Information Systems Security Officer jobs at Modern Technology Solutions

MANTECH seeks a motivated, career and customer-oriented Senior Information System Security Officer (ISSO) to join our team in Huntsville, Alabama. Responsibilities include, but are not limited to: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS and that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Provide liaison support between the system owner and other IS security personnel Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis; Conduct required IS vulnerability scans according to risk assessment parameters Manage the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs). Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for FBI ISs to maintain security Authorized to Operate (ATO); Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR; Working knowledge of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and ATO processes Minimum Qualifications: Must meet one of the following levels of experience: A high school diploma/GED and 7 years' experience, a bachelor's degree in computer science cybersecurity or a related discipline and five years' experience, or a master's degree in computer science cybersecurity or a related discipline and 3 years' experience. Hold at least one of the following Information Assurance Management (IAM) Level III certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or equivalent certifications Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar applications Preferred Qualifications: A bachelor's or advanced degree in Computer Science, Cybersecurity, or other cyber discipline Clearance Requirements: Must have a current/active Top Secret security clearance with eligibility to obtain SCI prior to starting this position. Selected candidate must be willing to undergo a Polygraph. Physical Requirements: Must be able to remain in a stationary position 50% Needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer Often positions self to maintain computers in the lab, including under the desks and in the server closet Frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

MANTECH seeks a motivated, career and customer-oriented Cyber Security Engineer Lead to join our team in Springfield, VA. The Cyber Security Engineer Lead is responsible for the detection, identification, analysis, and reporting of cyber threats, intrusions, anomalous activities, and potential misuse of systems. This role supports the protection of customer's digital assets and sensitive data through the administration, monitoring, and continuous improvement of cybersecurity technologies and processes. Responsibilities include but are not limited to: Threat Detection & Response: Identify, assess, and report potential cyber-attacks, intrusions, and abnormal system behaviors. Participate actively in incident response and recovery activities. Technology Administration: Administer and maintain systems supporting Identity Management, Privileged User Access, Access Control (firewall), End Point Protection, Internet Protection, Vulnerability Scanning, and Security Information and Event Management (SIEM) tools. Mitigation & Remediation: Develop and implement enterprise-level mitigation strategies to address complex vulnerabilities. Operational Support: Ensure proper installation, testing, patching, upgrading, and performance of cybersecurity tools and applications. Maintain system resiliency and availability across all managed technologies. Policy Enforcement & Compliance: Enforce cybersecurity policies, standards, and best practices in alignment with ManTech's security framework and regulatory requirements. Leadership & Collaboration: Lead or participate in cross-functional projects and initiatives. Provide technical mentorship and subject matter expertise to junior team members.; Continuous Improvement: Interpret internal and external cybersecurity trends and business challenges; recommend and implement innovative solutions to strengthen the enterprise security posture. Monitor intrusion detection and prevention systems and other security event data sources; determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. Minimum Qualifications: Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or a related Cyber Security field. Certified Information Systems Security Professional (CISSP) certification (required within 6 months of assignment to the position, otherwise failure to obtain certification within 6 months of assignment to the position may result in removal). 8+ years of relevant cybersecurity experience, including hands-on technical administration and operational security support. Strong analytical and problem-solving abilities Deep knowledge of cybersecurity frameworks, principles, and technologies Proficiency in SIEM, endpoint protection, and identity management tool Must be able to travel up to 25% Preferred Qualifications: Have a good understanding of DISA compliance directives and recommend having knowledge of the JSIG. Ability to lead small teams or projects Excellent communication and influence skills; Strong judgment in identifying and mitigating security risks Correlate data from intrusion detection and prevention systems with data from other sources Clearance Requirements: Must have current/active TS/SCI with the ability to obtain and maintain a Yankee White security clearance Physical Requirements: Must be able to remain in a stationary position 50% The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer. The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

Immediate need for a talented Senior IT Quality Assurance Analyst . This is a 06+ Months contract opportunity with long-term potential and is located in Columbus, OH (Remote). Please review the job description below and contact me ASAP if you are interested. Job Diva ID: 25-94603 Pay Range: $60-$62 /hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Establishes readiness, specifies skill needs, analyzes risk, provides estimates and plans work for testing efforts. Participates in requirements reviews, design reviews, systems analysis and testing review discussions. Determines scope and focus of testing effort and creates Test Strategy and risk analysis to guide testing efforts. Prepares test tools, automation and environment assets to support testing effort. Creates, uses and maintains automated scripts to increase efficiencies in testing, including troubleshooting problems with scripts. Tests systems or system components utilizing black box testing methods. Validates the function of system under test and observes results from various external and internal interfaces. Gathers test activity information during execution and prepares summarized information about the testing effort. Communicates regularly with project members and advocates for resolution of high priority problems with Project Sponsors, Service Manager and Project Manager. Maintains assigned test assets and recognizes gaps in current test assets, identifying ways to create needed assets. Creates effective ways to display data using various modeling, reporting, statistical perspectives and trending methods. Performs in-depth analysis by weighing relevance and accuracy of information to provide alternative solutions while appropriately incorporating input from others. Provide on the job support to others on a variety of testing topics. Provides guidance on complex issues to others as needed Collaboration & Communication: Works effectively with cross-functional teams (security, architecture, infrastructure) Can explain technical findings and recommendations to non-technical stakeholders Curiosity-driven problem solving Thrives on figuring things out without a full map Resilience in ambiguity Comfortable making progress with partial information Bias toward action Identifies and executes remediation steps without waiting for perfect clarity Key Requirements and Technology Experience: Skills; SQL Server Always Encrypted (AE), OWASP Top 10, Data-at-rest and data-in-transit encryption SQL AE experience Comfortable working with SQL Server Always Encrypted (AE) Schema analysis and remediation for encryption compatibility Experience designing security-focused test cases Ability to validate encryption implementation and data protection mechanisms Familiarity with automated testing frameworks that support security validation Application Security Expertise Deep understanding of OWASP Top 10 and secure coding practices Experience with threat modeling and vulnerability remediation Encryption Implementation Hands-on experience with data-at-rest and data-in-transit encryption Familiarity with key management and integration with enterprise security tools Data-Driven Inquiry: Demonstrates ability to analyze data and formulate meaningful questions Brings insights and hypotheses back to the team to guide investigation and decision-making Leads with curiosity to uncover root causes and improvement opportunities Our client is a leading Insurance Industry , and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. By applying to our jobs, you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

JT4 Point Mugu is seeking an Information Systems Security Specialist. This role is responsible for assessing, developing and implementing programs and controls set in place to help increase cybersecurity within our company. The Information Systems Security Specialist will be detail-oriented, have great problem-solving and analytical skills, and a passion for cybersecurity. JT4, LLC provides engineering and technical support to multiple western test ranges for the U.S. Air Force, Space Force, and Navy under the Joint Range Technical Services Contract, better known as J-Tech II. JT4 develops and maintains realistic, integrated test and training environments and prepares our nation's war-fighting aircraft, weapons systems, and aircrews for today's missions and tomorrow's global challenges. **An ideal candidate will have an active DoD secret clearance** **This position is located at Point Mugu and is not eligible for telework** Job Summary -- Essential Functions/Duties This position is the on-site technical specialist for monitoring information systems and maintaining the environment of operation to include developing and updating System Security Plans, managing and controlling changes to the systems, conducting audits, providing incident response, perpetration for vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Employee will be responsible to perform the following functions/duties: Provides incident handling in conjunction with the Facility Security Office (FSO) and Information Security Officer / Information Systems Security Manager (ISSO/ISSM) Assists in writing and maintaining computer security processes to meet Navy requirements of Risk Management Framework Monitors computer system use and audits logs Makes recommendations for future hardware / software implementations and related process improvements This position requires skills in team building and customer service Provides operational status as required Uses established policies and procedures and subject matter knowledge to complete complex assignments requiring originality and ingenuity performed under minimum supervision with considerable latitude for independent contribution Provides security training and awareness briefings Other duties as assigned. Requirements -- Education, Technical, and Work Experience Associates or higher degree in Computer/Information Technology, or equivalent academic/technical training/certification. Possess two to three years of experience in computer system security and/or related areas of expertise. Must be compliant to DoD 8570.01-M levels and possess or working toward Security+ certification with a CISSP desired. Should have experience with JSIG, NIST 800 and NISPOM, Chapter 8. In addition, an Information Systems Security Specialist must possess the following qualifications: Must possess and apply a broad knowledge of principles, practices and procedures in computer security and information systems and working experience with Microsoft Office, Access, and Visio Must possess experience supporting various system configurations such as Stand Alone, Local Area Networks, and Wide Area Networks Must possess excellent skills in verbal and written communications, planning, and organizing Ability to work under deadlines. Employee is expected to routinely cross fields in the completion of somewhat difficult and varied assignments. Government vehicle is used on an as-needed basis Ability to work in a field environment at remote locations with occasional overnight assignments Must qualify for and maintain a government security clearance Must possess a valid, state-issued driver's license.

Role: Cybersecurity Manager Duration: 6+ months Summary: The Cybersecurity Manager leads global cybersecurity operations, incident response, cloud security, and vulnerability management across IT, OT, and cloud environments. This role drives security maturity, manages SOC functions, and ensures compliance with frameworks like ISO 27001, NIST, and ITAR. Key Responsibilities:Lead cybersecurity operations, including SOC oversight, threat detection, and endpoint security. Manage incident response for ransomware, APT, insider threats, and major security events. Oversee vulnerability and patch management programs (Tenable, Automox, CrowdStrike). Strengthen cloud and identity security across Azure, Entra ID, and Microsoft 365. Implement Zero Trust architecture and secure configuration standards. Support compliance efforts (ISO 27001, NIST CSF/800-53/171, ITAR, GDPR, HIPAA, PCI). Lead global cybersecurity teams, contractors, and MSSP partners. Provide executive-level reporting on risk posture, incidents, and security metrics. Requirements:10+ years of cybersecurity experience with leadership responsibilities. Strong background in SOC operations, IR, EDR, SIEM/SOAR, and cloud security. Hands-on experience with Sentinel, XSOAR, CrowdStrike, Defender, Tenable. Knowledge of ISO 27001, NIST, ITAR, and broader regulatory frameworks. Strong communication, team leadership, and cross-functional collaboration skills.

The Deputy, Global Information Security Officer is responsible for leading the security strategy roadmap, consulting with security solution partners and defining company security policies and standards. Will have oversight of global security operations, incident response and both US and international Aerospace and Defence (A&D) security and compliance. The right candidate will have the required presence, confidence, and knowhow to quickly gain trust, credibility, and respect. They will have a proven record of taking a fact-based approach to the assessment of the current state of operations and the implementation of pragmatic solutions to address business needs. They will extract maximum value from existing technology investments while leveraging industry trends to introduce new and relevant technologies to deliver the necessary protection to the enterprise. Detailed Description: Performs tasks such as, but not limited to, the following: Drive the overall security strategy for Celestica, aligning security initiatives with business objectives, influencing stakeholders, and securing buy-in for security investments. Act as a champion for security across the organization, fostering a security-conscious culture and promoting best practices. Provide leadership to the information security organization. Take ownership of the incident response program, including developing and testing incident response plans, coordinating response activities, and conducting post-incident reviews to improve future response capabilities. Leverage data analytics to inform security strategy, identify threats, and measure the effectiveness of security controls. This includes promoting a data-driven security culture within the team. Drive improvements and efficiencies within the security operating model including identifying areas for optimization, streamlining processes, and championing change. Drive the development and implementation of security standards and policies. This includes ensuring compliance with relevant regulations and industry frameworks, and staying abreast of emerging security threats and best practices. Actively scans laws, guidelines, and regulations in all the countries that we operate to ensure that any major exposure on data privacy is addressed or mitigated. Establish, implement and monitor strategic processes to maintain and improve IT solutions, infrastructure and support services. Coordinate with external authorities to assure monitoring posture is at a high level of attentiveness. Accountable for monitoring suspicious network and endpoint activities, and taking corrective actions, as required. Responsible for managing security partners and other third-party security relationships. Appraise CIO/CISO of cybersecurity trends and threats. Responsible for developing and testing threat identification, containment, and recovery plans. Accountability for cybersecurity awareness, training, and internal phishing campaigns. Key liaison and collaboration with physical security. Collaborate on pre-acquisition requirements with stakeholders assuring that security standards are met prior to acquisition. Facilitate the necessary efforts and resources to ensure that duration of exposure to cyber events is addressed rapidly Participate on company world-wide teams to share information, help implement global initiatives, leverage IT resources and investments, and develop future state of company architecture. Build, manage, and mentor a high-performing security team. This includes setting clear goals, providing development opportunities, and fostering a collaborative and innovative work environment. Responsible for maturing the Information Security function and driving discipline on execution of all security initiatives to ensure they are delivered on-time, on-budget, and with quality. Knowledge/Skills/Competencies: Advanced knowledge of project management and Full Project Scope Experience Experience in partnering with the business in promoting cybersecurity initiatives Demonstrated experience implementing Security strategies and solution designs Advanced understanding of virtualized cloud computing environments Performing full security compliance and risk assessments Advanced knowledge of Information Security Penetration Testing, IT Vulnerability Assessments Mastery level of understanding in IT Risk Management and IT Governance/Audit Procedures Advanced understanding of Cybersecurity incident Response Management and advanced experience in incident response activities Advanced understanding of IT Security Architecture Advanced knowledge of Security Standards, Regulations, and Best Practices Extensive knowledge of IT design and deployment, and operations process Knowledge and understanding of the business unit and how decisions impact customer satisfaction, product quality, on-time delivery and the profitability of the unit Information security forensics Knowledge of common information security frameworks and IT controls frameworks, such as NIST 800-171, ISO/IEC 27001, and ITIL Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. Knowledge of global requirements Effectively manage relationships with security vendors, negotiating contracts and ensuring the organization is getting the best value for its security investments. Experience working with customers on security assessments and audits Proven ability to influence and promote safe technology usage, practices and behaviours across all levels of the entire organization by leveraging direct and indirect resources, delivering effective global communication, and enforcing policy attestation and mandatory employee training. Demonstrated understanding of how security decisions impact the business, including customer trust, brand reputation, and revenue generation. Ability to articulate the value of security investments in business terms. Ability to communicate complex security concepts clearly and concisely to a variety of audiences, including senior management, board members, and external stakeholders. This includes building consensus, influencing decision-making, and securing support for security initiatives. Required knowledge of the U.S. GOVERNMENT COMPLIANCE but not limited to, DFAR ************/NIST 800-171, DFARS ************, ************, and ************, CMMC Model Version 2.0 and associated testing requirements, and 48 CFR 52.204-21 Physical Demands: Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required. Typical Experience: 15+ years of IT experience with a proven track record of delivering global capabilities around risk management, information security and progressive IT roles. 5+ years of Senior-level IT Security leadership experience within an organization of comparable scale and complexity, experience in the manufacturing industry is preferred. Knowledge of all aspects of IT business. Typical Education: Bachelor's Degree. Notes: This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Security, Compliance and Audit Readiness: Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. Provide documentation and evidence for security audits and compliance reviews. Implementation, Operations and Support: Serve as the hands-on engineer for network deployment, upgrades, and incident response. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). SME Leadership and Staff Development: Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. Any other activities reasonably related to the foregoing, as assigned by the Client

Job title: Principal Information Security Engineer Duration: 12 months As an Information Security Engineer specializing in AI Security, you will be at the forefront of protecting our AI systems and data. Your role will involve deep technical expertise in designing, implementing, and maintaining advanced security measures to safeguard our AI infrastructure from sophisticated threats and vulnerabilities. You will be instrumental in ensuring the robustness, confidentiality, and availability of our AI-driven solutions. Key Responsibilities: - Security Architecture Design: Architect and implement robust security frameworks for AI systems, including authoring of secure coding practices and secure design principles. - Vulnerability Assessment: Identify, implement and manage tooling and methodologies for penetration testing on AI models and systems to identify and remediate security weaknesses. - Secure AI Development: Collaborate with data scientists and software engineers to integrate security best practices into the AI development lifecycle, including secure model training, validation, and deployment. Support security engineers in the evaluation of AI systems being developed and implemented. - Compliance and Standards: Keep track of emerging industry standards, regulations, and best practices for AI security, such as NIST, ISO, and GDPR. - Research and Innovation: Stay abreast of the latest advancements in AI security, conduct research, and contribute to the development of innovative security solutions. - Documentation and Reporting: Prepare and document standard operating procedures, protocols, and security reports, including assessment-based findings and recommendations for further system security enhancement. - Advisory and Support: Provide guidance and support on security matters, including answering queries, providing feedback, and advising on best practices - Technical Training and Mentorship: Provide technical training and mentorship to team members and stakeholders on AI security principles and practices. - Experimentation and POCs: Design and execute experiments and proof of concepts (POCs) to validate emerging threats and security solutions. Conduct R&D to explore new methodologies and technologies for enhancing AI security. Qualifications: - Bachelor's or Master's degree in computer science, Information Security, or a related field. - Extensive experience in information security, with a strong focus on AI security. - In-depth knowledge of AI technologies, machine learning algorithms, and data protection techniques. - Proven expertise in designing and implementing security measures for AI systems, including secure coding, encryption, and access controls. - Strong analytical and problem-solving skills, with the ability to conduct vulnerability assessments and penetration testing. - Excellent technical communication and collaboration skills to work effectively with diverse teams. - Relevant certifications such as CISSP, CEH, OSCP, or equivalent are highly desirable.

1. Security, Compliance and Audit Readiness a. Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. b. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. c. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. d. Provide documentation and evidence for security audits and compliance reviews. 2. Implementation, Operations and Support a. Serve as the hands-on engineer for network deployment, upgrades, and incident response. b. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. c. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). 3. SME Leadership and Staff Development a. Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. b. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. c. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. d. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. e. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. 4. Any other activities reasonably related to the foregoing, as assigned by OCSD.

Design and implement advanced security architectures across cloud, on-prem, and hybrid environments while driving Zero Trust, SASE, and cloud-native security initiatives. Lead global strategic programs, network modernization efforts, and rapid tactical responses to critical incidents, converting gaps into standards and governance. Develop security reference architectures, HLD/LLD solution packages, and Infra-as-Code-driven delivery models aligned with enterprise transformation goals. Conduct threat modeling, risk assessments, and gap analysis across applications, infrastructure, APIs, containers, and third-party integrations. Implement cloud and DevSecOps security controls, integrating tooling into CI/CD pipelines and enforcing secure coding and IaC policies. Build security automation, SOAR playbooks, and SIEM integrations to streamline detection, vulnerability management, compliance, and response workflows. Enhance detection engineering through custom rules, behavioral analytics, log enrichment, and purple-team/adversary emulation exercises. Provide cross-functional leadership for initiatives involving cloud migration, AI/ML, M&A, and digital modernization, presenting strategies and risk posture to executive stakeholders.

We're looking for an Information Security Engineer to join our team and help strengthen our endpoint, access, and compliance security posture across the organization. If you thrive in a fast-paced environment and enjoy solving complex security challenges, we'd love to connect. 🔐 Key Responsibilities Support endpoint and access security across Windows and mac OS environments. Review and validate privileged access requests using least-privilege principles. Assist in developing and implementing security policies, elevation rules, and device configurations. Troubleshoot security-related issues, including elevation failures and policy conflicts, using tools like BeyondTrust EPM. Participate in compliance and governance initiatives, including secure analytics and data protection efforts. Prepare clear documentation, meeting updates, and stakeholder communications. Contribute to continuous improvements in cyber engineering and endpoint security. 💡 Ideal Candidate Experience with endpoint security tools (e.g., BeyondTrust, EDR, MDM). Strong understanding of access control, least-privilege frameworks, and security best practices. Ability to collaborate with cross-functional teams and communicate effectively. Curious, proactive, and ready to solve complex security problems.

Job Title: Technology - Security Analyst Senior Duration: Long term contract Experienced professional responsible for implementing, maintaining, monitoring, and troubleshooting enterprise-wide security systems. Supports 24/7 availability, mentors junior staff, and ensures compliance with security frameworks and policies. ✅ Core Responsibilities: Implement and manage enterprise security systems, including cloud-based (AWS/Azure). Perform security audits, risk analysis, and vulnerability assessments. Conduct log analysis via SIEM tools; respond to security incidents. Lead incident response, threat hunting, and forensic analysis. Maintain firewalls, encryption systems, and endpoint protections. Develop and enforce security policies, SOPs, and compliance protocols. Manage user access, logical security, and secure configurations. Collaborate cross-functionally on infrastructure and software security. Support regulatory compliance with standards (e.g., NIST, COBIT). Train and mentor team members; provide escalated issue resolution. Evaluate and onboard new security technologies. ✅ Technical Skills Required: Operating Systems: Windows (5+ years), Linux is a plus Cloud Platforms: AWS (EC2, IAM, Security), Azure (AD, Sentinel, Security Center) Security Tools: SIEM (e.g., Splunk), Firewalls, IDS/IPS, Endpoint Protection Scripting: PowerShell, Python, VBScript, Regex Frameworks & Compliance: NIST, COBIT, ISO 27001, ITIL Forensics & IR: Evidence gathering, threat profiling, penetration testing Documentation: RFPs, RFIs, policy writing, technical reporting Protocols: TCP/IP, DNS, HTTP/S, LDAP, SNMP, VPN, SSH ✅ Soft Skills & Abilities: Critical thinking and creative problem-solving Leadership in projects and incident response Effective communication (written and verbal) Mentoring and knowledge-sharing Ability to prioritize and work independently under pressure Collaboration across departments and vendors ✅ Educational Requirements: Preferred: Bachelor's degree in CS, InfoSec, or related Alternate: 8 years equivalent experience in system/security administration ✅ Experience Requirements: Minimum: 4 years in security/system admin in enterprise IT Mandatory: 5 years in Windows environment ✅ Required Certifications (any 2 or equivalent): Security & Compliance: GIAC GMON, GPCS, DoD 8570 certs Cloud & Microsoft: AWS: Cloud Practitioner, Solutions Architect, Security Specialty Azure: Fundamentals, Security Ops/Engineer, Solutions Architect MCSE Aviatrix Certified Engineer (ACE)

Immediate need for a talented Senior Cloud Security Engineer . This is a 04 months contract opportunity with long-term potential and is located in Elkhorn,NE(Remote). Please review the job description below and contact me ASAP if you are interested. Job ID:25-94911 Pay Range: $90 - $91.19/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location). Key Responsibilities: Deploy and configure container scanning tools to ensure secure containerized environments. Analyze vulnerabilities identified through SAST, DAST, SCA, and container scans, prioritizing remediation based on risk. Develop and maintain custom scripts to automate security processes and enhance scanning capabilities. Consult with development teams to provide secure coding guidance and assist with remediation strategies. Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage. Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy. Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams. Document findings, create actionable reports, and communicate technical details effectively to stakeholders. Key Requirements and Technology Experience: Key Skills; Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk). Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security). Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration. Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10). Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk). Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security). Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration. Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10). Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance. Strong analytical skills for vulnerability triage and risk prioritization. Excellent communication skills for consulting with development teams and explaining technical findings. Experience integrating security tools into CI/CD pipelines. Familiarity with cloud-native security (AWS, Azure, GCP) and container orchestration (Kubernetes). Knowledge of API security testing and microservices architecture. Exposure to DevSecOps practices and security automation frameworks. Relevant certifications such as OSWE, GWAPT, or CSSLP. Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration. Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

Information Security Need Local to San Francisco, CA Onsite role Looking for independent folks. Top Skills: KQL - kusto query language - used by different Microsoft security tools like sentinel or defender SPL that Splunk uses General incident response actual incident tickets - resolve actual security incident tickets Requirements • Self-starter, able to readily explore and learn new areas and concepts. • Knowledge and experience normally acquired through, or equivalent to, the completion of a Computer Science or Computer Engineering Bachelor's degree with a minimum of 5 years of job-related experience. • Degrees in Computer Science or Engineering and/or relevant technically focused certifications in Cloud and/or enterprise security architecture such as GCAD or GDSA are advantageous Experience with • AWS commercial or government cloud • Experience securing critical workloads in a cloud environment. • Knowledge and experience with Databricks, Starburst, Collibra and Immuta is advantageous. Job Role Summary Lead and produce system threat models for integration of commercial components into a data lake platform. Help design secure cloud architectures. Propose effective security controls within the environment and identify and mitigate security vulnerabilities. Simplify complex security topics, lead discussion in technical and business teams, communicate risk accurately. Skills • Able to create AWS secure cloud architecture designs • Understand current security threats, techniques, and landscape • System threat modeling of applications and platforms • Able to identify and provide mitigation for security vulnerabilities within applications and application environments based on threat models. • Able to simplify complex security topics for consumption and critical decision making. • Clear and accurate communication • Able to lead/direct discussions with technical and business teams to achieve common goals. • Able to work well within a team and support team goals • Understand cyber security frameworks such as NIST 800-53 • Ability to work on a geographically distributed team across multiple time zones • Familiarity with SAFe a plus Responsibilities • Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture. Ensure these artifacts are in alignment with FRS policy and standards. • Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer. • Work with members of application development teams to review and create secure application and infrastructure designs and patterns. • Assist development teams by reviewing threat models related to applications and related systems. Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc. • Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines. • Assist in identification and integration of security focused tooling into development and operations processes. • Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views. • Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position. • Assist with recruiting activities and administrative work.

Security Architect / Implementation Engineer Duration: 6 Months contract with possibility of extension We are seeking a highly skilled Security Architect / Security Implementation Engineer with expertise in designing, implementing, and integrating Google Cloud Security Command Center (SCC), Chronicle SIEM, and Cybereason XDR. The candidate will be responsible for architecting the end-to-end solution, implementing GCP native security controls, integrating third-party security tools, and producing detailed design and operational documentation. Key Responsibilities: Design and architect cloud-native security controls in GCP aligned with security and compliance frameworks (CIS, ISO 27001, NIST, etc.). Implement Google Security Command Center (SCC) for threat detection, vulnerability management, and risk insights. Architect and configure Chronicle SIEM for log ingestion, correlation, and advanced threat analytics. Integrate Cybereason XDR with SCC, Chronicle, and other security tools to establish end-to-end threat detection and response workflows. Define use cases, rules, policies, and security playbooks to automate detection and response. Document the solution architecture, design decisions, configuration standards, and integration workflows. Conduct knowledge transfer sessions with security operations and support teams. Collaborate with GCP Cloud Platform teams, SOC teams, and compliance teams to align solutions with enterprise policies. Required Skills & Experience: 8-12 years of overall IT security experience with at least 4-5 years in Google Cloud Security. Proven experience with Google Security Command Center (SCC), Chronicle SIEM, and XDR platforms (Cybereason preferred). Strong knowledge of GCP IAM, VPC Service Controls, Cloud Armor, DLP, Cloud Logging, Cloud Monitoring. Hands-on experience in integrating SIEM, XDR, and native GCP security tools. Experience with Terraform, Deployment Manager, or automation frameworks for security deployment. Strong documentation and presentation skills. Security certifications preferred: Google Professional Cloud Security Engineer, GCP Professional Architect, CISSP, CISM, CCSP.

About Company, Droisys is an innovation technology company focused on helping companies accelerate their digital initiatives from strategy and planning through execution. We leverage deep technical expertise, Agile methodologies, and data-driven intelligence to modernize systems of engagement and simplify human/tech interaction. Amazing things happen when we work in environments where everyone feels a true sense of belonging and when candidates have the requisite skills and opportunities to succeed. At Droisys, we invest in our talent and support career growth, and we are always on the lookout for amazing talent who can contribute to our growth by delivering top results for our clients. Join us to challenge yourself and accomplish work that matters. We're hiring Senior Backend Engineer - Cloud Security in Sunnyvale, CA What You Will Do Build containerized microservices and related components for a multi-tenant, distributed system that ingests and processes real-time cloud events, system telemetry, and network data across major cloud platforms. Your work will enable customers to detect risks and strengthen their cloud security posture. Mentor junior engineers, interns, and new graduates, helping them develop strong technical skills and become effective contributors. Write production-quality software primarily in Java using Spring Boot, and work extensively with Kafka, SQL, and other data interfaces. Work within a Kubernetes-based service infrastructure, while learning new technologies as needed. Take ownership of major features and subsystems through the entire development lifecycle-requirements, design, implementation, deployment, and customer adoption. Participate in operational responsibilities, gaining firsthand experience with real-world performance, reliability, and support scenarios-informing how you design and build better systems. Prioritize quality at every stage, performing thorough developer testing, functional validation, integration checks, and performance testing to ensure highly resilient systems. Collaborate closely with Product Management to review, refine, and finalize requirements. Develop a deep understanding of customer needs by engaging with peers, stakeholders, and real-world use cases. What You Bring Bachelor's degree in computer science or similar (Master's preferred). 5+ years of experience building scalable, distributed systems. Passion for software engineering, continuous learning, and working in a collaborative environment. Hands-on experience with AWS, Azure, or GCP, with strong familiarity at the API/programming level. Experience with networking and/or security concepts is a plus. Experience developing containerized services on Kubernetes is strongly desired. Strong programming experience in Java/Spring Boot or Golang. Experience building or using REST APIs. Knowledge of infrastructure-as-code tools such as CloudFormation, Terraform, or Ansible is a plus. Understanding of TCP/IP networking fundamentals. Experience developing in Unix/Linux environments. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment

As an Information Security Engineer specializing in AI Security, you will be at the forefront of protecting our AI systems and data. Your role will involve deep technical expertise in designing, implementing, and maintaining advanced security measures to safeguard our AI infrastructure from sophisticated threats and vulnerabilities. You will be instrumental in ensuring the robustness, confidentiality, and availability of our AI-driven solutions. Key Responsibilities: - Security Architecture Design: Architect and implement robust security frameworks for AI systems, including authoring of secure coding practices and secure design principles. - Vulnerability Assessment: Identify, implement and manage tooling and methodologies for penetration testing on AI models and systems to identify and remediate security weaknesses. - Secure AI Development: Collaborate with data scientists and software engineers to integrate security best practices into the AI development lifecycle, including secure model training, validation, and deployment. Support security engineers in the evaluation of AI systems being developed and implemented. - Compliance and Standards: Keep track of emerging industry standards, regulations, and best practices for AI security, such as NIST, ISO, and GDPR. - Research and Innovation: Stay abreast of the latest advancements in AI security, conduct research, and contribute to the development of innovative security solutions. - Documentation and Reporting: Prepare and document standard operating procedures, protocols, and security reports, including assessment-based findings and recommendations for further system security enhancement. - Advisory and Support: Provide guidance and support on security matters, including answering queries, providing feedback, and advising on best practices - Technical Training and Mentorship: Provide technical training and mentorship to team members and stakeholders on AI security principles and practices. - Experimentation and POCs: Design and execute experiments and proof of concepts (POCs) to validate emerging threats and security solutions. Conduct R&D to explore new methodologies and technologies for enhancing AI security. Qualifications: - Bachelor's or master's degree in computer science, Information Security, or a related field. - Extensive experience in information security, with a strong focus on AI security. - In-depth knowledge of AI technologies, machine learning algorithms, and data protection techniques. - Proven expertise in designing and implementing security measures for AI systems, including secure coding, encryption, and access controls. - Strong analytical and problem-solving skills, with the ability to conduct vulnerability assessments and penetration testing. - Excellent technical communication and collaboration skills to work effectively with diverse teams. - Relevant certifications such as CISSP, CEH, OSCP, or equivalent are highly desirable.

We are seeking a Senior Software Engineer with strong expertise in application security to join a forward-thinking technology team focused on enhancing secure software development practices. This role combines deep technical knowledge with the ability to collaborate across engineering and security teams to ensure robust, secure applications. Role Overview The ideal candidate will have a software development background (Java and JavaScript preferred) and hands-on experience in application security, including vulnerability analysis, remediation strategies, and secure coding principles. This position requires strong communication skills to act as a bridge between development and security teams, driving best practices and influencing architecture decisions. Key Responsibilities Implement and manage software security testing techniques aligned with enterprise standards. Analyze and assess open-source vulnerabilities, including zero-day threats, and determine impact on applications. Develop and execute remediation plans for identified risks, including code refactoring and dependency updates. Champion secure coding practices and lead security reviews across engineering teams. Provide technical designs and recommendations to reduce vulnerabilities and improve security posture. Collaborate with development, architecture, and security teams to integrate security into the software delivery lifecycle. Stay current on emerging threats, tools, and best practices in application and cloud security. Desired Skills & Competencies Strong experience in application security testing and software composition analysis. Knowledge of web application security, cloud security, and container security. Familiarity with OWASP, CWE, CVE standards and vulnerability mitigation techniques. Hands-on experience with tools such as Sonatype, Qualys, SonarQube, and AWS Inspector. Proficiency in Java, JavaScript, and Python. Working knowledge of AWS services, Docker, Terraform, and DevSecOps practices. Excellent communication skills and ability to influence technical and non-technical stakeholders. Preferred Qualifications Bachelor's degree in Computer Science or related field (AWS and security certifications a plus). Experience collaborating with cross-functional teams and driving secure development initiatives. Familiarity with industry-standard tools for code quality, repository management, and CI/CD pipelines.

Develop and implement system security plans, policies, and controls in accordance with DoD and NIST standards (e. g. , RMF, NIST SP 800-53). Conduct cybersecurity risk and vulnerability assessments and develop mitigation strategies. Support architecture and design reviews from a security perspective. Coordinate with cross-functional teams to ensure cybersecurity is integrated early in the systems engineering process. Assist with security test and evaluation (ST&E), including validation, verification, and accreditation efforts (e. g. , ATO/ATC). Contribute to Program Protection Plans (PPPs), Security Classification Guides (SCGs), and related security documentation. Required Bachelor's degree in Systems Engineering, Cybersecurity, Computer Science, or a related field (or equivalent experience). 5+ years of experience in cybersecurity or systems security engineering within a DoD environment. Familiarity with RMF, NIST SP 800 series, and DoDI 8510. 01. Experience supporting system accreditation packages and security documentation. Active Top Secret clearance with SCI eligability required. DoD 8570 IAT Level II or III certification (e. g. , Security+, CISSP, CASP+) required. Experience supporting classified DoD systems, weapon systems, or multi-domain platforms. Experience working closely with ISSMs/ISSEs and government security stakeholders.