Security Engineer II, RSCI Vector Security
SAP Security Consultant Job In Virginia
Do you have a passion for innovation and building technologies that make large-scale clouds more reliable, efficient, and scalable? Would you like to work within the most advanced and scaled clouds that support the most critical workloads for the US Intelligence and Defense communities? Do you want to build automation that will influence the national security and defense mission agency partners of AWS?
The Regions Services Corporate Infrastructure (RSCI) is looking for a Security Engineer to help validate that our services, applications, and infrastructure are designed and implemented to the highest security standards. Similarly, our highly collaborative team is committed to each team member's growth as our business grows.
The Security Engineer is responsible for ensuring the appropriate operational security posture is maintained for the US ADC Remote Management and Administration (RM&A) networks. As a Security Engineer, you will be responsible for analyzing the security of infrastructure, applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge services.
You are expected to be strong in multiple security domains and provide significant contributions to the Engineering team and to multiple groups throughout Amazon. You are expected to closely work with service teams to develop secure solutions to complex business problems and ensure we are holding a high security bar for our customers. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
You must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the org's team work and constantly seek opportunities for process improvement. You should also have a deep understanding of at least one specialty for which you are a sought - out resource (both within IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas.
You will be “Customer Obsessed”, working closely with our customers to understand their pain points and find resolution quickly and completely.
You will have a keen eye for potential problems and inefficiencies, and the initiative and drive to provide a complete solution to the problem. You will communicate clearly and collaborate with others to deliver results with minimal supervision. This leader must be able to dive deep into the details of business, operations, and engineering.
By working together on behalf of our customers, we are building the future one innovative product, service, and idea at a time. Are you ready to embrace the challenge? Come build the future with us.
This position requires that the candidate selected must currently possess and maintain an active TS/SCI security clearance with polygraph. The position further requires the candidate to opt into a commensurate clearance for each government agency for which they perform AWS work.
10012
Key job responsibilities
- Operate and maintain Tenable.SC
- Conduct periodic reviews of information systems to ensure compliance with the security authorization package
- Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and other security stakeholders prior to implementation.
- Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly
- Ensure all IS security-related documentation is current and accessible to properly authorized individuals
- Maintain audit records and assess records against documented control criterion.
- Identify cybersecurity vulnerabilities and assist with the implementation of the countermeasures for them
- Document appropriate responses to IA Controls and make recommendations for remediation and compliance of controls.
- Conduct continuous monitoring activities for RM&A environments.
About the team
We are dedicated to supporting our new team members. Our team has a broad mix of experience levels and Amazon tenures, and we're building an environment that celebrates knowledge sharing and mentorship.
Why AWS
Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Utility Computing (UC)
AWS Utility Computing (UC) provides product innovations - from foundational services such as Amazon's Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS's services and features apart in the industry. As a member of the UC organization, you'll support the development and management of Compute, Database, Storage, Internet of Things (IoT), Platform, and Productivity Apps services in AWS, including support for customers who require specialized security solutions for their cloud services.
Inclusive Team Culture
Here at AWS, it's in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve in the cloud.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Diverse Experiences
Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
BASIC QUALIFICATIONS- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+, or Bachelor's degree
- 4+ years of experience of years of progressive security architecture experience; preferably within a Microsoft Active Directory environment
- 4+ years of experience designing and implementing a secure Active Directory domain architecture
- 4+ years experience working with stakeholders across many job functions
- Current, active US Government Security Clearance of TS/SCI with Polygraph
PREFERRED QUALIFICATIONS- Master's Degree in Engineering, Information Technology or related technical discipline
- 6+ years of prior experience as Network or Systems Engineer/Administrator.
- 6+ years of experience in understanding of all aspects of Systems Engineering, including design and architecture.
- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
- Experience in securing cloud services
- Experience in Identity standards and frameworks
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit ********************************************************* for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit ******************************************************** This position will remain posted until filled. Applicants should apply via our internal or external career site.
Information Security Architect
SAP Security Consultant Job In Reston, VA
Hiring for a Senior Information Security Architect position primarily focusing on AWS. This position requires deep expertise in Information Security principles including Business Security Architecture, Threat Modelling, Data Security (data encryption, masking, tokenization, data access controls), AWS Cloud and Systems architecture. This individual must be able to architect and ensure the security and compliance of the cloud environments based on enterprise cloud security policies, standards, procedures and industry best practices and frameworks (NIST, OWASP)
This is a potential contract to hire (not necessarily but need the option) after 6 months.
Candidate is expected to come to Reston office once a week
Self-starter and Senior Architect who can lead the AWS Security architecture program in multiple projects simultaneously by collaborating with numerous stakeholders (Product owners, Enterprise Architect)
Required Skills
Public Cloud: AWS Experience Deep Expertise and proven Track record in AWS Architecture and AWS Services (Compute, IAM, RDS, Resource Policies, Network, Messaging, Data Storage, CI/CD, AI/ML, ETL, Serverless, ECS/EKS). Experience with AWS security pillars, best practices and well designed architecture. Experience in AI/ML is preferable.
Information Security Architecture Key experience: Application security, Threat Modelling, API Security, DevSecOps, Pipeline security, Infrastructure security, AuthN/Z, Encryption, Key Management, Data discovery and encryption, SIEM, CSPM, CWPP, Access Controls, Container Security Industry security standards and frameworks (OWASP, NIST CIS, FED Ramp, ISO, SOX etc.). Experience designing Architectures based on Security Standards and threat model the designs to identify issues and design mitigating controls.
Systems Architecture Key experience: System Design, API Driven architecture, Open Standards, stateless, Resiliency, High Availability, System and SaaS Integrations.
Preferred Skills
AWS advanced Certification (Professional, Specialty), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or equivalent
Principal Platform Security Engineer
Remote SAP Security Consultant Job
Security Platform building / hands-on builder, technical leadership abilities, Python expertise
This is a Full-Time/Direct Hire position with our client in financial services with offices in NYC and Seattle. 100% Remote. The Principal Platform Security Engineer must be a builder, position requires heavy Python coding, reviewing systems and determining what is needed to provide strongest security and building it with Pytho
n.
Must have 10 years of experience and 5+ years in security focused work and strong AWS. Software engineering background with Python, Go, C++, or Java. Strong containerization and orchestration experience is required- Kubernetes, EKS - Please apply if this sounds like you!
Overview:
The job is within the Platform Security team, which focuses on securing platform infrastructure. This role will specialize in non-cloud infrastructure, containerization, and container orchestration security (e.g., Kubernetes and EKS), while also covering areas such as PKI, cryptography, identity management, and network security.
Key Responsibilities:
Design, deploy, and maintain security services/platforms for engineering teams.
Enhance security controls across all layers of infrastructure.
Collaborate with engineering teams on security architecture and decisions.
Work with other security functions (e.g., application security, incident response) to identify and mitigate risks.
Minimum Qualifications:
10+ years of experience in security and related fields.
Expertise in container orchestration, SRE, systems engineering, or network engineering.
Experience with distributed systems, cloud computing (e.g., AWS), and high-availability services.
Strong software development skills (Python/Go).
Deep knowledge of computer security principles.
Preferred Qualifications:
Experience securing AWS, Linux environments, and cryptographic infrastructure.
Experience in identity and access management, secrets management, and infrastructure as code (e.g., Terraform).
Security Engineer
SAP Security Consultant Job In Herndon, VA
About Coalfire
Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients' toughest security challenges.
But that's not who we are - that's just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
We're currently seeking a Security Engineer/Security Advisor to join our team in Herndon, VA (Hybrid; 1 Day On Site)
This is a full time employment position - Open to local candidates in the DMV areas.
Position Summary
The position will provide one or more persons as requested to act as an IT Project Security Advisor for IT Projects undergoing the TRB process. The IT Security Advisor is responsible for working with project teams to advise them on IT security requirements, architectures, and practices, assess project security risks, consult on risk mitigation strategies, and make recommendations to management regarding approval of the project.
What you'll do
Advise and assist project teams with selecting, planning, and architecting IT systems and technologies to meet client IT security requirements.
Educate project stakeholders about Smithsonian IT Security policies and standards that apply to their project.
Assist project stakeholders with identifying relevant solutions that have already received IT security approval for use through out the client site.
Identify, assess, and propose mitigation strategies for information security risks associated with proposed and in-progress IT projects.
Review proposed system architectures and make recommendations to enhance security and promote integration with organization's standards.
Support and promote Technical Review Board processes,
Advise and assist project teams with developing required IT security-related documentation needed for project approval.
Work with project teams and the Office of Contracts to ensure that appropriate requirements are included in any contracts associated with the IT projects.
Collaborate with management and TRB colleagues to develop appropriate procedures, templates, checklists, standards, and educational materials to facilitate the review and support of IT projects.
Provide training and presentations to educate client organization's personnel about IT Security services and requirements for IT projects.
Assist PCI Working Group with assessing projects and advising project stakeholders on Payment Card Industry (PCI) compliance.
Attain advanced working knowledge of the organization's mission/business needs and IT-related policies/standards and apply these to the tasks described above.
Collaborate and communicate effectively with project teams, IT personnel, TRB members, and other customers and stakeholders.
Develop effective working relationships with colleagues and project stakeholders.
What you'll bring
Education
Completed Bachelor's degree from an accredited university, preferably in an IT related field.
Clearance / Suitability
Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
Certifications
Industry recognized Cybersecurity/IT Security Certification (i.e., Sec+, CISA, CISSP, CAP)
Years of Experience
Overall 7+ years of information security and compliance experience relative to the position qualifications.
Why you'll want to join us
Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.
Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.
You'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.
Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Product Security Architect
Remote SAP Security Consultant Job
Bachelor's or master's degree in computer science, Information Security, or a related field. • Professional cer.fica.ons in informa.on security (e.g., CISSP, CISM) are highly desirable. • Extensive experience in product security, particularly in the design and implementation of security solutions for medical devices or related healthcare technology.
Deep understanding of healthcare regulations and standards affec.ng medical device security. • Proficiency in security architectures, encryption technologies, identity and access and network security etc.
Experience with risk management methodologies and security assessment tools. • Strong analy.cal and problem-solving skills.
Product security processes, tools and techniques especially implementation aspects • Excellent communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
Preferred qualifications
Knowledge in reference architecture and design patterns as applicable to medical technologies and products.
Working knowledge in Software engineering and programming languages (Java, Python, C/C++/C# etc.).
Implementation and adoption of security frameworks such as SABSA /TOGAF frameworks.
Emerging medical technologies (AI, Blockchain, MIoT, RPA, etc.) and their security threats/risks.
Job Responsibilities
The Product Security Solutions Architect will be responsible for leading the design and implementation of security measures for medical device software, hardware, digital solutions and/or combination products. This role involves working closely with R&D, product management, regulatory, quality and compliance teams to ensure that all products meet the highest standards of security and privacy in line with regulatory and customer requirements.
This person possesses a blend of business and technical know-how to mature product security architecture, software and solutions engineering function; Able to handle ambiguity and complexity of customer products including intended use, interoperability, product architectures and industry best practices.
What We Offer
Exciting Projects:Come take your place at the forefront of digital transformation! With clients across all industries and sectors, we offer an opportunity to work on market-defining products using the latest technologies.
Collaborative Environment: You can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment - or even abroad in one of our global centers or client facilities!
Work-Life Balance:GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules and opportunities to work from home.
Professional Development:We provide continuing education classes, professional certification and training (technical, soft skills, language, and communication skills) to help you realize your professional goals. Being part of a global organization, there are additional learning opportunities through international knowledge exchanges.
Excellent Benefits:We provide our employees with competitive salaries, health and life insurance, short-term and long-term disability insurance, a matched contribution 401K plan, flexible spending accounts, and PTO and holidays
GlobalLogic estimates the starting pay range for this role to be performed in Lake Forest CA is 180K-185K, and reflects base salary only. This pay range is provided as a good faith estimate and the amount offered may be higher or lower. GlobalLogic takes many factors into consideration in making an offer, including candidate qualifications, work experience, operational needs, travel and onsite requirements, internal peer equity, prevailing wage, responsibilities, and other market and business considerations.
About GlobalLogic GlobalLogic is a leader in digital engineering. We help brands across the globe design and build innovative products, platforms, and digital experiences for the modern world. By integrating experience design, complex engineering, and data expertise-we help our clients imagine what's possible, and accelerate their transition into tomorrow's digital businesses. Headquartered in Silicon Valley, GlobalLogic operates design studios and engineering centers around the world, extending our deep expertise to customers in the automotive, communications, financial services, healthcare and life sciences, manufacturing, media and entertainment, semiconductor, and technology industries. GlobalLogic is a Hitachi Group Company operating under Hitachi, Ltd. (TSE: 6501) which contributes to a sustainable society with a higher quality of life by driving innovation through data and technology as the Social Innovation Business.
Application Security Engineer
SAP Security Consultant Job In Arlington, VA
· Collaborate with a team of engineers to implement *** specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
· Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
· Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
· With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
· Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
Responsibilities:
· Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
· With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
· Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
Experience:
· Bachelor's degree with minimum 8 years of work experience in the IT field
· 3+ years software development experience using Java, JavaScript
· 3+ years of experience in the following:
· OWASP Secure Coding Practices
· Common software and web application security vulnerabilities
· Application security scanning tools
· Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)
· Experience in Python scripting
Skills:
Even Better If You Have
· A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
· Business acumen to support the implementation of SAST or DAST or IAST across the enterprise
· Ability to perform code reviews with minimal assistance
· A self-starter, with a strong desire for learning new technologies and applying them to solve problems
· Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
· Familiarity with public cloud services a plus
· Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype
· Experience with Threat Analysis.
· Experience with DevSecOps, Secure SDLC.
· DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
· Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus
Education:
· Bachelor's Degree Required
About US Tech Solutions:
US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit ************************
US Tech Solutions is an Equal Opportunity Employer.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Recruiter Details:
Name: Aaditya
Email: ******************************
Internal Id: 24-26931
SAP MDM Consultant
Remote SAP Security Consultant Job
100% Remote 12 + Months Contract-Hire $70 - $75/HR
This role will be critical to ongoing support of SAP S4/HANA cloud ERP solution and ancillary applications. The ideal candidate will be well versed in development, roll out, and management of Master Data Management methodologies.
This includes but is not limited to knowledge of data processes, tools and integrations related to master data within an ERP, data cleansing/validation, mapping master data and integrations from legacy to target environments and managing master data.
Required Experience:
At least 5 years of experience in data management (preferably in SAP).
Experience working with least 2 SAP Master Data modules (FICO, MM, SD, SAC, IBP or EWM) required.
Understanding of database constructs systems such as RDBMS, and SAP HANA.
Experience with a Data Governance or Data Quality toolset.
Must have Database or SQL experience Knowledge of SAP S4 schema.
Knowledge of data governance practices, business and technology issues related to management of enterprise information assets and approaches related to data protection.
Knowledge of trends and issues for data.
Knowledge of data quality management and data protection practices.
Understanding of data quality reporting methodologies and capabilities.
Desire to learn and stay current on data governance and data management industry trends.
Possesses strong written and verbal communication skills, including presentation skills.
Possesses strong organizational and prioritization skills
Can articulate technical concepts to a non-technical audience.
Superior problem-solving abilities applies good judgement
Can work effectively with all levels of management and staff.
Ability to negotiate and influence Flexible; embraces change, possesses a positive attitude and have ability to prioritize issues.
Desired Skills and Experience
SAP MDM Consultant
100% Remote
12 + Months CTH
$70 - $75/HR
Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.
Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit ******************* to learn more.
Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.
Cyber Security Specialist
SAP Security Consultant Job In Fort Belvoir, VA
Status: Direct Hire
Job Title: Cyber Security Specialist
Salary: $140,000 - $195,000
About the company:
We are a well-established employee-owned company specializing in aerospace engineering, providing comprehensive support to various branches of the military and government sectors. Founded in 1977, our team has grown to over 2,200 employee-owners. By joining us, you become an owner and stockholder, contributing to a culture that values people, quality, integrity, and profitable growth. Our services encompass engineering, programmatic, and technical support, primarily for the Department of Defense and other national security clients.
Hiring and retaining top talent is key to our mission, aligning with our commitment to personal growth and continual improvement. We blend the values of a small company with the capabilities of a larger organization. Our management team is actively involved in strategic planning, ensuring diverse perspectives are integrated into our efforts to deliver advanced technology solutions, empower employees, and secure new business.
Cyber Security Specialist:
Our client is seeking a skilled and motivated Cyber Security Specialist to join a dynamic, mission-focused team. The successful candidate will act as a subject matter expert (SME) for the program office's cybersecurity and information assurance requirements, supporting various stages of system lifecycle development.
Cyber Security Specialist Responsibilities:
Evaluate and conduct top-level system architecture design, integration, testing, installation, and troubleshooting from a cybersecurity perspective.
Translate military operational and mission requirements into system design concepts and performance specifications.
Prepare and review cybersecurity-related test plans, procedures, and reports for technical adequacy.
Integrate cybersecurity, COMSEC, and TEMPEST requirements throughout the system lifecycle.
Assess system performance against cybersecurity requirements, monitor field performance, and manage risk.
Support the preparation of cybersecurity acquisition documents, ensuring compliance with regulations and policies.
Implement the DoD Risk Management Framework (RMF), collaborating with the ISSM to ensure successful security controls.
Provide input on policy, budget, and doctrinal issues related to cybersecurity.
Prepare recommended IA approval documentation and support network security architecture development.
Analyze vulnerabilities, conduct risk assessments, and manage security certifications and accreditations.
Manage computer incident coordination with local NECs and CERTs, ensuring timely response.
Support compliance with the DoD IG Cybersecurity Self-Assessment and Federal Information Security Management Act (FISMA).
Participate in organizational inspections, review corrective actions, and develop innovative cybersecurity strategies.
Act as a consultant and mentor on cybersecurity matters to other team members.
Cyber Security Specialist Qualifications:
U.S. Citizenship is required due to the sensitivity of the position.
Master's Degree in Cybersecurity and 20 years of relevant experience.
Active Secret Clearance.
CISSP and Sec+ Certification.
Broad experience and recognition in the cybersecurity field, with the ability to work independently and lead initiatives.
Strong operational cybersecurity accreditation and certification background for embedded systems accredited at Secret level and below.
In-depth understanding of AR 25-2 and the DoD Risk Management Framework (RMF), with recent experience using RMF and eMASS software for system accreditation.
Extensive experience in preparing IA approval documentation, network security architecture, and understanding DoD cybersecurity standards.
Cyber Security Specialist
SAP Security Consultant Job In Fairfax, VA
About the Company - Our client is seeking a skilled, motivated Cybersecurity Analyst to join a dynamic mission-focused team at Fort Belvoir, VA. This position will serve as a subject matter expert for all aspects of the program office's cybersecurity and information assurance technology requirements.
About the Role - Essential Job Functions:
Evaluates and conducts top level system architecture design, development, integration, testing, installation, and troubleshooting efforts from a cybersecurity viewpoint to ensure integration of all required cybersecurity products and adequacy of the analyses.
Translates military operational and mission requirements into practical systems concepts and design performance requirements.
Prepares and reviews cybersecurity related test plans, procedures, and reports on technical adequacy on assigned programs as well as related failure reports for both Government and contractor tests as well as related failure reports.
Coordinates integration of cybersecurity, COMSEC, and TEMPEST into the entire system life-cycle design, development, and deployment.
Reviews and evaluates system performance against cybersecurity related requirements; monitors and assesses field performance; and assesses risk of meeting user requirements.
Assists product management office with cybersecurity related acquisition documents (i.e., Cybersecurity Strategies) and statutory/regulatory/policy compliance.
Implements the Defense (DOD) Risk Management Framework (RMF) and assists the Information System Security Manager (ISSM) to ensure successful implementation of associated security controls and reviews all RMF documentation packages, and system fielding, operations, or upgrade requirements.
Assists with policy, programmatic, budget and doctrine issues associated with Cybersecurity within the organization.
Prepares recommended IA approval and supporting documentation, understands systems engineering processes, and possesses extensive experience in Network Security Architecture.
Assists on matters relating to vulnerabilities and threats to IT Systems, National Security Systems (NSS), and Automated Information Systems (AIS).
Performs security, analyses and risk/vulnerability assessments.
Executes daily certification and accreditation activities for a project team.
Identifies issues and briefs PM on possible courses of action and their impact.
Manages computer incident coordination and notification with the local Network Enterprise Centers (NEC) and servicing Computer Emergency Response Teams (CERT).
Supports DoD Inspector General (IG) Cybersecurity Self-Assessment checklist compliance and Federal Information Security Management Act (FISMA).
Assists with implementing audit measures to ensure compliance with regulatory requirements, participate in organizational inspections and surveys of computer systems, provide inspection results, and assess the adequacy of corrective actions taken.
Participates in post awards, program and design reviews, and IPTs as the cybersecurity specialist/engineering representative on assigned programs.
Serves as consultant to other team members and mentors workforce on Cybersecurity matters.
Establishes new and innovative cybersecurity strategies.
Qualifications - Required Skills:
Due to the sensitivity of customer related requirements, U.S. Citizenship is required.
MS Cybersecurity AND 20 years relevant experience.
Secret clearance required.
Certified Information Systems Security Professional (CISSP) Certification.
Sec+ Certification.
Possesses the breadth of experience and knowledge, and recognition in the cybersecurity community, to lead efforts on assigned programs and work independently with minimal oversight from the Government lead.
Extensive experience in operational cybersecurity accreditation and certification of embedded systems accredited at Secret level and below.
Extensive understanding of AR 25-2 and the DoD Risk Management Framework (RMF) to include current experience (less than 2 years old) in obtaining system accreditation using the DoD RMF and the Enterprise Mission Assurance Support Service (eMASS) software.
Extensive experience preparing recommended IA approval and supporting documents; understands systems engineering processes; and possesses extensive experience in Network Security Architect experience.
Extensive understanding of the DoD standards guiding the development of cybersecurity policy, requirements, integration, engineering, and certification and accreditation.
Senior Information Systems Security Manager
SAP Security Consultant Job In Arlington, VA
Seeking a SR Information Systems Security Manager (ISSM) to join the team in Rosslyn, VA.
The ideal candidate will possess a deep understanding of information security principles, regulatory requirements, and industry best practices. They will be adept at managing security controls, leading incident response efforts, and providing strategic guidance to technical teams. The ISSM will also play a key role in fostering a culture of security awareness across the organization and representing the organization in interactions with external stakeholders, including government agencies, auditors, and vendors.
Seeking candidates with the following:
-Active TS/SCI clearance with the ability to obtain a CI Poly
-IAM level III certification (GSLC, CISM, CISSP, CCISO)
-Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering)
-8 + years of experience in cybersecurity or a related field, with prior experience in a leadership role
Information System Security Officer (ISSO)
SAP Security Consultant Job In Dahlgren, VA
Veteran Firm Seeking a Mid-Level Information System Security Officer (ISSO) with a Top Secret Clearance w/ SCI and a CI-Polygraph eligibility for an Onsite Assignment in Dahlgren, VA
My name is Stephen Hrutka. I lead a Veteran-owned consulting firm in Dahlgren, VA. Focused on strategic sourcing, supply chain management, and IT Staffing.
We are looking to fill a Senior Cloud Information System Security Officer (ISSO) role for one of our newest clients, a cyber intelligence-driven firm primarily focused on assisting the Federal Civilian, DoD, and U.S. Intelligence Communities.
The ideal candidate has 5+ years of experience serving as an Information Systems Security Officer (ISSO) at a cleared facility, a minimum of 7 years of experience in a computer science or Cybersecurity-related field, and has a current Top Secret Clearance w/ SCI and a CI-Polygraph eligibility.
If you're interested, I'll gladly provide more details about the role and further discuss your qualifications.
Thanks,
Stephen M Hrutka
Principal Consultant
***************
Executive Summary: HRUCKUS seeks an Information System Security Officer (ISSO)-mid-Level (TS/SCI w/ CI-Polygraph Eligibility) for a role in Dahlgren, VA.
Position Description: The program provides support in the areas of Cybersecurity and Management to improve the Information Assurance (IA) posture of a federal customer. The contract's support functions are IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support.
Roles and Responsibilities:
Services to support IS Security performed by the Information System Security Officer (ISSO), at a minimum, shall consist of the following activities:
Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
Provide liaison support between the system owner and other IS security personnel
Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
Ensure that system security documentation is developed, maintained, reviewed, and updated continuously
Conduct required IS vulnerability scans according to risk assessment parameters.
Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs)
Coordinate system owner concurrence for correction or mitigation actions
Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO)
Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
Ensure that changes to an agency IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)
Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR
Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed, and entity type
Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary
Ensure that new entities are created in the GRC application with the security categorization of agency ISs
Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreements (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS
Perform an independent review of the System Security Plan (SSP) and make approval decisions
Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official
Schedule security control assessments in coordination with the system owner.
Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision
Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number
Advise the agency Authorizing Official of IS vulnerabilities and residual risks.
Ensure that all POA&M actions are completed and tested
Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official
Ensure the removal and retirement of agency ISs being decommissioned in coordination with the SO, ISSO, and ISSR
Position Qualifications and Requirements:
Current U.S. Government Top Secret Clearance w/ SCI and a CI-Polygraph eligibility
Must be a U.S. citizen
At least 5 years serving as an Information Systems Security Officer (ISSO) at a cleared facility
Minimum of 7 years of work experience in a computer science or Cybersecurity related field
Familiarity with the use and operation of security tools, including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar applications
Hold at least one of the following certifications:
Certified Information Systems Security Professional (CISSP)
Global Information Security Professional (GISP), the CompTIA Advanced Security Practitioner (CASP,) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level II proficiency
Position Desired Requirement:
A bachelor's and/or advanced degree in computer science, business management, or IT-related discipline
Employee Benefits:
Competitive salary for well-qualified applicants
401(k) plan
Annual performance bonus
Certification and advanced degree attainment bonuses
Student Loan / Tuition reimbursement
Health Care Insurance (medical, dental, vision)
Up to four weeks of paid vacation
10 Federal Holidays and 3 Floating Holidays
Team bonding events
Location and Work Set-Up:
100% Onsite role in Dahlgren, VA
The target annual salary is $110,000 - $125,000.
Chief Information Security Officer
Remote SAP Security Consultant Job
Job Title: Chief Information Security Officer (CISO)
Type: Full-Time
About Us:
Our Client is a leading provider specializing in laboratory testing services, dedicated to delivering accurate, timely, and high-quality diagnostic results. Their commitment to innovation and excellence is paired with a steadfast focus on patient care and confidentiality. To maintain our high standards and ensure the security of sensitive patient information, we are seeking a dynamic and experienced Chief Information Security Officer (CISO) to join our leadership team in Houston, TX.
Role Overview:
As the CISO, you will be responsible for establishing and maintaining the enterprise-wide information security vision, strategy, and program. You will oversee the protection of sensitive healthcare and laboratory data, ensuring compliance with all relevant regulations (e.g., HIPAA, HITECH, and GDPR). Reporting directly to the CIO (or CEO), you will collaborate with leadership, IT teams, and external stakeholders to safeguard the organization against emerging cyber threats.
Key Responsibilities:
Strategic Leadership:
Develop and implement a comprehensive information security strategy aligned with the organization's goals.
Lead the security governance program to protect sensitive patient, laboratory, and organizational data.
Risk Management:
Conduct regular risk assessments and vulnerability analyses of systems, networks, and applications.
Develop risk mitigation strategies and ensure effective incident response plans are in place.
Regulatory Compliance:
Ensure compliance with healthcare-specific regulations such as HIPAA, HITECH, and CLIA.
Stay updated on global and regional data protection laws and ensure compliance with applicable standards (e.g., GDPR, PCI-DSS).
Technology and Operations:
Oversee the implementation of advanced cybersecurity technologies, including data encryption, endpoint protection, and SIEM solutions.
Evaluate and manage third-party security tools, including those supporting laboratory operations.
Ensure secure integration of laboratory information management systems (LIMS) with other healthcare systems.
Incident Management:
Establish and lead a robust incident detection and response framework.
Oversee investigations and coordinate remediation for any security breaches or incidents.
Collaboration and Communication:
Provide regular updates to executive leadership on the state of the organization's cybersecurity posture.
Partner with IT, compliance, legal, and clinical teams to align security initiatives with operational goals.
Qualifications:
Education:
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Advanced degree (e.g., MBA, MS in Cybersecurity) is a plus.
Experience:
Minimum of 10 years of progressive experience in information security, with at least 5 years in a leadership role.
Experience in the healthcare industry, particularly in laboratory testing, is strongly preferred.
Proven track record of managing cybersecurity in highly regulated environments.
Certifications:
CISSP, CISM, or equivalent certifications required.
CRISC, CEH, or healthcare-specific certifications (e.g., HCISPP) are a plus.
Skills:
In-depth knowledge of healthcare-specific regulations (e.g., HIPAA, HITECH).
Expertise in cybersecurity frameworks (e.g., NIST CSF, ISO 27001).
Strong leadership and communication skills, with the ability to present complex security concepts to non-technical stakeholders.
Experience in securing cloud environments, mobile devices, and remote work infrastructures.
Equal Opportunity Statement
BigRio is an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, religion, national origin, sex, sexual orientation, gender identity, age, pregnancy, status as a qualified individual with disability, protected veteran status, or other protected characteristic as outlined by federal, state, or local laws. BigRio makes hiring decisions based solely on qualifications, merit, and business needs at the time. All qualified applicants will receive equal consideration for employment.
Information Systems Security Officer 3
SAP Security Consultant Job In Chantilly, VA
Job Title: Information Systems Security Officer (ISSO) 3
MUST Possess An Active TS/SCI with Full Scope Poly
Position Overview: We are seeking an experienced and highly motivated Information Systems Security Officer (ISSO) 3 to join our team. In this role, you will manage the information security posture of both classified and unclassified systems, ensuring the protection of sensitive data and compliance with established security frameworks. You will work collaboratively with government stakeholders, technical teams, and subject matter experts (SMEs) to safeguard information, perform risk assessments, and lead security authorization efforts. Your expertise in security best practices, risk management, and system documentation will be pivotal in ensuring the continuous monitoring and defense of our organization's IT infrastructure.
Key Responsibilities:
Security Management: Oversee the entire lifecycle of information security for classified and unclassified systems, including research, testing, implementation, training, and program management to protect sensitive information from potential threats and vulnerabilities.
Risk Management Framework (RMF): Apply comprehensive knowledge of RMF processes, identifying, assessing, and mitigating risks to IT systems. Lead risk analysis efforts, ensuring effective risk management strategies are implemented across the organization.
Authorization and Compliance: Lead and support Authority to Operate (ATO) and Authority to Proceed (ATP) efforts. Provide independent recommendations and work directly with government leads to ensure the successful authorization of IT systems.
Vulnerability and Compliance Analysis: Conduct detailed analysis of vulnerability scans, penetration tests, and other audit activities to identify potential threats. Provide actionable insights and recommendations for system improvements and risk mitigation.
Documentation & Reporting: Create, review, and maintain key security documentation, including but not limited to System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Configuration Management Plans, Contingency Plans, and Risk Assessments. Ensure compliance with security requirements and provide clear, accurate status reports to stakeholders.
Agile Participation: Actively engage in Agile Planning events, contributing technical insights and providing expert security input to ensure security is integrated throughout the development lifecycle.
Continuous Monitoring & Security Posture Management: Ensure the security posture of IT systems is maintained across on-prem, cloud, and hybrid environments. Lead continuous monitoring efforts to identify and resolve emerging security risks.
Required Qualifications:
Education & Experience: Bachelor's degree in a relevant field and 5-8 years of direct experience in information security, or 7 years of related experience with expertise in IT systems security.
Security Clearance: Active TS/SCI clearance with CI Polygraph.
Core Competencies:
Strong understanding of the NIST Risk Management Framework (RMF), including NIST SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, and other federal security standards.
Proven experience in developing and maintaining System Security Plans (SSPs) and other security-related documentation.
Experience with vulnerability management tools such as Tenable Nessus, Security Center, or similar platforms.
In-depth knowledge of cloud computing technologies and services, including AWS, Microsoft Azure, and VMware.
Expertise in analyzing test results (vulnerability scans, audits, penetration tests) and determining associated risk levels.
Proficiency with Microsoft Office 365 Suite (Word, PowerPoint, Excel, SharePoint).
Soft Skills:
Strong communication skills, with the ability to articulate complex security concepts and status updates to non-technical stakeholders.
Self-starter with the ability to work independently and within a team, building strong relationships across various divisions.
Comfort with briefing security issues and presenting security posture to government customers.
Desired Qualifications:
Familiarity with Scaled Agile Framework (SAFe), Agile development practices, and DevSecOps methodologies.
Experience with security management in virtualized environments, including VDI and VMware.
Familiarity with security tools such as Jira, Jira Align, or ServiceNow.
Cybersecurity program experience within federal government agencies.
Relevant certifications such as CISSP, CCSP, AWS Certified Security Specialty, Microsoft Azure Security Engineer, CISA, CAP, or SAFe 6.
Senior Information Security Engineer - Incident Response
Remote SAP Security Consultant Job
LinkedIn is the world's largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We're also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that's built on trust, care, inclusion, and fun - where everyone can succeed.
Join us to transform the way the world works.
At LinkedIn, we trust each other to do our best work where it works best for us and our teams. This role offers a hybrid work option, meaning you can both work from home and commute to a LinkedIn office, depending on what's best for you and when it is important for your team to be together.
This role will be based in our Mountain View, CA campus.
About the team
LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Senior Incident Response Engineer to be an integral part of our Information Security organization. The Incident Response team is responsible for protecting our infrastructure, applications, and, most importantly, our members. This role will be responsible for playing a key role in our security monitoring and incident response team.
The role is a Senior position, coming in with years of real world experience in responding and leading incident investigations, developing playbooks, and continually striving to improve processes and response times. Additionally as a Senior, a successful candidate will help lead the continued improvements, mentor more junior team members, while acting as a lead during large scale incidents.
Responsibilities:
· Independently triage security alerts and incident reports.
· Investigate incidents using available resources, forensic and threat hunting skills.
· Drive small to medium scale incidents with multiple team members and partner teams to closure.
· Conduct host, network, and log analysis in support of incident response investigations
· Enhance our in-house incident response platforms and build new capabilities.
· Participate in oncall activities.
· Work with partner teams including: PR, HR, Legal, Compliance, Investigations, Microsoft CDOC, Engineering, EPE.
· Work in a team environment to drive large scale incidents to closure and full remediation.
· Contribute to improving processes, procedures and technologies used by the team.
· Provide feedback to detection engineering team about accuracy and quality of detections
· Provide proactive and accurate data to all stakeholders for internal communication
· Help uplift entire team by providing demonstration of new processes or training on systems
· Support mentoring and technical development of incident response engineers
Basic Qualifications:
· BA/BS degree in Information Security, CyberSecurity, Computer Science, or other related technical disciplines, or equivalent practical experience
· 4+ years experience in Information Security, with 3+ years experience in Incident Response as part of that experience.
· Incident response experience should include:
· Experience with triaging security alerts.
· Experience with incident lifecycle and incident handling.
· Experience with log analysis
· Experience with SIEM solutions
· Experience with Windows and Unix operating systems logs.
· Experience with Web Server logs.
· Experience with EDR solutions
· Experience with system level analysis - windows, linux, and mac.
· Experience with 1 or more of these areas:
· System Forensics
· Network Forensics
· Cloud Forensics
· SOAR/Security Orchestration
· Threat Intelligence
Preferred Qualifications:
· Master's degree in Information Security, CyberSecurity, Computer Science, or other related technical disciplines.
· Developer experience, the ability to understand source code and develop scripts.
· Practical threat hunting experience with open source tool chain
· Scripting knowledge to automate repetitive, time consuming and error prone activities using a general purpose scripting language (ex: Python)
· Prior experience with malware analysis
Suggested Skilles:
· Incident Response
· Information Security
· Incident response investigations
· Threat Hunting
LinkedIn is committed to fair and equitable compensation practices.
The pay range for this role is $121,000-198,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor.
The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For more information, visit **************************************
Equal Opportunity Statement
LinkedIn is committed to diversity in its workforce and is proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is an Affirmative Action and Equal Opportunity Employer as described in our equal opportunity statement here: *********************************************************************************************************** Please reference ******************************************************************************************** and ************************************************************************************************ for more information.
LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful.
If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at accommodations@linkedin.com and describe the specific accommodation requested for a disability-related limitation.
Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to:
-Documents in alternate formats or read aloud to you
-Having interviews in an accessible location
-Being accompanied by a service dog
-Having a sign language interpreter present for the interview
A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response.
LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information.
Pay Transparency Policy Statement
As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: ********************************
Global Data Privacy Notice for Job Candidates
This document provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: ***************************************
Information Security Manager
Remote SAP Security Consultant Job
The Information Security Manager will oversee the Information Security and work with the Director of Information Security as well as the Desktop and Server teams to help protect the information assets of the Firm. They will oversee the assist with implementing and supporting information security policies, security operations, and audit/risk. The Information Security Manager is responsible for coordinating analyst deliverables and is expected to stay up-to-date with current and emerging trends to help reduce the Firm's exposure to new and existing threats.
Active monitoring and rapid response to security events is critical to this role. Although not common, some of the security events may happen outside of normal work hours which will require after-hours response and support.
The Information Security Manager is responsible for keeping track of current IS projects and ensuring timely completion of deliverables. They will be responsible for tracking progress of Infosec team members on identified projects and following up when necessary to ensure timely and accurate completion of projects that meet both firm and user expectations.
The IS Manager will establish and maintain SLA's for team deliverables, and ensure that common tasks are formally documented. They will also assist the team in tracking progress and following up on team work.
Responsibilities:
PHISHING
Coordinate scheduled phishing campaigns for content, delivery, follow-up, and reporting.
Communicate with the helpdesk for phishing-related issues as well as respond to user inquiries.
Actively take steps to reduce phishing risk.
MONITORING AND ALERTING
Work with outside security vendors to monitor systems events and ensure coverage.
Oversee first-level response incoming events for MDR vendor and Defender.
Triage alerts and follow appropriate procedures to determine severity.
Maintain and ensure the confidentiality of client and firm data.
Monitor and respond to tickets for Information Security Group.
VULNERABILITY MANAGEMENT
Coordinate the Firm's vulnerability scanning software to identify, classify, prioritize, mitigate, and remediate software vulnerabilities.
Work with the infrastructure team and desktop engineering team to remediate the biggest risks.
Monitor and document progress toward security goals.
Track overall progress on reducing vulnerability risk.
OPERATIONS
Oversee security events from Microsoft Security Products.
Actively work to improve security posture through vulnerability management, attack surface reduction, and environment hardening.
Support compatibility with Mac laptops for normal firm tasks.
Support project for remote browser capability.
Work with a third party for annual penetration tests.
Coordinate threat hunting and research trending CVE's.
AUDIT
Oversee evidence gathering for ISO audit.
Manage policies and procedures to ensure accuracy and timely reviews.
Supervise timely and accurate reviews of Outside Counsel Guidelines, Client Security Assessments, and responses to RFP's/RFI's.
ADDITIONAL DUTIES INCLUDE
Assist in preparation and tracking of client security assessments.
Work with Director of Information Security on Security budget.
Work with desktop and server teams for patch management.
Interface with networking team as needed.
Support evidence collection and preservation for ISO 27001 audit.
Assist in annual testing of disaster recovery and business continuity plans.
Special projects as assigned.
Assume additional responsibilities as requested.
This role requires 60% in office presence; remote work is permissible 40% of the time.
Qualifications:
Bachelor's degree in Cybersecurity or Computer Science required.
Minimum of 6 years Information Security experience and prior experience managing staff is required.
Previous experience working in a law firm or professional services strongly preferred.
Knowledge of threat hunting tactics and incident response.
Working knowledge of TTP's (Threats, Tactics, and Procedures) of Threat Actors.
Demonstratable knowledge of vulnerability scanning tools (Tenable, Rapid7, or Qualys).
Familiarity with popular cybersecurity tools for threat hunting and vulnerability scanning.
Experience with outsourced MDR (SentinelOne, eSentire, Rapid7 IDR, Cybereason, etc).
Strong knowledge of Microsoft Defender suite of products CompTIA Security+, CEH, CISA, CRISC, CISM, or preferably CISSP.
Possess excellent verbal and written .communication skills with an ability to influence others.
Ability to function in a fast-paced, service-oriented environment, prioritize multiple projects on a daily basis, and adjust to shifting priorities.
Strong planning, project management and organizational skills.
Strong sense of urgency.
Facility analyzing, working with and presenting data.
Ability to collaborate and gain the respect, trust, and confidence of the Firm's attorneys and professional staff.
Possess a “hands-on” tactical approach.
Creative and proactive approach to problem-solving.
Facilitate teamwork and identify opportunities to develop new processes/infrastructure.
Demonstrated ability to grasp and implement new concepts quickly.
Strong analytical abilities, resourcefulness, and attention to detail.
Ability to work independently and as part of a team with a proactive and positive style that fosters collaborative working relationships.
Demonstrated ability to motivate and develop teams.
Proven leadership and management abilities.
Demonstrated experience in employee relations, performance improvement and separations.
Outstanding sense of customer service, with demonstrated ability to instill this in others.
Deep personal commitment to integrity, excellent judgment, and the highest standards of ethics.
Must display the highest level of diplomacy, tact and discretion, with comfort in handling and maintaining confidential information.
Excellent computer skills, including proficiency in using Microsoft Word, Outlook, Excel and PowerPoint. Ability to quickly get up to speed and master new applications and software is critical.
Information System Security Officer
SAP Security Consultant Job In Arlington, VA
We are seeking a dedicated and experienced Information System Security Officer (ISSO) to join our team at our headquarters in Herndon. The ideal candidate will have 3-5 years of experience in information security, particularly within the Department of Defense (DoD) environment.
Key Responsibilities:
Oversee and manage the Authorization to Operate (ATO) process.
Ensure compliance with NIST 800-53 and 800-171 standards.
Review and secure systems to meet compliance requirements.
Build and configure machines to specified requirements.
Implement and maintain Security Technical Implementation Guides (STIGs).
Maintain and update security documentation and policies.
Collaborate with Information System Security Managers (ISSM) and other stakeholders to ensure security measures are in place.
Qualifications:
3-5 years of experience as an ISSO or ISSM.
Familiarity with the ATO process.
Proficiency in Windows technology.
Experience in building and configuring machines to specifications.
Strong understanding of NIST 800-53 and 800-171 standards.
Experience with implementing and maintaining STIGs.
Excellent communication and collaboration skills.
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at ******************************** or ************.
Information System Security Officer [Job ID: 81334]
SAP Security Consultant Job In Arlington, VA
MUST HAVE an active TS/SCI clearance
Job Summary: Seeking a highly skilled, Senior Information Systems Security Operator (ISSO) to join our team.
Job Description & Requirements: The ideal candidates will be responsible for ensuring the security and integrity of our information systems by implementing and maintaining robust security measures. This includes developing and enforcing security policies, conducting regular security audits, and staying up to date with the latest cybersecurity threats and trends.
Senior Cloud Security Engineer
SAP Security Consultant Job In Tysons Corner, VA
We are partnered with a top smart-home security technology company to bring on a highly skilled Senior Security Engineer with a specialty in AWS. This role is headquartered in the *DMV area; the ideal candidate will play a crucial role in shaping the security strategy for their cloud-based services and ensure their systems meet industry-leading standards.
Role Responsibilities
Develop, implement, and manage security protocols to protect cloud infrastructure, applications, and data.
Lead efforts in continuous security monitoring, threat detection, and incident response, ensuring prompt mitigation of security risks.
Ensure adherence to relevant security standards (e.g., ISO, NIST) and maintain compliance with industry regulations and company policies.
Perform regular security risk assessments, identify vulnerabilities, and apply effective countermeasures.
Work closely with cross-functional teams, including software development, IT, and product management, to integrate security best practices at all stages of the development lifecycle.
Develop automated processes for security audits, vulnerability scanning, and continuous security validation.
Maintain comprehensive documentation of security processes, policies, and incidents. Prepare reports and present findings to management and other stakeholders.
Stay updated on the latest security technologies, emerging threats, and trends in cloud security. Propose and implement solutions to enhance the company's security posture.
Qualifications
Bachelor's or Master's degree in Computer Science, Information Security, or related field. A minimum of 5-7 years of experience in cloud security engineering or related roles.
Deep understanding of AWS cloud platform. Strong background in cloud-native security services and solutions.
Hands-on experience with security frameworks like Zero Trust Architecture and Identity Access Management (IAM).
Proficiency in scripting and automation tools (e.g., Python, Terraform). Experience with container security (e.g., Docker, Kubernetes).
Relevant security certifications such as CISSP, CISM, AWS Certified Security - Specialty, or equivalent.
If you or someone you know are interested in the opportunity, please apply in directly!
*This is a hybrid opportunity of Tysons, VA
SAP FI - R2R Controlling Consultant
SAP Security Consultant Job In Arlington, VA
The R2R Controlling Consultant will be responsible for determining integrated system design of required business scenarios and processes with particular focus on costing and management controlling, A&D specific knowledge beneficial
• Provide advice on identified functional gaps.
• Determine table configuration.
• Provide integrated system and design expertise in designated functional areas
• Provide SAP planning experience in recommending and assessing design.
• Facilitate use of implementation methodology
• Review design for integration aspects of the solution
• Provide input on technical implications of specific design.
• Provide functional specifications for any required development.
• Provide input on training approaches where required.
• Provide recommendations for functional gaps
Information Security Officer
SAP Security Consultant Job In Ashburn, VA
Information Systems Security Officer (ISSO) - Customs and Border Protection (CBP)
Job Type: Full-Time (Remote)
Clearance Level: Active DHS Security Clearance Required
Indev is seeking a highly skilled and dedicated Information Systems Security Officer (ISSO) to join our team, supporting the management of cybersecurity and information assurance for critical systems associated with Customs and Border Protection (CBP) operations. The successful candidate must be well-versed in federal security protocols and compliance requirements, particularly in the context of DHS systems and data protection.
Job Summary: As the ISSO, you will be responsible for ensuring the confidentiality, integrity, and availability of information systems supporting CBP operations. You will work with government and contractor personnel to monitor, assess, and enhance security measures while ensuring compliance with relevant regulations and standards.
Key Responsibilities:
Security Management & Oversight
:
Manage, monitor, and enforce system security policies and procedures for CBP-related information systems.
Oversee the implementation of security controls in accordance with NIST (National Institute of Standards and Technology), FISMA (Federal Information Security Modernization Act), and CBP-specific guidelines.
Conduct regular vulnerability assessments, risk assessments, and security audits to ensure system compliance.
Compliance & Reporting
:
Ensure systems comply with applicable federal laws, regulations, and directives related to cybersecurity (e.g., FISMA, NIST SP 800-53, Homeland Security Directives).
Prepare and submit reports regarding system security status, vulnerabilities, incidents, and compliance.
Maintain and manage system security documentation, including System Security Plans (SSPs) and Risk Assessment Reports (RARs).
Incident Response & Risk Mitigation
:
Coordinate responses to cybersecurity incidents affecting CBP systems.
Implement corrective actions to resolve identified security issues and reduce risk to the organization.
Maintain and update incident response plans and procedures in alignment with federal guidelines.
Access Control & Authorization
:
Oversee and manage user access to systems, ensuring adherence to strict access control policies.
Support the development of Authorization to Operate (ATO) packages and documentation for system accreditations.
Work closely with system administrators and other stakeholders to review and approve security configurations.
Security Awareness & Training
:
Provide ongoing security training to staff, ensuring understanding and compliance with CBP security protocols.
Assist with the development of security awareness campaigns specific to CBP systems and data protection.
Collaboration & Coordination
:
Collaborate with government agencies, contractors, and third-party vendors to ensure the secure deployment and operation of information systems.
Communicate effectively with other ISSOs, system administrators, and stakeholders regarding system security status and requirements.
Please note that the duties listed above are not exhaustive, and the successful candidate may be required to perform additional tasks as needed
Required Qualifications:
Active DHS or CBP security
clearance
.
Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field.
At least 5 years of experience as an ISSO, Information Security Analyst, or similar role, with a focus on federal systems security.
In-depth knowledge of federal security frameworks, including FISMA, NIST SP 800-53, and CBP-specific security policies.
Experience with risk management and vulnerability assessment tools and techniques.
Familiarity with incident response, disaster recovery, and security operations.
Excellent written and verbal communication skills, with the ability to communicate security concepts clearly to both technical and non-technical stakeholders.
Certification such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or similar.
Experience working with CBP systems or in a similar government cybersecurity environment preferred.
Knowledge of Federal Information Processing Standards (FIPS) and other government-specific security standards.
Must be able to work in a fast-paced, high-pressure environment while maintaining attention to detail.
Strong problem-solving skills with a proactive approach to identifying and mitigating security risks.
About Us: At Indev, we're not just a company; we're a trailblazing force transforming the way technology solutions shape the future. As a dynamic player in the federal government sector, we're on a mission to empower agencies with cutting-edge, innovative technology solutions that drive innovation, efficiency, and progress. Our team thrives on collaboration, innovation, and embracing challenges head-on to create a meaningful impact on the world around us. Let's innovate. *************
Why Indev:
Innovative Environment: Join a team that thrives on creativity and innovation, where your ideas are not only heard but encouraged.
Meaningful Impact: Contribute to projects that directly impact federal agencies, driving positive change on a national scale.
Dynamic Collaboration: Work alongside diverse experts who are passionate about pushing boundaries and making a difference.
Agile Mindset: Embrace Agile methodologies that encourage flexibility, adaptability, and rapid growth.
Learning Culture: Enjoy ongoing learning opportunities and professional development to expand your skill set.
Cutting-edge Tech: Engage with the latest technologies and tools in the data integration landscape.