Security architect jobs near me - 2,157 jobs

A technology solutions firm in Washington is seeking an Information System Security Engineer to design and maintain secure systems. The ideal candidate will have 5-8 years of experience in information security, strong knowledge of security engineering principles, and experience with various security tools. This role includes developing security measures, ensuring compliance with standards, and monitoring system vulnerabilities. Competitive salary and benefits are offered. #J-18808-Ljbffr

A technology company is looking for a hands-on Platform Security Engineer to architect and maintain security solutions. You will work with teams to build secure services, respond to threats, and improve security posture. The role requires strong cloud security knowledge, experience with security tools, and excellent communication skills. This position is remote-friendly and encourages diverse applicants to apply. #J-18808-Ljbffr

We're looking for an AI Security Engineer to join our Red Team and help us push the boundaries of AI security. You'll lead cutting‑edge security assessments, develop novel testing methodologies, and work directly with enterprise clients to secure their AI systems. This role combines hands‑on red‑teaming, automation development, and client engagement. You'll thrive in this role if you want to be at the forefront of an emerging discipline, enjoy working on nascent problems, and like both breaking things and building processes that scale. Key Responsibilities This is a highly cross‑functional position. AI security is still being defined, with best practices emerging in real‑time. You'll be building the frameworks, methodologies, and tooling that scale our services while staying adaptable to rapid changes in the AI landscape. This role is ideal for someone who wants to take their traditional cybersecurity expertise and apply it to the new frontier of AI security and safety. Your focus will span several key areas: Service Delivery & Client Engagement Lead end‑to‑end delivery of AI red‑teaming security assessment engagements with enterprise customers Collaborate with clients to scope projects, define testing requirements, and establish success criteria Conduct comprehensive security assessments of AI systems, including text‑based LLM applications and multimodal agentic systems Author detailed security assessment reports with actionable findings and remediation recommendations Present findings and strategic recommendations to technical and executive stakeholders through report readouts Tooling & Methodology Development Build upon and improve our established processes and playbooks to scale AI red‑teaming service delivery Develop frameworks to ensure consistent, high‑quality service delivery Find the tedious, repetitive stuff and automate it - you don't need to be a world‑class developer, just someone who can build tools that make the team more effective Research & Innovation Develop novel red‑teaming methodologies for emerging modalities: image, video, audio, autonomous systems Stay ahead of the latest AI security threats, attack vectors, and defense mechanisms Translate cutting‑edge academic and industry research into practical testing approaches Collaborate with our research and product teams to continuously level up our methodologies Required Qualifications Technical Expertise 3+ years of experience in cybersecurity with focus on red‑teaming, penetration testing, or security assessments Experience with web application and API penetration testing preferred Deep understanding of LLM vulnerabilities including prompt injection, data poisoning, and jailbreaking techniques Practical experience with threat modeling complex systems and architectures Proficiency in developing automated tooling to enable and enhance testing capabilities, improve workflows, and deliver deeper insights Professional Skills Proven track record of leading client‑facing security assessment projects from scoping through delivery Excellent technical writing skills with experience creating executive‑level security reports Strong presentation and communication skills for diverse audiences Experience building processes, documentation, and tooling for service delivery teams AI Security Knowledge Understanding of AI/ML model architectures, training processes, and deployment patterns Familiarity with AI safety frameworks and alignment research Knowledge of emerging AI attack surfaces including multimodal systems and AI agents Preferred Qualifications Relevant security certifications (OSCP, OSWA, BSCP, etc.) Hands‑on experience performing AI red‑teaming assessments, with a strong plus for experience targeting agentic systems Demonstrated experience designing LLM jailbreaks Active participation in security research and tooling communities Background in threat modeling and risk assessment frameworks Previous speaking experience at security conferences or industry events What You'll Gain Opportunity to shape the future of AI security as an emerging discipline Work with cutting‑edge AI technologies and novel attack methodologies Lead high‑visibility projects with enterprise clients across diverse industries Collaborate with world‑class research team pushing boundaries of AI safety Platform to establish thought leadership in AI security community Competitive compensation package with equity participation ❗To remove your information from our recruitment database, please email privacy@lakera.ai. #J-18808-Ljbffr

WorkOS builds tools and services for developers to help them implement authentication, identity, authorization, and overall enterprise readiness. We're a fully distributed team with employees across North American time zones. We're well-funded, having raised $100m in funding from top investors including Greenoaks Capital, Lachy Groom, and Lightspeed Ventures. Our fast-growing customer base includes rapidly growing SaaS companies like OpenAI, Cursor, Perplexity, Vercel, Plaid, and hundreds of others. About the role WorkOS is growing rapidly and building out our team of engineers! We obsess over the developer experience, actively seeking out feedback and new perspectives to inform the products we build. We're searching for engineers who share this empathetic approach to solving problems. We're looking for an experienced security engineer to join our team, responsible for defining and coordinating security efforts across the company. The role is both strategic and tactical, so we'll be looking to you to influence long-term strategy while delivering on key pieces during our next phase of company growth. Successful candidates will love staying up to date on the latest in cloud product security, authentication and identity domains. You'll work across different teams to help make our products secure by design. Responsibilities Be the product security champion. You'll work closely with our product engineering teams to provide security guidance on all new and existing products Collaborate with the product engineering team to perform regular product security assessments Establish patterns and practices around application security Advocate for, and lead security projects from inception through completion Engage with security vendors as needed Triage and elevate security issues Qualifications 5+ years of experience as a Product Security engineer in a cloud product company Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and cloud services Familiar with common security libraries, security controls, and common security flaws that apply to cloud services Great written and verbal communication skills Ability to complete rigorous security-focused code reviews in TypeScript Bonus: Experience in Auth and Identity domain Bonus: Experience writing production-level code, especially developing security features Benefits (US Only) At WorkOS, we offer resources that emphasize personal and familial well-being. We offer healthcare coverage for you and your family, including medical, dental, and vision. We offer parental leave, paid-time off and fully remote working arrangements. Benefits include: Competitive pay Substantial equity grants Healthcare insurance (Medical, Dental and Vision) for you and your family 401k matching Wellness and fitness monthly allowances PTO + paid holidays + unlimited sick leave Autonomy and flexibility with remote work Please inquire directly with our recruiting team for benefits available to those working outside the US. Equal Opportunity Employer WorkOS is an equal opportunity employer, committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us. #J-18808-Ljbffr

A leading technology consulting firm is seeking a DevSecOps Architect with over 12 years of experience in building secure and scalable solutions. The role demands strong proficiency in automation tools, cloud security, and container orchestration. Ideal candidates will possess cloud certifications and an active TS/SCI Clearance. This position offers the opportunity to work in a fast-paced environment while collaborating effectively with both technical and non-technical stakeholders. #J-18808-Ljbffr

A government contracting firm in Washington, DC is seeking a Senior Security Engineer to enhance its IT security architecture and support compliance with the Cybersecurity Executive Order. The ideal candidate will possess a master's degree in information security, an active government clearance, and over 10 years of relevant experience. Key responsibilities include designing security infrastructure and advising leadership on security policies. This position requires strong analytical and communication skills. #J-18808-Ljbffr

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril's family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years. ABOUT THE TEAM Anduril employs a variety of networks and networking infrastructures to support global operations. Information Systems Security Managers are in charge of directly supporting business lines that wish to deploy Anduril products in classified environments. Information Systems Security Managers lead lean teams of Information Systems Security Officers to enable the program personnel to create contract deliverables. Well versed in Information Technology and the Risk Management Framework, Information Systems Security Managers are the driving force of Anduril's classified deployments. Forward thinkers capable of managing Business Line needs as well as critical thinking skills in order to drive customer requirements are the best candidates for a Information Systems Security Manager. ABOUT THE JOB WHAT YOU'LL DO Provide expertise in documenting security controls to reduce the administrative cost of deploying Anduril's products into operational environments. Partner with program and security teams to coordinate security artifacts in support of classified deployments. Apply technology standards from the commercial space in classified, air-gapped environments. Collaborate with Information System Owners to understand key stakeholders' needs and provide complex technical solutions to meet contractual obligations. Tailor NIST 800-53 controls to determine applicability to the network environment and oversee the implementation of Continuous Monitoring for respective programs. Define, document, and conduct security scanning on Anduril's products and accredited information systems. Scope, shape, and orchestrate the development of features to ensure products meet compliance goals. REQUIRED QUALIFICATIONS Design, develop, and implement secure systems and networks per NIST RMF, JSIG, and other industry standards. Integrate security best practices into Anduril's Software Development Lifecycle (SDLC) and infrastructure design, collaborating with internal IT and engineering teams. Conduct security risk assessments, vulnerability assessments, and audits to identify and mitigate threats. Recommend and implement security solutions, such as IDS/IPS, encryption protocols, and secure communications technologies. Develop and enforce access controls, encryption strategies, and other technical measures to safeguard systems. Maintain and update System Security Plans (SSPs), POA&Ms, and other accreditation documentation. Security Management (ISSM): Manage the organization's security posture, ensuring compliance with internal policies and external regulatory frameworks. Oversee Authorization and Accreditation (A&A) processes to obtain/maintain system Authority to Operate (ATO). Lead incident response efforts, including investigation, root cause analysis, containment, and reporting. Conduct regular audits, continuous monitoring, and risk assessments to ensure ongoing compliance and system resilience. Collaborate with government security officials, stakeholders, and teams to address security gaps and improve controls. Develop and deliver security awareness training and ensure adherence to security best practices. Provide leadership and mentorship to security team members, fostering a culture of cybersecurity excellence. Currently possesses and is able to maintain an active U.S. Top Secret security clearance. PREFERRED QUALIFICATIONS Experience with application security paradigms such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). As well as the tools needed to perform these actions. Proven experience in securing micro-services architecture, including implementing best practices and compliance with DoD cybersecurity standards. Experience with cybersecurity in unmanned and ground control system within DoD environments. Experience with containerization and kubernetes along with the best practices for securing them. Experience with Cloud Service Providers (CSPs) and the various tools they offer for implementing security and compliance best practices. US Salary Range $150,000 - $225,000 USD The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process. Anduril is an equal-opportunity employer committed to creating a diverse and inclusive workplace. The Anduril team is made up of incredibly talented and unique individuals, who together are disrupting industry norms by creating new paths towards the future of defense technology. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process. If you are someone passionate about working on problems that have a real-world impact, we'd love to hear from you! To view Anduril's candidate data privacy policy, please visit ********************************************** #J-18808-Ljbffr

A technology solutions provider seeks a Senior Backend/Middleware Engineer to develop secure, high-performance API and middleware solutions. This remote role requires expertise in Java and Spring Boot, with responsibilities including designing RESTful APIs and implementing security protocols. Ideal candidates will have experience with OAuth 2.0, OpenID Connect, and authorization principles. Benefits include health insurance, 401(k), and paid time off. #J-18808-Ljbffr

We are seeking a Security Engineer who specializes in designing and implementing new systems and tools to enhance the security of Meta's products and infrastructure. This role is ideal for individuals with deep security domain expertise who are passionate about building solutions and using AI to address evolving security requirements and use cases. Cloud Security Engineer Responsibilities Design, prototype, and implement AI-driven security systems and tools to protect Meta's products and internal infrastructure Develop and maintain security-focused code, libraries, and frameworks for use by Security Engineers, Analysts, and engineering teams Collaborate with cross-functional partners to deliver scalable, security solutions aligned with company objectives Rapidly experiment with and iterate on specialized security technologies, leveraging AI to address emerging threats and requirements Apply deep security expertise to solve complex challenges, mitigate risks, and mentor other engineers in advanced security domains Minimum Qualifications B.S. or M.S. in Computer Science or related field, or equivalent experience 5+ years of experience in designing and implementing security systems, tools, or frameworks Extensive knowledge of attacker tactics, techniques, and procedures Proficiency in coding with experience in languages such as Python, C/C++, Go, or equivalent Experience collaborating with technical and non-technical stakeholders Ability to rapidly prototype and iterate on security solutions Preferred Qualifications Experience on securing cloud deployments, IAC (Infrastructure as Code) deployments for cloud (terraform) Experience addressing security problems by building scalable engineering solutions Experience influencing software engineers building security products Experience creating metrics to measure service and program effectiveness and consistency Experience making contributions to the security or privacy community (public research, OSS, blogging, presentations, etc.) Public Compensation $147,000/year to $208,000/year + bonus + equity + benefits Industry Internet Equal Opportunity Meta is proud to be an Equal Employment Opportunity and Affia... (full statement) Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com. #J-18808-Ljbffr

Novacoast Staffing is currently assisting a financial government institution in its search for an experienced Firewall Security Engineer that is experienced in Palo Alto Firewalls for a contract role that is expected to go a minimum of 2 years with option to extend. This is a hybrid role with a few days onsite in Alexandria VA and a pay range of 60-68/ hour. To qualify for this role, you must be able to pass an extensive federal background check. Qualifications To qualify for this position, you must have at least 5 years of experience with Palo Alto Next Generation firewalls, Zero Trust, and strong knowledge of advanced firewall features such as Wildfire, App-ID, User-ID, Global Protect, Security, and NAT policies, within Cloud environments. Responsibilities In this role, you will be responsible for the design, administrations, and management of Palo Alto Firewalls using Centralized Panorama Management. You will also be responsible for configuration and troubleshooting IPSEC site-to-site VPNs and SSL decryption on Palo Alto Firewalls. Requirements 5+ years experience with Palo Alto next-generation Firewalls and working in cloud and Zero Trust environments Strong knowledge of advanced firewall features such as Wildfire, App-ID, User-ID, Global Protect, Security and NAT policies Expert level knowledge in the design, administration of Palo Alto Firewalls using Centralized Panorama Management Expert level knowledge in configuration and troubleshooting IPSEC Site-to-Site VPNs US Citizenship is required due to the position being with a Federal Client If this role is aligned with your next career move, submit your resume today for immediate consideration! Job Type: Contract Pay: $60.00 - $68.00 per hour #J-18808-Ljbffr

C2 Labs, Inc. - ************** C2 Labs partners with clients on their IT transformation journey via our industry-leading capabilities in full stack development, hyper-automation/DevOps, and cybersecurity compliance. We provide specialized products and services that enable clients to innovate with speed and scale while maintaining a robust and effective security posture. As digital transformation partners, we address the most urgent needs holding back our clients, including proactively addressing cultural change, quantifying risk, automating compliance, and closing critical skill gaps. Job Duties As a Senior Information Security Engineer / Vulnerability Manager, you will lead efforts to identify, assess, and mitigate security vulnerabilities across complex enterprise IT environments. Responsibilities include: Vulnerability & Threat Management Manage enterprise vulnerability management platforms (e.g., Tenable, Qualys, Rapid7) and ensure timely scanning, reporting, and remediation tracking. Perform risk-based analysis of vulnerabilities, develop mitigation plans, and escalate issues requiring urgent remediation. Integrate threat intelligence to prioritize vulnerabilities based on exploitability, industry trends, and business impact. Establish and maintain vulnerability KPIs, metrics, and executive reporting dashboards. Security Engineering Design, implement, and maintain security controls and safeguards across networks, endpoints, and cloud environments (AWS, Azure, or hybrid). Automate security operations tasks using scripts or tools (Python, PowerShell, Bash, or AWS Lambda). Collaborate with IT and DevOps teams to integrate vulnerability management into CI/CD pipelines and cloud workloads. Conduct regular security assessments, penetration test remediation support, and continuous monitoring activities. Governance, Risk, & Compliance Support compliance with federal frameworks (FedRAMP, NIST SP 800-53, NIST SP 800-171/CMMC, FISMA, etc.). Document processes, remediation plans, and compliance evidence in alignment with client requirements. Provide recommendations for continuous improvement of security posture and policy enforcement. Collaboration & Leadership Partner with cross-functional teams (IT, Development, Operations, and Compliance) to ensure vulnerabilities are remediated in a timely, risk-based manner. Provide technical leadership and mentorship to junior security engineers and analysts. Participate in client-facing meetings and presentations as a subject matter expert in vulnerability and threat management. Education, Training, Qualifications, and Certifications Required: U.S. Citizenship and ability to obtain/maintain Public Trust clearance Bachelor's degree in Computer Science, Cybersecurity, or related field OR 5+ years of equivalent hands-on experience Proven experience in vulnerability management, security engineering, or penetration testing Strong knowledge of IT infrastructure, networking, and cloud environments (AWS preferred) Familiarity with security automation, scripting (Python, PowerShell, Bash), and infrastructure-as-code principles Excellent analytical, problem-solving, and communication skills Background check and unannounced drug testing required. This position is onsite in Washington, DC, with occasional travel (up to 25%) for client meetings and work assignments. Preferred: Professional certifications such as CISSP, CISM, OSCP, CEH, Security+, or AWS Security Specialty Experience with compliance frameworks (FedRAMP, NIST 800-53, CMMC) Background in DevSecOps practices, continuous monitoring, and automation EOE STATEMENT: We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen. #J-18808-Ljbffr

The Information Technology Department of Arnold & Porter has an opening for an Information Security Engineer in the Washington, DC office or may work 100% virtual/remote in a firm-approved U.S. state as part of the “Gideon” office. The Information Security Engineer is a technical security expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter. Under the direction of the Manager of Information Security, the Information Security Engineer helps to ensure the overall security posture of the firm, and is expected to be involved in day-to-day security operations and contribute to ensuring the integrity and availability of the firm's IT and application infrastructure and the confidentiality, integrity, and availability of the firm's data in support of enterprise IT objectives and client service delivery needs. Responsibilities Security Operations Performing security log and event analysis using EDR, SIEM and log aggregation systems. Monitoring and proactively executing the vulnerability management program to prevent or reduce IT hygiene risk issues from impacting production systems. Maintaining and managing security toolsets such as Application control systems, EDR/AV, Email Security platform, Attack simulation platform, Threat intelligence/hunting, and Security related artificial intelligence tools. Supporting security incident response and investigation efforts as directed. Helping validate and track IT operational activities to ensure compliance with policy, standards, and other applicable requirements. Researching and identifying security vulnerabilities and relevant industry/cybersecurity trends for follow-up and action. Regularly reporting and tracking IT security events and metrics along with remediation activities. Helping support third‑party risk management efforts as assigned. Helping support the firm security awareness training program as assigned. Helping support the firm's IT Compliance efforts as assigned. Participating in IT Security on‑call rotation. Security Engineering & Architecture Advising and assisting with planning of security systems and standards by evaluating network and security technologies, developing security requirements for the enterprise infrastructure, and maintaining overall user access and data protection control. Reviewing newly requested applications and SaaS and application changes for security impacts and possible remediation to address security risk. Actively participating in the enterprise Change Advisory Board (CAB). Conducting research and providing recommendations on methods, software, and technologies to mitigate risk exposures. Helping to develop and contribute to security policies, standards and procedures. Qualifications Education/Experience Four‑year college degree preferred; equivalent experience will be considered. Minimum of three (3) years of experience in Information Security, or equivalent experience in IT-related fields with secondary security responsibilities. Technical Skills Experience and understanding of Windows, Unix/Linux, and Active Directory. Solid understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, and routing protocols. Experience and technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, application security, and cloud security. Proficient in Windows operating systems, Microsoft Office Suite, and related software. Skilled in leveraging artificial intelligence tools for daily work. Strong remote collaboration capabilities. Communication & Writing Communicate complex technical information clearly to non-technical audiences. Excellent oral and written communication, including reports, business correspondence, and procedure manuals. Effective presenter to diverse groups, including managers, clients, and the public. Ability to identify and apply the appropriate method of communication. Professionalism & Judgment Strong personal initiative, judgment, and professionalism. High level of confidentiality and discretion. Exceptional client service for both internal and external stakeholders. Problem‑Solving & Strategic Focus Strong problem‑solving skills and strategic thinking. Ability to define goals, prioritize tasks, and follow through to achieve results. Detail‑oriented with excellent organizational and time‑management skills. Capable of handling multiple tasks in fast‑paced environments. Flexibility & Commitment Reliable, dependable, and motivated. Flexible to work additional hours as needed. Willingness to travel (1-4 weeks per year, or more if required). The anticipated base salary for this position is $122,000 to $160,000. The actual base salary offered will depend on a variety of factors, including, without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. The firm may provide a discretionary bonus annually. Arnold & Porter is an equal opportunity employer that does not discriminate on the basis of race, color, creed, religion, national origin, sex, pregnancy and childbirth (including breastfeeding and related medical conditions), age, marital or partnership status, familial status, sexual orientation, gender, gender identity, gender expression, transgender, physical or mental disability, medical condition, family leave status, citizenship status, immigration status, ancestry, genetic information, military or veteran status, or any other characteristic protected by local, state or federal laws, rules or regulations. Our Firm's equal opportunity policy applies to all employment practices and terms and conditions, including, without limitation, recruitment, employment, assignment, training, compensation, benefits, promotions, disciplinary action and terminations. For purposes of the firm's Anti-discrimination and Anti-harassment Policies, the term "race" includes, without limitation, traits historically associated with race, including, but not limited to, hair texture and protective hairstyles, such as braids, locks, and twists. #J-18808-Ljbffr

A leading cloud security firm in Washington, DC is hiring a Senior AWS Network Architect. You will architect and manage complex AWS networks, ensuring cloud safety for critical operations. Candidates should have extensive experience in AWS, Palo Alto firewalls, and Zero Trust principles. The role includes mentoring junior experts and providing guidance on security architecture. Company offers competitive benefits and a flexible work model. #J-18808-Ljbffr

A technology-focused company in Washington is seeking a Network Architect to lead network projects supporting the federal government. The ideal candidate will have extensive experience in network engineering and design, including a deep understanding of cloud security and various networking protocols. This role demands strong leadership and communication skills, alongside the ability to manage complex network solutions effectively. A competitive benefits package is offered, along with a commitment to diversity in the workplace. #J-18808-Ljbffr

A leading cybersecurity firm is seeking an Information Systems Security Engineer (ISSE) to support secure, mission-focused information systems in a high-impact government environment. The ISSE will work on cybersecurity controls design, implementation, and maintenance, ensuring systems meet federal requirements. The ideal candidate will have 3-5 years in cybersecurity, TS Clearance, and practical experience with NIST RMF as well as familiarity with various security tools. This role offers the opportunity to contribute significantly to the security of government missions. #J-18808-Ljbffr

The Information Technology Department of Arnold & Porter has an opening for an Information Security Engineer in the Washington, DC office or may work 100% virtual/remote in a firm-approved U.S. state as part of the “Gideon” office. The Information Security Engineer is a technical security expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter. Under the direction of the Manager of Information Security, the Information Security Engineer helps to ensure the overall security posture of the firm, and is expected to be involved in day-to-day security operations and contribute to ensuring the integrity and availability of the firm's IT and application infrastructure and the confidentiality, integrity, and availability of the firm's data in support of enterprise IT objectives and client service delivery needs. Qualifications: Responsibilities Security Operations Performing security log and event analysis taking appropriate action as directed or required to address security risk issues or events / incidents using EDR, SIEM and log aggregation systems. Monitoring and proactively executing the vulnerability management program to prevent or reduce IT hygiene risk issues from impacting production systems. Maintaining and managing security toolsets as assigned, that help to mitigate or respond to security events and incidents including, but not limited to: Application control systems EDR/AV Email Security platform Attack simulation platform Threat intelligence/hunting Security related artificial intelligence tools Supporting security incident response and investigation efforts as directed. Helping validate and track IT operational activities to ensure compliance with policy, standards, and other applicable requirements, or as directed by organizational needs. Researching and identifying security vulnerabilities and relevant industry / cybersecurity trends for follow-up and action. Regularly reporting and tracking IT security events and metrics along with remediation activities. Helping support third-party risk management efforts as assigned. Helping support the firm security awareness training program as assigned. Helping support the firm's IT Compliance efforts as assigned. Participating in IT Security on-call rotation. Security Engineering & Architecture Advising and assisting with planning of security systems and standards by evaluating network and security technologies, developing security requirements for the enterprise infrastructure, and maintaining overall user access and data protection control in support of enterprise objectives and client service delivery. Reviewing newly requested applications and SaaS and application changes for security impacts and possible remediation to address security risk. Actively participating in the enterprise Change Advisory Board (CAB). Conducting research and providing recommendations on methods, software, and technologies to mitigate risk exposures. Helping to develop and contribute to security policies, standards and procedures to maintain an appropriate security posture and/or compliance with applicable requirements. Technical Skills & Experience Education/Experience Four year college degree preferred; equivalent experience will be considered. Minimum of three (3) years of experience in Information Security, or equivalent experience in IT-related fields with secondary security responsibilities. Technical Skills Experience and understanding of Windows, Unix/Linux, and Active Directory. Solid understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, routing protocols. Experience and technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, application security, and cloud security. Proficient in Windows operating systems, Microsoft Office Suite, and related software. Skilled in leveraging artificial intelligence tools for daily work. Strong remote collaboration capabilities. Communication & Writing Communicate complex technical information clearly to non-technical audiences. Excellent oral and written communication, including reports, business correspondence, and procedure manuals. Effective presenter to diverse groups, including managers, clients, and the public. Ability to identify and apply the appropriate method of communication. Professionalism & Judgment Strong personal initiative, judgment, and professionalism. High level of confidentiality and discretion. Exceptional client service for both internal and external stakeholders. Problem-Solving & Strategic Focus Strong problem-solving skills and strategic thinking. Ability to define goals, prioritize tasks, and follow through to achieve results. Detail-oriented with excellent organizational and time management skills. Capable of handling multiple tasks in fast-paced environments. Flexibility & Commitment Reliable, dependable, and motivated. Flexible to work additional hours as needed. Willingness to travel (1-4 weeks per year, or more if required). The anticipated base salary for this position is $122,000 to $160,000. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. For benefits information, please note the firm's benefits details are available upon request. The firm may provide a discretionary bonus annually. Arnold & Porter is an equal opportunity employer that does not discriminate on the basis of race, color, creed, religion, national origin, sex, pregnancy and childbirth (including breastfeeding and related medical conditions), age, marital or partnership status, familial status, sexual orientation, gender, gender identity, gender expression, transgender, physical or mental disability, medical condition, family leave status, citizenship status, immigration status, ancestry, genetic information, military or veteran status, or any other characteristic protected by local, state or federal laws, rules or regulations. Our Firm\'s equal opportunity policy applies to all employment practices and terms and conditions, including, without limitation, recruitment, employment, assignment, training, compensation, benefits, promotions, disciplinary action and terminations. For purposes of the firm\'s Anti-discrimination and Anti-harassment Policies, the term "race" includes, without limitation, traits historically associated with race, including, but not limited to, hair texture and protective hairstyles, such as braids, locks, and twists. Arnold & Porter Kaye Scholer LLP endeavours to make information accessible to any and all users. If you would like to contact us regarding accessibility of our website or need assistance completing the application process, please contact Director of Support Staff at ***************. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. For our EEO Policy Statement, please contact us for details. If you would like more information about your EEO rights as an applicant under the law, please inquire about Know Your Rights. Arnold & Porter Kaye Scholer LLP uses E-Verify, which is a web-based system, to confirm the eligibility of our employees to work in the United States. As an E-Verify employer, we verify the identity and employment eligibility of newly hired employees by electronically matching information provided by employees on the Form I-9, Employment Eligibility Verification, against records available to the Social Security Administration (SSA) and the Department of Homeland Security (DHS). We use E-Verify because we are a federal contractor containing the Federal Acquisition Regulation (FAR) E-Verify clause. Please see the posters for details regarding E-Verify or contact Arnold & Porter Kaye Scholer LLP's Human Resources Department for more information. E-Verify Participation Poster and Right-to-work Poster. #J-18808-Ljbffr

Evolver Federal is seeking a Senior Security Engineer to fulfill a requirement for a potential government client. The Senior Security Engineer is responsible for designing, implementing, and maintaining advanced security solutions to protect federal systems and data. This role prioritizes continuous monitoring, FISMA compliance, and OIG audit readiness while engineering secure architectures, integrating cybersecurity technologies, and ensuring adherence to federal standards such as NIST 800-series, RMF, and TIC 3.0. The Senior Security Engineer will work closely with SOC teams, architects, and program managers to deliver robust security capabilities across cloud (AWS GovCloud, Azure Government), on-premises, and hybrid environments. This position requires deep technical expertise, hands-on experience with security tools, and the ability to lead engineering efforts for mission‑critical systems in highly regulated environments. Responsibilities Design and implement security solutions for enterprise and federal environments, ensuring compliance with RMF and NIST guidelines. Engineer secure configurations for SIEM, SOAR, EDR, and vulnerability management platforms. Support Tier 2/3 SOC analysts by developing advanced correlation rules for Splunk and optimizing detection workflows. Support SOC operations by integrating advanced detection and response capabilities. Conduct security assessments, penetration testing, and risk analysis for critical systems. Implement continuous monitoring and automated compliance reporting to meet Department of Labor and federal requirements. Develop and maintain security engineering documentation, including system security plans and architecture diagrams. Collaborate with architects and program managers to align security engineering with strategic objectives. Lead efforts to integrate security into DevSecOps pipelines and CI/CD workflows. Provide technical expertise during incident response and forensic investigations. Evaluate emerging technologies and recommend enhancements to improve security posture. Define and track measurable outcomes such as MTTR reduction, SLA adherence, compliance score improvements, and false positive reduction to meet performance‑based contract KPIs. Coordinate with federal stakeholders (CISO, ISSOs, AO) and provide audit support for ATO processes. Ensure adherence to performance‑based contract requirements and federal cybersecurity mandates. Basic Qualifications Bachelor's Degree in Computer Science, Information Management (IM), Information Technology, Engineering, or equivalent with 6 years of technical experience, or 4 years' experience in IT Solutions at senior management Certified Information Systems Security Professional (CISSP) mandatory with Information Systems Security Engineering Professional (ISSEP) concentration Project Management Institute (PMI) Project Management Professional (PMP) (Highly Recommended) Information Technology Infrastructure Library (ITIL) 4 Foundation 10 years of successful enterprise experience in an IT or technology-related field, with the last 5 years, on large government technical contract/BPAs US Citizen with the ability to pass a comprehensive government background check Preferred Qualifications Master's degree in cybersecurity, IT, or a related technical field Experience supporting SOC operations in federal or regulated environments Familiarity with RMF, NIST 800-series, OMB A-130, and TIC 3.0 Proven leadership in cross‑functional teams and performance‑based contracts Strong communication skills, including executive briefings and incident reporting Hands‑on experience with SIEM (Splunk, Elastic), SOAR (Cortex XSOAR), and EDR (CrowdStrike, Microsoft Defender). Expertise in cloud security engineering (AWS, Azure, GCP) and container security (Kubernetes, Docker). Familiarity with Zero Trust Architecture principles and implementation strategies. Familiarity Continuous Diagnostics and Mitigation (CDM). Experience with PKI, encryption standards, and secure network design. Knowledge of automation tools for security orchestration and compliance reporting. Ability to lead technical teams and mentor junior engineers in cybersecurity best practices. Experience integrating security controls into large-scale federal systems and mission‑critical applications. Understanding of advanced threat detection techniques and AI‑driven security solutions. Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law. Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. #J-18808-Ljbffr

Clearance: Active Secret Employment Type: Full-Time We are seeking a Principal Cloud Security Engineer to lead the design, automation, and enforcement of security across large-scale federal cloud environments. This role focuses on cloud security architecture, DevSecOps automation, and secure platform enablement in a multi-cloud ecosystem. The ideal candidate is highly technical, self-directed, and comfortable operating as the senior security authority for cloud platforms. You will define secure patterns, implement guardrails at scale, and embed security directly into infrastructure and CI/CD pipelines. Key Responsibilities: Cloud Security Architecture: Design and guide secure architectures across AWS, Azure, and GCP, including GovCloud and restricted environments Define and enforce security baselines aligned with NIST 800-53, FedRAMP, and CIS Benchmarks Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads DevSecOps & Automation: Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning) Implement policy-as-code guardrails using tools such as AWS SCPs, Azure Policy, and cloud-native governance services Develop automated remediation and enforcement workflows to reduce manual security effort Governance, Compliance & Visibility: Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts Partner with compliance teams and auditors on evidence collection and continuous monitoring Implement centralized logging, monitoring, and incident response across cloud environments Technical Leadership: Serve as the senior cloud security SME for engineers, architects, and stakeholders Mentor engineers on secure cloud development and DevSecOps practices Translate complex security concepts to both technical and non-technical audiences Required Qualifications: Active Secret clearance 8+ years in cybersecurity or cloud engineering, including 5+ years focused on cloud security Deep hands-on experience securing AWS, Azure, or GCP (experience in at least two preferred) Strong Infrastructure as Code experience (Terraform strongly preferred) Experience integrating security into CI/CD pipelines (GitHub Actions, GitLab, or similar) Proficiency in Python, Go, PowerShell, or Bash Strong understanding of IAM, networking, encryption, key management, and cloud-native security services Ability to operate independently and define security priorities without daily direction Preferred Qualifications: Experience securing GovCloud, DoD IL5/IL6, or other regulated cloud environments Kubernetes and container security experience Zero Trust architecture implementation experience ServiceNow integrations for security workflows Cloud security certifications (AWS Security Specialty, Azure Security Engineer, etc.) What Makes This a True Principal Role: Highly hands-on and deeply technical Owns security outcomes rather than executing predefined tasks Heavy DevSecOps and IaC focus Large-scale, multi-cloud environment Architecture and influence matter as much as implementation

Conviso Inc is looking for ISSO Officer for onsite Job. This role comes with benefits, 401K & some accrued PTO. The Ideal must have hands-on technical and analytical experience supporting the RMF lifecycle, cybersecurity monitoring, continuous authorization, and security control assessments. Are you open to new opportunities & could this be of interest? On Site Job at 3 locations - Albuquerque NM, Las Vegas NV, Germantown MD Active Top-Secret Clearance Required Title: Information System Security Officer (ISSO) Minimum 3 years as an ISSO Required Skills: ISSO personnel must understand and interpret data from security tools and apply NIST frameworks with precision. Capabilities include: Proficiency in NIST SP 800-37, 800-53, 800-60, FIPS 199, CNSSI 1253. Ability to perform risk assessments, system categorization, and control selection. Experience with eGRC tools (e.g., Archer) for documentation, continuous monitoring, and POA&M management. Responsibilities: Prepare: Support enterprise, mission, and system-level RMF readiness, establish tailored baselines, identify assets, assess risks, and determine system placement in the enterprise architecture. Categorize Information Systems: Perform FIPS 199 categorization, develop SSP subsections, register systems, and ensure early engagement with developers to integrate cybersecurity impact analysis. Select Security Controls: Document, implement, and validate selected controls, incorporating security architecture, privacy requirements, and common control inheritance. Assessment: Develop assessment plans, test controls, produce SARs, document findings, and support POA&M development. Data Calls: Provide timely and accurate evidence and responses using approved tools. Internal & External Assessments: Support audits, collaborate with internal and external partners, and perform self-assessments. Program-Level Documentation Support: Maintain program policies, adjudicate comments, and assess the impact of federal directives and legislation.