Information Security Engineer jobs at Public Consulting Group

Hybrid: Work location & Remote (3 days in office/2 days remote) - Brooklyn, NY 11201 Monday- Friday; 9-5 SCOPE OF SERVICES: The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the breach. TASKS: Research and develop new techniques, and procedures to continually improve the digital forensics process. Produce high quality written work product presenting complex technical issues clearly and concisely. Managing and maintaining the analysis labs and forensics tools leveraged for investigations. Ensuring data is collected and preserved within industry standard best practices and in alignment evidence integrity requirements. Assisting the Cyber Emergency Response Team during critical incidents. Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based forensic analysis. MANDATORY SKILLS/EXPERIENCE Minimum 4 years of experience in Threat Management/Forensics Investigations/Incident Response environment Proficient in performing digital forensic investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools. DESIRABLE SKILLS/EXPERIENCE: Experience with a wide range of forensic tools (FTK, X-Ways, SIFT, AXIOM, EnCase, etc.) Experience with memory analysis tools (i.e. Volatility, MemProcFS) Experience with Linux and open source tools Experience investigating intrusions on Windows and Linux/Unix operating systems Experience with performing forensics collections in cloud environments (AWS, Azure, GCP) Knowledge of gathering, accessing, and assessing evidence from computer systems and electronic devices Knowledge of virtual environments Knowledge of forensic imaging techniques Knowledge of Microsoft Windows operating system and Windows artifacts Knowledge of Linux/UNIX operating systems and artifacts Knowledge of mac OS operating system and forensics artifacts Knowledge of file systems Strong analytical skills

The Information Security Compliance Analyst plays a pivotal role in safeguarding the organization's information assets by leading compliance initiatives, managing vendor and client security assessments, and supporting incident response efforts. This position ensures alignment with industry standards such as ISO27001, SOC 2, PCI DSS, and GDPR, while maintaining robust governance frameworks and security policies. The analyst collaborates cross-functionally to enhance security operations, drive continuous improvement, and uphold regulatory compliance across ITA Group's systems and third-party relationships. ACCOUNTABILITIES & PERFORMANCE EXPECTATIONS Security Operations & Compliance Lead client and vendor security assessments, including third-party reviews, risk assessments, and questionnaire responses. Build and manage workflows for vendor assessments and due diligence. Oversee compliance audits (SOC2, PCI, ISO27001, TruSight), including evidence collection and process optimization. Support the Information Systems Incident Response Team (ISIRT) during security events. Assist in developing requirements for security tools and operational procedures. Evaluate and recommend emerging security technologies and products. Provide off-hours support on a rotating and as-needed basis. Coordinate with external suppliers to resolve security incidents. Systems & Tools Management Administer and monitor various security tools to ensure optimal performance and coverage. Audit & Incident Management Conduct quarterly audits of systems in scope for compliance. Maintain incident logs and ensure readiness for ISO27001 certification. Investigate and remediate Microsoft Security alerts. Compliance Certifications Collaborate with Legal to support privacy regulations and ensure compliance with GDPR and other frameworks. Governance Management Develop and implement Data Loss Prevention (DLP) rules for sensitive document handling. Enhance Insider Threat Protection capabilities. Maintain and update InfoSec policies and procedures. Provide organization-wide coaching and mentorship on security policies. Ensure regulatory and compliance requirements are consistently met. Establish and maintain a security framework and auditing process. Manage security questionnaires and third-party data security risk assessments. Analyze and investigate security anomalies using platform reports, logs, and alerts. POSITION REQUIREMENTS Bachelor's degree in computer science, information technology, or equivalent experience. Five-to-eight years experience in information technology support with at least five years of experience in system administration and system design. Security certification such as CISSP, CISA, or CISM are required. Technical certifications in Cisco and Microsoft products is preferred. Excellent communication and documentation skills. Strong experience with ISO27001, SOC 2, PCI DSS 4.x, GDPR, and other regulatory frameworks and privacy regulations. Ability to demonstrate ownership of systems and drive the technology forward to the goals of the company. Direct involvement in the annual planning and budgeting process for Information Technology. Strong communication skills and the ability to interact with other systems personnel in a team environment. Ability to maintain confidentiality pertaining to nonpublic business, financial, personnel, salary, and technological information, plans or data. Ability to think analytically to solve technical problems individually and in a team environment. Ability to effectively plan, schedule and coordinate projects and meet deadlines, managing multiple project concurrently. Ability to analyze and communicate technology performance results. Specific experience working with our current primary technology and software preferred. Ability to listen, understand and respond to external and internal customers' needs in a timely manner; customer service experience in a service-related industry preferred. Ability to work the time necessary to complete projects and/or meet deadlines. ABOUT ITA GROUP ITA Group is an employee-owned engagement and loyalty company that provides data-driven solutions designed to uniquely motivate and inspire our clients' employees, channel partners and customers. Creating engaging employee experiences is at the heart of what we do and who we are, and we continuously evaluate our team member benefits to ensure our team members are cared for. We offer an array of competitive benefits, including healthy retirement contributions, health, dental and vision insurance, paid parental leave, flexible work arrangements, Volunteer Time Off, paid sabbaticals, anniversary awards and more! Come join our team, recently recognized by several top organizations as a Great Place to Work.

Infrastructure Security Engineer Compensation: $40-50 /hour, depending on experience Inceed has partnered with a great company to help find a skilled Infrastructure Security Engineer to join their team! Join a dynamic team in a company that values culture and work-life balance. As an Infrastructure Engineer, you will play a crucial role in designing and maintaining a secure hybrid infrastructure. This is an exciting opportunity for someone who thrives in a technical environment and is passionate about security compliance. Enjoy working in a supportive and collaborative setting where your skills and expertise will make a significant impact. Key Responsibilities & Duties: Design and manage Azure environments and Azure Virtual Desktop. Ensure compliance with security frameworks like CMMC and NIST. Administer Windows Server and Active Directory. Implement and monitor network security. Translate compliance requirements into technical controls. Collaborate with high-level executives and cross-functional teams. Required Qualifications & Experience: Bachelor's degree in IT or 10 years of IT experience. Proven experience with cloud and on-premises environments. Strong understanding of CMMC or NIST frameworks. Excellent written and verbal communication skills. Strong analytical and troubleshooting skills. Nice to Have Skills & Experience: Experience with Hyper-V and VMware. Knowledge of PowerShell scripting and automation. Familiarity with vulnerability management and incident response. Perks & Benefits: 3 different medical health insurance plans, dental, and vision insurance Voluntary and Long-term disability insurance Paid time off, 401k, and holiday pay Weekly direct deposit or pay card deposit If you are interested in learning more about the Infrastructure Security Engineer opportunity, please submit your resume for consideration. Our client is unable to provide sponsorship at this time. We are Inceed, a staffing direct placement firm who believes in the possibility of something better. Our mission is simple: We're here to help every person, whether client, candidate, or employee, find and secure what's better for them. Inceed is an equal opportunity employer. Inceed prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. #IND

Candidates Only no 3rd Party Candidates! Company is seeking a Senior Security Engineer or Security Solutions Architect with deep experience in Zscaler Internet Access (ZIA) and Secure Web Gateway (SWG) solutions. The resource will review and assess the current Zscaler deployment, identify best practices, implement configuration and policy improvements, and optimize workflows to improve security posture and user experience. Key Responsibilities Assess Company's current Zscaler ZIA (SWG) deployment and provide best practice recommendations. Perform configuration updates, policy tuning, and remediations based on assessment findings. Review and optimize the website approval workflow, reducing turnaround time for URL requests (currently 2-3 days). Implement granular Zscaler policies allowing differentiated access based on user identity (e.g., allow downloads but restrict uploads). Assist with Zscaler DLP policy design and management. Develop and document end-user and administrator processes, ensuring consistency and clarity. Identify opportunities to automate policy or workflow management via scripting or ServiceNow integrations. Collaborate with internal teams (SOC, Engineering, GRC) to align configurations with security requirements. Required Qualifications 7+ years of experience in IT security engineering or architecture. Proven expertise with Zscaler Internet Access (ZIA) and Secure Web Gateway (SWG) design, deployment, and optimization. Working knowledge of Zscaler Private Access (ZPA) and Zscaler DLP. Strong understanding of enterprise networking, including firewalls, proxies, and DNS. Experience designing and implementing identity-based policies within Zscaler. Familiarity with Zero Trust architecture, encryption, and access control principles. Proficiency in Python scripting or API integration for automation and workflow improvements. Experience integrating with ServiceNow or similar platforms. Excellent communication skills and ability to operate independently in a fast-paced environment. Strong process orientation with proven experience analyzing, optimizing, and documenting workflows.

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

Title: Cloud Security Principal Engineer Job Duration: 6 months (Contract to Hire) We are seeking an experienced Cybersecurity Engineer to strengthen enterprise security across cloud and on-prem environments. This role focuses on enhancing identity, access, and threat protection capabilities while supporting automation, compliance, and continuous security improvement. The ideal candidate brings strong hands-on security engineering skills, deep Azure experience, and proven success designing and operating security controls within large, complex environments. Responsibilities Implement, configure, and maintain enterprise security tools including SIEM, EDR, IAM, and CSPM solutions Engineer and operate security controls across Azure and hybrid environments Lead IAM / RBAC / user access governance initiatives to improve authentication and authorization workflows Monitor, investigate, and respond to security threats through SIEM and SOC processes Drive automation of security and identity tasks using Terraform, PowerShell, and scripting Collaborate with infrastructure, applications, and architecture teams to ensure secure design and deployment practices Support vulnerability remediation, risk assessments, and compliance requirements Contribute to security standards, documentation, and best practices for ongoing maturity and scalability Required Qualifications CISSP certification (mandatory) 12+ years overall IT experience across network, systems, and/or application platforms 6+ years in Cybersecurity with a focus on security engineering 3+ years in IAM / RBAC / identity governance Strong hands-on knowledge of Azure Security, virtualization, and Microsoft security ecosystem Experience with security monitoring and defense tools such as: Microsoft Sentinel, Microsoft Defender, Splunk, Wiz (or similar) Skilled in automation using Terraform, PowerShell, or equivalent scripting tools Preferred Qualifications Additional cloud security certifications (e.g., AZ-500, CCSP) Experience supporting security in healthcare or regulated industries Familiarity with DevSecOps practices and secure CI/CD integration Work Environment Hybrid: ~80% remote / 20% onsite each week Location: Philadelphia Metro area Contract-to-permanent conversion opportunity Candidates must be willing to commute onsite as required Why Join Visible role influencing enterprise-wide security posture Opportunity to work with modern security technologies in critical infrastructure Long-term career potential through contract-to-hire pathway

• DevSecOps' expertise in building and supporting security solutions for Windows, Linux, above mentioned platforms, including services such as Enterprise Vulnerability Management, data protection, privacy and compliance, network protection. • Building and deploying security solutions using technologies such as Docker, Kubernetes, and GIT Hub. • Experience in low code environments such as Appian and Microsoft Power Platforms is mandatory. • Experience with Alteryx ETL and Workflow Designer platform is plus. • Experience with Identity and Access, Endpoint, Vulnerability management and other cybersecurity automation workflows. • Experience writing Automation scripts in Python and deploying them leveraging APIs. • Experience with AI enabled automation workflows. • Experience with Agile methodology and Atlassian tools including JIRA and Confluence. • Communicating with various audiences, including business leaders, engineers, clients, and team members, with excellent ability to convey information that is relevant to the audience. • Written communication for excellent documentation and reporting. • Outstanding teamwork across multidiscipline plan-build-run teams. • Applying your understanding and expertise with systems automation platforms and technologies. • Automating security controls, data, and processes to provide metrics and operational support. • Employing cloud-based APIs when suitable to integrate and orchestrate across various systems in the automation workflow. • Developing and delivering solutions using Agile methodology. “Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”

This role offers the chance to take real ownership of an organization's security posture and guide how it continues to evolve. The environment is supported by a managed services provider, and this position will serve as the internal point of leadership and direction for all security initiatives-both strategic and hands-on. Principle Lead IT Security Analyst Location: Danbury, CT -Hybrid Salary - $130,000 - $160,000 +Bonus This role offers meaningful visibility, influence, and a path to future leadership roles such as Security Manager or CISO. You will work closely with senior leadership, drive priorities, lead the MSP, and represent the security function to internal stakeholders and external customers. The scope includes cloud security, infrastructure security, risk management, audits, tooling, and incident response. This is a strong role for someone who is confident technically and ready to broaden into leadership responsibility with clear visibility and influence. Key Responsibilities Lead and direct the MSP on all security-related work, ensuring accountability and alignment to security objectives. Strengthen and mature Azure cloud and Microsoft infrastructure security measures. Manage vulnerability assessments, incident response coordination, and threat analysis activities. Lead audit and compliance efforts, including ISO, SOC2, NIST, and related standards and frameworks. Evaluate current tools and identify opportunities to implement or enhance security solutions. Represent the security function in internal meetings and customer discussions; clearly communicate risk posture, decisions, and rationale. Conduct regular internal security reviews and status meetings with senior leadership. Identify and recommend improvements to organizational security strategy and controls. Ideal Background Experience in a broad security role supporting cloud, infrastructure, monitoring, and risk management. Ability to guide third-party partners or MSP resources in the execution of security initiatives. Strong analytical and problem-solving skills; able to identify gaps and design practical solutions. Comfortable working in a role that is both strategic and hands-on. Clear, confident communication skills with both technical and non-technical audiences. Organized, steady under pressure, and able to prioritize effectively. Preferred Experience Azure cloud security, Microsoft infrastructure security, and network security fundamentals. Security monitoring/logging platforms, vulnerability scanning, incident response practices. Familiarity with NIST or CIS frameworks and security audit requirements. Experience evaluating and implementing new security tools or platforms. Exposure to emerging security automation or AI-driven security tooling is a plus.

We are hiring an IS Security Risk Analyst in Columbia, South Carolina! The Senior Information System Security Officer (ISSO) will be responsible for leading Security, Risk, and Compliance activities in support of new and ongoing Cybersecurity efforts Candidates must be local or within a commutable distance and okay with working onsite in the Columbia SC office. No C2C or 1099 candidates, US work status required, direct hire W2 long term contract assignment. Position Details: Perform detailed architectural reviews and risk analysis of security related requests in order to make sound decision making recommendations, such as: Network Design and Information Flow System and Data Access Models Review Firewall Rule Requests (Ports, Protocols, and Services) Baseline Configuration Management Deviation Requests Vulnerability Management Champion the design, development, implementation, and/or ongoing maturation of SCDHHS security and compliance efforts. Audit and assess internal agency systems as well as business partner/service provider information system security controls. Utilize Microsoft Office software suite, System Center Service Manager (Ticketing system), Archer eGRC system, Bizagi, Atlassian and other products to document and report on information gathered during Audit and Assessment activities or other OCS efforts. Perform security and compliance reviews of Contracts, Business Associate Agreements, Data Usage/Sharing Agreements, and other types of documents and artifacts. REQUIRED EDUCATION/SKILLS: ISC(2), ISACA, SANS GIAC and/or other Information Security Certification is required Must have a strong working knowledge of FISMA, NIST, CMS MARS-E and HIPAA Security and Privacy. 5+ years of experience in IT working with and/or auditing Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications. Prior experience working within a FISMA compliant program. Prior experience in working with any eGRC systems. Prior Health Information Technology experience. Ability to work independently and as a member of a team. Ability to collaborate and coordinate with multiple teams and vendors. Ability to multitask and prioritize tasks effectively in order to meet deadlines. Experience and training with eGRC solutions. Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives. Ability to collaborate and coordinate efforts amongst multiple teams and vendors in fulfillment of SCDHHS OCS initiatives. Core Technology Solutions is an Equal Opportunity Employer and offers a variety of employment opportunities and benefits. Please check out our website for additional opportunities. Ask about our Employee Referral Program! We offer fees for any placement of referred candidates. Please inquire about details.

The Senior InfoSec GRC Analyst is responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that are aligned to industry standards and regulatory requirements. This role ensures that technology processes adhere to regulatory requirements, manage risks effectively, and establish strong governance practices. The position also develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective. Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Collaborate with cross-functional teams, including IT, legal, compliance, and business stakeholders, to ensure cybersecurity policies align with organizational objectives. Translate complex information and documentation into clear and simple concepts for end-users. Provide specialized expertise to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend actionable solutions to mitigate risks and strengthen overall security posture. Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmark policies against industry standards and best practices. Develop and implement governance frameworks for cybersecurity policy management. Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls. Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings and actions are tracked to closure. Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to relevant stakeholders. Identify opportunities for innovation and improvement in cybersecurity policies and practices. Propose mitigation strategies and verify the effectiveness of remediation plans. Requirements: Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field (preferred). Minimum of six (6)+ years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency with data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA (highly desirable). Strong knowledge of regulatory frameworks (NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Understanding of risk management concepts, control frameworks, and compliance auditing. Ability to provide consultation and recommendations to management. Strong communication skills with the ability to present effectively to both technical and non-technical audiences.

Our client is looking for a detail-oriented and proactive Senior Security Analyst to support ongoing security initiatives, maintain compliance, and ensure that security policies and standards are followed within a fast-paced, evolving environment. This position is part of the Information Security team and collaborates across business functions to ensure regulatory requirements and organizational compliance standards are met. Key Responsibilities Ensure compliance with applicable regulations and standards, including SOX, SOC 2, CCPA, HIPAA, and other industry-specific frameworks. Assist with third-party risk management (TPRM), assessing, monitoring, and managing vendor risks. Perform risk assessments, audits, and compliance reviews to identify potential risks and implement mitigation strategies. Map controls across compliance frameworks, translate them into actionable steps, and provide guidance to stakeholders. Deliver and enhance security awareness campaigns to maintain understanding of best practices and compliance requirements across the organization. Update and maintain the risk register, ensuring it reflects the current risk landscape and supports decision-making. Support ongoing maintenance and improvement of GRC solutions, including control testing. Collaborate with cross-functional teams to embed risk management practices into operational processes. Participate in process reviews, identifying opportunities to improve operational efficiency and compliance effectiveness. Stay informed on regulatory changes, industry trends, and best practices to continuously improve security and compliance programs. Perform other duties as required to support the Senior Security Analyst role. Preferred Qualifications Minimum of 5 years of GRC experience within a public company. In-depth knowledge of regulatory requirements such as SOX, CCPA, HIPAA, and other relevant frameworks. Hands-on experience with GRC solutions and third-party risk management programs. Strong understanding of IT governance, information security, and data privacy principles. Excellent communication, management, and interpersonal skills, with the ability to influence stakeholders at all levels. Ability to develop and implement security policies, procedures, and controls. Relevant certifications (e.g., CISA, CISM, CISSP, CRISC) are a plus. Additional experience with Identity and Access Management (IAM), Data Classification, and Data Loss Prevention (DLP) is highly desirable. Minimum Qualifications College degree or equivalent. 6+ years of related experience. Expert technical knowledge and understanding of industry regulations. Ability to lead and coordinate team activities. Ability to formulate, document, and recommend new policies and procedures. Proven ability to work effectively in a team and lead initiatives.

This role is responsible for monitoring systems for intrusions and malicious activity, assessing the effectiveness of security controls, identifying gaps, evaluating risk, participating in the security lifecycle for IT projects, and supporting compliance with applicable laws and regulations. The position requires a holistic approach to assessing security risks and the ability to apply abstract thinking to evaluate issues and develop solutions. The analyst will utilize information from frameworks, guidelines, threat-intelligence, and industry best practices to support decision making. Essential Duties & Responsibilities Monitor systems and networks for malicious activity. Support internal and external security and compliance audits. Install, configure, and support technical security controls and countermeasures. Maintain security policies, procedures, guidelines, and standards. Promote information security awareness across the organization. Participate in the internal incident response team. Perform vulnerability scans and support remediation activities. Monitor and manage Data Loss Prevention (DLP) tools. Work with subject matter experts to complete System Security Plans. Assist with operating security solutions managed by the IT Security group. Support daily IT security operations. Assist technical teams in monitoring and responding to operational alerts. Attend training and conferences to maintain proficiency. Research current threats, vulnerabilities, tools, techniques, laws, and best practices. Work flexible hours as needed for maintenance windows; occasional after-hours work may be required. Perform related duties as assigned. Qualifications Required Technical Experience At least 3 years of experience in technology or information security roles. Understanding of enterprise networking and datacenter environments. Knowledge of HIPAA Security Rule and PCI requirements. Proficiency with Microsoft Windows and Linux. Working knowledge of TCP/IP networking. Familiarity with compliance frameworks (HIPAA, PCI, NIST). Ability to perform log and packet analysis. Ability to learn new technologies and address complex issues. Experience assessing and recommending security controls. Prior technical support experience. Knowledge of industry standards and current security threats. Preferred Technical Experience Experience with Nexpose or similar vulnerability scanners; Metasploit or Kali Linux experience a plus. Familiarity with SAML and Microsoft ADFS. Firewall administration experience. Knowledge of CJIS requirements. Experience with Microsoft Azure or Office 365. Skills & Abilities Strong written and verbal communication skills. Ability to communicate clearly with technical and non-technical stakeholders. Ability to take initiative with minimal supervision. Ability to work under pressure and handle disruptions. Strong interpersonal and customer service skills. Ability to build and maintain positive working relationships. Ability to work after hours when required. Education & Certifications Bachelor's degree in Information Security, Computer Science, Telecommunications, or related field, or equivalent experience. Security+, GIAC, OSCP, CISSP, CCSP, or similar certifications preferred but not required. Valid driver's license with ability to travel to multiple sites.

Local candidates only. Resource will work as an Information Security Analyst responsible for auditing and monitoring systems containing confidential information. This position is also responsible for helping the organization manage its risks by monitoring the organization's IT systems for inefficiencies, inaccuracies, mismanagement, etc. Tasks will include assisting with the configuration of data, application, network, and IAAM logs; assisting with log reporting tools; and monitoring systems for security problems. The position participates in all aspects of the technology audit and monitoring including the planning, control analysis, testing, issue development, and reporting phases. This position will also participate in all federal and state audits against DCS technology systems. Employee works in an Information Technology Division of a State Agency, the Department of Child Services (DCS-IT) under the guidance of the Security Manager. The essential functions of this role are as follows: • Monitors and keep supervisor informed of status of information security and confidentiality conditions, including problem areas and recommended enhancement; • Interfaces with user customers to understand their security needs and implement procedures to accommodate them including training and assessment. • Assists with preparing for security audits (e.g. IRS, SSA, OCSE, FBI, SBOA) and remediating any findings; assists with creating and submitting reports relevant to security audits. • Develop information security policies and standards for protection of information systems in compliance with state and federal requirements (e.g. IRS, SSA, OCSE, FBI, IOT) and guidelines (e.g. NIST SP 800-53). • Develops Standard Operating Procedures (SOP) for implementing security polices; • Recommends appropriate security safeguards to be included during development of new information technology systems and legacy systems; • Ensures maximum utilization of computer hardware and software features to secure automated systems and associated data; • Develops and implements procedures for use of information security management software; • Proposes information security software enhancements; • Performs periodic audits to assure security policies and standards are being followed and are effective. • Develops recommendations for enhancements and generates reports where necessary; • Keeps abreast of new laws and changes affecting privacy standards, network security, cloud security, remote access, and physical security; • Mentors and provides guidance to new or other staff as needed; • Performs related duties as assigned. • Assist on other task as assigned. Thorough knowledge of information security management tools, policies, and standards of information security procedures; • Thorough knowledge of state and federal legislation and regulatory laws pertaining to information system security and privacy; • Thorough knowledge of software vulnerabilities, vulnerabilities scanning tools, and vulnerabilities remediation; • Familiarity with domain structures, user authentication, and digital signatures; • Ability to develop and maintain information security standards; • Ability to understand and apply complex computer logic to work; • Ability to work effectively with a wide range of information technologists, including systems administrators, technical support, application development, end users and management; • Experience in assessing security needs of teams and assist in their security training. • Ability to communicate effectively both orally and in writing; • Ability to be a team member as well as a team leader depending on the situation; • Degree in information security or technology preferred; • Security certification preferred (e.g. CISSP). • Network Admin experience preferred. Supervisory Responsibilities/Direct Reports: This role does not provide direct supervision to direct reports.

Our client is seeking an Information Security Architect to join their team! This position is located in Hopkins, Minnesota. Validate the design and operational effectiveness of IT General Controls and Cloud controls Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures Prepare test scripts Perform root cause and impact analysis and provide management with recommendations to resolve issued findings Advise business partners on IT findings, risks and control weaknesses Validate findings post remediation Use knowledge of the current IT environment and industry IT trends to help identify and anticipate potential issues that may impact the banks risk landscape Design and assist in building continuous monitoring/reporting to improve efficiency an awareness of control testing activities Provide technical assistance on audit techniques Maintain an understanding of the cybersecurity footprint, platform architecture, cloud infrastructure, data governance and privacy compliance, general computing control structure of the Company (systems and architecture) and be able to apply that knowledge to how it supports the processes and procedures being reviewed Develop and maintain strong and effective working relationships with key business partners Engage and follow up to ensure deliverables are met, and identified gaps have been communicated Desired Skills/Experience: Ability to operate independently and perform quality work within the scheduled timeframe Excellent listening and communication skills in both written and verbal forms Previous experience in writing internal audit reports, preferred Experience executing technology audit and ITGC Testing Experience in auditing IT cloud operations, network, infrastructure, and security related to Amazon Web Services and Azure Experience in IT security and IT governance risk and compliance Must be proficient using Microsoft Office software Must possess an understanding of Information Security policies and standards, and have a working knowledge of Business Continuity Programs, electronic banking software and applications, Cloud computing, Cybersecurity Regulatory Framework, and Vendor Management practices Strong analytical, interpersonal and communication skills Strong understanding of cybersecurity processes and concepts as well as application controls Working knowledge and experience in python, JSON and SQL Working knowledge and experience with professional standards including CCM, NIST CSF, COSO and COBIT Benefits: Medical, Dental, & Vision Insurance Plans Employee-Owned Profit Sharing (ESOP) 401K offered The approximate pay range for this position is between $46.00 and $65.71. Please note that the pay range provided is a good faith estimate. Final compensation may vary based on factors including but not limited to background, knowledge, skills, and location. We comply with local wage minimums.

Jr. Security Analyst Our client is currently looking for a Jr. Security Analyst to join their team in a long term contract capacity focusing on an increase in compliance and audit work heading into the new year. This person will be brought on to support an established information security and compliance team. This role is ideal for someone looking to grow in TPA (Third Party Assessment), audit support, compliance operations, NIST frameworks, and GRC practices. Below is a breakdown of what our enterprise client is looking for in their potential candidate! Key Responsibilities Support Third Party Assessments (TPAs) by gathering evidence, tracking documentation, and helping review vendor security controls. Participate in internal and external audit readiness tasks including evidence collection, control testing preparation, remediation tracking, and audit log review coordination. Assist with vulnerability scan reporting, ticket creation, and follow-up with technical teams on remediation tasks. Support intake, documentation, and status tracking of new compliance and security projects. Help maintain dashboards, risk registers, and compliance reporting metrics within the GRC tool. Participate in annual assessment activities including contingency plan exercises, incident response tests, access reviews, and other required security program tasks. Assist with audit log reviews and routine monitoring processes as assigned. Maintain structured, accurate documentation to support continuous compliance efforts. Minimum Qualifications 1-3 years of experience in security, IT, audit, or compliance support roles (internships or rotational experience accepted). Foundational knowledge of NIST frameworks, FISMA requirements, or other security compliance standards (HIPAA, SOC 2, ISO 27001 a plus). Experience with GRC platforms (ServiceNow, Archer, OneTrust, ZenGRC, etc.) OR strong interest in learning. Strong attention to detail with the ability to create, edit, and maintain structured documentation. Proficiency with Microsoft Office and basic workflow tracking tools (Excel, SharePoint, Confluence, Smartsheet, etc.). Familiarity with basic cybersecurity terminology and frameworks (e.g., CIS Controls). Experience supporting compliance evidence collection or policy documentation. Interest in security governance, risk, and compliance as a long-term career path.

CPSO / ISSO - Defense Programs Active TS/SCI Required (CI Poly Eligible) Competitive Salary + Package Aurora, CO - Full Time, On-Site We are partnered with a defense technology leader supporting highly classified national security programs. With a long-standing reputation for innovation and security excellence, they deliver mission-critical systems across analysis, compliance, and secure systems engineering. Our client is seeking a dual-hatted CPSO/ISSO to manage all aspects of program security and information system security across multiple classified programs. In this role, you will ensure compliance with government security directives, oversee system accreditation efforts, liaise with government agencies, and support the secure operation of complex classified environments. You would work across a range of highly sensitive and technically diverse internal programs. Required Skills: Program Security (CPSO): Oversee classified programs in compliance with DoDM 5105.21, ICDs, IC Tech Spec for ICD/ICS 705, and NISPOM (32 CFR 117). Manage DD254, SCG interpretation, and all contract security requirements. Lead PERSEC functions including clearance verification, SCI nominations, and updates via DISS and Scattered Castles. Support SCIF accreditation and manage UL-2050 compliant IDS and Access Control Systems. Conduct self-inspections, incident investigations, and corrective actions. Deliver security training, briefings, and program-specific education. Coordinate with DCSA, NSA, and other customer agencies. Information System Security (ISSO): Manage accreditation, configuration, and monitoring of classified IS systems under RMF, NIST SP 800-53, NIST SP 800-171, and DoDM 5205.07. Develop and maintain SSPs, POA&Ms, Continuous Monitoring Strategies, and incident response documentation. Perform Security Impact Analyses, coordinate A&A packages with the ISSM. Implement and validate technical, administrative, and operational cybersecurity controls for CUI and classified data. Conduct vulnerability assessments, audit reviews, and patch management. Support configuration management and Change Control Boards. Investigate and report cybersecurity incidents as required. Work closely with IT, Engineering, and Security teams to ensure compliance with RMF, DFARS, and CMMC Level 2. Required Qualifications: Active TS/SCI with SSBI (within 6 years). Bachelor's degree (preferred) or equivalent experience. 4-5 years combined experience as a CPSO/ACPSO/PSO plus ISSO or cybersecurity compliance experience. Strong working knowledge of NISPOM, DoDM 5205.07, DoDM 5105.21, ICDs, and RMF/A&A processes. IAT/IAM Level II certification (Security+). Experience with DISS, eMASS, SCAP, STIGs, and related DoD tools. Familiarity with COMSEC and classified communications systems. Excellent communication, organization, and analytical skills. Willingness to obtain and maintain a CI Polygraph if required. I Desired: Experience managing secure facilities and system accreditation packages. Knowledge of secure system architectures, cybersecurity frameworks, and classified IT environments. Ability to proactively engage with government representatives and internal engineering teams. TO BE CONSIDERED... Apply directly to this posting or email ********************************** for more information. I am available 7am - 9pm, Monday-Sunday. By applying, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. Key Skills: TS/SCI, CPSO, ISSO, DoDM 5105.21, ICD 705, NISPOM, RMF, NIST 800-53, NIST 800-171, Security+, DISS, eMASS, SCIF, SCAP, STIG, COMSEC, Cybersecurity, Classified Systems, Defense, CI Poly

The Senior Network Security Engineer will play a key role in the Cybersecurity Engineering team in managing risks to the information assets and systems of the organization by implementing and supporting the enterprise-wide network security architecture. The responsibilities will include implementing, maintaining, and supporting the technology platforms that provide network security (ZTNA, SASE, Zero Trust architecture). Overall Responsibilities: • Work with various application teams to design, install, implement, architect, configure, and maintain one or more network security management platforms (SIEM, SOAR, NDR) for primarily on-premise and cloud deployments • Prepare test cases and regression test plans, as well as perform unit and peer testing • Create documentation of the process, guidelines, standards, and technical specifications, as well as draw network and system architecture diagrams • Perform daily ad hoc support with strong analytical skills for troubleshooting and be available for after-hours emergency support • Perform system and application patching during monthly after-hour maintenance windows Skills Required / Qualifications: • IT professional experience working in network security engineering • Experience working with network security management technology platforms (SIEM, NDR) such as Splunk, ExtraHop, Palo Alto, Firemon, Cisco, etc. • Expert knowledge of Palo Alto Firewall technologies • Expert knowledge of WAN technologies • Expert knowledge of Zero Trust architecture, SASE • Strong foundational knowledge of overall infrastructure functionality and networking design concepts. • Solid understanding of IP routing protocols • Experience maintaining network performance through network monitoring and analysis, QoS service implementation, and performance tuning; troubleshooting network problems • Working knowledge of enterprise-class Infrastructure environments • Able to prioritize and execute tasks in a high-pressure environment • Ability to author technical documents and create procedure manuals • Excellent interpersonal skills, verbal and written communication skills, and proven analytical and problem-solving abilities with attention to detail • Strong understanding of the organization's goals and objectives • Ability to conduct research into current and future technologies • Active member of one or more security associations (ISSA, ISACA, InfraGard, etc.) is preferred Additional Notes Outline: Network Security Engineer Core technologies: Cisco Palo Alto (firewalls) Key Requirements Cloud experience (must-have) Virtual firewalls and security policies Experience in AWS, Azure, or OCI Ability to coordinate work across cloud environments Experience with orchestration tools Nice to Have SCADA experience Tools / Platforms Prisma Cisco Orchestration tools across multiple cloud platforms

ISSO Industry: Government Contracting Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services. ISSO Key Responsibilities: · Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview. · Maintain operational security posture consistent with current security policy. · Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT. · Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed. · Serve as primary security to system owners, common control providers, and users. · Serve as focal point for cybersecurity incident reporting and subsequent resolution. · Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language. · Ensure all security-related SDLC documentation meets all identified security needs. · Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium. · Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium. · Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures. · Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium. · Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system. · Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring. · Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation. · Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan. · Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS). · Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium. · Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy. · Complete mandatory annual specialized information security training. ISSO Required Skills:8+ years of experience in IT Security Certified Information Systems Security Professional (CISSP) certification. Understanding of NIST 800.53 and its applicability to IT Systems. Expertise with Risk Management Framework, FEDRAMP and FISMA. Understanding authentication in the cloud environment. Experience with continuous monitoring of a cloud system Experience working on assessments with third party assessments organization (3PAO) AWS/Azure associate certified ISSO Compensation and benefits: $120,000 Company-supported medical, dental, vision, life, STD, and LTD insurance Benefits include 10 federal holidays and PTO. 401(k) with company matching Flexible Spending Accounts for commuter, medical, and dependent care expenses Tuition Assistance

S3/Strategic Staffing Solutions has a Network Security Engineering opportunity for a leading Financial Services client in Westlake, TX on a hybrid basis. Please read further if you are interested in joining a leading organization. Duration: 2 years W2 contract to hire (MUST BE USC OR GC HOLDER FOR THIS POSITION) Pay Rate: $40-50/hr. W2. Qualifications & Description: We are seeking a highly skilled and proactive Firewall Engineer with strong expertise in Network Security and hands-on experience with Palo Alto and Fortinet firewalls. The ideal candidate will possess excellent troubleshooting abilities, strong communication skills, and familiarity with DevOps practices and scripting languages such as Python. This role requires a self-driven professional who can work independently and collaboratively to ensure robust security infrastructure. Key Responsibilities Design, implement, and manage firewall solutions using Palo Alto and Fortinet platforms. Configure, maintain, and optimize firewall policies, VPNs, and security rules. Perform advanced troubleshooting of network security issues and provide timely resolutions. Collaborate with cross-functional teams to integrate firewalls into enterprise architecture. Conduct regular audits and compliance checks to ensure adherence to security standards. Automate firewall tasks and workflows using Python or similar scripting languages. Participate in change management processes and document configurations accurately. Stay updated on emerging threats and recommend proactive security measures. Required Skills & Qualifications 4+ years of experience in Network Security and firewall administration. Hands-on expertise with Palo Alto and Fortinet firewalls. Strong understanding of TCP/IP, routing, VPNs, and network protocols. Excellent troubleshooting and problem-solving skills. Familiarity with DevOps tools and automation practices. Proficiency in scripting languages such as Python for automation and integration. Strong communication skills and ability to work in a team environment. Proactive, detail-oriented, and capable of managing multiple priorities. Preferred Qualifications Relevant certifications such as PCNSE (Palo Alto Networks Certified Network Security Engineer) or Fortinet NSE. Experience with cloud security and firewall integration in hybrid environments.