Information security analyst jobs in Richmond, VA

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Centurion is seeking a skilled Information Security Analyst to support security and privacy efforts across all programs, projects, IT systems, and applications. This role will work closely with the Information Security Office (ISO), providing expertise in governance, risk, and compliance, while ensuring appropriate security controls are implemented and maintained. The ideal candidate is detail-oriented, collaborative, and experienced in applying security frameworks to real-world business and technology environments. Key Responsibilities Support Information Security and Privacy initiatives across business areas and vendor engagements. Manage and update information security documentation within a Governance, Risk, and Compliance (GRC) system. Develop and maintain System Security Plans (SSPs) in collaboration with business stakeholders. Represent the Information Security Office in PMO-led projects, ensuring proper ISO engagement. Partner with teams to analyze challenges, propose compliant solutions, and deliver clear communications. Assist in the creation and maintenance of information security standards, policies, and procedures. Document security controls, including system diagrams, risk assessments, and control narratives. Review contracts and vendor documentation to ensure adequate information security protections. Conduct research on emerging information security and privacy practices to strengthen internal processes. Required Qualifications Minimum of 3 years' experience in information security concepts related to governance, risk, and compliance. Strong knowledge of information security principles, methods, and IT infrastructure management. Experience with security frameworks (e.g., NIST, ISO 27001, COBIT). Proven ability to organize work, prioritize tasks, and meet deadlines independently. Experience drafting policies, standards, and procedures related to Information Security and Privacy. Ability to interpret technical documentation, flow diagrams, and process maps. Strong communication skills with the ability to write clearly for varied audiences. Proficiency in creating diagrams, flowcharts, and spreadsheets. Understanding of general contract terms and conditions related to information security. Preferred Qualifications Bachelor's degree in Computer Science, Information Systems, or related field. Professional certifications such as CISA, CISSP, or equivalent. Prior experience in the financial services industry. Knowledge of cloud and application security controls. Familiarity with information security regulations such as GLBA, GDPR, PCI, and privacy regulations including GDPR, CCPA, VCDPA. Why Join Us? Play a vital role in protecting sensitive information and strengthening enterprise-wide security posture. Collaborate across teams and gain exposure to a broad range of security and compliance initiatives.

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress. We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. **The Role** Location: Remote Reports to: VP, Black Lotus Security Group Clearance Required: Active TS/SCI with CI polygraph About Black Lotus Security Group Black Lotus Security Group (BLSG) is Lumen Technologies' advanced threat intelligence and network engineering organization. BLSG combines global internet telemetry, large-scale analytics, and deep security engineering expertise to uncover, disrupt, and defend against the most sophisticated cyber threats. Our mission is to protect critical infrastructure, enterprises, and governments by transforming raw network visibility into actionable intelligence and resilient security solutions. Through close collaboration with customers, partners, and the broader security ecosystem, BLSG delivers scalable defenses that safeguard the world's most complex networks. **The Main Responsibilities** We are seeking a Principal Information Security Engineer Director, Information Security to support high-value public- and private-sector customers. You will be primarily responsible for deploying, configuring, and securing network security gear, with a strong emphasis on optical fiber installation, testing, and maintenance. You will focus on hands-on implementation, troubleshooting, and support in complex environments, while collaborating with internal teams and customers to ensure resilient and secure solutions. What You'll Do Deploy, configure, and maintain routers, switches, firewalls, and VPNs across data center and field environments. Install, terminate, and test optical fiber (single-mode and multi-mode), and end-to-end troubleshooting. Serve as a trusted technical contact for customers, vendors, and peers during deployments and escalations. Produce clear, reusable technical documentation including network diagrams, Methods of Procedure (MoPs), and runbooks. Identify risks during deployment and ensure adherence to compliance and government security standards. Collaborate with cross-functional teams to integrate security into network design and deployments. Travel domestically as required to support surveys, installations, and cutovers. Perform advanced troubleshooting of network security issues and escalations to restore service quickly and prevent recurrence. Define and execute repeatable lab and field test procedures; help standardize deployment patterns and acceptance criteria. Coordinate activities with vendors, internal teams, and customer stakeholders to meet scope, schedule, and quality objectives. Contribute to peer knowledge transfer and the documentation of best practices and lessons learned. Who You Are You are a hands-on engineer who thrives in complex, mission-critical environments. You communicate with clarity, drive accountability through partnership, and can translate strategy into executable tasks in the field. You bring a bias for action, meticulous documentation habits, and the ability to apply structure to ambiguity while engaging stakeholders professionally. **What We Look For in a Candidate** Active TS/SCI clearance with CI polygraph. Applicants selected will be subject to a government security investigation and must meet eligibility requirements and either currently possess an active security clearance or be clearable to obtain one. US Citizenship required. 8+ years of progressively responsible experience in network engineering or security operations. Strong hands-on expertise with optical fiber (testing and troubleshooting across single-mode and multi-mode). Proven experience with routed and switched networks: TCP/IP, Ethernet, VLANs, IPsec, VPNs, and firewalls. Familiarity with automation/configuration tools (e.g., Ansible). Background in system, network, or security administration (Unix/Linux preferred). Excellent written and verbal communication skills; proven stakeholder engagement with customers and vendors. Preferred Qualifications Experience with SD-WAN platforms (e.g., Fortinet, Juniper, Viptela, Aruba) and load balancers (F5, Citrix). Familiarity with NIST standards, DISA STIGs, TIC 3.0, and Zero Trust architectures. Demonstrated contributions to standards, documentation, and technical training in large-scale environments. Success in This Role 30 days: Complete onboarding, assume responsibility for assigned environments, and deliver an initial deployment assessment. 60 days: Independently execute deployments, including optical fiber testing and documentation. 90 days: Lead deployments end-to-end and produce hardened design recommendations aligned to compliance requirements. Additional Details Work Model: Remote; domestic travel as required for site surveys, installation, testing, and cutovers. Documentation & Quality: Create and maintain MoPs, runbooks, test plans, and as-built diagrams; contribute to continuous improvement of deployment standards. Compliance: Ensure risk mitigation and compliance in all deployments; raise and track issues to closure in collaboration with stakeholders. **Compensation** This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors Location Based Pay Ranges: $149,084 - $198,779 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $156,539 - $208,718 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $163,993 - $218,657 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process Learn more about Lumen's: + Benefits (**************************************************** + Bonus Structure \#LI-Remote **What to Expect Next** Requisition #: 339752 **Background Screening** If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page (************************************* . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. **Equal Employment Opportunities** We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. **Disclaimer** The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name. **Application Deadline** 11/30/2025

Title: Chief Information Security Officer (CISO) State Role Title: Info Technology Manager II Hiring Range: Up to $185,000 Pay Band: 7 Recruitment Type: General Public - G Job Duties The Department of Behavioral Health and Developmental Services (DBHDS) is seeking a dynamic and experienced information security and privacy leader to serve as the Chief Information Security Officer (CISO). This position is responsible for developing, managing and ensuring an efficient and effective information security and privacy program that safeguards the agency's information assets and supports the compliance with all applicable federal and Commonwealth laws and regulations. This position oversees the agency's security policies, risk management, compliance, and cybersecurity operations to ensure protection, detection, and corrective controls for all IT systems. Additional responsibilities include: • Providing strategic leadership for enterprise-wide cybersecurity, privacy, and IT governance, risk, and compliance (GRC) programs. • Designing and implementing policies, standards, and risk management frameworks aligned with Commonwealth security standards, and HIPAA requirements. • Overseeing the agency's incident response, vulnerability management, and cloud security, ensuring protection, detection, and corrective controls for all IT systems and cloud environments. • Leading the agency's initiatives in AI governance and emerging technology oversight, establishing responsible AI policies, risk assessments, and controls to ensure ethical, secure, and compliant adoption of artificial intelligence and automation technologies across DBHDS systems. • Supervising professional staff responsible for implementing technical safeguards, conducting risk assessments, managing investigations, and delivering security and privacy awareness training to maintain a secure, compliant, and resilient technology environment. • Advising the Executive Leadership Team on cybersecurity, privacy, and risk posture. • Developing data protection strategies and ensuring business continuity and incident recovery plans align with enterprise risk tolerance. Minimum Qualifications • Considerable experience in information security, information systems review, or related technology fields. • Demonstrated knowledge of information security and privacy practices, IT governance, risk management, and compliance frameworks (e.g., NIST, ISO 27001, HIPAA, ARMICS, VITA SEC-530) • Proven experience implementing and managing cloud security controls in cloud environments, including IAM, monitoring, and shared responsibility compliance. • Ability to lead enterprise cybersecurity operations, manage incident response, and oversee vulnerability and threat management programs. • Knowledge of cloud security architectures, shared responsibility models, and cloud-native risk mitigation strategies. • Experience establishing or managing AI governance frameworks or oversight committees related to data ethics, model transparency, and security of AI systems. • Proven ability to lead teams and supervise staff performing cybersecurity and risk management functions. • Strong communication, analytical, and problem-solving skills, with the ability to interact effectively with technical, executive stakeholders, and oversight entities. Additional Considerations • Certification as an Information Systems Security Professional (CISSP), Information Security Manager (CISM), or Information Systems Auditor (CISA). • Experience working in state or public sector information security programs. • Familiarity with HIPAA, ARMICS, and NIST security standards. • Experience building or maturing governance, risk, and compliance (GRC) programs and reporting metrics to executive leadership or board-level committees. Special Instructions You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position. This position is eligible, however not guaranteed, for telework opportunities; availability, hours, and duration of telework shall be approved as outlined in the Commonwealth telework policy. For consideration, interested applicants must apply by completing the online application. A resume may also be included with your submission. However, emailed, faxed, and hand-delivered applications and/or resumes will not be accepted. This position is open until filled; however, applications/resumes will begin to be reviewed within seven (7) business days of the date of this posting. Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act. DBHDS welcomes all applicants authorized to work in the U.S. For more information on how to seek this authorization, please refer to Working in the United States or contact the U.S. Citizenship and Immigration Services office directly. For any technical assistance with the jobs.virginia.gov website, please contact **********************************. Contact Information Name: ShaKiera Miles Phone: N/A Email: ********************************* - Inquiries Only/No Submissions, to include resumes. In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at ************. Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. Day Shift - 7.5 Hours (United States of America) We are seeking a detail-oriented and motivated Cyber Security Analyst (Level 1) to support our healthcare organization's mission of protecting patient data and ensuring compliance with HIPAA and other healthcare regulations. This entry-level role is ideal for individuals passionate about cybersecurity and eager to grow within a healthcare environment. Key Responsibilities: Monitor and analyze security alerts from healthcare systems, EHR platforms, and network infrastructure. Assist in the investigation and documentation of security incidents, including potential HIPAA violations. Support vulnerability scanning and patch management across clinical and administrative systems. Help maintain and enforce security policies, procedures, and incident response plans. Assist in documentation and presentation of findings from notable security investigations, including action items and lessons learned to drive ongoing security improvements. Act as first point of contact for security tickets and questions Participate in audits and risk assessments to ensure compliance with healthcare regulations (e.g., HIPAA, HITECH). Contribute to security awareness training for clinical and non-clinical staff. Stay informed on emerging threats, especially those targeting healthcare organizations. Required Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Health Informatics, or a related field (or equivalent experience). Basic understanding of healthcare IT systems and regulatory requirements (HIPAA, HITECH). Familiarity with security tools such as SIEM, antivirus, firewalls, and endpoint protection. Strong analytical and problem-solving skills. Excellent communication skills and ability to work in a team-oriented environment. Preferred Qualifications: Internship or experience in a healthcare IT or cybersecurity role. Certifications such as CompTIA Security+, HCISPP, or equivalent. Knowledge of EHR systems (e.g., Epic, Cerner) and medical device security is a plus. Work Environment: May involve hybrid or on-site work depending on facility needs. Participation in on-call rotation or after-hours incident response may be required Participation in on-call rotation or after-hours incident response may be required Salary Range: $65,000 - $80,000 Employment Non-Discrimination: Richmond University Medical Center is committed to equality of opportunity in all aspects of employment and provides full and equal employment opportunities to all employees and potential employees without regard to race, color, national origin, religion, gender identity, sex, sexual orientation, pregnancy, childbirth and related medical conditions and needs including lactation accommodations, physical or mental disability, age, immigration or citizenship status, veteran or active military status, genetic information, or any other legally protected status. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

**Title:** GRC Security Architect **Salary:** Up to $150K **About PSI** Join Us at PSI - Where You Belong, Grow, and Thrive! At PSI, we believe that people achieve their best when they feel they truly belong. That's why fairness and opportunity are at the heart of everything we do - not just words, but values deeply embedded in our culture and the full employee experience. We're proud to foster an environment where everyone is supported to reach their full potential. From your first day through every step of your journey with us, you'll feel the difference in how we work, grow, and succeed together. What You Can Expect From Us - We know that great work starts with feeling valued. That's why we've benchmarked all our roles against local market rates and why you'll always see salary details in our job postings. We believe in transparency, and we want you to feel confident that your next move aligns with your expectations. **About the Role** The GRC Security Architect plays a key role in supporting PSI's commitment to data security, privacy, and compliance. This role is responsible for driving core activities across quality, risk management, Information Security, data protection, and audit readiness to ensure the organization meets ISO, PCI, SOC 2, and other relevant standards. The position helps deliver assurance to stakeholders that PSI prioritizes the security and privacy of its data and systems. This is a full-time, permanent role, Monday to Friday, with flexible working hours around a standard 09:00 - 17:30 schedule. The role reports to the Snr Director of Information Security, Governance, Risk and Compliance and may be performed remotely, with occasional travel to offices and test centres as required for audits and assessments. This role requires that the successful applicant have experience working on Federal projects, be a United States resident and be able to obtain Federal clearance. **Role Responsibilities** + Collaborating with Internal teams to ensure that secure systems and networks are designed and implemented. + Identify potential security vulnerabilities within existing and prospective systems and devise strategies to address them. + Working with internal teams ensure that our infrastructure and applications adhere to established security measures. + Identify security risks in our organization and come up with possible preventative measures. + Assess the organization's security status in order to identify areas that need improvement. + Stay up-to-date with the emergence of new security threats while continuously adopting the industry's best practices. + Collaborate with internal teams to embed Security by Design principles in Infrastructure, Development and DevOps practices, implementing a framework to ensure that security controls are documented for all systems as part of standard operating procedures. + Collaborate with internal teams to support an integrated end-to-end GRC approach across the organization. + Maintain and update security policies, standards, procedures, and guidelines, ensuring they align with current business and IT practices. + Monitor and assess the effectiveness of security controls across business systems and processes. + Ensure alignment with client, regulatory, and internal compliance requirements. + Support the automation and continual improvement of GRC processes and tools. + Generate and present GRC-related metrics and reports to internal stakeholders and executive leadership. + Support internal and external audits (e.g., ISO27001, SOC2, etc.), including gathering evidence and managing responses. + Build and maintain cross-functional relationships with teams such as Legal, IT, Audit, Finance, and Business Operations to ensure GRC practices support overall business objectives. + Support ongoing compliance initiatives, including security incident reviews, risk memos, and policy exceptions. + Participate in the development of operational reports, metrics dashboards, and trend analysis related to security and compliance activities. + Support audit plans and compliance documentation for internal or external stakeholders. **Knowledge, Skills and Experience Requirements** + Experience working within, achieving and/or maintaining third-party attestations such as FedRAMP, SOC2, ISO27001 + Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) strongly recommended + Experience working on a Federal Program is essential and contributing to core document set eg SSP, ConMon reporting, POAMs, System Narrative, SCP, SIA + Experience implementing or maintaining FedRAMP Moderate Authorization is desirable. + Experience documenting security controls in Architecture diagrams is essential + Extensive training and experience in IT disciplines such as application and data security, systems programming, systems design, computer technology or software disciplines + Familiarity with OneTrust or ServiceNow GRC and Privacy tools desired + Certified training in security management, risk and compliance solutions and practices. CISSP, ISSAP, CISA, CISM, GSEC, or related certification(s) desirable. + Experience in a fast-paced GRC function (desirable). **Benefits & Culture** Alongside a competitive salary, we offer a comprehensive benefits package designed to support your well-being, your future, and your sense of purpose: + Retirement Benefits: 401(k), pension, or country-specific retirement plans with employer contributions + Generous Time Off: Enhanced paid time off/annual leave policies + Health & Wellbeing Coverage: Medical insurance tailored to your region, plus: + US: Dental, vision, life, and short-term disability insurance + UK: Medical cashback plan including dental, vision, and income protection + Flexible Spending Accounts (US) + Employee Assistance Program (EAP): Confidential support whenever you need it + Work-Life Balance: We understand life happens outside of work, and we fully support flexibility + Wellness Culture: Regular global wellness initiatives to help you stay healthy and inspired + Future Planning: Tools and support to help you grow personally and professionally + Giving Back: Enjoy a Volunteer Day each year and opportunities to support our communities and industry At PSI, we're more than just a workplace - we're a global team driven by shared values and real impact. If you're ready to be part of a company that's committed to your growth and well-being, we'd love to hear from you. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights (**************************** notice from the Department of Labor.

Role : IT Security Analyst 3 Interview Mode: Web Cam Interview Only The Virginia Department of Transportation is seeking to fill the Information Technology (IT) Security Analyst position. This position reports to the Deputy Information Security Officer in the Office of Information Security located in Richmond, Virginia. The IT Security Analyst supports the VDOT Information Security mission by implementing results-oriented strategic approaches, plans, programs, and procedures. This position helps to ensure that Commonwealth of Virginia Information Security Policies and Standards are followed by the Agency. The broad areas of responsibility for this position include; identity and access management, IT risk management, business continuity and IT disaster recovery planning, security awareness education and training, security vulnerability management, Artifical Intelligence compliance and security incident management. Responsibilities: Documents processes and script narratives/executive summaries. Create Business focused documentation for circulation among readers with various technical understanding. Share insight of Security Architecture and IT Governance approaches and implementation methodologies Research and provide written guidance on alignment with security policies/standards. Perform tasks related to Security Compliance and Control Evaluation, Risk analysis, and exception documentation. Collaborate with Business areas and cross- functional Enterprise Architects to fully understand business needs and provide strategic consultation on data security and risk-averse implementation. Partner with architects, other technical team members and to develop roadmaps and strategies to support agency KPIs Design/Implement Enterprise Security/technology Patterns Consult with teams as needed on initiatives and provide tactical direction as well as provide architecture considerations on legacy solutions Research and share finding of architecture governance, controls, and peer review processed with regards to platform technology, security, and cloud. Qualifications: Comprehensive knowledge of Information Security principles; including information security trends, emerging technologies, best-practices, controls, models, architecture, etc. Practical experience with identity and access management, IT risk management, business continuity and IT disaster recovery planning, security awareness education and training, security vulnerability management, and security incident management. Familiarity with the Commonwealth of Virginia's Information Security Standards and/or the National Institute of Standards and Technology Publication 800-53. Able to communicate effectively in writing and orally, exercise judgment, interpret laws and policies, and maintain effective working relationships with a wide variety of individuals in both the public and private sectors Experience in monitoring IT environments for compliance with information security architecture policies and standards. Substantial technical experience in 2 or more: Cloud-based technologies, Artificial Intelligence, Machine Learning, Identity & Access Management, Vulnerability Management, firewalls, computer forensic techniques, databases, collaboration tools, web & mail services. Ability to provide input and security direction for future designs, information security capabilities, and strategic technology alternatives. Excellent written and oral communication and presentation skills (possessing the ability to breakdown complex technical terms into everyday language). Demonstrated ability to work with broad cross-section of personal including all levels of management and external entities such as VITA consultants and service providers to explain and security measures and collaborate and disseminate security related information in partnership with the Office of Information Security. Work experience in a fast-paced environment and acquire new skills/knowledge to meet customer needs. Thorough understanding of customers priorities and the business criticality of platforms, applications and services.

Interview Mode: Web Cam Interview Only Need resume by July 25 The client is seeking a team member to function as a Governance Analyst. The IT Governance practice at VDOT is focused on process improvement, standardization, reporting and risk minimization. It's responsible for ensuring compliance. The Analyst will review processes & develop documentation to support Governance initiatives. The Analyst will also assist in issue resolution, operationalizing Governance practices, creating and socializing IT Governance artifacts (such as IT audit responses, control processes etc.) This position will also assist in extending the scope of ITD Governance, Security Architecture and Process Improvement. Responsibilities: The IT Governance Analyst is responsible for providing support to IT services, and will align IT investments with enterprise business goals, as well as Bureau and Agency guidance. Develop, update and maintain IT governance documents including IIMS, policies and guidelines. Translate complex technical and compliance concept into clear, understandable documentation Support technical writing and review for the division's flagship governance documents and policies. Oversee the IT audit inquiry process by coordinating with internal auditors and customers to relay evidence of compliance to agency standards. Oversee the IT audit remediation process by coordinating with developers, engineers, and IT Leadership to rectify points of non-compliance to agency standards. Coordinate requirements submission and execution requirements for the Audit Kanban, ensuring an accurate level of detail and defined scope. Provide input into the augmentation of a governance model for ITD's critical processes. Qualifications: Demonstrated knowledge or experience in process modeling with Microsoft Visio. Experience with drafting policy, technical briefings, business or executive-centered presentations, and reports Knowledge an Agile Project Management environment preferred. Knowledge of general IT Audit and Compliance response processes Understanding of IT Governance best practices, tools, with willingness to learn Commonwealth or Agency Implementation Ability to work independently, creatively, and analytically in a fast-paced, team environment. Attention to detail, strong listening skills, and good verbal and written communications are required. Skill Required / Desired Amount Experience Knowledge and application of IT Governance and Compliance standards Required 7 Years Experience in Technical Writing, editing skills and policy documentation Required 7 Years Experience in Process Modeling Required 7 Years Power BI Experience Required 3 Years Experience in business writing and presenting Required 7 Years Microsoft Visio, Planner and SharePoint Online experience Required 7 Years

Ask ITC Inc. which is backed by a $500 million Microtek group company, provides an industry leading blend of technology, business consulting, and outsourcing services. Ask IT is a minority-owed enterprise; it has been founded on providing the highest quality possible and on the devotion to customer satisfaction. Job Description Daily responsibility for supporting the Procurement / Finance team To support IT division by overseeing an Outlook Mailbox routing for purchasing IT Goods and Services as well as Sharepoint. Daily accounting, and accounts payable activities. Performs adminstrative duties to support the division. Process invoices, procurement and reconciles vendor inquiries, request quotes for purchases of consumables for VDOT. Interprets and applies policies and interprets and develops procedures and processes in this area. Oversees a wide range of administrative and technical functions necessary for effective office management. Independently performs all administrative and fiscal tasks with accuracy. Tasks include accounts payable and receivable, and procurement. Routinely responds to a variety of requests from agency management, external organizations, consultants and the general public. Identify the technology business needs and technology products, services or solution that will best fulfill those needs while determining cost containment. IT procurement liaison who works with VITA and NG, understanding technology in order to discuss contracts, licenses agreements, maintenance agreements and contracts. Qualifications Skilled functionality with SharePoint. Skilled in the functionality of financial systems, Microsoft Office Suites, and other automated equipment and tools. Skilled in English grammar with the ability to communicate effectively. Considerable experience records management, governmental accounting, and financial management. Additional Information All your information will be kept confidential according to EEO guidelines.

ON SITE: 3 days a week required Responsibilities: Conduct detailed financial analysis and forecasting for security products and services within the agency. Develop and maintain budgeting models to support product and service funding requests, execution, and cost management. Collaborate with cross-functional teams including IT security, procurement, and compliance to align financial strategies with agency goals Monitor and report on financial performance against approved budgets, identifying risks and opportunities. Support procurement and contract negotiations with vendors from a financial perspective. Analyze life cycle costs and support cost-benefit evaluations for new security initiatives and technology acquisitions. Assist in evaluating the financial viability of new security products or enhancements Provide clear, concise financial reports and briefings for senior leadership and oversight bodies. Support continuous improvement of financial processes and systems related to security program funding and expenditure tracking. Job Type: Contract Experience: BS/MS degree in Computer Science, Engineering or a related: 4 years (Preferred) financial modeling, budgeting, cost analysis,forecasting.: 2 years (Preferred) analytical, organizational, and communication skills.: 2 years (Preferred) Ability to manage multiple priorities and deliver results: 2 years (Preferred) Familiarity with State Government budgeting process.: 2 years (Preferred) Understand technologies as it relates to product and cost: 2 years (Preferred) financial management systems and tools (Microsoft Office): 2 years (Preferred)

Number of positions: 1 Length: 12Months + Work Address: Richmond, VA Immediate Interviews In Person Interview IT Security Analyst 4 Hybrid (ONSITE Required: 2-3 days/week) Document and address organization\'s information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. 3 days - on site -2 days - remote Notes from the manager: For this position we are really looking for someone who is strong in Security Operations (Vulnerability Management, Penetration Testing, Incident Response, Identity Access Management, etc.). A few of the candidates were strong in Risk Management (Risk Assessment, Data Classification, Audits, etc.) but we already have those skills on our team. The remaining candidates mostly struggled to answer basic technical questions relating to security and seemed to mostly come from more IT Operations backgrounds. We are looking for an experienced person as this is not an entry level opening. General things to consider when screening: 1. Experience with vulnerability management is key for this position. 2. Experience with application penetration is key for this position. 3. Experience with Dev SecOps/Secure Software Development Lifecycle (Secure SDLC/SSDLC)/Secure by Design is key for this position. 4. Scripting and automation experience is highly desired for this position. 5. Interpersonal skills and being able to talk with and manage stakeholders are key for this position. Analyze the security impact of application, configuration, and infrastructure changes to ensure compliance with the security standard as part of the change management lifecycle. Assess the configurations of applications, servers, and network devices for compliance with the security standard. Analyze and document how the implementation of new system or new interfaces between systems impacts the security posture of the current environment. Assess and document the security impact and risks of newly discovered vulnerabilities in the environment. Coordinate resolution of application and infrastructure security vulnerabilities with System Owners, IT, and vendors. Track resolution of vulnerabilities and provide regular updates to management. Coordinate resolution of endpoint security vulnerabilities with users and provide regular updates to management. Respond to, and investigate, security incidents and provide thorough post-event analyses. Perform internal application penetration testing, document findings, and recommend improvements to improve the organizations security posture. Complete annual password security audits and coordinate completion of agency wide user access audits in compliance with the security standard. Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. Create and maintain desk procedures and process documentation for all responsibilities. Required/Desired Skills Candidates must have ALL the Required skills in order to be considered for the position. Desired or Highly Desired skills are a PLUS but may NOT be required. Skill Matrix (Please fill the last two columns of this matrix) Experience with Business workflow processes Required / Desired Amount of Experience Years of Experience Last Used NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system. Required 5 Years Software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc. Required 5 Years Familiarity with programming languages such as Python, Java, JavaScript, C++, C#, SQL, HTML, CSS, and/or COBOL. Required 5 Years Expertise in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable. Required 5 Years Familiarity with web application security testing tools like Burp Suite, Fortify, and/or AppScan. Required 5 Years Basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation Required 5 Years IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest+ and/or CompTIA Security+) Required 5 Years

The Client is seeking an experienced Senior Security Operations Engineer with in-depth knowledge and hands on experience in the areas of Information Systems security, security policy, intrusion detection/prevention systems, firewalls, anti-virus software, anti-malware, anti-phishing, authentication systems, log analysis and management, web content filtering; network protocols and security/authentication protocols at all layers of the OSI model with emphasis on TCP/IP, web security gateways, network access control, endpoint security, and perimeter security technologies. The Senior Security Operations Engineer contributes to the overall technology roadmap. Key Responsibilities: Participates in the design, implementation and support of security infrastructure for the Client. Identifies network and information security risks across the enterprise, design, engineer, implement security solutions to address the risks at an enterprise level. Works closely with the IT Division and outside vendors to effectively design, plan, deploy, secure and update network projects in the environment. Effective collaboration with the Office of Information Security OIS and other ITD groups is maintained. Strategic Plan items pertinent to the Network Security Operations group are completed. System policies and procedures are created, documented, and maintained. Perform network scans and penetration testing. Monitors log analysis and management tools for threats. Evaluate vulnerability scan results and notify business, application, and infrastructure teams of vulnerabilities in need of remediation. Evaluate and participate in agency Azure cloud solution review of network, security, and general project involvement. Ensure all daily functions that are required to maintain security applicable systems and applications are documented. Work with the agency's ISO team and the IT Auditors to review security audit findings and vulnerability scans results. Identify recommended correction activities and course of action, once determined communicate with the various stakeholders. Device configurations are based on best practices. Relevant documentation is kept up to date. Coordinating the handling and resolution of incidents related to security. Skills: SkillRequired / DesiredAmountof ExperienceConsiderable knowledge and hands on experience in the areas of information systems security of security policy Required7YearsConsiderable knowledge hands on experience with web security gateways, network access control, endpoint security, and perimeter security technologies.Required7YearsConsiderable knowledge and hands on experience with firewalls, anti-virus software, anti-malware, anti-phishing, authentication systems.Required7YearsConsiderable knowledge and hands on experience with intrusion detection/prevention systems, log analysis and management, web content filtering Required7YearsConsiderable knowledge and experience with network protocols and security/authentication protocols at all layers of OSI model with emphasis on TCP/IPRequired7YearsDemonstrated ability to identify security risks across the enterprise and perform the day-to-day operation.Required7YearsDemonstrated ability to administer and protect the integrity, confidentiality, and availability of information assets and technology infrastructure Required7YearsConsiderable knowledge and hands on experience detecting, responding, remediating security incidents.Required7YearsConsiderable knowledge and hands on experience remediating System Security Plans (SSP) and Risk Assessment (RA) in cybersecurity Required7YearsSolid experience with performing threat; vulnerability, risk assessment and coordinating the resolution of incidents related to security breaches.Required7YearsConsiderable knowledge and hands on experience with web related technologies and penetration testing tools Required7YearsCISSPHighly desired Years Powered by JazzHR Ofrm7kSZXQ

What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! Looking for a role that will have a meaningful impact on Security Engineering? We are looking for an individual to reduce enterprise risk through the secure design, implementation and administration of cybersecurity tools and helping to enhance department strategies to protect our customers, data, and associates. What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! The opportunity: We are seeking a Security Engineer to join our dynamic team, where you'll play a pivotal role in fortifying our company's internal network against unauthorized access and cyber threats. As a Security Engineer, you'll be at the forefront of our cybersecurity efforts, designing and implementing cutting-edge security strategies. You will have the chance to collaborate with a team of skilled security specialists to devise and execute robust architecture solutions that protect our digital assets. Your expertise will not only help mitigate potential damages during current attacks but also proactively identify and resolve hardware or software vulnerabilities before they become threats. In this role, you'll leverage your deep understanding of various hardware and software technologies, along with the Enterprise Security Framework, to drive innovative design solutions and provide strategic recommendations. Your insights and contributions will be crucial in shaping the security posture of our organization, ensuring that we stay ahead of evolving cyber risks. What you'll be doing: Architect & Implement: Design and deploy cloud security architectures meeting business, security, and compliance needs. Configuration Management: Secure cloud-based tools and mobile technology, ensuring safe access solutions. Security Environments: Create and maintain testing environments for security solutions. Risk Mitigation: Innovate security measures across on-premise and cloud environments. Network Security Oversight: Manage cloud network security, including firewall approvals. Automation & Scripting: Develop automation scripts for security needs. Incident Response: Lead and strategize responses to cyber threats. Secure Access Solutions: Implement secure authentication, authorization, and encryption strategies. Cyber Threat Awareness: Stay updated on security trends and threats. Change Management: Oversee security aspects of cloud changes and software deployments. Policy Documentation: Document and enforce security policies and procedures. Skill Development: Update and share technical knowledge on data protection. Metrics & Reporting: Generate Cloud Security status metrics. Mentorship & Leadership: Guide and mentor junior team members. Operational Support: Maintain security tools and systems. Compliance: Ensure compliance with regulations (NY State, PCI, GDPR, NIST). Project Support: Evaluate and implement new security technologies. Technical Resource: Serve as an expert for other departments. Communication: Convey security issues and solutions clearly. Additional Duties: Participate in incident response, change management, and system maintenance. Our must-haves: 3+ years related work experience & industry certification in cyber security. Bachelor's degree in Computer Science or Engineering with a focus on Cyber Security, Digital Forensics or related work experience/certification. Security+ or similar industry approved certifications. Other certifications that are a plus: ITIL, preferred Certified Cloud Security Professional - ISC2 .org (CCSP) Certified Information Systems Security Professional (CISSP) Certificate of Cloud Security Knowledge - CSA (CCSK) Information Systems Security Engineering Professional (ISSEP) Microsoft Certified: Azure Fundamentals (MCAF) Microsoft Certified Azure Administrator Associate (MCAAA) Microsoft Certified: Azure Security Engineer Associate (MCASEA) #LI-Hybrid #DEIB US Work Authorization US Work Authorization required. Markel does not provide visa sponsorship for this position, now or in the future. Pay information: Who we are: Markel Group (NYSE - MKL) a fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory and investment operations around the world. We're all about people | We win together | We strive for better We enjoy the everyday | We think further What's in it for you: In keeping with the values of the Markel Style, we strive to support our employees in living their lives to the fullest at home and at work. We offer competitive benefit programs that help meet our diverse and changing environment as well as support our employees' needs at all stages of life. All full-time employees have the option to select from multiple health, dental and vision insurance plan options and optional life, disability, and AD&D insurance. We also offer a 401(k) with employer match contributions, an Employee Stock Purchase Plan, PTO, corporate holidays and floating holidays, parental leave. Are you ready to play your part? Choose ‘Apply Now' to fill out our short application, so that we can find out more about you. Caution: Employment scams Markel is aware of employment-related scams where scammers will impersonate recruiters by sending fake job offers to those actively seeking employment in order to steal personal information. Frequently, the scammer will reach out to individuals who have posted their resume online. These "job offers" include convincing offer letters and frequently ask for confidential personal information. Therefore, for your safety, please note that: All legitimate job postings with Markel will be posted on Markel Careers. No other URL should be trusted for job postings. All legitimate communications with Markel recruiters will come from Markel.com email addresses. We would also ask that you please report any job employment scams related to Markel to ***********************. Markel is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of any protected characteristic. This includes race; color; sex; religion; creed; national origin or place of birth; ancestry; age; disability; affectional or sexual orientation; gender expression or identity; genetic information, sickle cell trait, or atypical hereditary cellular or blood trait; refusal to submit to genetic tests or make genetic test results available; medical condition; citizenship status; pregnancy, childbirth, or related medical conditions; marital status, civil union status, domestic partnership status, familial status, or family responsibilities; military or veteran status, including unfavorable discharge from military service; personal appearance, height, or weight; matriculation or political affiliation; expunged juvenile records; arrest and court records where prohibited by applicable law; status as a victim of domestic or sexual violence; public assistance status; order of protection status; status as a smoker or nonsmoker; membership or activity in local commissions; the use or nonuse of lawful products off employer premises during non-work hours; declining to attend meetings or participate in communications about religious or political matters; or any other classification protected by applicable law. Should you require any accommodation through the application process, please send an e-mail to the ***********************. No agencies please.

As part of Meta Security, our Insider Trust team is dedicated to identifying and responding to insider threats that target our data. Our mission is to detect, investigate, and mitigate damage caused by insider threats. We handle a wide range of abuse cases, including misuse of user data, intellectual property theft, and leaks of sensitive information.We are seeking an experienced Security Engineer to join the team. This role involves investigating, hunting, and automating internal signals to detect malicious activities related to insider threats. **Required Skills:** Security Engineer Investigator, Insider Trust Responsibilities: 1. Perform analysis, and threat hunting from a variety of log sources (e.g., individual host logs, network traffic logs) to identify potential insider threats 2. Create workflows and automations to streamline signal detection, threat hunts, and investigative processes 3. Collaborate with software and production engineering teams to build scalable and adaptable solutions for insider threat investigations 4. Identify gaps in our infrastructure and work with cross-functional partners to improve visibility through logging and automation 5. Build operational workflows and actions to auto-resolve false positives and provide context, scaling investigation capabilities 6. Prioritize efforts to maximize impact by enhancing visibility, automating processes, and scaling investigative capabilities 7. Coach, mentor, and support team members to foster long-term career growth, job satisfaction, and success **Minimum Qualifications:** Minimum Qualifications: 8. Bachelor's degree in Computer Science, Engineering, or equivalent experience 9. 5+ years of experience in Detection & Response Engineering, Insider Threat, or a similar Security Engineering role 10. Technical and procedural expertise in conducting security investigations, including response, forensics, and large-scale log analysis 11. Experience with attacker tactics, techniques, and procedures 12. Proficiency in coding or scripting in one or more general-purpose programming languages **Public Compensation:** $147,000/year to $208,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress. We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. **The Role** The Senior Information Security Engineer is a member of the Industrial Security team supporting Lumen Public Sector and is responsible for performing cybersecurity compliance activities in support of various government contracts. The Senior Information Security Engineer must execute all seven phases of the Risk Management Framework (RMF) process in accordance with both FISMA and DoD policy. Responsibilities include developing RMF documentation (System Security Plan, Security Control Traceability Matrix, Plan of Action & Milestones, various Standard Operating Procedures, Continuous Monitoring Plan, etc), tracking/resolving vulnerabilities, performing continuous monitoring activities, developing security policies, and supporting all cybersecurity compliance related activities. The Senior Information Security Engineer works closely with Lumen program teams and government customers on a regular basis A successful candidate will have excellent communications skills and experience presenting technical and non-technical cybersecurity issues to a wide variety of audiences. The candidate must be able to work independently and as a team leader to develop and execute strategies. The candidate must also possess and maintain a broad technical knowledge of current and emerging technologies used within corporate infrastructure and government customer infrastructure. In addition, candidates must have excellent organizational skills, the ability to pay attention to details, and effective problem-solving skills. **The Main Responsibilities** + Perform as an Information Systems Security Officer (ISSO) for government systems + Achieve and maintain ATOs (Authority to Operate) + Write System Security Plans (SSP), Plan of Actions & Milestones (POA&M), Continuous Monitoring Plans, Risk Assessments, Privacy Impact Analyses (PIA), and supporting documentation for systems subject to NIST SP800-53 + Lead Security Assessment and Authorization processes and procedures + Manage cybersecurity audits by federal departments/agencies, including third party auditors + Develop and complete continuous monitoring reports and briefings + Interface with appropriate government agencies, company management and employees, customers, vendors,and suppliers to ensure understanding of and compliance with security requirements + Review vulnerability and compliance scan results (Nessus, Qualys, etc), work with team members to resolve vulnerabilities, and track ongoing vulnerability status and remediation + Conduct periodic reviews to ensure compliance with established policies and procedures + Investigate and document cybersecurity incidents, as well as provide protective and corrective measures in response to such incidents + Report all cybersecurity incidents to the program Information Systems Security Managers (ISSM) through reports and briefings + Participate in the change management process to ensure changes to software, hardware, and firmware do not adversely impact the security of an environment + Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies + Recommend security best practices and system configuration standards **What We Look For in a Candidate** + Bachelor's degree in Cybersecurity, Computer Science, a related field, or equivalent experience + Minimum of 5 years of relevant Security/Compliance Engineering experience + Extensive experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security. + Exceptionally strong oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff. + Must possess current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA. + Experience with technologies, tools and process controls to minimize risk and data exposure. + Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services. + US Citizenship required + Suitability, Public Trust required **Compensation** This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors Location Based Pay Ranges: $82,969 - $110,625 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $87,117 - $116,156 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $91,266 - $121,688 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process Learn more about Lumen's: + Benefits (**************************************************** + Bonus Structure \#LI-Remote **What to Expect Next** Requisition #: 340516 **Background Screening** If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page (************************************* . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. **Equal Employment Opportunities** We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. **Disclaimer** The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name. **Application Deadline** 11/11/2025

Job Description Role : IT Purchasing Analyst Interview Mode: In Person Only The Virginia State Police (VSP), Criminal Justice Information Services (CJIS) Division, is looking for an information technology (IT) purchasing analyst to support of IT projects. The incumbent will perform procurement tasks such as working with suppliers to obtain quotes, enter requisitions in the state procurement system (eVA), track requisition processing to ensure timely completion, propose and process contract amendments, assist with enforcement of vendor contract terms, review and recommend approval/denial of invoices, and evaluate VITA expenses to identify and record expenses related to IT projects. In addition, updates project budgets and grants, and coordinates activities with the VSP Procurement Office, VSP IT Division and VSP grant managers. Provides VSP management with reports that describe current procurement activities, invoices and bills processed, and budget and grant balances. Full-time onsite at VSP headquarters, North Chesterfield, Virginia. Candidates must have 2+years of IT procurement experience, able to learn Commonwealth of Virginia, VITA and VSP procurement policies and systems (e.g. eVA). In addition, candidates: * Must have very good skills in operating computers and using MS Office (Word, Excel, PowerPoint); * Be able to plan, organize and manage multiple tasks simultaneously; * Have strong communication skills (orally and in writing, in English). Candidates should highlight experience procuring high value procurements with an emphasis on information technology (IT) procurements. Candidates should highlight procurement experience and certifications. For example, experience with public procurement, contracting laws and state regulations; experience with technology related procurements, service contracts, business writing, and fiscal procedures; certification as a Virginia Contracting Officer (VCO); certification as a Certified Public Purchasing Officer (CPPO), and/or Certified Professional Public Buyer (CPPB); experience in the procurement of wide variety of goods and services within state government Powered by JazzHR J3bBwWqEBi

Title: Information Security Engineer (00054) State Role Title: Info Technology Specialist III Hiring Range: Up to $130,000 Pay Band: 6 Recruitment Type: General Public - G Job Duties About the Agency The Department of Elections promotes and supports accurate, fair, open and secure elections for the citizens of the Commonwealth. ELECT ensures the proper administration of election laws, campaign finance disclosure compliance, and voter registration processes in the state by promulgating rules, regulations, issuing instructions, and providing information to local Electoral Boards and general registrars. The Department of Elections envisions a highly modern, efficient and professional electoral process that is trustworthy and accountable at all levels and engages Virginia's diverse citizenry in the most fundamental right in a democratic society: the right to vote. About the Position The Information Security Engineer is responsible for the technical execution of information security activities within ELECT systems. The Information Security Engineer ensures ELECT systems maintain confidentiality, integrity and availability for all users. The Information Security Engineer, under the direction of the Information Security Officer, ensures ELECT systems meet federal, Commonwealth of Virginia and agency security standards. The position will work with various ELECT teams and security staff of the Commonwealth of Virginia to ensure security requirements are included in SDLC activities and infrastructure operations. Minimum Qualifications •Extensive knowledge of current information technologies and security practices. •Architect, implement and maintain threat detection and protection of ELECT onsite and Cloud infrastructure. •Experience in developing security design around infrastructure and security practices and consistently adhere to stringent compliance requirements and governance processes. •Working Knowledge of SIEM (Security Information Event Management) tools (ex: Manage Engine, Splunk, SolarWinds). •Working Knowledge on Log Analyzer tools and performing regular system audits. •Knowledge using patch management systems such as SCCM (System Center Configuration Manager). •Practical experience with policy and regulatory mandates/security standards promulgated by the Virginia Information Technologies Agency (VITA) or the National Institute of Standards Technology (NIST). •Knowledge with vulnerability assessments and penetration testing and associated mitigation strategies. •Knowledge around threat attack vectors and mitigation techniques. •Knowledge with the configuration and troubleshooting of network or data security related controls (encryption, digital signatures, secure boot, access control, password policy management). •Expertise with Active Directory services, Windows domain infrastructure (with multiple domains), organizational units (OU) and server/user security through group policies. •Experience in design reviews and change control for quality assurance on projects. •Experience in acceptance testing of new releases and patches, providing technical feedback as appropriate. •Knowledge of the Software Development Lifecycle (SDLC) and how to layer security into that process. •Experience in the Agile Project Management Methodology. •Knowledge to improve current procedures for monitoring and managing firewalls, security groups and roles. •Keep the infrastructure current and recommend best practices and participate in continuous improvement of technologies and services in the security domain. •Experience with incident response on security incidents and participate in business use case development and review/present information security design. •Collaboration with cross-functional teams to achieve continuous improvement in cyber defense/resilience. •Experience of industry secure coding standards to prevent common vulnerabilities such as SQL Injections, Cross Site Scripting, Open Redirect and other secure coding standards. •Experience with data security, encryption at transit and rest, DLP and Governance auditing and best approaches to implement. •Experienced in designing and architecting within multiple concurrent projects. Other skills and abilities include: o Critical thinking o Active listening o Judgment and decision making o Complex problem solving o Oral and written comprehension Additional Considerations •Extensive experience in development and/or information security. •Extensive experience working in an InfoSec program as a Security Engineer. •Considerable software development skills. •Considerable scripting skills. •Considerable usability and interface design experience. • Demonstrated experience in Java, .Net, Python. •Demonstrated experience with SQL or other databases. •Certification in information technology, information security, computer science or related field. Special Instructions You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position. Must have or be able to obtain a valid driver's license. State applications will only be accepted as submitted online by 11:55 pm on the closing date through the Recruitment Management System (RMS). Applications submitted via email, postal mail, fax, or in person will not be considered. Applicants are expected to fully represent qualifications and work history on the State applications and or in resumes. The decision to interview an applicant is based on the information provided in the application, resume, or other relevant documents provided; therefore, it is essential for applicants to supply detailed information. Submitting an incomplete state application/resume, or a state application/resume lacking in detail, may impact your interview eligibility. This website will provide confirmation of receipt when the application is submitted successfully. Please refer to “Your Application” in your RMS Account to check the status of your application for this position. The candidate selected for this position will be required to successfully complete a background check. State employees who have been affected by Policy 1.3 Layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card) must submit the card BEFORE the closing date for this position. The card may be scanned and attached to the application or faxed to **************. Please include your name and the position number on the fax cover sheet. You may apply for this position at *********************************** Reasonable accommodations are available to individuals with disabilities during the application and/or interview processes per the Americans with Disabilities Act. Please contact ************ for assistance. VETERANS, PEOPLE WITH DISABILITIES, AMERICORPS, PEACE CORPS, AND OTHER NATIONAL SERVICE ALUMNI ARE ENCOURAGED TO APPLY. Equal Opportunity Employer Contact Information Name: Kimberly Crutchfield Phone: ************ Email: ************************************** In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at ************. Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.

Number of positions: 1 Length: 12Months + Work Address: Richmond, VA 23219 Immediate interviews Web Cam Interview Elect - Cybersecurity Engineer Is Remote. Seeking an Azure Senior Security Engineer (Cybersecurity Engineer 3) with minimum 5 years experience to work with an existing software development team. You will be working with our more established contractors and staff to focus on several web and Windows applications used both by internal staff and constituents of the Commonwealth of Virginia. The candidate will need expertise in all aspects of IT security and cloud security and experience working in an Agile/Scrum development environment interacting with technical and non-technical stakeholders. Candidate will need to have extensive knowledge of cybersecurity practices, industry security standards, and regulatory standards. A bachelors degree and/or applicable recognized industry certifications are strongly desired and will help you stand out in this position. using mobile and responsive design practices, so a familiarity with these methodologies would be a plus. Required/Desired Skills Candidates must have ALL the Required skills in order to be considered for the position. Desired or Highly Desired skills are a PLUS but may NOT be required. Skill Matrix (Please fill the last two columns of this matrix) Experience with Business workflow processes Required / Desired Amount of Experience Years of Experience Last Used 5+ years in IT security or cloud security roles required. Required 5 Years 3+ years of hands-on experience securing Azure environments Required 3 Years Bachelors degree in Computer Science, Cybersecurity, or related field or equivalent work experience required. Required 5 Years Relevant certifications (MS Certified Cybersecurity Architect Expert, Azure Security Engineer Associate (SC-300), CompTIA Security+, CISSP, CISM Highly desired 5 Years Experience with Azure Security Services (Azure Defender, MS Sentinel, Azure Key Vault, Azure Policy and Blueprints, Azure Security Center) required. Required 5 Years Experience with Azure Active Directory (AAD), including conditional access, MFA, and identity protection required. Required 5 Years Extensive knowledge of PIM and RBAC required Required 5 Years Experience with NSGs, ASGs, VPN, ExpressRoute, and hybrid connectivity security required Required 5 Years Ability to implement and moitor compliance with regulatory standards such as NIST, ISO 27001, GDPR, etc. is required Required 5 Years Extensive knowledge of threat modeling and vulnerability management, SIEM/SOAR tuning and response workflows, and security alert triage and forensics Required 5 Years Ability to perform scripting and automation using PowerShell, Bicep, ARM templates, or Terraform Required 5 Years Ability to perform perform integration with CI/CD pipelines for secure deployments (GitHub Actions, Azure DevOps) Required 5 Years Ability to create and deliver security architecture reports and documentation Required 5 Years Experience in risk assessment and mitigation strategies Required 5 Years

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress. We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. **The Role** Black Lotus Labs is seeking a Principal Security Engineer on the Research & Analysis team. This team leverages Lumen's global visibility of one of the world's largest and most interconnected IP backbones and a petabyte-scale compute cluster to perform cutting edge threat research, hunting and tracking advanced persistent threat actors (APTs) and emerging criminal activity as the threat actors traverse the internet. They empower customers to stay ahead of the evolving threat landscape. **The Main Responsibilities** + Serve as Threat Research Subject Matter Expert, offering guidance and support to the Black Lotus Labs team on threat hunting activities, such as identifying knowledge gaps, troubleshooting technical challenges, developing solutions, and mentoring team members in overcoming obstacles. Set priorities for what threats to analyze to maximize team's impact. + Conduct threat research across technical data sets, fusing Black Lotus Labs telemetry with third party data sets, to automate detection of the latest threat attacker tools, techniques and procedures (TTPs) with a goal of automating detection. + Use industry-leading technical knowledge of adversary capabilities and infrastructure and define, develop, and implement techniques to lead the team in tracking sophisticated adversaries, delivering actionable threat intelligence data to Lumen customers. + Lead and enhance threat hunting operations by actively engaging with other research teams, building strong partnerships to achieve shared goals, exploring new data sources, and mentoring team members in executing workflows and solving complex challenges. + Provide expert analysis and strategic insights on emerging threats and vulnerabilities, translating complex technical information into actionable intelligence for executive leadership and external stakeholders. + Spearhead thought leadership initiatives by leading Black Lotus Lab's voice at security conferences and internal executive briefings. **What We Look For in a Candidate** + Proven experience in threat hunting and in-depth technical security research, demonstrating a strong track record of successfully identifying, tracking, and disrupting nation-state and cybercriminal threat actors. + Deep understanding of advanced threat hunting methodologies, attacker tactics, techniques, and procedures (TTPs), and the ability to derive actionable threat hunts from complex data sets. + Demonstrated experience building prototype threat hunting solutions and large data analysis tools with Python (or other equivalent languages). + Proven experience initiating and coordinating technical projects focused on telemetry collection, TTP based threat hunting, or developing threat hunt tools that have cross-organization impact on threat visibility, including leading private-public partnerships and multi-company collaborations. + 5+ years of experience in the IC, DoD or similar tracking and defending against nation state threat activity. + Exceptional communication and presentation skills, including the ability to clearly and concisely convey complex technical information to both technical and non-technical audiences, ranging from executives and board members to conference attendees and internal stakeholders. + Experience presenting at industry conferences and in the media. + Highly organized with the ability to manage multiple tasks, prioritize effectively, and triage competing demands in a fast-paced environment. + Proven ability to lead and manage complex technical projects, effectively driving them to successful completion. + Active TS/SCI clearance with poly **Well-experienced candidates may also have the following skills: ** + Proficiency in malware reverse engineering and incident response. + 5+ years of experience leading teams of technical threat discovery professionals. + Software development experience in Docker and big data technologies like Hadoop, Spark, and Tensor Flow. **Compensation** This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. Location Based Pay Ranges: $149,084 - $198,779 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $156,539 - $208,718 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $163,993 - $218,657 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA. Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process. Learn more about Lumen's: + Benefits (**************************************************** + Bonus Structure **What to Expect Next** \#LI-JS1 Requisition #: 339093 **Background Screening** If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page (************************************* . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. **Equal Employment Opportunities** We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. **Disclaimer** The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name. **Application Deadline** 11/12/2025