Security architect jobs in Dundalk, MD

We are seeking a hands-on Solutions Architect who will also serve as the Information System Security Engineer (ISSE) for key cybersecurity systems supporting the Department of Veterans Affairs (VA). This role is ideal for someone with deep technical engineering skills, cloud and DevSecOps experience . This individual will also lead teams to develop and implement technical solutions to remediate vulnerabilities and other complex cybersecurity challenges. Candidates will have a solutions-oriented mindset to help the VA problem solve complex cybersecurity and IT challenges. The candidates should also be well-versed with facilitating working sessions and have the ability to distill complex concepts into non-technical/common language. The role will focus on analyzing and recommending system security architectures, vulnerability mitigation, policy-driven compliance implementation, and full-lifecycle support for the Department of Veteran's Affairs systems. Key Responsibilities: Cybersecurity Engineering & Architecture (Primary): Analyze complex technical findings and determine necessary resources needed to solve problem-sets across multiple cybersecurity and technical domains Able to partner with technical teams to develop and implement technical solutions Design, build, and deploy secure cloud-native architectures and infrastructure components for VA information systems Develop and maintain CI/CD pipelines with integrated security scanning, policy enforcement, and remediation tools Implement secure infrastructure as code/policy as code using tools such as Terraform/CloudFormation, including writing and implementing PaC scripts Align security architectures with Federal Zero Trust strategy, VA directives, and OMB policies Enable automation of system telemetry and analytics pipelines for cyber situational awareness ISSE Responsibilities: Provide engineering and technical analysis on behalf of Agency Authorizing Officials (AOs) for System Security Plans (SSPs), Risk Assessments, Security Controls Traceability Matrices (SCTMs), and POA&Ms Support system authorization and compliance activities including continuous monitoring and system audits Conduct regular and ad-hoc analysis of security control findings and develop and implement remediation strategies Minimum Qualifications: 8+ years of security engineering, DevSecOps, or cloud architecture experience Expertise in securing platforms hosted in AWS GovCloud and Azure Government Strong experience with NIST RMF, FISMA, FedRAMP, and Zero Trust architecture implementation Hands-on skills in IaC tools like Terraform and CI/CD tools such as GitLab/Jenkins, with ability to adopt new technologies if procured by the agency Experience with network isolation tools such as Palo Alto Next Generation Firewalls (NGFW) and Juniper Mist Network Access Control (NAC) solutions or comparable Demonstrated experience securing modern applications, APIs, and automated infrastructure Excellent written and oral communication skills; ability to explain complex, technical information in easily understood terms; ability to brief Senior VA leadership regularly U.S. Citizenship and ability to obtain and maintain a Public Trust clearance Bachelor's degree in computer science, Engineering, or technical equivalent with 5 years of technical experience or a total of 13 years in lieu of education Preferred Qualifications: Prior VA experience supporting VA OIS or major cybersecurity initiatives Experience authoring and maintaining ATO documentation in VA or HHS environments Experience with IoT/IoMT security solutions is a plus Knowledge of federal cybersecurity standards

Chief Information Security Officer (CISO) The Chief Information Security Officer is a senior executive responsible for defining and overseeing the enterprise-wide vision, strategy, and execution of information security programs that safeguard all organizational data and technology. Reporting directly to the CEO and/or Board of Directors, the CISO plays a pivotal role in managing security risk across both the Academic/Research and Clinical/Patient Care operations of the integrated university and hospital system. Position Details Salary: $250-2750k Type: Full-time, direct hire Location: Washington DC, onsite 3 days a week Strategic Direction & Executive Leadership Build and execute a long-term cybersecurity vision that supports the institution's academic initiatives, research priorities, and clinical mission. Lead and develop the security department, offering coaching, structure, and direction to cybersecurity personnel and partner teams. Establish the organization's security policies, governance models, and standards to ensure consistent risk management practices. Oversee financial planning for cybersecurity, including technology investments, service contracts, and budget management. Risk Oversight & Regulatory Alignment Supervise all risk assessments, compliance reviews, and internal/external audits, ensuring timely closure of any identified risks. Maintain adherence to all regulatory requirements applicable to both sectors: Hospital/Clinical: HIPAA/HITECH, CMS guidelines, and relevant state-level data protection rules. University/Research: FERPA, NIST SP 800-171 for research compliance, and PCI DSS for payment and donation processing. Direct the institution's incident management program-coordinating preparation, testing, and response efforts during cybersecurity events affecting either environment. Operational Security Management Lead the selection, deployment, and ongoing support of cybersecurity technologies (e.g., SIEM tools, firewalls, intrusion detection systems, endpoint protection). Oversee vulnerability assessments, penetration testing initiatives, and continuous monitoring activities. Work closely with IT, engineering, research teams, and clinical technology leaders to incorporate secure design principles into all systems and projects. Communication, Influence & Education Act as the organization's primary authority on cybersecurity matters for executives, trustees, faculty, students, clinicians, and administrative teams. Create and oversee training and awareness programs tailored to the specific needs of academic users, researchers handling sensitive data, and clinical professionals. Provide routine briefings to senior leadership and the Board on emerging risks, ongoing initiatives, and the overall security posture. Required Qualifications Education: Bachelor's degree in Computer Science, Information Systems, or a related technical field (Master's preferred). Professional Background: At least 10 years of progressive cybersecurity experience. Minimum 5 years serving in a senior leadership capacity (e.g., CISO, Security Executive, VP of Cybersecurity). Dual-sector experience: Strong understanding of both healthcare and higher-education cybersecurity and regulatory environments. Certifications: One or more required-CISSP, CISM, or equivalent. Key Skills & Core Competencies Advanced knowledge of enterprise security design, network and cloud protection strategies, and modern risk evaluation techniques. Strong familiarity with frameworks such as NIST Cybersecurity Framework, ISO 27001, and the MITRE ATT&CK model. Outstanding leadership presence with the ability to collaborate, influence, and guide diverse groups across a complex institution. Demonstrated success in leading security incident response efforts and handling high-pressure situations. Proven ability to implement practical, scalable security practices in environments balancing open research culture with rigorous patient data protection requirements.

We are seeking multiple mid-level (5 years minimum) Cyber Defense Incident Responders that are available to work the midnight shift (11pm-7:30am) in a Security Operations Center. Clearance Requirements: Top Secret w/SCI Location: Washington, D.C. Job Description: Coordinate incident response functions. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Perform cyber defense trend analysis and reporting. Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Track and document cyber defense incidents from initial detection through final resolution. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Coordinate with intelligence analysts to correlate threat assessment data. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Basic Qualifications- To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below: Bachelor's degree or higher 5+ years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling Must have,one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP). Strong written and verbal communication skills. Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of system administration, network, and operating system hardening techniques. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. Demonstrated ability to interact effectively with senior management and leadership. Ability to design incident response for cloud service models. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Desired Skills Experience identifying, capturing, containing, and reporting malware. Skill in preserving evidence integrity according to standard operating procedures or national standards. Strong securing network communications experience. Recognizing and categorizing types of vulnerabilities and associated attacks. Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). Experience performing damage assessments. Skill in using security event correlation tools and design incident response for cloud service models.

Veteran Owned Firm Seeking a Junior Information Systems Security Officer (ISSO) for an Onsite role in Washington, DC My name is Stephen Hrutka, and I am the owner of a Veteran Owned management consulting firm in Washington, DC focused on Technical/Cleared Recruiting for the DoD and IC. HRUCKUS helps other Veteran-Owned businesses recruit for positions across the VA, SBA, HHS, DARPA, and other cutting-edge R&D related defense agencies. We seek to fill a Junior Information Systems Security Officer (ISSO) position in Washington, DC. The ideal candidate is a DMV resident who holds active TS/SCI clearance with CI-Poly eligibility, a minimum of 3 years of ISSO experience, at least 5 years in a computer science or cybersecurity-related role, hands-on familiarity with tools such as Nessus or NMAP, and a core certification such as CISSP, GISP, or CASP. If you're interested, I'd be glad to provide more details about the role and further discuss your qualifications. Thanks, Stephen M Hrutka Principal Consultant HRUCKUS LLC Executive Summary: HRUCKUS is looking for an experienced Jr. ISSO for an onsite role in Washington, DC. The program provides support in the areas of Cybersecurity and Management to improve the Information Assurance (IA) posture of a federal customer. The contract's support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Key Responsibilities: Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis Conduct required IS vulnerability scans according to risk assessment parameters. Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an agency's IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed, and entity type Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary Ensure that new entities are created in the GRC application with the security categorization of agency ISs Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS Perform an independent review of the System Security Plan (SSP) and make approval decisions Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official Schedule security control assessments in coordination with the system owner. Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number Advise the agency Authorizing Official of IS vulnerabilities and residual risks. Ensure that all POA&M actions are completed and tested Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official Ensure the removal and retirement of agency ISs being decommissioned, in coordination with the SO, ISSO, and ISSR. Required Qualifications: Current U.S. Government Top Secret Clearance w/ SCI and a CI-Polygraph eligibility At least 3 years serving as an Information Systems Security Officer (ISSO) at a cleared facility Minimum of 5 years of work experience in a computer science or cybersecurity-related field Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WeblInspect, Network Mapper (NMAP), and/or similar applications. Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP) Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level I proficiency Preferred Education: A bachelor's and/or advanced degree in computer science, business management, or IT-related discipline. Details: Job Title: Jr. Information Systems Security Officer (ISSO) Location: Washington, DC 20535 Clearance Requirement: Active Top-Secret Clearance w/ SCI and a CI-Polygraph eligibility Assignment Type: Full-time, Onsite Salary Range: $70,000 - $95,000 per year with benefits: Competitive salary for well-qualified applicants Relocation assistance available for highly qualified candidates 401(k) plan Annual performance bonus Certification and advanced degree attainment bonuses Student Loan / Tuition reimbursement Health Care Insurance (medical, dental, vision) Up to four weeks of paid vacation 11 Federal Holidays, and 3 Floating Holidays Team bonding events

Role: Cybersecurity Engineer III Contract Job Responsibilities / Typical Day in the Role Implement design reviews to evaluate security controls Identify and communicate opportunities to enhance the security posture of Client Build and / or manage enterprise security platforms effectively Communicate effectively across all levels of management to articulate Client security goals and vision. Identify and communicate opportunities to enhance the security posture of Client Build and / or manage enterprise security platforms effectively (SAAS, on premise or in Cloud) Communicate effectively across all levels of management to articulate Client security goals and vision. Have a team player mentality; strive to contribute to team cohesion however can work independently if the need arises Plan, design, engineer and implement security-related technologies Understanding technical security issues, their implications within Client business units and able to effectively communicate them to management and other business leaders. Configure, troubleshoot, and maintain security infrastructure - including software and hardware in cloud environments, as well as on-premises. Conduct security audits and assessments to regularly determine the effectiveness of security platforms and identify areas of improvement. Host and operating systems hardening, auditing, monitoring and logging with appropriate security controls and best practices while meeting security best practices and business goals Research and explore emerging security technologies and determine their appropriate use within the company. Prepare, document, and create standard operating procedures and protocols. Crosstrain and mentor other team members as needed Must Have Skills / Requirements Implementing advanced cyber security technology in a complex environment 5+ years of experience; Hands-on experience in security engineering, hands-on experience in building, designing, and maintaining enterprise security tools. Scripting experience (using Python, Go, or other equivalent languages) 5+ years of experience. Hands-on Experience with automation technologies 3+ Years of experience; Terraform, Ansible, CloudFormation, etc. Linux Experience. 5+ years of experience; Ability to construct and maintain complex network infrastructures. Technology requirements: Engineer and administer security platforms including SIEM/SOAR systems, endpoint detection and response, vulnerability management, anomaly detection, and cloud analysis. Experience in managing the Brinqa vulnerability management platform and experience with Groovy programming language Must have 5+ years of scripting experience (using Python or other equivalent languages) Hands-on Experience in public cloud infrastructures like AWS (Amazon Web Services) Nice to Have Skills / Preferred Requirements Security and Cloud certifications are a plus. (CISSP, Splunk Admin, AWS Solution architect). Media/entertainment or distributed global network experience. Soft Skills Hands-on technical experience with networking and computing system architectures, specifically, the security aspects thereof. Thorough understanding of information security principles, techniques, principles, policy frameworks, and best practices Hands-on technical experience with compliance and regulatory frameworks and how they affect architecture designs and review

We are seeking a Cybersecurity Engineer with strong, hands-on experience implementing Data Loss Prevention (DLP) solutions, specifically using Azure Purview and Microsoft Intune. This role requires a technical practitioner who has directly deployed, configured, and operationalized security controls-not just monitored events. The engineer will design and implement secure architectures across cloud and hybrid environments, conduct threat modeling, integrate security into new platforms, and ensure alignment with industry best practices and regulatory frameworks such as NIST 800-53, FISMA, and FedRAMP. The ideal candidate must have 10+ years of experience that brings advanced knowledge of cloud security, IAM, encryption, authentication protocols, and modern DevSecOps practices. Additional responsibilities include developing reusable security patterns, performing architecture reviews, enhancing automation, and partnering with IT teams to mature the organization's security posture. Strong communication skills, deep technical proficiency, and experience with Azure/AWS infrastructures are essential for success in this role. This is an onsite direct hire opportunity in Arlington, VA, no contract, no sponsorship. Relocation assistance provided within the US. LI #HP-1

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Develops acceptance criteria for cybersecurity architecture. Investigates computer and information security incidents to determine extent of compromise to national security information and automated information systems. Assists with defining security objectives and system-level performance requirements. Researches and stays abreast of tools, techniques, countermeasures, and trends in computer network vulnerabilities. Configures and validates secure systems, tests security products/systems to detect computer and information security weaknesses. Maintains the computer and information security incident, damage and threat assessment programs. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Involved in the periodic conduct of a review of each system's audits and monitors corrective actions until all actions are closed. Supports the development of integrated system solutions ensuring proprietary/confidential data and systems are protected. Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Minimum Qualifications Bachelor's Degree in Computer Science or a related field or equivalent experience. 2-4 years of experience in systems security. Other Job Specific Skills Must be able to communicate effectively and clearly present technical approaches and findings. Exercises a limited degree of latitude in determining technical objectives of assignments. Excellent attention to detail. Must be able to balance multiple tasks simultaneously. #cjpost

Senior Security Engineer (Information Security Analyst IV) Clearance: Public Trust (U.S. Citizen or Green Card Holder; 3+ years U.S. residency required) Business Unit: Digital Modernization Role Summary The Senior Security Engineer supports the Department of Transportation's (DOT) Cybersecurity mission by enhancing and maintaining the security posture of DOT information systems and infrastructure. These systems play a critical role in safeguarding U.S. critical infrastructure, including highways, bridges, and roadways. This position provides advanced security engineering, participates in strategic security design, and delivers technical expertise for integrated security systems and endpoint protection. The role requires independent decision-making, leadership, and the ability to guide less experienced staff. It also involves complex problem-solving, interaction with senior federal leadership, and contributions that directly impact mission and schedule outcomes. Key Responsibilities Implement endpoint protection profile changes to address external threats and enforce security requirements. Coordinate with application, infrastructure, and engineering teams to troubleshoot endpoint protection software issues. Integrate endpoint security data with security log aggregation tools, including SIEM platforms. Participate in cybersecurity incident handling activities as requested. Stay current on emerging threats, vulnerabilities, and industry best practices related to endpoint security. Work assigned cybersecurity and security operations ITSM (ServiceNow) tickets through completion. Participate in Cybersecurity and Security Operations (SecOps) meetings. Collaborate on cybersecurity solutions that enhance the DOT's security posture. Configure, validate, and test secure systems and physical controls to detect security weaknesses. Contribute to strategic security design efforts, translating business and security requirements into technical solutions. Recommend policy changes and guide others in achieving departmental cybersecurity objectives. Required Technical Skills Endpoint protection management solutions (hands-on experience). Proven understanding of Federal cybersecurity requirements, including FISMA and the NIST 800 series. Ability to articulate endpoint security concepts to non-technical stakeholders. Demonstrated experience collaborating across cross-functional cybersecurity teams. Ability to evaluate complex security problems and apply judgment within established practices and policies. Experience with integration of endpoint security data into SIEM or log aggregation tools. Experience working security operations tickets within ServiceNow. Knowledge of security systems, secure configuration, validation, and testing methodologies. Preferred / Nice-to-Have Skills Foundational understanding of: Application and technology stacks Cloud-based systems Operating systems Databases Networking Firewalls Data Loss Prevention (DLP) Endpoint security software Network IDS/IPS Host-based IDS/IPS General cybersecurity best practices and industry standards Qualifications & Experience 9+ years of experience in Cybersecurity or related IT fields. Bachelor's degree + 9 years OR Master's degree + 7 years of experience Technical Certifications (one or more required): Network+ Security+ SSCP GISF ISACA Cybersecurity Fundamentals Or similar technical cybersecurity certification Ability to obtain and maintain a Public Trust clearance. Benefits (employee contribution): Health insurance Health savings account Dental insurance Vision insurance Flexible spending accounts Life insurance Retirement plan All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

ISSO Industry: Government Contracting Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services. ISSO Key Responsibilities: · Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview. · Maintain operational security posture consistent with current security policy. · Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT. · Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed. · Serve as primary security to system owners, common control providers, and users. · Serve as focal point for cybersecurity incident reporting and subsequent resolution. · Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language. · Ensure all security-related SDLC documentation meets all identified security needs. · Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium. · Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium. · Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures. · Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium. · Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system. · Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring. · Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation. · Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan. · Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS). · Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium. · Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy. · Complete mandatory annual specialized information security training. ISSO Required Skills:8+ years of experience in IT Security Certified Information Systems Security Professional (CISSP) certification. Understanding of NIST 800.53 and its applicability to IT Systems. Expertise with Risk Management Framework, FEDRAMP and FISMA. Understanding authentication in the cloud environment. Experience with continuous monitoring of a cloud system Experience working on assessments with third party assessments organization (3PAO) AWS/Azure associate certified ISSO Compensation and benefits: $120,000 Company-supported medical, dental, vision, life, STD, and LTD insurance Benefits include 10 federal holidays and PTO. 401(k) with company matching Flexible Spending Accounts for commuter, medical, and dependent care expenses Tuition Assistance

The Senior Information Systems Security Officer will provide aid to the program, organization, system, or enclave's information assurance program. In this position the individual will lend assistance for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Position Responsibilities: Assist security authorization activities in compliance with Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF). Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Manage changes to system and assesses the security impact of those changes. Perform vulnerability/risk assessment analysis to support certification and accreditation. Provide configuration management (CM) for information system security software, hardware, and firmware. Prepare and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Basic Qualifications (Required Skills & Experience): Bachelor's degree in an IT-related or similar relevant field is required or equivalent combination of education, training, and experience Twelve (12) years of related work experience - at least 7 years of experience as an ISSO supporting IC or DoD programs and contracts of similar scope, type, and complexity DoD 8570 compliance with IAM Level II or IAT Level III (i.e., CASP, CISSP, or Associate) An active TS/SCI with polygraph Physical Demands Ability to work in an office or classified environment (Constant) Required to sit and stand for long periods; talk, hear, and use hands and fingers to operate a computer and telephone keyboard (Frequent) Salary Range: $120,000 - $175,000 Clearance Level Top Secret with Poly ITAR Requirement: T his position requires access to information that is subject to compliance with the International Traffic Arms Regulations (“ITAR”) and/or the Export Administration Regulations (“EAR”). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction. Please understand that any job offer that requires approval of an export license will be conditional on AeroVironment's determination that it will be able to obtain an export license in a time frame consistent with AeroVironment's business requirements. A “U.S. person” according to the ITAR definition is a U.S. citizen, U.S. lawful permanent resident (green card holder), or protected individual such as a refugee or asylee. See 22 CFR § 120.15. Some positions will require current U.S. Citizenship due to contract requirements. Benefits: AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown. For more information about our company benefit offerings please visit: ********************************** We also encourage you to review our company website at ******************** to learn more about us. Principals only need apply. NO agencies please. Who We Are Based in California, AeroVironment (AVAV) is a global leader in unmanned aircraft systems (UAS) and tactical missile systems. Founded in 1971 by celebrated physicist and engineer, Dr. Paul MacCready, we've been at the leading edge of technical innovation for more than 45 years. Be a part of the team that developed the world's most widely used military drones and created the first submarine-launched reconnaissance drone, and has seven innovative vehicles that are part of the Smithsonian Institution's permanent collection in Washington, DC. Join us today in developing the next generation of small UAS and tactical missile systems that will deliver more actionable intelligence to our customers so they can proceed with certainty - and succeed. What We Do Building on a history of technological innovation, AeroVironment designs, develops, produces, and supports an advanced portfolio of unmanned aircraft systems (UAS) and tactical missile systems. Agencies of the U.S. Department of Defense and allied military services use the company's hand-launched UAS to provide situational awareness to tactical operating units through real-time, airborne reconnaissance, surveillance, and target acquisition. We are proud to be an EEO/AA Equal Opportunity Employer, including disability/veterans. AeroVironment, Inc. is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Qualified applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, protected veteran status, genetic data, sexual orientation, gender identity or other legally protected status. ITAR U.S. Citizenship required

Artech is the 10th Largest IT Staffing Company in the US, according to Staffing Industry Analysts' 2012 annual report. Artech provides technical expertise to fill gaps in clients' immediate skill-sets availability, deliver emerging technology skill-sets, refresh existing skill base, allow for flexibility in project planning and execution phases, and provide budgeting/financial flexibility by offering contingent labor as a variable cost. Job Description Demonstrated experience enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements. Understanding of the Cloud Security Alliance (CSA), Cloud Controls Matrix and how it can be leveraged for reviews of cloud solutions. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications; Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility. Knowledge of best practices and standards for enterprise security architecture specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related services. Experience providing guidance for data protection based on data sensitivity and associated business risk. Practical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specifications, and experience guiding project team remediating such vulnerabilities. Industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP). Qualifications Bachelor's degree in Computer Science, Information Systems or a related technical field. Minimum two years of experience working in an information security, software development, and information risk management related field. Additional Information For more information, Please contact Pragati Joshi ************

Job Description Since 2016, T-Rex Solutions (T-Rex) has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. T-Rex is actively expanding its IT Modernization services within the Federal Civilian market, specifically supporting the Department of Education's strategic priorities. T-Rex is seeking a Cloud Security Architect to design, implement, and manage secure cloud architectures on platforms such as AWS and Azure as the Department of Education looks to transition from an on-premise infrastructure to the cloud. Responsibilities: Design, implement, and manage secure cloud architectures on platforms such as AWS and Azure Analyzes and defines complex information security, automated information security (AIS), and/or computer security requirements that reside (partially or in whole) on Cloud-based platforms (public, community or private); to include Hybrid Cloud requirements that span multiple Cloud and non-Cloud compute centers. Design, develop, engineer, and implement Hybrid-enterprise security solutions. Gather and organize technical information about an organization's mission, goals, and needs; existing security products; and ongoing programs. Develop, analyze, and implement security architecture(s). Perform risk analysis and security audit services, develops analytical reports as required. Apply security administration expertise to manage identity and access management (IAM), implement network security policies, and monitor compliance with security frameworks. Leverage scripting skills (e.g., Python, Bash, PowerShell) to automate tasks, enhance system efficiencies, and orchestrate complex workflows. Employ best practices in cloud security to harden cloud environments against vulnerabilities, ensuring data protection and threat mitigation. Support IA processes including ATOs, POA&Ms, etc. May be required to perform in one or more of the following areas: AIS risk assessment methods and procedures; security of system software generation; security of computer hardware; operating system utility/support software; disaster recovery and contingency planning; telecommunications security; development of AIS security policies and procedures. Requirements: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field and 8+ years of relevant industry experience Profound knowledge of cloud services, architecture, and hands-on experience with at least one major cloud provider (AWS, Azure) Proven background in security best practices, policies, and regulatory compliance (e.g., NIST, ISO 27001, GDPR, HIPAA) Familiar with standard concepts, practices, and procedures of cloud technology, including Software as Service (SaaS), Platform as Service (PaaS), or Infrastructure as a Service (IaaS) Experience working in the public cloud US Citizenship required Desired: AWS Certified Security - Specialty certification T-Rex Overview Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering. T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits. T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. In compliance with pay transparency guidelines, the annual base salary range for this position is $155,000 - $195,000. Please note that the salary information is a general guideline only. T-Rex considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. T-Rex offers a diverse and collaborative work environment, exciting opportunities for professional growth, and generous benefits, including: PTO available to use immediately upon joining (prorated based on start date), paid parental leave, individual and family health, vision, and dental benefits, annual budget for training, professional development and tuition reimbursement, and a 401(k) plan with company match fully vested after 60 days of employment among other benefits.

Physical, Personnel, Special, SAP & Industrial Security Specialist requires an active TS/SCI security clearance*** Cherokee Preting is seeking Security Specialists with experience conducting physical, personnel, SAP and Industrial security functions to support USSOCOM. Compensation & Benefits: Pay commensurate with experience. Full time benefits include Medical, Dental, Vision, 401K and other possible benefits as provided. Benefits are subject to change with or without notice. Physical, Personnel, Special, SAP & Industrial Security Specialist Responsibilities Include: Assists, monitors, and advises on all aspects of security activities Plans and assists in implementation of security activities at the Top Secret and higher classification to ensure USSOCOM personnel (Military, Civilians, Contractors) and all supported tenant organizations are prepared to operate in non-traditional environments to perform critical contingency tasks. Develops written technical approaches and methodologies with regard to security proposals Processes personnel background investigations for special security clearance actions including: Formulating and ensuring compliance with automated information systems security procedures Suggesting, implementing, and monitoring compliance with special security policies and procedures Conducting and coordinating the training for special security representatives Performing as a liaison with Government and industrial security officials, overseeing collateral and higher access and badge procedures. Performs other job-related duties as assigned Active TS/SCI security clearance Minimum of six (6) years Physical, Personnel and Special Security experience within DoD or equivalent Government agencies required, with operational level experience preferred Experience in compartmented programs in DoD, U.S. Intelligence Community or supporting U.S. Contractors Experience in planning/accrediting facilities in accordance with the ICD 7051 standard. Working knowledge of security policies and procedures to include National Industrial Security Program Supplement, and DoD 5105.21 Volumes 1-3 Experience in security training or security inspections is highly desirable Thorough familiarity with all security processes Must possess a valid US passport Ability to successfully complete all medical examinations required by the client, including for any temporary duty or full-time deployment as required Must be able to pass all pre-deployment requirements as deemed necessary to be considered deployable Must pass pre-employment qualifications of Cherokee Federal Physical, Personnel, Special, SAP & Industrial Security Specialist Experience, Education, Skills, Abilities requested: Company Information: Cherokee Preting provides support, services, and solutions to federal and commercial customers. The company takes a personalized approach to solving our clients' toughest challenges, helping you make the most of your skills. Cherokee Preting is part of Cherokee Federal - a team of tribally owned federal contracting companies. For more information, visit cherokee-federal.com. #CherokeeFederal #LI-CK4 #IntelCareers Special Security Technician Operational Security Coordinator SAP Security Officer Industrial Security Coordinator Personnel Security Administrator Special Security Operational Security Personnel Security Information Security Industrial Security Legal Disclaimer: All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.

SES's Senior Insider Threat Security Analyst focuses on advancing SES's Information Security threat and compliance program by security monitoring, threat & vulnerability management, and delivering professional reports including findings and recommendations. The Senior Insider Threat Security Analyst is expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals. PRIMARY RESPONSIBILITIES / KEY RESULT AREAS Lead incident response in response to Insider security events and incidents. Correlation and trend analysis of security logs, network traffic, security alerts, events, and incidents. Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis. Event and incident handling consistently with applicable plans and processes. Analyzing, triaging, aggregating, escalating, and reporting on Insider security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment. Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on in-scope networks, systems, or security technologies. Rapidly assess network traffic, detect data anomalies, and provide detailed reporting on the same. Correlation and trend analysis of security logs, network traffic, security alerts, events, and incidents. Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis. Insider threat event and incident handling consistent with applicable plans and processes. Integration of activities with standard reports, such as Insider security metrics reports. Lead team/project meetings and technical meetings appropriate for the content. Ensure tasks and projects are completed on schedule. COMPETENCIES Strong organizational skills and ability to stay focused while managing multiple tasks concurrently. Understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them. Strong critical thinking/analytical skills, creativity, and a proven drive for quality QUALIFICATIONS & EXPERIENCE Must Have Four-year college degree in the technical field of study or equivalent work experience Technical knowledge and aptitude in the areas of networks, network topologies, remote network access, servers, applicable software and troubleshooting techniques required. Experience working in a SOC or similar environment. Experience with reviewing IDS/IPS, EDR, Firewall and other security/audit logs Experience monitoring and analyzing Security Information and Event Management (SIEM) to identify security issues for remediation, and rules fine tuning. Consolidate and conduct comprehensive analysis of Insider threat data obtained from security tools and make recommendations for optimizing various tools. Nice to Have Participates in the planning, design, and implementation of enterprise security architecture. Experience with Insider threat management tools and experience working on an Insider threat management team. One or more of the following security certifications: Security+, CEH, CYSA+, GCIA, GSEC, GCIA, GMON and GCDA SES and its Affiliated Companies are committed to providing fair and equal employment opportunities to all. We are an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, disability, or any other basis protected by local, state, or federal law. For more information on SES, click here.

SG2 Recruiting is seeking an information security manager to support IC client in the Washington DC Metro area. The information security manager (ISM) will apply their proactive approach to safeguarding organizational data and systems. Key responsibilities will include leading incident response, implementing security measures, managing system vulnerabilities, and ensuring compliance through evaluation and accreditation processes. The ISM will also develop security policies, provide training, and oversee the maintenance of security infrastructure, all while analyzing threat intelligence to mitigate risks and maintain a robust security posture. What You Will Be Doing: Recommending, scheduling, and implementing IA-related repairs. Coordinating and supporting all applications and operations. Leading teams and supporting actions to quickly resolve or mitigate IA problems for the IS environment. Supporting the installation of new or modified hardware, operating systems, and software applications, ensuring integration with security requirements. Identifying and determining whether a security incident indicates a violation of law requiring specific legal action. Directing and implementing operational structures and processes to ensure an effective security program, including boundary defense, incident detection and response, and key management. Providing direction and supporting system developers regarding the correction of security problems identified during testing. Evaluating functional operations and performance in light of test results and recommending actions regarding Certification and Accreditation (C&A). Examining IS vulnerabilities and determining actions to mitigate them. Monitoring and evaluating the effectiveness of IS security procedures and safeguards. Analyzing security incidents and patterns to determining remedial actions to correct vulnerabilities. Supporting the development and implementing of the IS termination plan to ensure that security incidents are avoided during shutdown and long-term protection of archived resources is achieved. Implementing vulnerability countermeasures. Providing support for IA customer service performance requirements. Providing support for the development of IA-related customer support policies, procedures, and standards. Writing and maintaining scripts required to ensure security. Implementing and maintaining perimeter defense systems, including, but not limited to, intrusion detection systems, firewalls, and grid sensors. Scheduling and performing regular and special backups. Establishing logging procedures, such as important IS events, services and proxies, and log archiving facilities. Providing training for IAT Level I and II personnel. Analyzing IAVAs, ICVAs, and IAVBs for impact and taking or recommending appropriate action. What You Will Need: Active TS/SCI with a CI polygraph Ability to commute to Alexandria, VA office five (5) days per week Doctorate degree in a STEM-related technical field with 8 years of relevant experience Or master's degree with 10 years of related experience Or bachelor's degree with 12 years of experience, OR associate's degree with 14 years of experience OR high school diploma with 16 years of experience One or more of the following certifications: GIAC Security Expert (GSE) Certified Information Systems Auditor (CISA), GIAC Certified Incident Handler Certification (GCIH), or Certified Information Systems Security Professional (CISSP) required About Client: Client does not discriminate based on race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in providing employment opportunities and benefits.

As a Manager of Information Security Compliance, you will support Bloomberg Industry Group's Governance, Risk, and Compliance (GRC) programs. You will be part of a team that delivers customer trust, vendor risk oversight, and compliance with regulatory and industry standards. This role requires balancing hands-on expertise with enabling cross-functional teams to achieve security and privacy objectives, and serving as a key representative to clients, auditors, and regulators. What you will do: * Strategy: * Support ownership of the information security compliance roadmap, ensuring alignment with organizational priorities. * Act as a trusted advisor to senior leadership, providing insights on security risk, compliance obligations, and emerging regulations. * Program Execution: * Support all security & privacy compliance efforts including but not limited to, SOC, GDPR, CCPA, privacy by design, etc. * Develop, maintain, and enforce internal information security compliance policies, standards, and controls across diverse systems and platforms. * Manage the vendor risk management lifecycle: onboarding, due diligence, and ongoing monitoring. * Interface with vendors and business leads to clearly understand their risk profile. * Represent Information Security in customer security assessments, RFPs, and compliance discussions. * Conduct investigations of data security risks and provide consultation to internal and external stakeholders to mitigate risk. * Develop and implement companywide information security training and awareness programs. * Define and drive risk management and compliance goals for the organization * Participate in both internal and external audit activities; aid in compliance audits in support of ISO 27001/2, SOC, etc. * Collaborate with teams across the organization to ensure continued compliance to policies and security standards. * Innovation & Emerging Risk * Monitor and assess risks related to emerging technologies such as Artificial Intelligence, data governance platforms, and cloud-native architectures. * Support development of AI governance policies and frameworks that align with regulatory expectations and customer trust requirements. * Raise organizational awareness of new and evolving security risks, and ensure controls evolve to address them. You need to have: * Bachelor's Degree or equivalent experience; advanced degree or industry certifications (CISM, CISA, CISSP, ISO 27001 Lead Auditor/Implementer) a plus. * 4 years of progressive experience in Risk Management, Compliance, Information Security or Technology Management role. * Experience with common Information Security Compliance standards and frameworks (such as, ISO 27001/2, PCI, SOC 1/2/3, and NIST etc.). * Demonstrated security assessment, risk analysis, gap analysis, auditing, causal analysis, corrective action planning, and compliance assessment experience. * Strong communication and presentation skills, with the ability to influence executives and collaborate with technical teams. * Demonstrated success in managing customer trust initiatives, vendor risk processes, and audit readiness. * Ability to balance strategic program oversight with hands-on execution when necessary. Equal Opportunity Bloomberg Industry Group maintains a continuing policy of non-discrimination in employment. It is Bloomberg Industry Group's policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law ("Protected Characteristic"). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics ("Discrimination").

We are currently seeking a Sr. Cyber Systems Engineer (Vulnerability Assessment) to become part of the Department of State (DOS) Diplomatic Security Cyber Mission (DSCM) program. requires 5-days per week on-site. Program Overview The DSCM program encompasses cyber security, data analytics, engineering, technical, managerial, operational, logistical and administrative support to aid and advise DOS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. Those supporting the DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges. About the Role Support the Cyber Security Solutions team within the Emerging Technologies Division. Perform Federal cyber community outreach to further Directorate cybersecurity mandates. Provide guidance to systems owners for compliance with cyber configuration standards and policies. Provide emerging technology analysis and trend reporting to CTS designated recipients. Provide Cloud, wireless, Artificial Intelligence (AI), and mobile security expertise, device assessment, vulnerability analysis, and risk mitigation services. Provide knowledge of Cloud environments and application of Cyber Security baselines. Research and formulate open-source software innovations integration in support of network modernization efforts using industry best practices for cost efficiency solutions. Facilitate the adoption of cyber and technological security solutions (AI enabled). Coordinate Enterprise-wide Common Control Documentation and provide technical expertise as needed to Department partners on proper implementation of NIST Common Controls. Provide technical responses and recommendations to Cyber Policy Support Requests. Qualifications: Bachelor's degree and minimum of 9 years of relevant experience required; 7 years with a Master's, 4 years with a PhD. An additional 4 years will be considered in lieu of the degree requirement. Demonstrate excellence in developing Federal emerging technology cyber challenges with multi-disciplinary assessment of areas such as Cloud, Al, and secure communications. Possess or be able to obtain one or more of the following certifications by hire date: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, SSCP. Demonstrated experience in one, more or all of the following areas: Minimum of 4 years' experience in administering, maintaining, installing cloud services such as AWS, Active Directory Federation Services (ADFS), Azure, across an enterprise network. Experience developing and managing virtualized IT systems across an enterprise network. Configuration and/or administering enterprise mobile device deployments. Experience with application of cyber security controls for Artificial Intelligence. U.S. citizenship required. An active Secret security clearance. The ability to obtain a final Top Secret security clearance. For any questions regarding this job announcement or the status of your application, please contact our Director of Recruiting, Mr. Brian Jennings, via email at ********************.

Artech is the 10th Largest IT Staffing Company in the US, according to Staffing Industry Analysts' 2012 annual report. Artech provides technical expertise to fill gaps in clients' immediate skill-sets availability, deliver emerging technology skill-sets, refresh existing skill base, allow for flexibility in project planning and execution phases, and provide budgeting/financial flexibility by offering contingent labor as a variable cost. Job Description Demonstrated experience enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements. Understanding of the Cloud Security Alliance (CSA), Cloud Controls Matrix and how it can be leveraged for reviews of cloud solutions. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications; Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility. Knowledge of best practices and standards for enterprise security architecture specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related services. Experience providing guidance for data protection based on data sensitivity and associated business risk. Practical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specifications, and experience guiding project team remediating such vulnerabilities. Industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP). Qualifications Bachelor's degree in Computer Science, Information Systems or a related technical field. Minimum two years of experience working in an information security, software development, and information risk management related field. Additional Information For more information, Please contact Pragati Joshi ************

Are you ready to make a significant impact by supporting critical national security infrastructure? T-Rex Solutions is looking for a fully cleared Information Systems Security Officer to join our dynamic team in the Columbia, MD area. Responsibilities: The Information System Security Officer I provides support for a program, organization, system, or enclave's information assurance program. Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and System Controls Traceability Matrices (SCTMs). Supports security authorization activities in compliance with the NIST Risk Management Framework (RMF) and any DoD and IC tailored requirements. Plan and coordinate the IT security programs and policies • Manage and control changes to the system and assessing the security impact of those changes • Obtain A&A for ISs under their purview • Provide support for a program, organization, system, or enclave's IA program • Serve as the Approval Authority to validate or approve user authorization for accounts associated with systems under their control • Understand the authorization boundary of systems • Collaboration with System and Network administrators to understand and document data flow and architecture diagrams • Knowledge of security controls, the assessment and applicability to systems • Maintain operational baseline of systems under their purview • Provide ongoing Continuous Monitoring to assigned systems • Provide and validate the operational security posture of systems and ensure they are maintained • Ability to initiate the reauthorization process of a system that needs reaccreditation • Ability to decommission a system when it is no longer required • Manage risks while assigned system is in operation • Ability to understand the POA&M process as well as track and closeout any outstanding liens • Ability to acknowledge and respond to IAVAs and create liens as necessary • Perform, coordinate and document security relevant changes • Perform vulnerability assessments to ensure updates and system baseline are enforced • Recognize a possible security violation and take appropriate action to report the incident • Manage protective or corrective measure when an IA incident or vulnerability is discovered • Provide security and awareness oversight and/or training as required • Review of audit reduction tools to monitor and review systems for compliance with IA policy • Excellent written and verbal communication skills • Excellent leadership and teamwork skills • Results oriented, high energy, self-motivated Requirements: Candidate may be required to respond to after-hours requests as required in a 24 x 7 environment Five (5) years' experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Experience is to include at least one (1) of the following areas: knowledge of current security tools, hardware/software security implementation; communication protocols; and encryption techniques/tools. Bachelor's degree in Computer Science or related discipline from an accredited college or university is required. DoD 8570 compliance with Information Assurance Technician (IAT) Level I or higher is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree. Required Certification: Any of the following or higher certification; A+ with Continuing Education, Cisco Certified Network Associate-Security (CCNA-Security), Network+ Continuing Education, System Security Certified Practitioner (SSCP) Active TS/SCI w/ FSP T-Rex Overview Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering. T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits. T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. In compliance with pay transparency guidelines, the annual base salary range for this position is $55,000-$75,000. Please note that the salary information is a general guideline only. T-Rex considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. T-Rex offers a diverse and collaborative work environment, exciting opportunities for professional growth, and generous benefits, including: PTO available to use immediately upon joining (prorated based on start date), paid parental leave, individual and family health, vision, and dental benefits, annual budget for training, professional development and tuition reimbursement, and a 401(k) plan with company match fully vested after 60 days of employment among other benefits.