Information Systems Security Officer jobs at Parsons

6 month Contract-to-Hire Contract Rate: $60-67/hr on W2 Salary Conversion: $145-155K, DOE Hybrid; 3 days/week onsite work is required Must be a US Citizen or Green Card/Permanent Resident Ability to obtain a Public Trust Clearance is required Technical Environment (preferred): CSAM, Splunk, Tenable, Palo Alto, Checkmarx Summary: Immediate need for a FISMA Information Security Engineer to bridge the gap between technical security controls and federal compliance requirements. This position involves both security engineering and governance, risk, and compliance (GRC) activities, primarily centered around the Federal Information Security Modernization Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). FISMA/NIST Compliance & Documentation, Auditing & Reporting: Implement and Monitor Controls: Implement, document, and monitor security controls in accordance with NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations). Assessment & Authorization (A&A) Support: Support the Authorization process, including contributing to security assessments, control validation, and evidence gathering to achieve and maintain an Authority to Operate (ATO). System Security Plan (SSP) Management: Assist in the development, maintenance, and update of System Security Plans (SSPs), including continuous monitoring strategies and Plans of Action and Milestones (POA&Ms). Coordinate and support Internal & External Security Audits (e.g., Office of Inspector General (OIG), independent assessors). Reporting: Generate reports on security control compliance, vulnerability posture, and POA&M status for stakeholders and the Authorizing Official (AO). Security Engineering & Operations: Control Implementation: Consult on the configuration and management of security tools and systems (e.g., SIEM, vulnerability scanners, intrusion detection/prevention systems) to effectively enforce NIST 800-53 controls. Vulnerability Management: Analyze results, prioritize remediation efforts based on risk to the system's security categorization (e.g., FIPS 199), and track POA&M completion. Incident Response: Participate in security incident response planning and testing activities, ensuring all incidents are documented and handled in compliance with federal reporting requirements. Change Management: Review system and network change requests to ensure security implications are addressed and maintain the security posture of authorized systems. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field Relevant security certifications 3-5+ years of progressive, hands-on experience in Federal IT Security Engineering 2-4+ years of experience focusing on federal compliance (FISMA, NIST RMF) Technical environment: CSAM, Splunk, Tenable, Palo Alto, Checkmarx About PRG With 20+ years of success in the staffing industry, Peyton Resource Group focuses on matching talent to the precise needs of our clients. Your success is our commitment, and we back up that commitment by only recommending opportunities that align with your goals. Our candidate-centric approach ensures you are in the driver's seat of your career, and our team of recruiters will partner with you and support you every step of the way. PRG's dedication to service has been widely recognized throughout the industry. PRG has been awarded ClearlyRated's Best of Staffing award for 10+ years, as well as the Business Journal's Best Places to Work in Dallas, San Antonio and Austin.

CPSO / ISSO - Defense Programs Active TS/SCI Required (CI Poly Eligible) Competitive Salary + Package Aurora, CO - Full Time, On-Site We are partnered with a defense technology leader supporting highly classified national security programs. With a long-standing reputation for innovation and security excellence, they deliver mission-critical systems across analysis, compliance, and secure systems engineering. Our client is seeking a dual-hatted CPSO/ISSO to manage all aspects of program security and information system security across multiple classified programs. In this role, you will ensure compliance with government security directives, oversee system accreditation efforts, liaise with government agencies, and support the secure operation of complex classified environments. You would work across a range of highly sensitive and technically diverse internal programs. Required Skills: Program Security (CPSO): Oversee classified programs in compliance with DoDM 5105.21, ICDs, IC Tech Spec for ICD/ICS 705, and NISPOM (32 CFR 117). Manage DD254, SCG interpretation, and all contract security requirements. Lead PERSEC functions including clearance verification, SCI nominations, and updates via DISS and Scattered Castles. Support SCIF accreditation and manage UL-2050 compliant IDS and Access Control Systems. Conduct self-inspections, incident investigations, and corrective actions. Deliver security training, briefings, and program-specific education. Coordinate with DCSA, NSA, and other customer agencies. Information System Security (ISSO): Manage accreditation, configuration, and monitoring of classified IS systems under RMF, NIST SP 800-53, NIST SP 800-171, and DoDM 5205.07. Develop and maintain SSPs, POA&Ms, Continuous Monitoring Strategies, and incident response documentation. Perform Security Impact Analyses, coordinate A&A packages with the ISSM. Implement and validate technical, administrative, and operational cybersecurity controls for CUI and classified data. Conduct vulnerability assessments, audit reviews, and patch management. Support configuration management and Change Control Boards. Investigate and report cybersecurity incidents as required. Work closely with IT, Engineering, and Security teams to ensure compliance with RMF, DFARS, and CMMC Level 2. Required Qualifications: Active TS/SCI with SSBI (within 6 years). Bachelor's degree (preferred) or equivalent experience. 4-5 years combined experience as a CPSO/ACPSO/PSO plus ISSO or cybersecurity compliance experience. Strong working knowledge of NISPOM, DoDM 5205.07, DoDM 5105.21, ICDs, and RMF/A&A processes. IAT/IAM Level II certification (Security+). Experience with DISS, eMASS, SCAP, STIGs, and related DoD tools. Familiarity with COMSEC and classified communications systems. Excellent communication, organization, and analytical skills. Willingness to obtain and maintain a CI Polygraph if required. I Desired: Experience managing secure facilities and system accreditation packages. Knowledge of secure system architectures, cybersecurity frameworks, and classified IT environments. Ability to proactively engage with government representatives and internal engineering teams. TO BE CONSIDERED... Apply directly to this posting or email ********************************** for more information. I am available 7am - 9pm, Monday-Sunday. By applying, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. Key Skills: TS/SCI, CPSO, ISSO, DoDM 5105.21, ICD 705, NISPOM, RMF, NIST 800-53, NIST 800-171, Security+, DISS, eMASS, SCIF, SCAP, STIG, COMSEC, Cybersecurity, Classified Systems, Defense, CI Poly

Contact Details: 1.Poonam Khandelwal Email: poonam.khandelwal@peer-consulting.com Cell: (732) 797-9766 Job Title: Cyber Command Forensic Analyst Duration: 48 months Years of Experience: 8+ years Required Hours/Week: 35hrs/week Job Description: The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the breach. Research and develop new techniques, and procedures to continually improve the digital forensics process. Produce high quality written work product presenting complex technical issues clearly and concisely. Managing and maintaining the analysis labs and forensics tools leveraged for investigations. Ensuring data is collected and preserved within industry standard best practices and in alignment evidence integrity requirements. Assisting the Cyber Emergency Response Team during critical incidents. Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based forensic analysis. Mandatory Skills/ Experience: Candidates who do not have the mandatory skills will not be considered. Minimum 4 years of experience in Threat Management/Forensics Investigations/Incident Response environment Proficient in performing digital forensic investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools. Desirable Skills/ Experience: Experience with a wide range of forensic tools (FTK, X-Ways, SIFT, AXIOM, EnCase, etc.) Experience with memory analysis tools (i.e. Volatility, MemProcFS) Experience with Linux and open source tools Experience investigating intrusions on Windows and Linux/Unix operating systems Experience with performing forensics collections in cloud environments (AWS, Azure, GCP) Knowledge of gathering, accessing, and assessing evidence from computer systems and electronic devices Knowledge of virtual environments Knowledge of forensic imaging techniques Knowledge of Microsoft Windows operating system and Windows artifacts Knowledge of Linux/UNIX operating systems and artifacts Knowledge of mac OS operating system and forensics artifacts Knowledge of file systems Strong analytical skills

SAP Security Administrator Compensation: $130,000 - $160,000 annually, depending on experience Inceed has partnered with a great company to help find a skilled SAP Security Administrator to join their team! Join an innovative environment where you will play a critical role in managing and supporting SAP Roles and Security within a dynamic SAP landscape. This is an exciting opportunity to contribute to the design, development, and implementation of SAP Role Administration functions. If you are passionate about SAP security and thrive in a collaborative setting, this role is for you! Key Responsibilities & Duties: Design and maintain security solutions for identity and access management Analyze processes to deliver quality solutions meeting business requirements Drive security strategy for S4Hana ecosystem Identify and mitigate security risks and violations Ensure SAP security aligns with standards and methodologies Provide technical support and resolve security issues Collaborate with IT management for user/system access controls Generate SOX and adhoc reports regularly Maintain Segregation of Duties for SAP environment Conduct vulnerability assessments and penetration tests Required Qualifications & Experience: Bachelor's Degree in Business Management, Information Systems, or related field 4+ years experience in SAP GRC, Role Administration & Security Experience with SAP S/4 HANA security and authorizations In-depth understanding of SAP Security Role design & GRC Architecture Expertise in SAP Security automation and scripts creation Nice to Have Skills & Experience: Experience with cloud applications and Azure SAP GRC Certification Oil and Gas industry experience Experience with SAP GRC Access Control configuration Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal Perks & Benefits: Comprehensive and competitive benefits package-details shared during later stages If you are interested in learning more about the SAP Security Administrator opportunity, please submit your resume for consideration. Our client is unable to provide sponsorship at this time. We are Inceed, a staffing direct placement firm who believes in the possibility of something better. Our mission is simple: We're here to help every person, whether client, candidate, or employee, find and secure what's better for them. Inceed is an equal opportunity employer. Inceed prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Chief Information Security Officer (CISO) The Chief Information Security Officer is a senior executive responsible for defining and overseeing the enterprise-wide vision, strategy, and execution of information security programs that safeguard all organizational data and technology. Reporting directly to the CEO and/or Board of Directors, the CISO plays a pivotal role in managing security risk across both the Academic/Research and Clinical/Patient Care operations of the integrated university and hospital system. Position Details Salary: $250-2750k Type: Full-time, direct hire Location: Washington DC, onsite 3 days a week Strategic Direction & Executive Leadership Build and execute a long-term cybersecurity vision that supports the institution's academic initiatives, research priorities, and clinical mission. Lead and develop the security department, offering coaching, structure, and direction to cybersecurity personnel and partner teams. Establish the organization's security policies, governance models, and standards to ensure consistent risk management practices. Oversee financial planning for cybersecurity, including technology investments, service contracts, and budget management. Risk Oversight & Regulatory Alignment Supervise all risk assessments, compliance reviews, and internal/external audits, ensuring timely closure of any identified risks. Maintain adherence to all regulatory requirements applicable to both sectors: Hospital/Clinical: HIPAA/HITECH, CMS guidelines, and relevant state-level data protection rules. University/Research: FERPA, NIST SP 800-171 for research compliance, and PCI DSS for payment and donation processing. Direct the institution's incident management program-coordinating preparation, testing, and response efforts during cybersecurity events affecting either environment. Operational Security Management Lead the selection, deployment, and ongoing support of cybersecurity technologies (e.g., SIEM tools, firewalls, intrusion detection systems, endpoint protection). Oversee vulnerability assessments, penetration testing initiatives, and continuous monitoring activities. Work closely with IT, engineering, research teams, and clinical technology leaders to incorporate secure design principles into all systems and projects. Communication, Influence & Education Act as the organization's primary authority on cybersecurity matters for executives, trustees, faculty, students, clinicians, and administrative teams. Create and oversee training and awareness programs tailored to the specific needs of academic users, researchers handling sensitive data, and clinical professionals. Provide routine briefings to senior leadership and the Board on emerging risks, ongoing initiatives, and the overall security posture. Required Qualifications Education: Bachelor's degree in Computer Science, Information Systems, or a related technical field (Master's preferred). Professional Background: At least 10 years of progressive cybersecurity experience. Minimum 5 years serving in a senior leadership capacity (e.g., CISO, Security Executive, VP of Cybersecurity). Dual-sector experience: Strong understanding of both healthcare and higher-education cybersecurity and regulatory environments. Certifications: One or more required-CISSP, CISM, or equivalent. Key Skills & Core Competencies Advanced knowledge of enterprise security design, network and cloud protection strategies, and modern risk evaluation techniques. Strong familiarity with frameworks such as NIST Cybersecurity Framework, ISO 27001, and the MITRE ATT&CK model. Outstanding leadership presence with the ability to collaborate, influence, and guide diverse groups across a complex institution. Demonstrated success in leading security incident response efforts and handling high-pressure situations. Proven ability to implement practical, scalable security practices in environments balancing open research culture with rigorous patient data protection requirements.

The CISO will lead the development and execution of a comprehensive information and cybersecurity strategy aligned with WFSDallas' mission. This role will oversee the protection of digital and physical assets, data of job-seekers, employers and partners, and ensure secure, reliable operations across all service channels. The CISO will be a strategic advisor to senior leadership and the board, while managing day-to-day security operations, risk management, compliance and business continuity. ESSENTIAL DUTIES AND RESPONSIBILITIES: This is intended to identify the essential functions of a position and should not be interpreted as all-inclusive. The employee may be required to perform or assume additional job-related responsibilities other than those stated in this . Typical duties include: • Develop and implement enterprise-wide information cybersecurity strategy and governance framework including policies, procedures, and training to ensure compliance and security awareness organization-wide adhering to the National Institute of Standards and Technology (NIST) 800.53 Version 5 and Texas Cybersecurity Framework (TCF). • Lead risk assessment, regulatory compliance (federal/state grants, data privacy, workforce system regulations) and vendor/partner security oversight. • Oversee security operations: threat intelligence, vulnerability management, incident response, identity & access management, cloud/endpoint security. • Build and lead the information security team; cultivate a security-aware culture across workforce centers, staff and partner organizations. • Collaborate with IT, operations, legal, HR, training and executive leadership to embed security into all programs and services. • Evaluate and implement emerging security technologies and approaches to support digital transformation. Develops and implements agency policies for encryption of data transmissions and the erection of firewalls to conceal information as it is being transmitted and to eliminate tainted digital transfers. Serve as liaison to the Board of Directors and external stakeholders regarding security posture, incidents and audits. • Oversees cybersecurity budgets, contracts, and resource planning to ensure efficient and effective allocation of security resources. • Regularly reports cybersecurity posture, risk assessments, and incident outcomes to executive leadership and the Board. • Leads, mentors, and develops information technology and cybersecurity staff to build organizational capability and succession strength. RISK MANAGEMENT & COMPLIANCE • Identify, assess and manage information security risks across all WFSDallas' operations-digital systems, workforce centers, training portals, partner systems. • Ensure compliance with relevant laws, regulations and standards (including federal workforce grant requirements, data privacy, state/county regulations). • Monitors changes in state and federal legislation and advises leadership on potential impacts to agency cybersecurity posture. • Lead internal and external security audits, assessments and remedial actions. • Monitor and evaluate third-party vendor security and partner integrations. SECURITY OPERATIONS • Lead the architecture, deployment and operation of security infrastructure: network security, endpoint security, cloud security, identity & access management. • Oversee vulnerability management, threat intelligence, detection and response capabilities. • Develop and maintain incident response plan, coordinate response to security events, and lead investigations. • Collaborate with IT teams supporting WFSDallas' centers, online portals, job-seeker data systems, and employer portals. Develops performance metrics to measure effectiveness of cybersecurity controls and drives continuous improvement across all security domains. BUSINESS CONTINUITY & DATA PROTECTION • Develop and maintain disaster recovery and business continuity plans for mission-critical systems (career services platform, job-matching system, training portals, partner integrations). • Protect sensitive data (jobseeker information, employer information, partner data) with appropriate encryption, access controls, retention policies. • Lead the development of a data classification and handling program aligned to the organization's operations. SUPERVISORY RESPONSIBILITIES: This position is responsible to the President. Work is performed under general guidance and supervision and according to Workforce Solutions procedures and policies. MINIMUM QUALIFICATIONS: • Bachelor's degree in Computer Science, Information Security, Cybersecurity or similar (Master's preferred) or equivalent combination of education and relevant work experience • At least 10 years of progressive experience in information security/IT risk management; 5+ years in a senior leadership role. • Experience in a multi-site, multi-channel service delivery environment (preferred: public sector, non-profit, workforce systems). • Strong working knowledge of security frameworks (e.g., NIST CSF, ISO 27001, COBIT). • Proven ability to lead incident response and manage regulatory/compliance demands. PREFERRED QUALIFICATIONS: • Certifications such as CISSP, CISM, CISA. • Experience with managing third-party/vendor risk, cloud security, identity & access management in hybrid environments. • Excellent communication skills-capable of translating technical issues for executive/board audiences. • Demonstrated ability to align security initiatives with organizational mission and business objectives. LANGUAGE SKILLS: Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals; ability to write routine reports and correspondence; and to effectively communicate with diverse audiences (colleagues, vendors, supplier, landlords, general public). REASONING ABILITY: Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. OTHER SKILLS and ABILITIES: Knowledge of general office administration; office protocol; regulations for acquisition and inventory control; use and maintenance of computer systems; organization and accurate record-keeping. Type 50-60 words per minute accurately; compose complex correspondence and documentation; operate a variety of office equipment; train others; interact with visitors, Board of Directors, and subcontractors in a professional manner. TRAVEL Due to nature of job, travel will be required approximately 30-40% of work time. Must possess own method of transportation. PHYSICAL DEMANDS: The physical demands described here are representative of those which must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear. The employee is frequently required to stand; walk; and stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds, frequently lift and/or move up to 25 pounds, and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, and ability to adjust focus. WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts, fumes or airborne particles, and outside weather conditions. The noise level in the work environment is usually moderate. This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may be modified any time with or without notice or due to funding changes. Workforce Solutions Greater Dallas is an EEO/AA/Drug Free Workplace Employer and complies fully with the Americans with Disabilities Act (ADA). Auxiliary aids and services are available upon request to individuals with disabilities. This position is grant funded.

This role offers the chance to take real ownership of an organization's security posture and guide how it continues to evolve. The environment is supported by a managed services provider, and this position will serve as the internal point of leadership and direction for all security initiatives-both strategic and hands-on. Principle Lead IT Security Analyst Location: Danbury, CT -Hybrid Salary - $130,000 - $160,000 +Bonus This role offers meaningful visibility, influence, and a path to future leadership roles such as Security Manager or CISO. You will work closely with senior leadership, drive priorities, lead the MSP, and represent the security function to internal stakeholders and external customers. The scope includes cloud security, infrastructure security, risk management, audits, tooling, and incident response. This is a strong role for someone who is confident technically and ready to broaden into leadership responsibility with clear visibility and influence. Key Responsibilities Lead and direct the MSP on all security-related work, ensuring accountability and alignment to security objectives. Strengthen and mature Azure cloud and Microsoft infrastructure security measures. Manage vulnerability assessments, incident response coordination, and threat analysis activities. Lead audit and compliance efforts, including ISO, SOC2, NIST, and related standards and frameworks. Evaluate current tools and identify opportunities to implement or enhance security solutions. Represent the security function in internal meetings and customer discussions; clearly communicate risk posture, decisions, and rationale. Conduct regular internal security reviews and status meetings with senior leadership. Identify and recommend improvements to organizational security strategy and controls. Ideal Background Experience in a broad security role supporting cloud, infrastructure, monitoring, and risk management. Ability to guide third-party partners or MSP resources in the execution of security initiatives. Strong analytical and problem-solving skills; able to identify gaps and design practical solutions. Comfortable working in a role that is both strategic and hands-on. Clear, confident communication skills with both technical and non-technical audiences. Organized, steady under pressure, and able to prioritize effectively. Preferred Experience Azure cloud security, Microsoft infrastructure security, and network security fundamentals. Security monitoring/logging platforms, vulnerability scanning, incident response practices. Familiarity with NIST or CIS frameworks and security audit requirements. Experience evaluating and implementing new security tools or platforms. Exposure to emerging security automation or AI-driven security tooling is a plus.

The Cybersecurity Engineer is responsible for the technical implementation and management of cybersecurity measures. This role involves extensive hands-on work with security technologies, developing and maintaining security protocols, and ensuring the protection of sensitive data. The Cybersecurity Engineer collaborates within the various IT teams to integrate security solutions into business projects and solutions, while supporting overall compliance with HIPAA regulations. Technical Implementation: Architect, deploy, and maintain enterprise-grade security technologies, including firewalls, intrusion detection/prevention systems, encryption platforms, and vulnerability management tools. Implement and support security controls for network infrastructure such as routers, switches, and wireless access points. Configure, administer, and secure Active Directory and Azure AD environments. Deploy and oversee endpoint protection platforms and Security Information and Event Management (SIEM) solutions. Manage Microsoft 365 security capabilities, including conditional access, data loss prevention (DLP), and advanced threat protection. Evaluate, test, and recommend new security tools, processes, and technologies to strengthen the organization's security posture. Security Operations: Continuously monitor systems for security events, investigate alerts, and respond to incidents with appropriate documentation. Perform ongoing risk assessments and vulnerability scans to identify exposures and drive remediation efforts. Lead technical response efforts during security incidents or breaches in coordination with the incident response team. Administer and monitor Identity and Access Management (IAM) systems to ensure secure and appropriate access. Conduct routine vulnerability assessments and threat analysis to support continual improvement. Perform digital forensics and incident response activities as needed. Compliance: Ensure adherence to HIPAA and all applicable regulatory and security standards. Design and implement technical safeguards that protect sensitive information and support organizational objectives. Collaboration: Partner with IT and business teams to embed security controls into systems, applications, and workflows. Educate and support staff on cybersecurity awareness, best practices, and evolving threats. Documentation: Create and maintain accurate documentation for security configurations, procedures, and incident activity. Remain informed on current cybersecurity trends and recommend enhancements to existing controls. Security Audits: Plan and conduct scheduled and ad-hoc security audits to validate adherence to security policies and standards. Security Standards and Policies: Develop, review, and update security policies and standards in alignment with industry best practices and regulatory requirements. Security Infrastructure Maintenance and Monitoring: Configure, troubleshoot, and maintain security-related hardware and software. Implement and manage monitoring tools to detect intrusions and potential security breaches. Security Strategy Development: Support the planning, execution, and ongoing refinement of the organization's information security strategy. Adhere to organizational policies, procedures, and safety standards; complete required training annually; contribute to performance goals and quality improvement initiatives. Perform additional duties as assigned. Minimum Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline required. Minimum Experience: Ten (10) years of overall IT experience, including at least five (5) years of hands-on cybersecurity leadership with demonstrated success designing, engineering, and deploying security solutions in an enterprise environment. Certifications: Relevant industry certifications such as CISSP, CISM, CISA, CCSP, CEH, Microsoft Azure Engineer, or equivalent are required.

We are seeking a Cybersecurity Engineer with strong, hands-on experience implementing Data Loss Prevention (DLP) solutions, specifically using Azure Purview and Microsoft Intune. This role requires a technical practitioner who has directly deployed, configured, and operationalized security controls-not just monitored events. The engineer will design and implement secure architectures across cloud and hybrid environments, conduct threat modeling, integrate security into new platforms, and ensure alignment with industry best practices and regulatory frameworks such as NIST 800-53, FISMA, and FedRAMP. The ideal candidate must have 10+ years of experience that brings advanced knowledge of cloud security, IAM, encryption, authentication protocols, and modern DevSecOps practices. Additional responsibilities include developing reusable security patterns, performing architecture reviews, enhancing automation, and partnering with IT teams to mature the organization's security posture. Strong communication skills, deep technical proficiency, and experience with Azure/AWS infrastructures are essential for success in this role. This is an onsite direct hire opportunity in Arlington, VA, no contract, no sponsorship. Relocation assistance provided within the US. LI #HP-1

Application Security Architect (DevSecOps) Contract Type: 12-Month W2 Contract Pay Rate: $65-$75/hour (Based on Experience) Russell Tobin is partnering with a large, well-established financial services organization to identify an experienced Application Security Architect for a long-term contract opportunity. This role will be responsible for embedding security into the software development lifecycle and supporting secure DevOps practices across enterprise applications. Responsibilities Design, implement, and maintain secure CI/CD pipelines. Integrate security tools including SAST, DAST, and SCA into development workflows. Work closely with development and operations teams to identify and remediate application vulnerabilities. Automate security testing and compliance validation processes. Monitor and respond to security incidents in cloud and container environments. Develop, document, and enforce application security policies, standards, and procedures. Stay current on evolving security threats and DevSecOps best practices. Required Qualifications Bachelor's degree in Computer Science, Cybersecurity, or a related field. 6+ years of overall IT experience with 2-3 years focused on application security or DevSecOps. Strong experience with CI/CD tools such as Jenkins, Harness, or similar platforms. Development experience with Java, Python, .NET, or related languages. Hands-on experience with application security tools such as Veracode, GitHub Advanced Security (GHAS), Orca, or similar. Proficiency with scripting languages such as Python and Bash. Experience with container technologies including Docker and Kubernetes. Knowledge of cloud platforms (AWS, Azure, and/or GCP) and their security capabilities. Strong understanding of secure coding practices and application security principles. Experience with Infrastructure as Code tools such as Terraform and Ansible. Work Environment Hybrid schedule with 3 days onsite and 2 days remote each week Professional enterprise environment with cross-functional collaboration Long-term contract with potential for extension Benefits Info: Pride Global offers eligible employee's comprehensive healthcare coverage (medical, dental, and vision plans), supplemental coverage (accident insurance, critical illness insurance and hospital indemnity), 401(k)-retirement savings, life & disability insurance, an employee assistance program, legal support, auto, home insurance, pet insurance and employee discounts with preferred vendors.

This role is responsible for monitoring systems for intrusions and malicious activity, assessing the effectiveness of security controls, identifying gaps, evaluating risk, participating in the security lifecycle for IT projects, and supporting compliance with applicable laws and regulations. The position requires a holistic approach to assessing security risks and the ability to apply abstract thinking to evaluate issues and develop solutions. The analyst will utilize information from frameworks, guidelines, threat-intelligence, and industry best practices to support decision making. Essential Duties & Responsibilities Monitor systems and networks for malicious activity. Support internal and external security and compliance audits. Install, configure, and support technical security controls and countermeasures. Maintain security policies, procedures, guidelines, and standards. Promote information security awareness across the organization. Participate in the internal incident response team. Perform vulnerability scans and support remediation activities. Monitor and manage Data Loss Prevention (DLP) tools. Work with subject matter experts to complete System Security Plans. Assist with operating security solutions managed by the IT Security group. Support daily IT security operations. Assist technical teams in monitoring and responding to operational alerts. Attend training and conferences to maintain proficiency. Research current threats, vulnerabilities, tools, techniques, laws, and best practices. Work flexible hours as needed for maintenance windows; occasional after-hours work may be required. Perform related duties as assigned. Qualifications Required Technical Experience At least 3 years of experience in technology or information security roles. Understanding of enterprise networking and datacenter environments. Knowledge of HIPAA Security Rule and PCI requirements. Proficiency with Microsoft Windows and Linux. Working knowledge of TCP/IP networking. Familiarity with compliance frameworks (HIPAA, PCI, NIST). Ability to perform log and packet analysis. Ability to learn new technologies and address complex issues. Experience assessing and recommending security controls. Prior technical support experience. Knowledge of industry standards and current security threats. Preferred Technical Experience Experience with Nexpose or similar vulnerability scanners; Metasploit or Kali Linux experience a plus. Familiarity with SAML and Microsoft ADFS. Firewall administration experience. Knowledge of CJIS requirements. Experience with Microsoft Azure or Office 365. Skills & Abilities Strong written and verbal communication skills. Ability to communicate clearly with technical and non-technical stakeholders. Ability to take initiative with minimal supervision. Ability to work under pressure and handle disruptions. Strong interpersonal and customer service skills. Ability to build and maintain positive working relationships. Ability to work after hours when required. Education & Certifications Bachelor's degree in Information Security, Computer Science, Telecommunications, or related field, or equivalent experience. Security+, GIAC, OSCP, CISSP, CCSP, or similar certifications preferred but not required. Valid driver's license with ability to travel to multiple sites.

The Senior InfoSec GRC Analyst is responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that are aligned to industry standards and regulatory requirements. This role ensures that technology processes adhere to regulatory requirements, manage risks effectively, and establish strong governance practices. The position also develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective. Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Collaborate with cross-functional teams, including IT, legal, compliance, and business stakeholders, to ensure cybersecurity policies align with organizational objectives. Translate complex information and documentation into clear and simple concepts for end-users. Provide specialized expertise to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend actionable solutions to mitigate risks and strengthen overall security posture. Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmark policies against industry standards and best practices. Develop and implement governance frameworks for cybersecurity policy management. Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls. Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings and actions are tracked to closure. Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to relevant stakeholders. Identify opportunities for innovation and improvement in cybersecurity policies and practices. Propose mitigation strategies and verify the effectiveness of remediation plans. Requirements: Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field (preferred). Minimum of six (6)+ years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency with data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA (highly desirable). Strong knowledge of regulatory frameworks (NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Understanding of risk management concepts, control frameworks, and compliance auditing. Ability to provide consultation and recommendations to management. Strong communication skills with the ability to present effectively to both technical and non-technical audiences.

• DevSecOps' expertise in building and supporting security solutions for Windows, Linux, above mentioned platforms, including services such as Enterprise Vulnerability Management, data protection, privacy and compliance, network protection. • Building and deploying security solutions using technologies such as Docker, Kubernetes, and GIT Hub. • Experience in low code environments such as Appian and Microsoft Power Platforms is mandatory. • Experience with Alteryx ETL and Workflow Designer platform is plus. • Experience with Identity and Access, Endpoint, Vulnerability management and other cybersecurity automation workflows. • Experience writing Automation scripts in Python and deploying them leveraging APIs. • Experience with AI enabled automation workflows. • Experience with Agile methodology and Atlassian tools including JIRA and Confluence. • Communicating with various audiences, including business leaders, engineers, clients, and team members, with excellent ability to convey information that is relevant to the audience. • Written communication for excellent documentation and reporting. • Outstanding teamwork across multidiscipline plan-build-run teams. • Applying your understanding and expertise with systems automation platforms and technologies. • Automating security controls, data, and processes to provide metrics and operational support. • Employing cloud-based APIs when suitable to integrate and orchestrate across various systems in the automation workflow. • Developing and delivering solutions using Agile methodology. “Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”

Our client is looking for a detail-oriented and proactive Senior Security Analyst to support ongoing security initiatives, maintain compliance, and ensure that security policies and standards are followed within a fast-paced, evolving environment. This position is part of the Information Security team and collaborates across business functions to ensure regulatory requirements and organizational compliance standards are met. Key Responsibilities Ensure compliance with applicable regulations and standards, including SOX, SOC 2, CCPA, HIPAA, and other industry-specific frameworks. Assist with third-party risk management (TPRM), assessing, monitoring, and managing vendor risks. Perform risk assessments, audits, and compliance reviews to identify potential risks and implement mitigation strategies. Map controls across compliance frameworks, translate them into actionable steps, and provide guidance to stakeholders. Deliver and enhance security awareness campaigns to maintain understanding of best practices and compliance requirements across the organization. Update and maintain the risk register, ensuring it reflects the current risk landscape and supports decision-making. Support ongoing maintenance and improvement of GRC solutions, including control testing. Collaborate with cross-functional teams to embed risk management practices into operational processes. Participate in process reviews, identifying opportunities to improve operational efficiency and compliance effectiveness. Stay informed on regulatory changes, industry trends, and best practices to continuously improve security and compliance programs. Perform other duties as required to support the Senior Security Analyst role. Preferred Qualifications Minimum of 5 years of GRC experience within a public company. In-depth knowledge of regulatory requirements such as SOX, CCPA, HIPAA, and other relevant frameworks. Hands-on experience with GRC solutions and third-party risk management programs. Strong understanding of IT governance, information security, and data privacy principles. Excellent communication, management, and interpersonal skills, with the ability to influence stakeholders at all levels. Ability to develop and implement security policies, procedures, and controls. Relevant certifications (e.g., CISA, CISM, CISSP, CRISC) are a plus. Additional experience with Identity and Access Management (IAM), Data Classification, and Data Loss Prevention (DLP) is highly desirable. Minimum Qualifications College degree or equivalent. 6+ years of related experience. Expert technical knowledge and understanding of industry regulations. Ability to lead and coordinate team activities. Ability to formulate, document, and recommend new policies and procedures. Proven ability to work effectively in a team and lead initiatives.

Our client is one of the largest Hospitals in the US. Based out of Philadelphia, they are looking to hire a Cloud Security Engineer on a Contract basis. Contract Duration: 6 Month Contract (Potential for extension or conversion) Required Skills & Experience At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment. CISSP Certification At least six (6) years experience with information security, regulatory compliance and risk management concepts. At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training. Experience with Cloud and/or Virtualization technologies. Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures. Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series). Comprehensive knowledge of information security regulations, standards and leading practices, including understanding of EHR, cloud frameworks, identity access controls. Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality. Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security. Microsoft, UNIX, Lawson, and Clinical Applications, Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project). Experience with risk management frameworks. Information Security Requirements Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store information. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information. Daily Responsibilities Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies. Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies. Functions as the Subject Matter Expert (SME) to maintain an understanding of DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business. Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering. Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption). Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models. You will receive the following benefits: Medical Insurance - Four medical plans to choose from for you and your family Dental & Orthodontia Benefits Vision Benefits Health Savings Account (HSA) Health and Dependent Care Flexible Spending Accounts Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance Hospital Indemnity Insurance 401(k) including match with pre and post-tax options Paid Sick Time Leave Legal and Identity Protection Plans Pre-tax Commuter Benefit 529 College Saver Plan Motion Recruitment Partners (MRP) is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

ISSO Industry: Government Contracting Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services. ISSO Key Responsibilities: · Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview. · Maintain operational security posture consistent with current security policy. · Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT. · Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed. · Serve as primary security to system owners, common control providers, and users. · Serve as focal point for cybersecurity incident reporting and subsequent resolution. · Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language. · Ensure all security-related SDLC documentation meets all identified security needs. · Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium. · Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium. · Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures. · Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium. · Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system. · Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring. · Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation. · Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan. · Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS). · Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium. · Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy. · Complete mandatory annual specialized information security training. ISSO Required Skills:8+ years of experience in IT Security Certified Information Systems Security Professional (CISSP) certification. Understanding of NIST 800.53 and its applicability to IT Systems. Expertise with Risk Management Framework, FEDRAMP and FISMA. Understanding authentication in the cloud environment. Experience with continuous monitoring of a cloud system Experience working on assessments with third party assessments organization (3PAO) AWS/Azure associate certified ISSO Compensation and benefits: $120,000 Company-supported medical, dental, vision, life, STD, and LTD insurance Benefits include 10 federal holidays and PTO. 401(k) with company matching Flexible Spending Accounts for commuter, medical, and dependent care expenses Tuition Assistance

Infrastructure Security Engineer Compensation: $40-50 /hour, depending on experience Inceed has partnered with a great company to help find a skilled Infrastructure Security Engineer to join their team! Join a dynamic team in a company that values culture and work-life balance. As an Infrastructure Engineer, you will play a crucial role in designing and maintaining a secure hybrid infrastructure. This is an exciting opportunity for someone who thrives in a technical environment and is passionate about security compliance. Enjoy working in a supportive and collaborative setting where your skills and expertise will make a significant impact. Key Responsibilities & Duties: Design and manage Azure environments and Azure Virtual Desktop. Ensure compliance with security frameworks like CMMC and NIST. Administer Windows Server and Active Directory. Implement and monitor network security. Translate compliance requirements into technical controls. Collaborate with high-level executives and cross-functional teams. Required Qualifications & Experience: Bachelor's degree in IT or 10 years of IT experience. Proven experience with cloud and on-premises environments. Strong understanding of CMMC or NIST frameworks. Excellent written and verbal communication skills. Strong analytical and troubleshooting skills. Nice to Have Skills & Experience: Experience with Hyper-V and VMware. Knowledge of PowerShell scripting and automation. Familiarity with vulnerability management and incident response. Perks & Benefits: 3 different medical health insurance plans, dental, and vision insurance Voluntary and Long-term disability insurance Paid time off, 401k, and holiday pay Weekly direct deposit or pay card deposit If you are interested in learning more about the Infrastructure Security Engineer opportunity, please submit your resume for consideration. Our client is unable to provide sponsorship at this time. We are Inceed, a staffing direct placement firm who believes in the possibility of something better. Our mission is simple: We're here to help every person, whether client, candidate, or employee, find and secure what's better for them. Inceed is an equal opportunity employer. Inceed prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. #IND

We are seeking a Security Engineer II to support threat and vulnerability management across on-premises and cloud environments. This role focuses on identifying security risks, assessing vulnerabilities, ensuring secure configurations, and driving remediation efforts to improve overall security posture. Key Responsibilities: Identify, assess, and remediate vulnerabilities across on-prem and cloud environments (AWS/Azure/GCP) Monitor and analyze threat intelligence using frameworks such as MITRE ATT&CK, OWASP, and CVSS Utilize vulnerability and cloud security tools (Tenable, Qualys, Rapid7, Prisma Cloud, Defender for Cloud, Wiz) Perform secure configuration audits using CIS Benchmarks, NIST, and STIGs Collaborate with IT, Cloud, and DevOps teams to implement remediation Automate security processes using scripting (Python, PowerShell, Bash) Track remediation progress and communicate risks to technical and non-technical stakeholders Required Skills & Experience: 4+ years of experience in Cybersecurity or IT with exposure to vulnerability or cloud security Hands-on experience with vulnerability management tools Strong understanding of security controls, risk management, and compliance Experience with scripting/automation and API integrations Familiarity with SIEM, logging, monitoring, and ticketing systems