Security architect jobs in Dayton, OH

Job Title: Cybersecurity Engineer Labor Category: Exempt Clearance Requirement: Secret - As required Salary: $130,000-$175,000 Travel Requirement: 25% At Tlingit Haida Tribal Business Corporation (THTBC), your work goes beyond the job description-it becomes part of a purpose-driven legacy. Our continuous commitment to growth directly contributes to the strength, resilience, and future of the communities we support. Our growth fuels programs, services, and lasting value for the Tribe, making every success a shared one. For over 35 years THTBC and its subsidiaries has delivered essential services to federal clients across the globe. Whether supporting logistics, information technology, cyber security, or facilities operations, we are united by a shared mission: to create meaningful economic opportunity and growth of the Tlingit & Haida Tribes of Alaska. Together We Grow - One Mission, One Team - With a Commitment to Serve Scope of Work: This position is in support of the sustainment and modification of the United States Air Force (USAF) Electronic Technical Information Management System (ETIMS) program. The primary purpose of this position is to support the ETIMS mission by ensuring all systems, applications, and processes comply with Department of Defense (DoD), Air Force (AF), and federal cybersecurity requirements. The role ensures cybersecurity requirements are integrated into information systems and components through deliberate security design, development, and configuration, in alignment with frameworks such as the Risk Management Framework (RMF) and NIST standards. Responsibilities: Serving as a subject matter expert in security architecture to include providing advice to Program Managers, Customer technical experts, and internal program teams. Ensure all products, deliverables, and activities align with Federal, CNSS, DoD, and AF cybersecurity policies, including: NIST SP 800-37, 800-53, 800-171 CNSSI 1253 DoD 8500-series and DoDI 8510.01 (RMF for DoD IT) AFI 17-series publications and DoD 8140 workforce requirements Integrate cybersecurity considerations into Continuous Integration/Continuous Deployment (CI/CD) methodologies and program management schedules. Identify, manage, verify, and trace security controls across the entire system lifecycle, ensuring alignment with Test & Evaluation (T&E) and overall risk management processes. Implement and document comprehensive cybersecurity assurance measures across all layers of the TCP/IP model (network, transport, application, data link, and physical). Develop and maintain RMF documentation and artifacts, including Security Plans, Vulnerability Assessments, and Test Results, to support system authorization. Ensure compliance with DoDI 8520.02 (PKI and PK Enabling) and DoDI 8520.03 (Identity Authentication), maintaining standardized encryption, digital signature, and authentication mechanisms. Deliver secure applications compliant with DISA STIGs and Cloud One cybersecurity requirements. Conduct static application security testing (SAST) using PMO-approved tools and maintain a Software Bill of Materials (SBOM) for each release (e.g., SPDX, CycloneDX, SWID). Apply secure coding standards (e.g., OWASP Top Ten, CERT) and ensure prompt remediation of vulnerabilities. Generate and provide cybersecurity testing reports, mapping findings to applicable STIG and Cloud One controls. Use automated tools and processes wherever practical, seeking PMO approval for any deviations. Perform other duties as assigned. Minimum Requirements: Seven (7) years of experience supporting DoD or Air Force cybersecurity programs. Compliant with DoDI 8140 Intermediate Level Certifications (Security+, CySA, CAP, CASP CE, CISM, CISSP or Associate) Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field. Strong knowledge of NIST RMF, DoD 8500-series, and DISA STIG compliance. Experience with SAST, SBOM tools, and secure software development practices. Experience supporting AF programs or Cloud One environments. Familiarity with CI/CD security integration and automated compliance tools. Advanced certification (e.g., CASP+, CCSP, or CISSP-ISSAP) preferred. Must be able to satisfactorily obtain and maintain a government security clearance as required by the contract. Must be able to maintain ability to access government worksite. Must possess and maintain a valid state driver's license and a safe driving record, in accordance with company policy, to operate vehicles or equipment as required for the position. Physical Demands / Work Environment: Ability to sit or stand for extended periods while working at a computer or desk. Frequent use of hands for typing, data entry, and handling paperwork. Must be able to work on-call, alternate, and extended shift schedules when necessary to meet the mission requirements, including weekends and holidays. All candidates must successfully complete pre-employment screening, which may include but is not limited to a criminal background check, motor vehicle record review, and a 5-panel drug test, in accordance with company policy and applicable laws. Benefits: We offer a flexible benefits package including medical, dental, and vision plans, TRICARE Supplemental, critical illness coverage, employee discounts, wellness seminars, company-paid life and short-term disability insurance, optional long-term disability, paid leave, a 401(k) plan, and identity theft protection to support your health and financial well-being. For represented positions, the benefits and leave offered will be as defined under the applicable Collective Bargaining Agreement. Equal Employment Opportunity: We are proud to be an equal opportunity employer and comply with all applicable federal, state, and local employment laws. All applicants will be considered for employment without regard to race, color, religion, creed, national origin, gender, gender identity, age, marital status, sexual orientation, veteran status, disability, pregnancy, parental status, or any other characteristic protected by law. Reasonable Accommodation: If you have a disability or medical condition and need reasonable accommodation, please inform the designated recruiter during the hiring process.

: Crown Equipment Corporation is a leading innovator in world-class forklift and material handling equipment and technology. As one of the world's largest lift truck manufacturers, we are committed to providing the customer with the safest, most efficient and ergonomic lift truck possible to lower their total cost of ownership. **Job Posting External** **Primary Responsibilities** + Define security architecture standards and blueprints for web, mobile, cloud, and Application Programming Interface (API)-based applications. + Review design documents and perform architecture risk assessments for new and existing applications. + Collaborate with DevOps, Engineering, and Infrastructure teams to ensure architectures align with secure design principles. + Integrate automated security testing/scanning tools (Static Application Security Testing (SAST), Software Composition Analysis (SCA)) into Continuous Integration (CI) or Continuous Delivery (CD) pipelines. + Define and enforce secure coding standards and practices across development teams. + Provide training and guidance to developers on secure development principles and vulnerability prevention. + Conduct threat modeling and attack surface reviews for high-risk or critical applications. + Identify potential security flaws and recommend mitigations early in development process. + Track and communicate technical risk to product managers, developers, and leadership teams. + Develop and maintain application security policies, baselines, and architecture frameworks. + Ensure application security practices align with regulations including General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS). + Support audit and compliance initiatives by providing documentation and evidence of secure development practices. **Minimum Qualifications** + Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related field is required, along with 2-4 years related experience. _Non-degree considered if 12+ years of related experience along with a high school diploma or GED_ **Preferred Qualifications** + 5+ years in cybersecurity with at least 3 years in application security or secure software development experience. + Secure Software Development Life Cycle (SDLC) in development. Deep knowledge of Open Web Application Security Project (OWASP) Top 10, National Institute of Standards and Technology (NIST), and secure coding frameworks. + Experience with Securing Secrets and Service Accounts. + Experience with Web Application Firewall (WAF) implementation/support. + Familiarity with Identity and Access Management and cloud security practices (AWS, Azure). + Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CISSP), Certified Ethical Hacker (CEH) certified. + Familiarity with container security (Docker, Kubernetes). + Experience in Threat Modeling. + Understanding of authentication protocols (Open Authorization (OAuth) and Security Assertion Markup Language (SAML)). + Experience with DEVSECOPStools and container security tools. **Work Authorization:** Crown will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas or who need sponsorship for work authorization now or in the future, are not eligible for hire. No agency calls please. **Compensation and Benefits:** Crown offers an excellent wage and benefits package for full-time employees including Health/Dental/Vision/Prescription Drug Plan, Flexible Benefits Plan, 401K Retirement Savings Plan, Life and Disability Benefits, Paid Parental Leave, Paid Holidays, Paid Vacation, Tuition Reimbursement, and much more. EOE Veterans/Disabilities

Job Description Title: Information Systems Security Manager (ISSM) Clearance: Active Secret Clearance About this role: Rackner is seeking a Information Systems Security Manager (ISSM) to support the AFRL/RG (AFWERX) Technical Operations Branch. AFWERX is the innovation arm of the Department of the Air Force (DAF) and accelerates agile and affordable capability transitions by teaming innovative technology developers with Airman and Guardian talent. The innovation arm of the Department of the Air Force and powered by the Air Force Research Laboratory (AFRL) supports both internal and external (federal and industry partners) users across multiple CONUS locations through client hardware support (NIPR, DREN) and cloud-based (e.g. IaaS, PaaS, SaaS) applications. Additionally, the program's Technical Operations Branch provides Risk Management Framework (RMF) and cybersecurity support to the different AFWERX divisions (i.e. AFVentures, Spark, Prime), including Flight Test Program Management (FTPM) support to both manned and unmanned flight tests. We are looking for experience with: Bachelor of Arts (BA)/Bachelor of Science (BS) and 10 years of experience, three (3) of which must be in the DoD OR 15 years of directly related experience with proper certifications as described below., five (5) of which must be in the DoD Must have at least one of the following certifications (DoD 8570 IAM II or IAM III certified): CAP CASP+ CE CISM CISSP (or Associate) GSLC CCISO HCISPP Highly preferred to be Google Cloud Security Engineer, Google Workspace Engineer, and/or Google Cloud Architect certified What will make you successful: Knowledge of Information Systems Security and risk management processes and requirements per the Risk Management Framework (RMF), to include building, managing, and submitting RMF packages in support of IT platforms, cloud/web-based applications, traditional applications, or embedded IT systems Assist with S&T Protection Plan efforts to include: Identifying and validating security requirements Providing guidance to ensure the protection of technologies and information of various classification levels. Develop or evaluate program, project, or technology area security risk assessments and analyses, and provide mitigation plans. Provide security oversight for all aspects of technology control and S&T protection planning Development of certification and accreditation documents Provide support as a technical security advisor to internal and external entities on matters affecting overall protection architecture Who We Are: Rackner is a software consultancy that builds cloud-native solutions for startups, enterprises, and the public sector. We are an energetic, growing consultancy with a passion for solving big problems for both startups and enterprises. We enable digital transformation for large organizations through the newest in distributed technologies as we are laser focused on end-to-end application development, DevSecOps, AI/ML and systems architecture and our methodology focuses on cloud-first and cost-effective innovation. Our customers hail from a diverse, ever growing list of industries. Additional Info/Benefits Rackner embraces and promotes employee development and training and covers the cost of certifications relevant to a position and the technologies/services provided . Fitness/Gym membership eligibility, weekly pay schedule and employee swag, snacks & events are offered as well! 401K with 100% matching up to 6% Highly competitive PTO Great health insurance with large network of providers Medical/Dental/Vision Life Insurance, and short & long term disability Industry-Leading Weekly Pay Schedule Home office & equipment plan #ISSM #InformationSystemsSecurityManager #DoD #secret #AFWERX #DAF #agile #AFRL #NIPR #DREN #IaaS #PaaS #SaaS #IoC #TechnicalOperationsBranch #RiskManagementFramework #RMF #cybersecurity #FlightTestProgramManagement #FTPM #AFVentures #Spark #Prime #DoDIATIII #googlecloud #gcp

NLB Services offers a wide-range and best-in-class suite of value-based business solutions comprising of IT services, HR solutions, On-site & Off-site Outsourcing and Consulting services that are built on its robust process domain and people management expertise. At NLB Services, we believe in a work culture that is open and energetic. Our operational methodology is clear and object oriented, blended with flexibility and a proactive attitude to help us focus on developing the right expertise that is required to deliver an unmatched set of services and products. Our team of experts works 24/7 to add value to your existing business and help you grow exponentially. Hi, My Name is Ajay Singh and I'm a Resource Manager at Next Level Business Services, Inc. Please find the below and respond with an expected salary range, suitable time to call and contact details. Also, attach a copy of your updated resume. Position Title: SAP HANA and BOBJ Security Consultant Location: Cincinnati, OH Hire Type: Full Time Only Salary: As per Market Job Description: 1. Designing Overall Security for SAP HANA implementation 2. Create customized roles in HANA DB for Developers, Modelers, Technical Admins, End Users, Power Users. 3. Design, Restrict and Control authorizations for HANA DB objects and Packages/Contents based on System Privileges, Objects Privileges and Analytic Privileges for various Schema Users 4. Define controls to restrict Create, Drop, Alter other DB Admin rights on HANA DB Schema and its objects 5. Transportation of Security Objects/Roles within HANA Landscape 6. Users creation and Role assignment 7. Setting up Password policy 8. Create Groups in BOBJ Server for different type of Users (Admins, Managers, Developers, End Users etc..) 9. Define and Control access to various Folders 10. Setup SSO with AD or LDAP for SAP, Enterprise and other types of Authentication 11. Define & Control access at Object level for different types of BOBJ Reports (Full control, View, Schedule, View on Demand) 12. Transportation of Security objects within BOBJ Landscape 13. Integration of BOBJ Security with HANA DB Security Roles Thanks, Ajay Singh Additional Information All your information will be kept confidential according to EEO guidelines.

At Accenture Federal Services, nothing matters more than helping the US federal government make the nation stronger and safer and life better for people. Our 13,000+ people are united in a shared purpose to pursue the limitless potential of technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations. Join Accenture Federal Services, a technology company and part of global Accenture, to do work that matters in a collaborative and caring community, where you feel like you belong and are empowered to grow, learn and thrive through hands-on experience, certifications, industry training and more. Join us to drive positive, lasting change that moves missions and the government forward! We are seeking an experienced Information Systems Security Officer to lead security oversight for our secure cloud platform implementations supporting government customers. This role ensures continuous compliance with federal security standards while enabling agile delivery of cloud infrastructure solutions in classified and sensitive environments. What you'll do: * Security Program Leadership * Serve as primary security authority for secure cloud platform implementations * Develop and maintain Information System Security Plans (ISSP) for government systems * Lead security control assessments and continuous monitoring programs * Coordinate with government security officers, SCAs, ISSMs, and AOs for system authorization * Risk Management & Compliance * Implement and maintain Risk Management Framework (RMF) processes * Conduct security control assessments using NIST 800-53 and DoD requirements * Manage Plan of Action & Milestones (POA&M) and security remediation efforts * Ensure continuous compliance with FedRAMP, FISMA, and DoD security standards and applicable overlays * Cloud Security Architecture * Design security controls for multi-cloud and hybrid government environments * Implement cloud-native security solutions: encryption, IAM, network segmentation * Configure security monitoring and incident response capabilities * Validate security implementations against STIG and CIS benchmarks * Security Integration & DevSecOps * Integrate security controls into CI/CD pipelines and Infrastructure as Code * Implement security automation and continuous compliance monitoring * Collaborate with engineering teams to embed security throughout delivery lifecycle * Conduct security reviews for cloud architecture and deployment patterns * Documentation & Reporting * Maintain security documentation packages for government reviews and audits in defined systems including but not limited to eMass * Prepare security deliverables: SSP, SAR, security briefings, and compliance reports * Support security audits, assessments, and customer security reviews * Create security standards, procedures, and training materials * Tools * Work in AWS GovCloud, Azure Government, or Oracle Cloud * Work with vulnerability scanners, SIEM, monitoring platforms * Handle Infrastructure as Code security: Terraform, CloudFormation security * Review container security: Kubernetes security, container scanning, runtime protection * Review network security: VPC design, firewalls, intrusion detection What you'll need: * 5 years cybersecurity experience with government systems and cloud environments * 3 years direct ISSO experience supporting federal programs or systems * 3 years' experience with risk management frameworks (RMF) and security control implementation * 6 months of eMASS experience * Demonstrated experience with FedRAMP, FISMA, and DoD security compliance requirements * Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field or 4 years of comparable work or military experience * CompTIA Security+ (current) or equivalent DoD 8570 IAT Level II certification required Bonus points if you have: * CISSP, CISM, or GIAC certification * AWS certification - Solutions Architect - Associate Security Clearance: An active Secret level clearance is required; TS/SCI preferred As required by local law, Accenture Federal Services provides reasonable ranges of compensation for hired roles based on labor costs in the states of California, Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Washington, Vermont, the District of Columbia, and the city of Cleveland. The base pay range for this position in these locations is shown below. Compensation for roles at Accenture Federal Services varies depending on a wide array of factors, including but not limited to office location, role, skill set, and level of experience. Accenture Federal Services offers a wide variety of benefits. You can find more information on benefits here. We accept applications on an on-going basis and there is no fixed deadline to apply. The pay range for the states of California, Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Washington, Vermont, the District of Columbia, and the city of Cleveland is: $98,500-$184,900 USD What We Believe As a company wholly dedicated to serving the US federal government, we bring together the best talent to help reinvent how federal agencies operate and deliver greater value for their mission and the American people. We have an unwavering commitment to creating a culture in which all our people are respected, feel a sense of belonging, and have equal opportunity. As a business imperative, every person at Accenture Federal Services has the responsibility to create and sustain a culture where everyone feels welcomed and included. This is grounded in our core values and our experience that hiring and developing great people who reflect different perspectives, experiences, and backgrounds is key to driving innovation and delivering the results that our clients and the country count on. Equal Employment Opportunity Statement We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities. For details, view a copy of the Accenture Federal Services Equal Opportunity Policy Statement. Accenture Federal Services is an Equal Employment Opportunity employer. Additionally, as an Affirmative Action Employer for Veterans and Individuals with Disabilities, Accenture Federal Services is committed to providing veteran employment opportunities to our service men and women. Requesting An Accommodation Accenture Federal Services is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture Federal Services and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired. If you are being considered for employment opportunities with Accenture Federal Services and need an accommodation for a disability or religious observance during the interview process or for the job you are interviewing for, please speak with your recruiter. Other Employment Statements Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States. Candidates who are currently employed by a client of Accenture Federal Services or an affiliated Accenture business may not be eligible for consideration. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information. California requires additional notifications for applicants and employees. If you are a California resident, live in or plan to work from Los Angeles County upon being hired for this position, please click here for additional important information.

ARS is looking for an Information System Security Officer (ISSO). Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The ISSO will have an active role in monitoring a system and its environment of operation to include developing and updating a System Security Plan, managing and controlling changes to the system, and assessing the security impact. Why Work with us?  ​Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support. Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.   Responsibilities: Maintain the operational security posture of systems. Monitor systems and environments for security compliance. Develop and update System Security Plans (SSPs). Manage and control system changes and assess their security impact. Handle physical, personnel, and environmental security. Conduct incident response and security awareness training. Assist the ISSM and assume ISSM duties when necessary. Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM; Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package; Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard; Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS; Report all security-related incidents to the ISSM Conduct periodic reviews of information systems to ensure compliance with the security authorization package; Serve as member of the CCB, if designated by the ISSM; Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change; Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization; Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly; Ensure all IS security-related documentation is current and accessible to properly authorized individuals; and Ensure audit records are collected, reviewed, and documented (to include any anomalies). Participate in joint agile backlog planning and provide feedback to the software development team and infrastructure teams around high to medium risk items that require information system owner approval. Responsibilities: Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard 5+ years related experience in SCI/SAP environments. Bachelor's degree in computer science, Engineering, Finance, Business, or related field 5-8 years demonstrated performance in related technology Top Secret w/ SCI eligibility Other duties as assigned All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.

Radiance Technologies is an employee-owned company with benefits that are unmatched by most companies in the Dayton, OH area. Employee ownership, generous 401K, full health/dental/life/vision insurance benefits, educational reimbursement, competitive salaries, interesting assignments, and a pleasant work environment combine to make Radiance Technologies a great place to work and succeed. We are currently seeking an Information Systems Security Officer (ISSO). Responsibilities include, but are not limited to: Implementation of System Security Plans (SSP), Standard Operating Procedures (SOP), information security policies and the development of information system artifacts, as necessary, to ensure compliance with RMF guidelines. Overseeing the compliance of security settings for operating systems, to include Windows, Unix/Linux, etc. on classified information systems under his / her purview. Ensuring proper measures are taken when an information system incident or vulnerability is discovered. Managing and executing the information security continuous monitoring program. Ensuring configuration management policies and procedures for authorizing the use of hardware / software on an information system is followed and assess changes to the system, its environment, and operational needs that could affect the security authorization for an information system. Conduct risk assessments as required on systems/networks IAW DoD, NSA, DISA, DIA and other agency regulations and policies governing information systems security. Respond to information system incidents, perform initial evaluation of each incident, begin corrective measures, and report incidents to ISSM. Responsible for the auditing and monitoring of information systems to support program operations and required continuous monitoring activities. Maintaining required information security certifications (e.g., Sec+, CISSP, etc.) Experience implementing NISPOM Chapter 8, DAAPM, DoDM 8501.01, JAFAN 6/3, DCID 6/3, ICD 503, DAAPM and/or JSIG IS requirements. Required Experience: Experience with NISPOM, RMF, JSIG, and/or DAAPM certification and accreditation processes. Ability to perform technical certifications for systems being presented to the government for authorization. Excellent written and verbal communication skills and ability to effectively interface with numerous cognizant security agencies, customers, and senior management. Ability to manage multiple projects in a dynamic, demanding environment. Knowledge of other security disciplines and how they impact and interact with information system security. Minimum of a valid Secret clearance with in-scope Background Investigation Date Desired Skills: Bachelor's degree in IT/Cyber Security, Computer Science, or related field plus two (2) years of experience in developing and implementing Risk management Framework (RMF) policies and procedures. Active Security+ CE or equivalent DoD Directive 8570 / 8140 Information Assurance Management Level II or III certification. Previous experience working in an SAP / SCI / Collateral environment. Prior experience as ISSO, or DoD equivalent at an organization of similar size and complexity. Understanding of networking concepts and cybersecurity related tools to include, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) and Security Content Automation Protocol (SCAP), and vulnerability scanners. EOE/Minorities/Females/Vet/Disabled

Job Description *This is a contingent opportunity Information Systems Security Manager (ISSM) K2 Group is searching for an ISSM to support the Air Force Research Laboratory Sensors Directorate (AFRL/RY) at Wright-Patterson Air Force Base, OH. Duties: Be the Directorate's Certification & Accreditation (C&A) process expert. Perform C&A duties in compliance with the Risk Management Framework (RMF) structure at the SCI and below level in accordance with all applicable regulations. Follow AFRL procedures to use the Enterprise Mission Assurance Support Service (eMASS), AFRL Enterprise Business System (EBS), Xacta or other workflow tools to obtain an Interim Approval to Operate IATO/ Approval to Operate (ATO). Prepare, submit, and track all Directorate C&A packages of all Research, Development, Test, & Evaluation (RDT&E) computer information systems for base-level and higher headquarters approval, and ensure that all systems are following DoD Information Technology (IT) C&A guidance. Submit a quarterly Plan of Action and Milestones (POA&Ms) to HQ AFRL and maintain 100% accountability for all accredited systems and RDT&E systems requiring POA&Ms. Ensure the Directorate C&A community remains updated on eMASS; review eMASS registration workbooks, recommend changes/clarification and submit updated workbooks to HQ AFRL for registration of Point-to-Point, Standalone, Standalone Enclave systems having a Federal Information Security Management Act (FISMA) requirement. Coordinate any changes or modifications to hardware, software, or firmware of a system directly with the Authorizing Official (AO)/ Delegated Authorizing Official (DAO) prior to the change. Conduct routine maintenance, perform backups, and install upgrades and patches to the systems and networks. Produce artifacts that include but not limited to answers, implementation, documentation, and testing of applicable Information Assurance (IA) controls, topology diagrams, hardware lists, software lists, ports and protocols lists, and plan of action and milestones. Complete or assist in the completion of vulnerability scans and DISA STIG reviews. Research and propose solutions for identified risks to eliminate or mitigate adverse impact to an acceptable level. Interact and coordinate with system program managers to create, update, and maintain system documentation and supporting artifacts related to the RMF process. Requirements: Five (5) years of relevant experience Certifications: SPēD Security Fundamentals Professional Certification (SFPC) - required at start Microsoft SQL Server Management Studio (or Security+) - required at start SPēD Security Asset Protection Professional Certification (SAPPC) - required within 6 months of entry on duty Must hold a DoD 8140.03-compliant certification (at start): Information Assurance Technical (IAT) Level II (required) Information Assurance Technical (IAT) Level III (preferred) Clearance: Active Top Secret/SCI Benefits: K2 Group's benefit offerings include: Medical/ Dental/ Vision Insurance; FSA Medical & FSA Dependent Care; Pre-tax 401(k) & ROTH 401(k) plans; Profit Sharing Plan; Life & Accidental Death Insurance; Short Term/ Long Term Disability; Voluntary Group Life Insurance option; Tuition Reimbursement; Job-related Course Reimbursement; Holiday Pay; and Paid Time-Off Powered by JazzHR Ijvr8jzcNQ

Bowhead seeks a Cybersecurity Network Defense Analyst to join our team in Dayton, OH. The Cybersecurity Network Defense Analyst uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. They provide on-site 24x7x365 operational support in the form of event/incident handling and analysis capability to cybersecurity service subscribers. These highly skilled individuals will work in various capacities alongside Warning Intelligence Analysts and Engineers. The Cybersecurity Network Defense Analyst will work in the Attack Sensing and Warning (AS&W) division which senses changes in subscriber networks through comparison to established baselines and the fusion/integration of closed and open source intelligence to enhance sensing capability. They will perform the analysis of disparate data sources to form a cohesive view of the current cyber security state. They will characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. **Responsibilities** - Receive and distribute AS&W information - Conduct AS&W activities to develop appropriate response (receives and archive task orders, directives, and other required actions, and maintain internal and external source location information) - Coordinate AS&W information from other sources to aid in analysis of alerts - Analyze the Intrusion Detection System alerts to identify unauthorized or anomalous activity - Identify, documents, and reports unauthorized activity/attacks (including IP addresses and ports, attack vector, and attack timeframe) in all incidents and reports per HPCMP CSSP sops - Take action, if appropriate, to prevent or mitigate potential impact to the DODIN based on cyber threats, and develop and distribute countermeasures and interim guidance to prevent or mitigate threats and/or attacks on DODIN - Monitor a platform capable of performing information security continuous monitoring (ISCM) for the purposes of detecting cyber intrusions, attacks, anomalous behavior, and possible insider threats - Collect intrusion artifacts (e.g., source code, malware, and trojans) - Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation - Report incidents and events within proper channels and within timelines identified in the CJCSM 6510.01B - Provide a 24/7x365 event/incident handling and analysis capability - Provide operations log accessible to personnel documenting all mandated reportable cyber events/incidents - Analyze detected cyber events to identify incidents - Categorize and characterize cyber incidents - Notify affected Subscribers of cyber incidents and collect assessments of mission impact for the loss of the system during the incident response process - Analyze cyber incidents to develop specific responses - Distribute tailored countermeasures or interim guidance to Subscribers to eradicate and prevent cyber incidents across all subscribers - Perform forensic analysis of systems and malware in cases where subscribers lack the capability and ensure relevant IOCs are shared with Warning Intelligence - Mitigate operational and/or technical impact due to cyber incidents - Contain the spread of malware to prevent further damage to IT systems through detection, analysis, and execution of containment measures **Qualifications** - Must possess Bachelor's degree or equivalent experience - Must have at least 2 years intrusion detection experience - Must have at least 2 years relevant IT and/or System administrator experience and 2 years relevant Information Security experience - Must have the certifications for DOD 8570 IAT Level II minimally - Must have the certifications for DOD 8570 CSSP-Analyst or CSSP-Incident Responder - Must have the ability to earn DoD 8570 computing environment certification within 6 months - Understanding of network hardware devices and experience configuring Access Control Lists or other Firewall or Router configuration experience - Ability to demonstrate strong knowledge of computer security concepts - Ability to communicate effectively, interpret regulatory guidance and identified vulnerabilities to a wide audience - Advanced knowledge of network technologies and protocols - Advanced understanding of current threats and trends present in the Information Security and Technology field - Must complete the specified Joint Qualification Requirement training within 180 days of date of hire, unless otherwise specified SECURITY CLEARANCE REQUIRED: Must currently hold a security clearance at the Secret level or be able to obtain and maintain a clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location. Physical Demands: - Must be able to lift up to 25 pounds - Must be able to stand and walk for prolonged amounts of time - Must be able to twist, bend and squat periodically \#LI-MN1 Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification. Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes. UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity Posters provided by OFCCPhere (******************************************* . All candidates must apply online at ***************** , and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance *****************/careers/recruitment/ . The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs. **Join our Talent Community!** Join our Talent Community (************************************************************************ to receive updates on new opportunities and future events. **ID** _2025-24272_ **Category** _Information Technology_ **Location : Location** _US-OH-Wright-Patterson AFB_ **Clearance Level Must Be Able to Obtain** _Secret_ **Minimum Clearance Required** _N/A_ **Travel Requirement** _N/A_

The Manager, Information Security is responsible for implementing and executing WPCU's Information Security program and strategies under the leadership of the VP, Information Security. This role will collaborate with all lines of business through projects, risk assessments, controls, and control effectiveness reviews. The manager will oversee tools utilized by the Information Security team to provide feedback on vendors and applications. Position will be responsible for collaboration with various business units during a data incident to ensure incidents are properly documented and evidence is captured. This role will be expected to provide thought leadership to ensure the efficiency and effectiveness of the Information Security team. The major activities for this position include: 1) Information Security Operations (40%) a) Develop and oversee control effectiveness reviews to ensure all activities align in scope and frequency with information security policies and approved information security frameworks. b) Develop and oversee information security's involvement with vendor due diligence processes. c) Develop and oversee Identity Access Governance processes to ensure alignment with the principle of least privilege access. d) Develop and oversee information security related risk assessments. Develop and oversee processes to rate criticality of applications and controls to ensure risk assessments are aligned. e) Ensure all assessments are completed in a timely manner including developing appropriate cross training plans to schedule impacts. f) Develop and oversee reporting related to all assessments to ensure risk levels are appropriately assigned and management responses are captured. g) Ensure identified gaps from information security assessments are appropriately tracked. Coordinate with various business units to collect timely updates. 2) Personnel Management & Procedures (20%) a) Mentor assigned partners by administering individual development plans, making recommendations for promotions, or implementing coaching plans. This includes performing regular 1-on-1s with partners and completing annual reviews. b) Ensure departmental procedures are effective, up-to-date, and follow company standards. 3) Project Management (20%) a) Participate in project planning events to provide estimated work effort for projects including pro-active escalation of resources constraints to the VP of Information Security. b) Assist in fostering an enterprise-wide security first culture by participating in project requirement gathering session. Inform project owners of applicable controls, audit findings, or control effectiveness gaps that are appropriate for the project. c) Attend on-going project meetings to advise and ensure information security controls are addressed. 4) Incident Management (10%) a) Role will be responsible for ensuring data incidents are tracked, properly documented, and evidence has been collected. b) Provide regular status updates to the VP of Information Security on open data incidents. 5) Audit and Regulatory Exam Support (10%) a) Assist the Vice President of Information Security with internal and external audits to ensure document collections are completed in a timely manner and properly vetted. b) Serve as subject matter expert during internal and external audits related to activities completed by Information Security. c) Ensure assigned business units are operating efficiently and reliably, are in compliance with applicable laws, regulations, and rules, have appropriate operating controls to mitigate risk, and are performing at a high level. Required Skills This leader in information security must be skilled at developing and leading strategic Information Security programs across the enterprise in a complex, multi-system and multi-vendor environment. Strong, practical knowledge of Information Security concepts and technical architecture are essential. Expert knowledge of risk and information security frameworks are essential. 1) A bachelor's degree is required, preferably in Information Technology, Information Security, or a related field. A master's degree in a related discipline is preferred. 2) At least 7+ years of experience in Information Technology or Information Security is required, with at least 3+ years of experience in a leadership role. Demonstrated experience with developing mapping controls to business processes, building control effectiveness reviews, or building risk ratings to allow business units to identify priorities is preferred. 3) A Certified Information System Security Professional (CISSP), Certified Information Security manager (CISM), or similar certification is required. 4) Demonstrate experience in evaluating vendor due diligence and vendor risk assessment processes. 5) Demonstrate experience in Identity Access Management including how to perform user access and rights reviews to align with least privilege access. 6) Demonstrate experience with developing and implementing a risk assessment process that is collaborative with business units and documents risk in accordance with board approved risk appetite. 7) Demonstrate strong leadership skills including the ability to work collaboratively and manage a remote workforce. 8) Demonstrate ability to drive and manage initiatives that increase operational efficiency, enhances quality, and improves/maintains service levels.

Job Title: Senior Security Engineer TOP SKILLS: Top 3 Required Skills: Experience managing data protection and security controls in MS O365 (SharePoint, OneDrive, Teams) Hands-on experience configuring Data Classification Labels, Retention Policies, and DLP rules Strong technical communication and collaboration skills, with the ability to gather business context and explain security solutions clearly What You'll Do We are seeking a highly technical, hands-on Security Engineer to support our enterprise data protection initiatives within MS O365. This mid- to senior-level contractor will play a key role in building and managing security controls across SharePoint, OneDrive, and Teams environments. The role focuses on implementing and tuning Data Loss Prevention (DLP), Retention Policies, and Data Classification Labels. This is an ideal opportunity for someone with an administrative background in MS O365 who is transitioning into or expanding their career in security engineering. The ideal candidate will be a proactive “doer” who thrives in a collaborative environment and is comfortable engaging directly with end users to understand business needs and secure data accordingly. Top 3 Required Skills: Experience managing data protection and security controls in MS O365 (SharePoint, OneDrive, Teams) Hands-on experience configuring Data Classification Labels, Retention Policies, and DLP rules Strong technical communication and collaboration skills, with the ability to gather business context and explain security solutions clearly Additional Requirements: Background in Microsoft 365 administration with a desire to focus on security Familiarity with secure handling of large file volumes and resolving oversharing risks Experience implementing or tuning custom security controls within Microsoft 365 environments Ability to validate data use cases and work with end users to align controls with business needs Responsibilities: Build, configure, and maintain MS O365 security controls, including DLP policies, Retention Labels, and Data Classification Labels Evaluate and tune existing configurations to improve protection of enterprise data Help reduce risk from overshared files, stale data, or inappropriate access across large MS O365 environments Engage directly with end users and business teams to gather context and guide the implementation of appropriate security controls Take ownership of solutions-this role is for someone who will recommend, implement, and follow through on actions Contribute to the security posture of the OneDrive, SharePoint, and Teams environment across the organization What You'll Get Competitive base salary Medical, dental, and vision insurance coverage Optional life and disability insurance provided 401(k) with a company match and optional profit sharing Paid vacation time Paid Bench time Training allowance offering You'll be eligible to earn referral bonuses! All done! Your application has been successfully submitted! Other jobs

Cybersecurity and Network Protection SME Clearance Required: TS/SCI (active) Inc. At JMark Services Inc., we are committed to securing the mission. As a trusted partner to the Department of Defense and Intelligence Community, we specialize in cybersecurity, information assurance, and technical operations that protect critical systems and national interests. Our teams thrive at the intersection of innovation and accountability-where every decision matters. Position Title: Cybersecurity and Network Protection SME JMark is seeking a highly skilled Cybersecurity and Network Protection SME to support advanced cybersecurity assessment and compliance operations at Wright-Patterson AFB. In this role, you will lead risk evaluations, validate system security requirements, and play a critical part in maintaining secure, mission-ready environments across classified networks and platforms. Working under minimal supervision, you'll bring deep technical experience and policy fluency to a dynamic, mission-driven team. Key Responsibilities: Plan and conduct compliance audits and vulnerability assessments of systems and networks. Identify deviations from security standards and recommend corrective actions. Support risk mitigation strategies and ensure compliance with certification and accreditation processes. Assist in implementation of government policies such as NISPOM and DCID 6/3; recommend tailored improvements. Provide process, analysis, coordination, and documentation support for secure system operations. Conduct security certification test planning, participation, and reporting (ST&E). Perform hardware/software security research and support secure tech integration and release. Review system audits and track corrective actions through closure. Collaborate with stakeholders across technical, policy, and leadership levels. Required Qualifications: Bachelor's degree in Engineering, Computer Science, Information Technology, or a related field. Minimum of 10 years of relevant cybersecurity or information assurance experience. Strong understanding of vulnerability assessments, ST&E, and certification/accreditation frameworks. Experience applying federal security guidelines (NIST, STIGs, NISPOM, DCID 6/3, RMF). Exceptional problem-solving, organizational, and technical writing skills. Active TS/SCI clearance is required. Why Join JMark? Tackle real-world cybersecurity challenges that protect national defense systems Collaborate with high-caliber experts in a mission-critical environment Enjoy growth opportunities and technical leadership roles Competitive compensation, full benefits, and a values-driven culture Secure infrastructure. Reduce risk. Lead with integrity. Apply now to become a Cybersecurity and Network Protection SME at JMark Services Inc. - Wright-Patterson AFB.

We are hiring a full-time Cybersecurity Engineer who is technical, dedicated to learning new things, security-minded, has strong initiative, and is able to manage projects autonomously. The Information Security team defends the company's digital infrastructure by designing, implementing, and improving the company's cybersecurity architecture. This is a critical role responsible for protecting infrastructure, cloud, edge devices, and data against unauthorized use, modification, exfiltration, or damage. If you're excited to be part of a fast-growing team, then Medpace is a great place to grow your career. Responsibilities * Engineer security solutions without oversight while collaborating with multiple internal departments and vendors; * Analyze security systems and drive continuous improvements; * Research vulnerabilities, perform vulnerability scanning and remediate threats; * Mature security best practices and policies internal to the organization; * Develop new processes while cross-training coworkers and assisting employees on security-related matters; * Provide security awareness training and testing for employees to verify proper security protocols are being adhered to; * Performing cyber security incident triage, reviewing logs, and performing remediation activities; and; * Review and reduce inappropriate/overprovisioned access to drive least privileged access. Qualifications * Minimum of bachelor's degree, preferably in Cybersecurity or Information Technology; * 3 years of experience in implementing, sustaining, and supporting Information Security solutions; * Understanding of security best practices and how to implement them within an enterprise environment; * Experience with managing, configuring, and deploying enterprise-grade security solutions in some of the following areas: * Zero Trust networking and network segmentation * Networking protocol analysis and forensics * Firewall configuration, Intrusions Detection and Prevention Systems (IDS/IPS) * Configuring Azure network architecture, working with Azure policies and Defender for Cloud Nice to have: * Experience with vulnerability assessment tools such as Nessus and Tenable; * Experience with enterprise web proxy solutions, web filters, and VPN such as Zscaler; * Experience with governing Windows environment including GPO; * Previous employment or experience in a highly regulated industry such as healthcare, financial, or defense experience with standards such as ISO, NIST, HIPPA, and/or SOC2; and * Auditing and policy-writing experience. Medpace Overview Medpace is a full-service clinical contract research organization (CRO). We provide Phase I-IV clinical development services to the biotechnology, pharmaceutical and medical device industries. Our mission is to accelerate the global development of safe and effective medical therapeutics through its scientific and disciplined approach. We leverage local regulatory and therapeutic expertise across all major areas including oncology, cardiology, metabolic disease, endocrinology, central nervous system, anti-viral and anti-infective. Headquartered in Cincinnati, Ohio, employing more than 5,000 people across 40+ countries. Why Medpace? People. Purpose. Passion. Make a Difference Tomorrow. Join Us Today. The work we've done over the past 30+ years has positively impacted the lives of countless patients and families who face hundreds of diseases across all key therapeutic areas. The work we do today will improve the lives of people living with illness and disease in the future. Cincinnati Perks * Cincinnati Campus Overview * Flexible work environment * Competitive PTO packages, starting at 20+ days * Competitive compensation and benefits package * Company-sponsored employee appreciation events * Employee health and wellness initiatives * Community involvement with local nonprofit organizations * Discounts on local sports games, fitness gyms and attractions * Modern, ecofriendly campus with an on-site fitness center * Structured career paths with opportunities for professional growth * Discounted tuition for UC online programs Awards * Named a Top Workplace in 2024 by The Cincinnati Enquirer * Recognized by Forbes as one of America's Most Successful Midsize Companies in 2021, 2022, 2023 and 2024 * Continually recognized with CRO Leadership Awards from Life Science Leader magazine based on expertise, quality, capabilities, reliability, and compatibility What to Expect Next A Medpace team member will review your qualifications and, if interested, you will be contacted with details for next steps.

Implement system security requirements throughout the Systems Engineering processes during weapon system lifecycle. Security Architecture Design: Design and implement security solutions to ensure the confidentiality, integrity, and availability of systems in compliance with government regulations and standards (e. g. , NIST 800-53, Risk Management Framework (RMF), DISA STIGs, and NSA Security configuration guides). Risk Assessment: Identify threats and vulnerabilities related to systems, networks, and applications, and provide recommendations to mitigate risks. Compliance Management: Ensure systems and processes align with DoD policies, federal regulations, and agency-specific security requirements. System Hardening: Perform system hardening activities, including configuring devices, removing unnecessary services, and applying patches according to DISA STIG guidelines. Incident Response: Lead efforts to respond to cybersecurity incidents by investigating, analyzing, and documenting security breaches. Monitoring and Reporting: Oversee real-time monitoring processes, analyze alerts, and prepare security reports to share with senior management or government agencies. Collaboration: Work closely with engineering, IT, and program management teams to integrate security into project lifecycles and provide guidance on best practices for safeguarding classified and sensitive information. Documentation: Develop and maintain comprehensive documentation, including system security plans (SSPs), risk matrixes, and assessment/evaluation reports. Education: Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Information Technology, Cybersecurity, or related field (Master's degree preferred). Experience: 5+ years of experience in systems security architecture or engineering, ideally within a government or DoD environment. Certifications: Relevant certifications such as CISSP, CEH, CISM, CompTIA Security+, or CAP. Knowledge: Deep understanding of accreditation processes, aircraft systems, embedded systems, systems engineering processes and COMSEC encryption. Technical Skills: Expertise in security, vulnerability scanning tools and avionics architectures. Must possess an active Top Secret clearance with eligibility for SCI. Experience with government contracting and DoD security program management. Familiarity with scripting, automation tools, and secure system integration techniques. Understanding of cloud security in classified environments. NSA engagement and crypto development experience. Strong analytical skills to identify cybersecurity risks and solutions. Excellent verbal and written communication skills for interfacing with internal teams and external government agencies. Ability to work in high-pressure environments and handle sensitive information securely.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at ******************* Job Function: R&D Product Development Job Sub Function: R&D Software/Systems Engineering Job Category: Scientific/Technology All Job Posting Locations: Cincinnati, Ohio, United States of America, Santa Clara, California, United States of America : About Surgery Fueled by innovation at the intersection of biology and technology, we're developing the next generation of smarter, less invasive, more personalized treatments. Are you passionate about improving and expanding the possibilities of MedTech surgery? Ready to join a team that's reimagining how we heal? Our MedTech Surgery team will give you the chance to deliver surgical technologies and solutions to surgeons and healthcare professionals around the world. Your contributions will help effectively treat some of the world's most prevalent conditions such as obesity, cardiovascular disease and cancer. Patients are waiting. Your unique talents will help patients on their journey to wellness. Learn more at *******************/medtech. We are searching for the best talent for a Staff Product Security Engineer position, to be located in Santa Clara, CA or Cincinnati, OH. Job Description: The Staff Product Security Engineer will be a key member of the Capital R&D organization, make vital contributions to the New Product Development (NPD) pipeline and transform patient care through innovation. They are accountable for leading our NPD teams and creating a strategy to implement cybersecurity into the design and development of product hardware and software for use in cutting edge medical devices and associated capital equipment You will be responsible for: Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat/vulnerability pairs. Drive architecture, requirements, and design to ensure that decisions incorporate security considerations. Advise embedded system security software to ensure system hardening and secure coding practices. Support all stakeholders on patch management, vulnerability handling, and SBOM scanning Document designs and specifications per design control processes and conform to Industry Standards for Medical Device Software (IEC 62304) Qualifications / Requirements: Education: Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity or related degree Experience and Skills 6+ years' experience (or 4+ with M.S.) establishing security architecture or implementing security solutions in consumer products or medical devices 3+ experience in a software engineering or software architectural role in a New Product Development (NPD) environment Proven experience with threat modeling and risk assessments for connected products or medical devices Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams Ability to think big picture and have attention to detail - aligning strategic objectives with tactical implementation. Proven experience with electrical and embedded software design Experience developing software for embedded Real-Time Operating Systems (RTOS) Experience developing embedded software systems using Modern C++ (preferably standards 17+) A results and performance driven demeanor with strong sense of accountability Understanding of penetration testing, vulnerability scanning, and/or other general security testing principles Preferred Skills & Experience: Experience with FDA, data governance, and privacy standards (HIPAA, ISO 27001, UL 2900) Work experience with Systems Engineering activities: requirements management and development, risk management, and verification Strong collaboration, proven technical leadership capabilities, and conflict resolution skills A security certification from an accredited body is preferred and may be considered in lieu of a portion of required years of experience Experience working with secure boot, Trusted Platform Module (TPM), Data Distribution System (DDS), and QNX Other Requirements: Ability to travel up to 10% domestic US and Internationally The anticipated base pay range for this position is $105,000- $169,050. California Bay Area - The anticipated base pay range for this position is $141,000 - $227,000. The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/performance year. Bonuses are awarded at the Company's discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)). This position is eligible to participate in the Company's long-term incentive program. Employees are eligible for the following time off benefits: Vacation - up to 120 hours per calendar year Sick time - up to 40 hours per calendar year Holiday pay, including Floating Holidays - up to 13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below. For additional general information on Company benefits, please go to: - ********************************************* This job posting is anticipated to close on 7/22/25. The Company may however extend this time-period, in which case the posting will remain available on *************************** to accept additional applications. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via *******************/contact-us/careers . internal employees contact AskGS to be directed to your accommodation resource. #RADSW #Li-Hybrid Required Skills: Preferred Skills:

Advent Global Solutions (AGS) is a leading global IT services company, specialized in delivering enterprise software solutions, IT consulting & outsourcing services, and product engineering solutions. Advent Global's commitment to deliver IT services is backed by 1,000+ employees and preferred partnerships with companies like SAP, Oracle, Sybase, and IBM Job Description Role: IT Security Engineer Location: Cincinnati, OH Duration: 12 months Need 10+ years consultant Key Responsibilities: Minimum 10+ years of IT security experience that includes proven IT Security risk assessments and audits, information risk management and assessment development Minimum 10+ years of on-site working experience in the US Minimum of 2 years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security. Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security. 3+ years of experience in Web development and web technologies like HTTP, HTML, CSS, and JSPs. 3+ years of experience in microservice development, Node.js preferred or java springboard 2+ years of experience in continuous integration, continuous delivery and deployment automation 2+ years of experience in secure software development and deployment Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security. Contributes to the design, engineering and implementation of systems infrastructure. Ability to execute in an agile driven environment Applies proven communication, analytical and problem-solving skills to identify, communicate and resolve issues. Application security reviews * Application Penetration testing * Projects and research work as needed * Security training and outreach to internal development teams * Security guidance documentation * Security tool development * Security metrics delivery and improvements Conduct deep code reviews and find design flaws, and think long-term about driving down operational cost Solve problems at their root, stepping back to understand the broader context, and implementing fixes to ensure that discovered issues are not repeated Stay abreast of new techniques, tools and methodologies used to solve cloud security problems Experience understanding Common Vulnerabilities and Exposures (CVE) and Web Application Security - OWASP Top 10 Requirements analysis, definition, and refinement Secure and assured systems engineering Hands on software engineering and development Mobile computing platform application development Application of Information Security Principals Must have experience in the Assessment of security risk, Big data and analytics, Reverse engineering and Malware analysis Software innovation and technology insertion Use of database technologies such as Oracle, MySQL, or SQL-based equivalents, as well as NoSQL-based databases such as Mongo DB Use Software Configuration Management tools Understanding of Software Development Life Cycle (SDLC) processes Support Test Engineering during formal testing phase of the project Represents the organization in providing solutions to difficult technical issues associated with specific projects Supports project developing solutions for Modernization and Sustainment tasks Must have Agile and DevOps Experience Bachelor's Degree or equivalent education and experience required. Security and/or risk-related certifications preferred but not required (CISSP, CSSLP, GEWB, CASS, CISA, CRISC, C-WAST) Proven analytical skills to identify and analyze security requirements and relate them to appropriate security policies, standards and/or controls in order to determine associated risk. Ensure that technical solutions effectively meet and support business needs. Proven ability to handle and prioritize multiple assignments, often within limited time constraints. The ability to interact with internal and external personnel at all organizational levels. Therefore, the candidate must have the ability to influence others across a matrix organizational structure Proven strong written and verbal communication skills are a requirement; both within the organization and with external partners and vendors. The ability to work independently and as a self-starter. Please share resumes to hemanth[dot]n[at]adventglobal[dot]com Additional Information All your information will be kept confidential according to EEO guidelines.

Secure Your Future with the University of Dayton Research Institute! The University of Dayton's Research Institute (UDRI) is seeking a highly motivated and experienced Information System Security Officer to join our dynamic Sensor & Software Systems division in Warner Robins, GA. This is an exceptional opportunity to be part of a renowned research institution committed to excellence, innovation, and community engagement. The Information System Security Officer (ISSO) position is supporting the Air Force Rapid Sustainment Office (RSO). The RSO increases mission readiness by rapidly identifying, applying and scaling technology essential to the operation and sustainment of the U.S. Air Force. Success comes from our teamwork and mutual respect for each other's talents and unique perspectives. This role supports the government cyber lead and provides cybersecurity support for advanced software-intensive technologies to include agile manufacturing, conditioned-based maintenance, augmented reality/virtual reality, cloud-based infrastructure and services, and robotics. Responsibilities: • Serve as cybersecurity technical advisor, consultant, and primary point of contact to the Program Manager, Information System Owner, and other stakeholders for the Information systems • Assessing systems for vulnerabilities and providing corrective recommendations. • Supporting government Cyber lead in performing RMF activities leading to system RMF acceptance IAW DoDI 8510.01, NIST 800-series special publications, USAF policy and instructions, and guidance as applicable on RSO IT systems in networked, standalone, and cloud configurations. • Support, coordinate, and continuously monitor system security posture and ensure adverse events are formally handled and reported • Developing, reviewing, and updating necessary documentation associated with achieving RMF accreditation of each system. • Applying currently accepted methods for documenting the RMF status of each RSO system within the DoD environment. • Security Technical Implementation Guides (STIGs) for all systems • Managing projects in compliance with DoD and AF RMF policies including but not limited to the following: o DoDI 8500.01 - Cybersecurity Risk Management Framework for DoD Information Technology. o DoD 8570.01 M - Information Assurance Training, Certification, and Workforce Management. o CNSSI 1253 - Security Categorization and Control Selection for National Security Systems. o NIST 800-series Special Publications (SP). o Computer Security, including SP 800-53 - Security Controls and Assessment Procedures for Federal Information Systems and Organizations and Air Force Instruction Series 17. Cyberspace: Accomplishing system categorization, security control selection, security control implementation, security control assessment, and security control monitoring, including, but not limited to, accomplishing the RMF steps as outlined in DoDI 8510.01 on a system-by-system basis • Providing system performance reporting. • Support System Administrator for multiple cloud projects and implementations. • Supporting Interim Authority to Test (IATT)/ Authority to Operate (ATO) planning and execution. Minimum Qualifications: • Associates Degree in Cybersecurity, Computer Science, or related field • 3+ years relevant cybersecurity experience • Experience with the NIST RMF process • Security Technical Implementation Guides (STIGs) application experience • The applicant must meet DoD 8570.01-M IAT Level II or higher certification requirements on hire date (Security+ CE) • Familiarity with the DOD Information Assurance Vulnerability Management program • Effective verbal and written communication skills • Ability to obtain a Secret level security clearance • Due to the requirements of our research contracts with the U.S. federal government, candidates for this position must be a U.S. citizen Preferred Qualifications: While not everyone may possess all of the preferred qualifications, the ideal candidate will bring many of the following: • 5+ years' DoD cybersecurity experience • IAT Level III or IAM Level I Certification • Bachelor's Degree in Cybersecurity, Computer Science, or related field • Additive Manufacturing experience • Systems Administration experience • Experience with Secure Development Operations Systems, as either a user, developer, or system administrator • Experience with submission of system security package to DoD for ATO, IATO, etc • Active Secret level security clearance. • Familiarity with Enterprise Mission Assurance Support Service (eMASS). • Experience with approved government cloud services such as Microsoft Azure, Amazon Web Services, Google Cloud. • Relevant cloud infrastructure and security certifications (i.e. Office365, SharePoint, Amazon AWS) • Cloud Application experience • Experience managing various project activities ensuring accurate task completion Special Instructions to Applicants: To apply please submit a cover letter addressing each minimum qualification and any applicable preferred qualifications that you meet. Closing Statement: Informed by its Catholic and Marianist mission, the University is committed to the principles of diversity, equity, and inclusion. Informed by this commitment, we seek to increase diversity, achieve equitable outcomes, and model inclusion across our campus community. As an Affirmative Action and Equal Opportunity Employer, we will not discriminate against minorities, women, protected veterans, individuals with disabilities, or on the basis of age, race, color, national origin, religion, sex, sexual orientation or gender identity.

Subsidiary: KIRA Information Solutions Job Title: Information System Security Engineer (ISSE) working with Wright-Patterson Air Force Base, Dayton, OH Labor Category: Exempt Clearance Requirement: Secret Clearance, if required In-person Requirement: As needed, meet in Dayton OH w/ key personnel or Customer Travel Requirement: Minimal, as needed Salary: $615,000 to $210,000 Tlingit Haida Tribal Business Corporation (THTBC) is a family of 8(a), HUBZone, SDB, and other companies wholly- owned by the largest tribe in Alaska. Each of its wholly- owned 30+ subsidiaries are uniquely qualified to deliver value to its customers and teaming partners. For over 30 years, THTBC has operated as a trusted US Federal contractor throughout the US and worldwide. As a Native Alaskan, Tribally- Owned business, THTBC has a competitive edge unique in the US Federal Government contracting space, including access to US Government directed sole source contracts. THTBC delivers outstanding service with innovative, low-cost contract solutions to all its public and private sector customers worldwide. THTBC is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran's status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Scope of Work: This position is working with the government and may require secret clearance and/or security plus certification. The government program office is Wright Patterson AFB, Dayton, Ohio. The development and support team are geographically dispersed, and teleworking is our daily working protocol, however, on-site support for meetings may be required. The program requires highly qualified, self-motivated, proactive people who work well with others with limited supervision. Essential duties The Information Systems Security Engineer (ISSE) will be responsible for the day-to-day security operations of all of the ETIMS systems. The ISSE will be responsible for ensuring the full compliance and appropriate operational security posture set to current Federal, CNSS, DoD, USAF, and NIST standard including but not limited to standards included in the programs Performance Work Statement. CyberSecurity for all information systems will be maintained and documented by the ISSE. The ISSE will run vulnerability scans, as required in systems such as Checkmarx and CAST, etc. In addition to implementing and maintaining the aforementioned policies, they shall support the creation and maintenance of Plans of Action and Milestones (POA&M) in response to vulnerabilities identified during scans, risk assessments, audits, and inspections. This responsibility includes physical and environmental protection, access control, incident handling, security training, vulnerability and compliance management, configuration management, and the assistance in the development of security policies and procedures. The ISSE assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals. The ISSE shall ensure that all application deliverables comply with the hosting environment's Application Security & Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning, the Database STIG, and a Web Penetration Test to mitigate vulnerabilities associated with (Structured Query Language) SQL injections, cross-site scripting, and buffer overflows. The appointed ISSE will work for and in close collaboration with the Government appointed ISSM/E. Our ISSE will perform duties in accordance with DoD Instruction 8510.01 and 8520.02, DoD Directive 8140.01, AFI 33-210, NIST Special Publication 800-37, and AR 25-2. Required qualifications: Bachelor's degree in engineering, science, mathematics, or a related field. Five years' experience within the past 10 years, in planning simulation exercise architectures, supervising implementation of communication systems, and integration of distributed exercises. Five years' experience in information technology management. Knowledge base with DoD Instruction 8510.01 and 8520.02, DoD Directive 8140.01, AFI 33-210, NIST Special Publication 800-37, and AR 25-2. Meet DoD 8570.01-M, 8140.01 Baseline Computing Environment (CE) Certification Requirements at Information Assurance Management Level II (IAM II). U.S. citizenship. Preferred qualifications: Bachelor's degree in Computer Science or Information Management. Possess an expert understanding of NIST, DoD, Air Force (AF) Cybersecurity Risk Management Framework policies, directives, instructions, manuals, and best business practices. Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities (e.g., ACAS, MECM, ESS,etc.). Knowledge of disaster recovery continuity of operations plans. Knowledge of enterprise incident response program, roles, and responsibilities. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth). Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge of measures or indicators of system performance and availability.

TOP SKILLS: Must Have Brinq Excellent communication and presentation skills, and a proven background of presenting to senior leaders, large groups, etc. on relevant matters pertaining to large projects and impacting key functionality. Lead and Implementation Experience Performing referral to principle proven consistent experience in vulnerability management, security engineering, security consulting etc Proven experience with proactive threat management, research, escalation, discovery etc. Security Solid understanding of popular security tooling and understanding of security architecture/interconnectedness of processes and tooling. Nice To Have CISSP, CISA, CISM, AWS Solutions Architect certifications GRC/audit management experience Scripting/automation experience - python preferred Solid proven experience with tooling such as Qualys, Brinqa, Archer, ServiceNOW, Checkmarx, Prisma (and any AWS experience is great as well) What You'll Do Responsible for performing all functions required to support day-to-day data security operations and accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy, and coordinating investigation and reporting of security incidents. Primary Responsibilities: Define, deliver, and support enterprise security tools and architecture in collaboration with other teams. Enhance the Bank's network vulnerability management program for in-scope subsidiaries and affiliates. Define security environments and lead the implementation and onboarding of new applications, programs, processes, projects, and initiatives into the Enterprise Vulnerability Management Program. Communicate, escalate, support, and guide the resolution of open vulnerabilities, including infrastructure, application security, and configuration management vulnerabilities. Conduct security research on threats and remediation techniques/technology, make recommendations to IS/IT teams, and oversee their implementation. Proactively monitor and investigate security alerts from managed security service providers and in-house security tools. Conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications, and systems. Support ad hoc requests for reporting and control evidence, as needed. Perform threat analysis and incident response by interpreting events. Support the Bank's operational information security responsibilities, including developing and maintaining standards, procedures, and guidelines for the Enterprise Vulnerability Management Program. Share knowledge and industry best practices with team members. Serve as a security engineer/consultant on projects. What You'll Get Competitive base salary Medical, dental, and vision insurance coverage Optional life and disability insurance provided 401(k) with a company match and optional profit sharing Paid vacation time Paid Bench time Training allowance offering You'll be eligible to earn referral bonuses! All done! Your application has been successfully submitted! Other jobs