ideal for someone with deep technical engineering skills, cloud and DevSecOps experience . This individual will also lead teams to develop and implement technical solutions to remediate vulnerabilities and other complex cybersecurity challenges. Candidates will have a solutions-oriented mindset to help the VA problem solve complex cybersecurity and IT challenges. The candidates should also be well-versed with facilitating working sessions and have the ability to distill complex concepts into non-technical/common language. The role will focus on analyzing and recommending system security architectures, vulnerability mitigation, policy-driven compliance implementation, and full-lifecycle support for the Department of Veteran's Affairs systems. Key Responsibilities: Cybersecurity Engineering & Architecture (Primary): Analyze complex technical findings and determine necessary resources needed to solve problem-sets across multiple cybersecurity and technical domains Able to partner with technical teams to develop and implement technical solutions Design, build, and deploy secure cloud-native architectures and infrastructure components for VA information systems Develop and maintain CI/CD pipelines with integrated security scanning, policy enforcement, and remediation tools Implement secure infrastructure as code/policy as code using tools such as Terraform/CloudFormation, including writing and implementing PaC scripts Align security architectures with Federal Zero Trust strategy, VA directives, and OMB policies Enable automation of system telemetry and analytics pipelines for cyber situational awareness ISSE Responsibilities: Provide engineering and technical analysis on behalf of Agency Authorizing Officials (AOs) for System Security Plans (SSPs), Risk Assessments, Security Controls Traceability Matrices (SCTMs), and POA&Ms Support system authorization and compliance activities including continuous monitoring and system audits Conduct regular and ad-hoc analysis of security control findings and develop and implement remediation strategies Minimum Qualifications: 8+ years of security engineering, DevSecOps, or cloud architecture experience Expertise in securing platforms hosted in AWS GovCloud and Azure Government Strong experience with NIST RMF, FISMA, FedRAMP, and Zero Trust architecture implementation Hands-on skills in IaC tools like Terraform and CI/CD tools such as GitLab/Jenkins, with ability to adopt new technologies if procured by the agency Experience with network isolation tools such as Palo Alto Next Generation Firewalls (NGFW) and Juniper Mist Network Access Control (NAC) solutions or comparable Demonstrated experience securing modern applications, APIs, and automated infrastructure Excellent written and oral communication skills; ability to explain complex, technical information in easily understood terms; ability to brief Senior VA leadership regularly U.S. Citizenship and ability to obtain and maintain a Public Trust clearance Bachelor's degree in computer science, Engineering, or technical equivalent with 5 years of technical experience or a total of 13 years in lieu of education Preferred Qualifications: Prior VA experience supporting VA OIS or major cybersecurity initiatives Experience authoring and maintaining ATO documentation in VA or HHS environments Experience with IoT/IoMT security solutions is a plus Knowledge of federal cybersecurity standards

Job Title: Security Architect Terms: Full-time, Flexible for occasional telework - must be local to work location Requirements: Must be a U.S. Citizen with Active Security Clearance About the Role Currently seeking to hire an experienced Security Architect to join the Diplomatic Security Cyber Mission Program, delivering leading cyber and technology security expertise to enable innovative, effective, and secure business processes. Responsibilities Define, design, and enhance security architecture and security systems. Collaborate with Application, Data, and Infrastructure teams to architect, design, and implement security solutions. Define and document security standards; direct implementation of standards and guidelines. Perform security audits and reviews in compliance with Federal Government regulations and implement remediation. Create and manage the Security Risk plan. Review system configurations for compliance with Department-level security controls for new systems deployed into the enterprise. Identify gaps in security architecture, allocate appropriate security services, and select suitable security mechanisms for enterprise systems. Provide authoritative guidance on security architecture, including recommendations on controls, design patterns, and risk mitigation strategies. Support enterprise stakeholders by ensuring alignment of proposed solutions with established security frameworks and regulatory requirements. Qualifications: Basic Requirements Bachelor's degree in Science and 14 years of relevant security experience; 12 years with a Master's; 9 years with a PhD. An additional 4 years of experience may be substituted in lieu of a degree. Must possess or be able to obtain at least one of the following certifications before start date. Continued certification required as a condition of employment: CISSP, Security+, Net+, A+, MCP, MCSE, CCNA, MCSA; IAT II / III level cert U.S citizenship required. Active Secret clearance required to start, with the ability to obtain/maintain a Top Secret clearance. Preferred Qualifications: Experience conducting industry reviews. Experience writing white papers. About us Cyber Management International Corporation is actively recruiting highly IT Security professionals looking for challenging, exciting work in support of the U.S. Department of State (DOS). Specifically, our customer is the Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS). DS/CTS is a center of excellence that brings together cybersecurity, technology security, and investigative expertise as a unified security capability focused on solving critical and emerging issues enabling the State Department to fulfill its vital global mission. For more information about our company, please visit **************** or email us at ***********************

Job Title: Senior Azure Security Engineer Rate: $80/Hr. w2 Job Qualifications: Skills: Security Controls, Security Tools, System Security Certifications: Active DoD 8570 IAT Level II Certification (Security+, CISSP, CISM) Experience: 10+ years of related experience Clearance Level Must Currently Possess: Secret Clearance Level Must Be Able to Obtain: None Job Description: Information Security Analyst Duties and Responsibilities: Design, implement, and maintain secure cloud architectures within Azure Government Secret classified environments Enforce zero trust principles, role-based access control (RBAC), and identity federation (e.g.,Azure AD B2B/B2C with CAC/PIV) Configure and manage security controls such as Microsoft Defender for Cloud, Key Vault, Azure Policy, NSGs, and Private Endpoints Automate compliance and security operations using PowerShell, Terraform, or ARM templates Integrate SIEM/SOAR tools (e.g., Microsoft Sentinel for IL6) for continuous monitoring, logging, and incident response Conduct vulnerability assessments and implement remediations aligned to NIST 800-53, DoD STIGs, and JSIG Collaborate with mission owners, compliance teams, and developers to ensure secure DevSecOps pipelines Support Authority to Operate (ATO) processes by generating security documentation, control evidence, and supporting audits Navigate federal systems through the authorization process to achieve and maintain Authority to Operate (ATO) Work with the ISSO, Program and DOC ITD IA teams to maintain the necessary security authorizations Develop comprehensive System Security Plans (SSPs) documenting all implemented NIST 800-53 controls Coordinate security assessments with third-party assessors Manage Plans of Actions & Milestones (POA&Ms) for addressing identified vulnerabilities Ensure continuous monitoring plans meet agency requirements Prepare authorization packages for government review Maintain ongoing compliance through change management processes Serve as the liaison between technical teams and authorizing officials Translate security requirements into actionable tasks Ensure all documentation meets the rigorous standards required for federal information systems Information Security Analyst Requirements and Qualifications: Bachelor's degree in information systems security; master's degree or equivalent professional experience in information security is preferred Active Secret clearance 5+ years in cloud security, including 2+ in Azure Government or DoD environments Strong knowledge of Azure-native security tools, IL6 data handling, and cloud networking Proficient in scripting (PowerShell, Python, or Bash) and Infrastructure as Code (ARM, Bicep, Terraform) Experiences with DoD SRG, FedRAMP High, JSIG, and ICD 503 compliance frameworks Hands-on experience with classified enclaves, hardened images, and enclave-to-enclave connectivity Comprehensive knowledge of corporate Systems/Solutions Architecture processes and trends Strong leadership, organizational, and communication skills Secret Clearance to start Knowledge of Agile software development process Required Technical Skills: SCAP, STIG, Patching, eMASS, and related RMF tools Cybersecurity, Systems Administration, implementation of RMF tools and processes Experience with gaining an ATO for systems and working the systems through the assessment and authorization process Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic email and access-list Excellent communication skills Experience working in Agile software development teams Experience with secure development, coding and engineering practices Experience with Cybersecurity, Information Security, and Information Technology Security processes, protocols, and procedures. Experience 10 years of relevant experience * may vary based on technical training, certification(s), or degree Experience with Cloud Security Experience working with leading firewall, network scanning and authentication technologies Experience working with internet, web, application and network security techniques Experience in Agile methodology Experience in Jira to support development team in agile environment Experience working in Federal or State government environments Ability to work independently and remotely Certification: Active DoD 8570 IAT Level II Certification (Security+, CISSP, CISM) Travel Required: Little to no travel anticipated (may be required upon customer request)

Come Forge the Future of Machine Identity Security for Operational Technology & Industrial Control Systems Where: Tysons, VA (Hybrid) Supporting: Our CTO At Corsha we're not just selling software; we're fundamentally reshaping how the most critical industrial and operational technology (OT) systems are secured. We're a cyber startup in the DC area, driven by a mission to bring trust, resilience, and identity to the operational systems that power our world - from factories to power grids. We're building the future of machine identity security, and we need a dynamic technical evangelist to join our front lines. Tired of the Status Quo? Ready to Secure the Unseen? Here's your Opportunity: If you're an engineer who thrives on solving hard problems, isn't afraid to get your hands dirty with industrial control systems and sees the immense potential of cybersecurity in unconventional environments, then read on. We move fast, we build for impact, and we need a security visionary to help us secure the machines that matter most. Your Mission: Secure the Industrial Edge We're looking for an OT Security Engineer to be a foundational engineer for our Machine Identity Platform (mIDP), specifically tailored for the unique and challenging landscape of OT systems. Your mission: implement, integrate, and defend the security infrastructure that underpins our cutting-edge solutions, with a heavy emphasis on industrial control systems and OT networks. This isn't just about keeping the lights on. It's about building security architectures that are inherently secure, highly available, and resilient against the most sophisticated threats, often in environments where traditional IT paradigms simply don't apply. You'll be bridging the gap between cutting-edge cybersecurity technologies and the operational realities of factories, power plants, and critical infrastructure. What You'll Be Forging: Architect and Implement OT Security Solutions: Design, deploy, and manage secure architectures for our mIDP, specifically tailored for OT environments. This includes network segmentation, routing, switching, firewall configurations, and intrusion detection systems. ICS/OT System Integration: Be the subject matter expert for integrating our mIDP with industrial control systems. This involves understanding and working with common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). Machine Identity Integration: Collaborate closely with our product and engineering teams to integrate security configurations with our mIDP, ensuring seamless and secure authentication and authorization for OT devices and applications. OT Network Hardening: Implement and enforce robust security best practices, including vulnerability management and access control for OT networks. Troubleshooting and Optimization: Proactively monitor, troubleshoot, and resolve complex security issues across ICS and OT environments. Identify and implement optimizations to enhance system performance, reliability, and security. Automation and Tooling: Develop and implement automation scripts and tools (e.g., Python, Ansible) to streamline provisioning, configuration management, and operational tasks. Documentation and Knowledge Sharing: Create comprehensive documentation, runbooks, and contribute to internal knowledge sharing to ensure maintainability and scalability of our infrastructure. Stay Ahead of the Curve: Continuously research and evaluate new cybersecurity technologies, security trends, and best practices, particularly as they relate to OT and industrial control systems. Collaborate and Mentor: Work closely with cross-functional teams (software engineers, security analysts, product managers) and provide mentorship to junior team members. What You'll Bring: 5+ years of intense experience in OT security or a related role, with a proven track record in complex, high-performance, and high-stakes environments. Deep, demonstrable expertise in industrial control systems and OT environments. You've implemented security products and solutions in real-world ICS/OT environments. Strong proficiency in network security principles: Firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), network access control (NAC), and secure communication protocols. Extensive hands-on experience with OT network architectures and protocols. You're comfortable with physical hardware and understand the nuances of industrial networks. Rock solid understanding of cybersecurity principles: vulnerability management, threat modeling, and incident response. Empathy for OT/ICS environments: You totally get the unique security challenges of Operational Technology, and understand common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). This isn't just a "nice-to-have"; it's critical. Proficiency in scripting and automation: Python, Ansible, or similar languages for automating security provisioning and operations. A relentless problem-solver: You thrive on diagnosing and resolving intricate security issues under pressure, with an unwavering focus on root cause analysis. Exceptional communication and collaboration skills: You can articulate complex technical concepts clearly and work seamlessly with cross-functional teams. Bachelor's degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience. Self-starter with an insatiable curiosity: You're eager to learn, adapt, and drive solutions in a rapidly evolving, high-impact startup environment. Bonus Points For: Experience with specific machine identity solutions (PKI, certificates, secrets management). Hands-on experience with Kubernetes Knowledge of software-defined networking (SDN) solutions. Relevant industry certifications (e.g., CISSP, GICSP, CISM). Experience in a fast-paced startup environment. Why Forge your Path with Corsha? Real-World Impact: Your work won't just sit on a server; it will actively defend the critical operational systems that underpin our society. This is an opportunity to make a tangible, immediate difference. Bleeding Edge: Be at the forefront of securing the intersection of cybersecurity, machine identity, and OT. We're defining the future, not just following trends. Growth & Ownership: This is a startup - your contributions will directly shape our product, our culture, and our success. You'll work with incredible people that care and have impact. Culture of Innovation: Join a team of brilliant, passionate engineers dedicated to solving the hardest problems. We foster a collaborative, intellectually stimulating, and supportive environment. Competitive Compensation & Benefits: Wellness days, Generous PTO, Company-covered healthcare, 401k matching, paid parental leave, and of course snacks, lunches, and sustenance. Ready to step up and secure the critical future of identity? Join Our Mission Today. Reach out to us with your resume and why you think you'd make a stellar Corshian to *****************. We are an Equal Opportunity Employer and reasonable accommodations may be made to enable individuals with disabilities.

ISSO Industry: Government Contracting Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services. ISSO Key Responsibilities: · Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview. · Maintain operational security posture consistent with current security policy. · Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT. · Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed. · Serve as primary security to system owners, common control providers, and users. · Serve as focal point for cybersecurity incident reporting and subsequent resolution. · Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language. · Ensure all security-related SDLC documentation meets all identified security needs. · Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium. · Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium. · Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures. · Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium. · Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system. · Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring. · Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation. · Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan. · Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS). · Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium. · Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy. · Complete mandatory annual specialized information security training. ISSO Required Skills:8+ years of experience in IT Security Certified Information Systems Security Professional (CISSP) certification. Understanding of NIST 800.53 and its applicability to IT Systems. Expertise with Risk Management Framework, FEDRAMP and FISMA. Understanding authentication in the cloud environment. Experience with continuous monitoring of a cloud system Experience working on assessments with third party assessments organization (3PAO) AWS/Azure associate certified ISSO Compensation and benefits: $120,000 Company-supported medical, dental, vision, life, STD, and LTD insurance Benefits include 10 federal holidays and PTO. 401(k) with company matching Flexible Spending Accounts for commuter, medical, and dependent care expenses Tuition Assistance

At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with modern software, big data ecosystems, and cloud based technologies. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. Security is essential to what we do here, from protecting our customers to our associates. Responsibilities: Act as a central Information Security point of contact for the Enterprise Platforms line of business Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Data Security, Web Security, and Mobile Security Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures, and standards Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in development processes Escalate and manage cyber security risk Educate and influence executive leadership and associates to effectively leverage security capabilities and solutions to mitigate risks and emerging threats Deliver Cyber agenda and integration of Information Security within business objectives for the line of business area Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment Work with line of business leadership to anticipate their objectives and needs to better serve the line of business About You: You have a desire to work in a very fast moving, forward leaning, and modern computing environment You have a deep passion for securing modern computing platforms You have a strong desire to continually learn about new technologies You possess strong conceptual thinking and communication skills You are able to work well under minimal supervision You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives You are able to tailor communications and analysis to the intended audience Basic Qualifications: High School Diploma, GED, or equivalent certification At least 6 years of experience working in cybersecurity or information technology At least 6 years of experience providing guidance and oversight of cyber security concepts At least 5 years of experience performing security risk assessments or security architecture reviews At least 5 years of experience with architecture, software design, networking, or cloud infrastructure At least 4 years of experience with cloud security engineering At least 2 years experience utilizing agile methodologies within DevOps environments Preferred Qualifications: Bachelor's Degree 8+ years of experience in cyber security or information technology 6+ years of experience in securing a public cloud environment 5+ years of experience securing Identity Applications 5+ years of experience with Threat Modeling AWS Certified Solutions Architect or Certified Information Systems Security Professional (CISSP) certification At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, E-2, E-3, L-1 and O-1, or any EADs or other forms of work authorization that require immigration support from an employer). The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Plano, TX: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret SCI + Polygraph Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Computer Security, Information System Security, Security Information, Security Requirements, System Security Certifications: None Experience: 10 + years of related experience US Citizenship Required: Yes Job Description: Provides support for a program, organization, system, or enclave's information assurance program. Provides support for proposing, coordinating, implementing, and enforcing nformation systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Supports security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF). Provide support to senior ISSOs for implementing, and enforcing information systems security policies, standards, and methodologies. Assist with preparation and maintenance of documentation. Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information. Assist with the CM for information system security software, hardware, and firmware (U) Maintain records on workstations, servers, routers, firewalls, intelligent hubs , network switches, etc. to include system upgrades. Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies. Develop and maintain documentation for C&A in accordance with ODNI and DoD policies. Provide CM for security-relevant information system software, hardware, and firmware. Develop system security policy and ensures compliance. Evaluate security solutions to ensure they meet security requirements for processing classified information. Maintain operational security posture for an information system or program. Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave. Develop and update the system security plan and other IA documentation. Assist with the management of security aspects of the information system and perform day-today security operations of the system. Administer the user identification and authentication mechanism of the Information System (IS). Obtain C&A for ISs under their purview. Provide support for a program, organization, system, or enclave's information assurance program. Plan and coordinate the IT security programs and policies. Manage and control changes to the system and assessing the security impact of those changes. Serve as the Approval Authority for ISs under their control. Ten (10) years experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Experience is to include at least two (2) of the following areas: knowledge of current security tools, hardware/software security implementation; communication protocols; and encryption techniques/tools. Bachelor's degree in Computer Science or related discipline from an accredited college or university is required. DoD 8570 compliance with Information Assurance Management (IAM) Level I or higher is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree. GDIT IS YOUR PLACE: ● Full-flex work week to own your priorities at work and at home ● 401K with company match ● Comprehensive health and wellness packages ● Internal mobility team dedicated to helping you own your career ● Professional growth opportunities including paid education and certifications ● Cutting-edge technology you can learn from #MD_2025Alumni The likely salary range for this position is $114,750 - $155,250. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: None Telecommuting Options: Onsite Work Location: USA MD Annapolis Junction Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

The Cyber Information Assurance Analyst SME -SCA-R supports DoD systems through the full Risk Management Framework (RMF) lifecycle by conducting risk analysis, control validation, and cybersecurity assessments. This role works closely with government stakeholders to evaluate system security posture, ensure compliance with DoD and NIST requirements, assess vulnerabilities, and support system authorization activities using approved government tools. Chickasaw Nation Industries, Inc. serves as a holding company with multiple subsidiaries engaged in several lines of business (Technology, Infrastructure & Engineering, Health, Manufacturing, Public Safety, Consulting, and Transportation) for the federal government and commercial enterprises. A portion of our profits is used to support Chickasaw citizens. We are proud to support the economic development and long-term viability of the Chickasaw Nation and its people. CNI offers premium benefits eligible on the first day of hire to full time employees; (Medical - Dental - Vision), Company Life Insurance, Short-Term and Long-Term Disability Insurance, 401(K) Immediate Vesting, Professional Development Assistance, Legal Aid Assistance Program, Family Planning / Fertility Assistance, Personal Time Off, and Observance of Federal Holidays. As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act. ESSENTIAL REQUIREMENTS * Have an active DoD Top Secret clearance with SCI eligibility * DoD 8570 IAM/IA Technical (IAT) Level II certification * Demonstrated experience with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices * Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253 * Demonstratable experience in risk analysis, control validation, and as a Security Control Assessor Representative (SCA-R). * Demonstrated experience with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS * Advanced understanding of key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications * Customer service skills KEY DUTIES AND RESPONSIBILITIES Essential Duties and responsibilities include the following. Other duties may be assigned. * Use government-assigned tools to perform weekly updates, maintain records, and complete tasks. * Coordinate with ISSMs and PMOs to understand system architecture, security requirements, and changes. * Conduct risk analysis and authorization tasks across all RMF steps using approved RE5 tools and processes. * Verify authorization boundaries and categorize systems (FIPS199). * Identify data classifications and conduct system-level risk assessments. * Track system changes, assess impacts, and report updates to the AO. * Evaluate authorization and change requests, web filtering, firewall exceptions, ports/protocols, cybersecurity risks, STIG/SRG compliance, and on-site security. * Lead assessment visits, conduct briefings, and ensure proper documentation and reporting. * Attend required government training and meetings to stay updated on process changes. * Maintain access and proficiency in required government databases and cybersecurity tools. * Assess threats, vulnerabilities, and residual risks; compile findings into authorization packages. * Support assigned systems throughout their lifecycle in alignment with FISMA requirements. * Submit weekly activity reports summarizing tasks, tracking IDs, and key updates. * Complete assessor training, vulnerability scanning, endpoint security, and RMF step training. EDUCATION AND EXPERIENCE Bachelor's Degree (IT-related field preferred) and a minimum of eight (8) years of overall experience in cybersecurity or network security position. Five (5) years of experience in a Certification and Accreditation/A&A role. PHYSICAL DEMANDS Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. EOE including Disability/Vet The estimated pay range for this role is $115K to $125K, with the final offer contingent on location, skillset, and experience. CNI offers a comprehensive benefits package that includes: * Medical * Dental * Vision * 401(k) * Family Planning/Fertility Assistance * STD/LTD/Basic Life/AD&D * Legal-Aid Program * Employee Assistance Program (EAP) * Paid Time Off (PTO) - (11) Federal Holidays * Training and Development Opportunities Your application submission will be considered for all potential employment opportunities with Chickasaw Nation Industries (CNI). #INDCNI

Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation's warfighters. At Nooks, we value innovation, collaboration, and a service-first mindset. ABOUT THE ROLE The Cybersecurity Support Specialist will support the security and compliance of classified and unclassified IT systems by assisting the Site Cybersecurity Lead with day-to-day cybersecurity operations. This role is designed for an early-career professional who is eager to build hands-on experience with cybersecurity compliance frameworks, security tools, and system hardening practices. The Cybersecurity Support Specialist will help ensure secure operations, assist with compliance-related documentation, and collaborate closely with IT and security teams to maintain a strong security posture. KEY RESPONSIBILITIES: Assist with monitoring, auditing, and maintaining the security posture of classified and unclassified IT systems. Support the development and upkeep of cybersecurity documentation, including Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and audit logs. Conduct basic vulnerability scanning, patch verification, and security checks under the supervision of the Site Cybersecurity Lead. Provide Tier 1 support for cybersecurity-related user requests and escalate issues as appropriate. Assist with account management, permissions reviews, and implementation of access control policies. Document findings, remediation efforts, and compliance-related actions in accordance with organizational and Department of Defense (DoD) standards. Collaborate with IT, cybersecurity, and physical security teams to ensure compliance with organizational policies and applicable DoD requirements. Participate in incident response activities, including log collection, basic analysis, and reporting. Contribute to ongoing security awareness efforts by reinforcing cybersecurity best practices with end users. THE SKILLSET: Associate's or Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent practical experience). 1-2 years of experience in cybersecurity, IT support, or system administration (internship, academic, or DoD exposure strongly considered). Possess a DoD 8140.03/8570.01 Information Assurance Technical II certification or able to obtain within 6 months of hire (e.g., CompTIA Security+). Familiarity with information security concepts such as access control, vulnerability management, and system hardening. Foundational knowledge of Windows and Linux operating systems, networking, and common IT troubleshooting practices. Strong documentation and organizational skills with attention to detail. Excellent communication and teamwork skills to support collaboration across IT and security functions. ELIGIBILITY + CLEARANCE U.S. citizenship is required. Top Secret (TS) security clearance with eligibility for Sensitive Compartmented Information (SCI) is required. Salary Range for all departments Salary Range$80,000-$135,000 USD

Job Description Who is Saliense? Saliense is a growing Management and Technology Consulting Solutions provider based out of Mclean, VA. We work to solve our client's toughest challenges within the Defense, Civilian, Financial, and Healthcare industries. Our diverse employees support vital missions for government and commercial customers. For more information, visit ***************** Why Saliense? In addition to providing a fun, energetic environment that promotes innovation and personal growth, we offer excellent compensation packages with plenty of opportunities for advancement. We pay 100% of the premiums for employee Healthcare, including medical, dental, and vision. We offer a 401K match, and all company contributions are 100% vested immediately. Since we believe in work-life balance so much, we offer 20 days of paid leave per year. Use it as you need it or use it all at once and go travel for a month! We are proud to offer parental leave. There are many more - connect with us to get a preview of the full benefits package. Saliense has a new opportunity for an Information Security Analyst to support the U.S. Marshals in Arlington, VA. This is a hybrid position that requires 2 days onsite every other week in Arlington, VA. Information Security Analyst must have experience (i.e., a minimum of one (1) year) within federal information systems security policy and implementation. At a minimum, a core set of knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis. Responsibilities: Develop and execute test plans of the OMB Circular A-123 internal control assessments. Develop and execute test plans of the FISMA internal control assessments. Determine, gather, examine, and analyze artifacts related to OMB Circular A-123 security control assessments and remediation verification. Determine, gather, examine, and analyze artifacts related to FISMA security control assessments and remediation verification. Document all assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions. Provide recommendations and guidance for corrective action of all non-compliant security controls. Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current. Provide support for verifying compliance with the Federal Information System Modernization Action (FISMA) as part of both internal and external control assessments/audits across all accredited agency information technology systems. Provides technical evaluations of customer systems and assists with making security improvements. Conducts security product evaluations, and recommends products, technologies, and upgrades to improve the customer's security posture. Required Experience: Must have a minimum of one (1) year of federal information systems security experience. Minimum Educational Requirements: BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline. ***Saliense Consulting LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Job DescriptionGrow, innovate, and generate progress: Harness your expertise to solve challenges and celebrate success! JCS Solutions LLC (JCS) is seeking a Cyber Security Analyst to support our federal client. This position offers a great opportunity to be part of a high-performing team responsible for supporting a full complement of customer-centric technical support services. Must be a U.S. Citizen and able to obtain a Public Trust Clearance. If you are interested in a challenge and a great working environment, apply today! What's in it for you: Join a premier technology firm specializing in innovative solutions. Be part of a collaborative, inclusive, and innovative work culture. Enjoy tremendous growth potential in a high-performing team environment. A robust benefits package: Health, dental, and vision insurance Life insurance Short-and-long term disability Paid time off (PTO) 401k retirement plan with employer match Annual Professional Development Reimbursement Program And more! What you will do: Designs, develops, implements, and integrates information assurance architecture, systems, or system components for use within data center, network, and enclave environments. Ensures that the architecture and design of information systems are functional and secure. Supports: policy development and implementation; security engineering and security architecture; certification and accreditation processes and activities; continuity of operations planning, testing, and maintenance; security testing and analysis. Provides secure solutions to complex security issues. Upgrades systems by implementing and maintaining security controls. Participates on security and related working groups as required and at various levels. Develops and presents security solutions and recommendations to senior management for sites, systems, and networks. Keeps users informed by preparing performance reports and communicating system status. What you will bring: Four (4) years of cybersecurity experience Bachelor's degree in a relevant field of study Strong written and verbal communication skills (English) Demonstrated experience working with multiple assignments or multiple stakeholder groups Strong foundational understanding of information security and privacy practices and regulations How you will wow us: Hands-on experience using new and emerging cybersecurity technologies Hands-on experience using tools such as BigFix, Splunk, Tripwire, Cylance, Tenable, etc Experience running scans, reporting results, working with staff to support patching, documentation for SOPs and other areas, completing security waivers, validating identities for RSA tokens, triaging security tickets, monitoring Incident Response Team (IRT) requests, and working closely with desktop teams to resolve security issues Experience using a helpdesk ticketing system such as ServiceNow JCS Solutions (JCS) is a premier technology firm providing innovative solutions and high-quality services in defense, national security, and civilian sectors. JCS offers enterprise-wide solutions including cloud computing, software development, cybersecurity, digital modernization, and management consulting for the federal government. At JCS, we elevate our customers' mission through the application of technology and professional services. Our commitment to investing in our workforce drives innovation and progress for our clients, employees, and communities. JCS has been certified as a Great Place to Work four years in a row and was awarded Washington Post's Top Places to Work for 2024 and 2025. Our employees embody our core values, and we are looking for others who do too! Customer Experience: Strive for excellence and delight our clients Innovation: Embrace creative thinking to enable continual growth and powerful solutions Accountability: Take ownership of and pride in our actions and service delivery Inspire: Be inspired to be your best self and have fun in the process Integrity: Do the right thing, the right way, every time! Stewardship: The careful and responsible management of something entrusted to our care. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to any status protected by applicable federal, state, or local laws. Powered by JazzHR yd AQBxzkP5