Security engineer jobs in Asheville, NC

MANTECH seeks a motivated, career and customer-oriented Senior Information System Security Engineer (ISSE) to join our team in Norfolk, VA. This is a hybrid position with 1-2 days onsite and 2-3 days remote. As an ISSE, you will have the opportunity to work on innovative and mission-critical and national security projects. You will collaborate with a skilled team of professionals, responsible for developing accreditation packages for cloud systems in both AWS and Azure environments. This position offers great opportunities for technical growth and improved experience in Cyber Security. Responsibilities include but are not limited to: Performing cyber security research under NAVSEA for cloud and network solutions Developing, defining, and aiding in implementing cyber security policies and processes Defining IS and Network Environment security requirements in accordance with applicable cybersecurity requirements Supporting A&A packages for multiple projects Applying security expertise to new modernization cyber solutions that provide confidentiality, integrity, availability, authentication, and non-repudiation for security policies and memorandum for records Developing Plan of Action and Milestones with proper Mitigations or Remediations, accordingly Developing approaches to mitigate IS and Cloud Network Environment vulnerabilities and recommend changes to network or network system components as needed Travel up to 25% Minimum Qualifications: Bachelor's degree in Computer Science, Information Technology, Engineering, or a related technical field, and 8+ years of relevant experience 5+ years developing secure solutions for incident response, business continuity, and disaster recovery 3+ years implementing security controls and policies with emerging cybersecurity technologies, including access control, privileged access management, data security, network security, data loss prevention, cloud security, vulnerability management, configuration management, privacy, and audits Must have an active Security+ certification Must be familiar with the use and operation of security tools including STIG Viewer, eMASSter, and Tenable Nessus and/or Security Center Experience with cloud brokerages, preferably Navy Knowledge and experience working with federal compliance and guidance, including FISMA, RMF, Federal Enterprise Architecture Framework, DoDAF, NIST Cybersecurity Framework, NIST 800 series, FedRAMP and cloud-based security controls Preferred Qualifications: Master's degree One of the following certifications: Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP) CE, Certified Secure Software Lifecycle Professional (CSSLP), CISSP- Information System Security Engineering Professional (ISSEP), or CISSP- Information System Security Architecture Professional (ISSAP) or an equivalent security certification Clearance Requirements: Must have an active Secret security clearance. Physical Requirements: The person in this position must be able to remain in a stationary position 50% of the time. Must be able to move around the office and operate office equipment. Frequently communicate with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

MANTECH seeks a motivated, career and customer-oriented Cyber Security Engineer Lead to join our team in Springfield, VA. The Cyber Security Engineer Lead is responsible for the detection, identification, analysis, and reporting of cyber threats, intrusions, anomalous activities, and potential misuse of systems. This role supports the protection of customer's digital assets and sensitive data through the administration, monitoring, and continuous improvement of cybersecurity technologies and processes. Responsibilities include but are not limited to: Threat Detection & Response: Identify, assess, and report potential cyber-attacks, intrusions, and abnormal system behaviors. Participate actively in incident response and recovery activities. Technology Administration: Administer and maintain systems supporting Identity Management, Privileged User Access, Access Control (firewall), End Point Protection, Internet Protection, Vulnerability Scanning, and Security Information and Event Management (SIEM) tools. Mitigation & Remediation: Develop and implement enterprise-level mitigation strategies to address complex vulnerabilities. Operational Support: Ensure proper installation, testing, patching, upgrading, and performance of cybersecurity tools and applications. Maintain system resiliency and availability across all managed technologies. Policy Enforcement & Compliance: Enforce cybersecurity policies, standards, and best practices in alignment with ManTech's security framework and regulatory requirements. Leadership & Collaboration: Lead or participate in cross-functional projects and initiatives. Provide technical mentorship and subject matter expertise to junior team members.; Continuous Improvement: Interpret internal and external cybersecurity trends and business challenges; recommend and implement innovative solutions to strengthen the enterprise security posture. Monitor intrusion detection and prevention systems and other security event data sources; determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. Minimum Qualifications: Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or a related Cyber Security field. Certified Information Systems Security Professional (CISSP) certification (required within 6 months of assignment to the position, otherwise failure to obtain certification within 6 months of assignment to the position may result in removal). 8+ years of relevant cybersecurity experience, including hands-on technical administration and operational security support. Strong analytical and problem-solving abilities Deep knowledge of cybersecurity frameworks, principles, and technologies Proficiency in SIEM, endpoint protection, and identity management tool Must be able to travel up to 25% Preferred Qualifications: Have a good understanding of DISA compliance directives and recommend having knowledge of the JSIG. Ability to lead small teams or projects Excellent communication and influence skills; Strong judgment in identifying and mitigating security risks Correlate data from intrusion detection and prevention systems with data from other sources Clearance Requirements: Must have current/active TS/SCI with the ability to obtain and maintain a Yankee White security clearance Physical Requirements: Must be able to remain in a stationary position 50% The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer. The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

We are currently seeking a Sr. Cyber Systems Engineer (Vulnerability Assessment) to become part of the Department of State (DOS) Diplomatic Security Cyber Mission (DSCM) program. requires 5-days per week on-site. Program Overview The DSCM program encompasses cyber security, data analytics, engineering, technical, managerial, operational, logistical and administrative support to aid and advise DOS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. Those supporting the DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges. About the Role Support the Cyber Security Solutions team within the Emerging Technologies Division. Perform Federal cyber community outreach to further Directorate cybersecurity mandates. Provide guidance to systems owners for compliance with cyber configuration standards and policies. Provide emerging technology analysis and trend reporting to CTS designated recipients. Provide Cloud, wireless, Artificial Intelligence (AI), and mobile security expertise, device assessment, vulnerability analysis, and risk mitigation services. Provide knowledge of Cloud environments and application of Cyber Security baselines. Research and formulate open-source software innovations integration in support of network modernization efforts using industry best practices for cost efficiency solutions. Facilitate the adoption of cyber and technological security solutions (AI enabled). Coordinate Enterprise-wide Common Control Documentation and provide technical expertise as needed to Department partners on proper implementation of NIST Common Controls. Provide technical responses and recommendations to Cyber Policy Support Requests. Qualifications: Bachelor's degree and minimum of 9 years of relevant experience required; 7 years with a Master's, 4 years with a PhD. An additional 4 years will be considered in lieu of the degree requirement. Demonstrate excellence in developing Federal emerging technology cyber challenges with multi-disciplinary assessment of areas such as Cloud, Al, and secure communications. Possess or be able to obtain one or more of the following certifications by hire date: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, SSCP. Demonstrated experience in one, more or all of the following areas: Minimum of 4 years' experience in administering, maintaining, installing cloud services such as AWS, Active Directory Federation Services (ADFS), Azure, across an enterprise network. Experience developing and managing virtualized IT systems across an enterprise network. Configuration and/or administering enterprise mobile device deployments. Experience with application of cyber security controls for Artificial Intelligence. U.S. citizenship required. An active Secret security clearance. The ability to obtain a final Top Secret security clearance. For any questions regarding this job announcement or the status of your application, please contact our Director of Recruiting, Mr. Brian Jennings, via email at ********************.

Come Forge the Future of Machine Identity Security for Operational Technology & Industrial Control Systems Where: Tysons, VA (Hybrid) Supporting: Our CTO At Corsha we're not just selling software; we're fundamentally reshaping how the most critical industrial and operational technology (OT) systems are secured. We're a cyber startup in the DC area, driven by a mission to bring trust, resilience, and identity to the operational systems that power our world - from factories to power grids. We're building the future of machine identity security, and we need a dynamic technical evangelist to join our front lines. Tired of the Status Quo? Ready to Secure the Unseen? Here's your Opportunity: If you're an engineer who thrives on solving hard problems, isn't afraid to get your hands dirty with industrial control systems and sees the immense potential of cybersecurity in unconventional environments, then read on. We move fast, we build for impact, and we need a security visionary to help us secure the machines that matter most. Your Mission: Secure the Industrial Edge We're looking for an OT Security Engineer to be a foundational engineer for our Machine Identity Platform (mIDP), specifically tailored for the unique and challenging landscape of OT systems. Your mission: implement, integrate, and defend the security infrastructure that underpins our cutting-edge solutions, with a heavy emphasis on industrial control systems and OT networks. This isn't just about keeping the lights on. It's about building security architectures that are inherently secure, highly available, and resilient against the most sophisticated threats, often in environments where traditional IT paradigms simply don't apply. You'll be bridging the gap between cutting-edge cybersecurity technologies and the operational realities of factories, power plants, and critical infrastructure. What You'll Be Forging: Architect and Implement OT Security Solutions: Design, deploy, and manage secure architectures for our mIDP, specifically tailored for OT environments. This includes network segmentation, routing, switching, firewall configurations, and intrusion detection systems. ICS/OT System Integration: Be the subject matter expert for integrating our mIDP with industrial control systems. This involves understanding and working with common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). Machine Identity Integration: Collaborate closely with our product and engineering teams to integrate security configurations with our mIDP, ensuring seamless and secure authentication and authorization for OT devices and applications. OT Network Hardening: Implement and enforce robust security best practices, including vulnerability management and access control for OT networks. Troubleshooting and Optimization: Proactively monitor, troubleshoot, and resolve complex security issues across ICS and OT environments. Identify and implement optimizations to enhance system performance, reliability, and security. Automation and Tooling: Develop and implement automation scripts and tools (e.g., Python, Ansible) to streamline provisioning, configuration management, and operational tasks. Documentation and Knowledge Sharing: Create comprehensive documentation, runbooks, and contribute to internal knowledge sharing to ensure maintainability and scalability of our infrastructure. Stay Ahead of the Curve: Continuously research and evaluate new cybersecurity technologies, security trends, and best practices, particularly as they relate to OT and industrial control systems. Collaborate and Mentor: Work closely with cross-functional teams (software engineers, security analysts, product managers) and provide mentorship to junior team members. What You'll Bring: 5+ years of intense experience in OT security or a related role, with a proven track record in complex, high-performance, and high-stakes environments. Deep, demonstrable expertise in industrial control systems and OT environments. You've implemented security products and solutions in real-world ICS/OT environments. Strong proficiency in network security principles: Firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), network access control (NAC), and secure communication protocols. Extensive hands-on experience with OT network architectures and protocols. You're comfortable with physical hardware and understand the nuances of industrial networks. Rock solid understanding of cybersecurity principles: vulnerability management, threat modeling, and incident response. Empathy for OT/ICS environments: You totally get the unique security challenges of Operational Technology, and understand common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). This isn't just a "nice-to-have"; it's critical. Proficiency in scripting and automation: Python, Ansible, or similar languages for automating security provisioning and operations. A relentless problem-solver: You thrive on diagnosing and resolving intricate security issues under pressure, with an unwavering focus on root cause analysis. Exceptional communication and collaboration skills: You can articulate complex technical concepts clearly and work seamlessly with cross-functional teams. Bachelor's degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience. Self-starter with an insatiable curiosity: You're eager to learn, adapt, and drive solutions in a rapidly evolving, high-impact startup environment. Bonus Points For: Experience with specific machine identity solutions (PKI, certificates, secrets management). Hands-on experience with Kubernetes Knowledge of software-defined networking (SDN) solutions. Relevant industry certifications (e.g., CISSP, GICSP, CISM). Experience in a fast-paced startup environment. Why Forge your Path with Corsha? Real-World Impact: Your work won't just sit on a server; it will actively defend the critical operational systems that underpin our society. This is an opportunity to make a tangible, immediate difference. Bleeding Edge: Be at the forefront of securing the intersection of cybersecurity, machine identity, and OT. We're defining the future, not just following trends. Growth & Ownership: This is a startup - your contributions will directly shape our product, our culture, and our success. You'll work with incredible people that care and have impact. Culture of Innovation: Join a team of brilliant, passionate engineers dedicated to solving the hardest problems. We foster a collaborative, intellectually stimulating, and supportive environment. Competitive Compensation & Benefits: Wellness days, Generous PTO, Company-covered healthcare, 401k matching, paid parental leave, and of course snacks, lunches, and sustenance. Ready to step up and secure the critical future of identity? Join Our Mission Today. Reach out to us with your resume and why you think you'd make a stellar Corshian to *****************. We are an Equal Opportunity Employer and reasonable accommodations may be made to enable individuals with disabilities.

Job Posting Title: Cloud Security Engineer - SRE Job Profile: Technical Project Management - Advisor II We are seeking a skilled and motivated Cloud Security Engineer - SRE to join our dynamic team. The ideal candidate will possess a strong technical background in systems administration, cloud computing, and infrastructure as code, with a particular focus on solution engineering/site reliability. This role will involve collaborating with cross-functional teams to enhance our security posture and streamline processes through automation. Technical Skills • Programming and Scripting: Strong proficiency in languages like Python, Go, Bash, or Ruby. SREs often need to write automation scripts and build tooling. • Systems Administration: Deep understanding of operating systems (Linux/Unix), file systems, processes, and system configurations. • Infrastructure as Code (IaC): Experience with IaC tools like Terraform, Ansible, or Chef to manage infrastructure. • Cloud Computing: Knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform, including services like EC2, S3, Kubernetes, and serverless functions. • Containers and Orchestration: Expertise in containerization (Docker) and container orchestration (Kubernetes, OpenShift). • Networking: Understanding of networking concepts, including DNS, firewalls, load balancing, and VPNs. • Monitoring and Observability: Experience with monitoring and observability tools like Prometheus, Grafana, Datadog, or New Relic. Ability to set up and maintain monitoring dashboards, alerts, and logs. • Continuous Integration/Continuous Deployment (CI/CD): Familiarity with CI/CD tools like Jenkins, GitLab CI, GitHub Actions, or CircleCI. • A strong understanding of HashiCorp Vault and Terraform will make you stand out. 2. Problem-Solving and Troubleshooting • Incident Management: Ability to manage and respond to incidents, perform root cause analysis, and implement post-mortem reviews. • Automation: Focus on automating repetitive tasks to improve efficiency and reduce human error. • Performance Tuning: Skills in identifying and resolving performance bottlenecks in systems and applications. 3. Collaboration and Communication • Teamwork: Ability to work closely with cross-functional teams, including software engineers, product managers, and DevOps teams. • Documentation: Skill in creating clear and comprehensive documentation for systems, processes, and incident reports. • Communication: Effective communication skills for interacting with stakeholders and explaining technical concepts to non-technical audiences. 4. Reliability and Scalability • Service-Level Objectives (SLOs) and Service-Level Agreements (SLAs): Understanding of setting, monitoring, and maintaining SLOs and SLAs for system reliability. • Scalability: Knowledge of best practices for designing and scaling systems to handle increased loads and demands. • Redundancy and Resilience: Experience in designing systems with redundancy and fault tolerance to minimize downtime. 5. Security and Compliance • Security Best Practices: Understanding of security principles, such as access control, data encryption, and secure coding practices. • Compliance: Familiarity with compliance standards like GDPR, HIPAA, or PCI-DSS, depending on the industry. Minimum Job Qualifications: • Bachelor degree in business or equivalent work experience • 10 years of previous program leadership and/or relevant consulting experience • Knowledge of and demonstrated experience in program management framework, knowledge groups & life cycle • 5+ years' experience in driving large scale data center consolidation efforts • Minimum 5 years' experience with matrix management of cross-functional processes and teams • Proficient with Project Management tools

Title: Information Security Engineer (IAM-SSO) Duration: 12-24 months Pay Range:- 55-60$/hr on W2 (No C2C) In this contingent resource assignment, you will consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering. You will contribute to large-scale planning related to Information Security Engineering deliverables, review and analyze moderately complex challenges requiring in-depth evaluation of variable factors, and collaborate with client personnel to meet deliverables while adhering to policies, procedures, and compliance requirements. Responsibilities: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering. Contribute to large-scale planning related to Information Security Engineering deliverables. Review and analyze moderately complex Information Security Engineering challenges requiring in-depth evaluation of variable factors. Collaborate with client personnel in Information Security Engineering to meet deliverables. Ensure compliance with function policies, procedures, and requirements. Qualifications: 4+ years of Information Security Engineering experience or equivalent demonstrated through work, consulting experience, training, military experience, or education. Experience in installing, configuring, and supporting SSO platforms such as Okta or Ping. Proficient in Agent-Based, Web-Based, and Federated Authentication and Authorization standards. Strong hands-on experience with industry-standard SSO technologies and protocols (OAuth, OpenID Connect, FIDO, SAML 2.0). Demonstrated ability to support applications in a distributed, highly available, mission-critical environment. Desired Qualifications: Strong verbal, written, and interpersonal communication skills. Knowledge of LDAP and Active Directory services, MFA, Risk-based authentication, and privileged access management. Familiarity with deployments and integration of IAM solutions within the cloud (Azure, AWS, or Google Cloud). Knowledge and understanding of complex enterprise systems and frameworks, including frontends, middleware, services layer, database, backend, and downstream interfaces. Knowledge and understanding of technical writing: storage, middleware, or virtualization. Strong negotiation and leadership abilities. Knowledge of Kubernetes containerization strategy. About PTR Global: PTR Global is a leading provider of information technology and workforce solutions. PTR Global has become one of the largest providers in its industry, with over 5000 professionals providing services across the U.S. and Canada. For more information visit ***************** At PTR Global, we understand the importance of your privacy and security. We NEVER ASK job applicants to: Pay any fee to be considered for, submitted to, or selected for any opportunity. Purchase any product, service, or gift cards from us or for us as part of an application, interview, or selection process. Provide sensitive financial information such as credit card numbers or banking information. Successfully placed or hired candidates would only be asked for banking details after accepting an offer from us during our official onboarding processes as part of payroll setup. Pay Range: $55 - $60 The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision and 401K contributions as well as any other PTO, sick leave, and other benefits mandated by appliable state or localities where you reside or work. If you receive a suspicious message, email, or phone call claiming to be from PTR Global do not respond or click on any links. Instead, contact us directly at ***************. To report any concerns, please email us at *******************

Department: Offensive Security Operations Reports to: Offensive Security Operations Manager Employment Type: Full-Time We are seeking an experienced Application Security Engineer to lead our DevSecOps as a Service program. This role bridges the gap between security, development, and operations, helping client organizations integrate security best practices directly into their development lifecycles. You will be responsible for designing, implementing, and maintaining secure automation frameworks that support continuous integration and continuous delivery (CI/CD) pipelines. The ideal candidate will have strong technical experience in secure software development, automation, and infrastructure as code (IaC), as well as excellent communication skills to engage directly with both internal and client engineering teams. Key Responsibilities - Lead the DevSecOps as a Service initiative, guiding client development and operations teams in embedding security throughout the SDLC. - Architect, deploy, and maintain secure CI/CD pipelines leveraging tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps. - Integrate security scanning tools (SAST, DAST, SCA, container scanning, secret detection) into automated build and deployment workflows. - Develop and manage Infrastructure as Code (IaC) security standards using Terraform, Ansible, and related automation frameworks. - Conduct security reviews of application architectures, source code, and deployment configurations. - Define and enforce security baselines, policies, and best practices across client environments. - Partner with development and operations teams to identify and remediate vulnerabilities early in the pipeline. - Build automation to support continuous compliance, drift detection, and threat modeling integration. - Collaborate with the Offensive Security Operations Manager to align DevSecOps services with overall threat exposure management and testing strategies. - Provide mentorship, technical documentation, and training to client and internal teams on secure DevOps practices. Required Qualifications - Bachelor's degree in Computer Science, Cybersecurity, or a related technical field (or equivalent practical experience). - 5+ years of hands-on experience in Application Security, DevSecOps, or Secure Software Engineering. - Strong understanding of CI/CD pipelines, Git-based workflows, and secure deployment practices. - Proficiency in Terraform, Ansible, and related automation tools. - Experience integrating security tools (e.g., SonarQube, Checkov, Trivy, OWASP ZAP, Snyk, or similar) into DevOps pipelines. - Experience with threat modeling, penetration testing, or offensive security assessments. - Familiarity with containerization (Docker, Kubernetes) and securing cloud-native deployments. - Excellent understanding of software supply chain security, secret management, and identity and access controls. - Strong scripting skills in one or more languages (Python, Go, Bash, PowerShell). - Ability to work cross-functionally with development, operations, and security stakeholders. Preferred Qualifications - Certifications such as GIAC GWAPT, GCSA, GCPN, OSWE, or CSSLP. - Experience working with multi-tenant or client-facing DevSecOps programs. - Knowledge of cloud security best practices (AWS, Azure, or GCP). Soft Skills - Strong leadership and collaboration abilities. - Excellent written and verbal communication skills. - Proactive problem-solving and initiative-taking approach. - Comfortable working in fast-paced, client-facing environments.

Santcore Technologies is seeking a HashiCorp Vault (Enterprise) Specialist for one of our major clients in the secure financial services domain at Culpeper, VA (Hybrid - Onsite 2 days/week required). We are looking for a hands-on security engineer with deep experience in Vault Enterprise, Terraform, Ansible, and RHEL hardening. The selected consultant will work in a high-security environment and contribute to secure automation, platform integrations, and infrastructure hardening. Key Responsibilities Deploy, configure, and maintain HashiCorp Vault Enterprise clusters (including HA architectures). Monitor Vault performance, troubleshoot complex issues, and implement security hardening best practices. Integrate Vault with enterprise systems, authentication methods, and automation pipelines. Develop and maintain Terraform modules for secure infrastructure provisioning. Troubleshoot, monitor, and harden RHEL environments, including SELinux policy management. Build and maintain Ansible roles, playbooks, and automation workflows (including AWX/Ansible Tower). Assist internal teams with Vault onboarding, usage support, and operational readiness. Participate in on-call rotation as required. Maintain at least 2 days/week onsite presence in Culpeper, VA. Required Skills (Must-Have) 3+ years of experience in security engineering, platform security, or security automation. 3+ years hands-on experience managing HashiCorp Vault Enterprise, including: HA deployments Monitoring & debugging Hardening and best practices Secret engines, auth methods, integrations Strong hands-on experience with: Terraform (module development) Red Hat Enterprise Linux (troubleshooting, monitoring, hardening) Ansible (roles, playbooks, AWX/Ansible Tower) Preferred Skills Go development (particularly for custom Vault plugin development) Jenkins (automation pipelines) Splunk (dashboards, alerts, queries) ELK Stack (integration, dashboards, queries) SELinux (policy development and troubleshooting) Nice-to-Have Certifications HashiCorp Certified: Vault Associate HashiCorp Vault Operations Professional Terraform Associate Red Hat Certifications Soft Skills Analytical problem-solving and strong troubleshooting mindset Ability to work cross-functionally within security, cloud, and DevOps teams Strong documentation and communication skills Detail-oriented and committed to enterprise security best practices Adaptability in dynamic and fast-paced technical environments

The Cybersecurity Engineer is responsible for the technical implementation and management of cybersecurity measures. This role involves extensive hands-on work with security technologies, developing and maintaining security protocols, and ensuring the protection of sensitive data. The Cybersecurity Engineer collaborates within the various IT teams to integrate security solutions into business projects and solutions, while supporting overall compliance with HIPAA regulations. Technical Implementation: Architect, deploy, and maintain enterprise-grade security technologies, including firewalls, intrusion detection/prevention systems, encryption platforms, and vulnerability management tools. Implement and support security controls for network infrastructure such as routers, switches, and wireless access points. Configure, administer, and secure Active Directory and Azure AD environments. Deploy and oversee endpoint protection platforms and Security Information and Event Management (SIEM) solutions. Manage Microsoft 365 security capabilities, including conditional access, data loss prevention (DLP), and advanced threat protection. Evaluate, test, and recommend new security tools, processes, and technologies to strengthen the organization's security posture. Security Operations: Continuously monitor systems for security events, investigate alerts, and respond to incidents with appropriate documentation. Perform ongoing risk assessments and vulnerability scans to identify exposures and drive remediation efforts. Lead technical response efforts during security incidents or breaches in coordination with the incident response team. Administer and monitor Identity and Access Management (IAM) systems to ensure secure and appropriate access. Conduct routine vulnerability assessments and threat analysis to support continual improvement. Perform digital forensics and incident response activities as needed. Compliance: Ensure adherence to HIPAA and all applicable regulatory and security standards. Design and implement technical safeguards that protect sensitive information and support organizational objectives. Collaboration: Partner with IT and business teams to embed security controls into systems, applications, and workflows. Educate and support staff on cybersecurity awareness, best practices, and evolving threats. Documentation: Create and maintain accurate documentation for security configurations, procedures, and incident activity. Remain informed on current cybersecurity trends and recommend enhancements to existing controls. Security Audits: Plan and conduct scheduled and ad-hoc security audits to validate adherence to security policies and standards. Security Standards and Policies: Develop, review, and update security policies and standards in alignment with industry best practices and regulatory requirements. Security Infrastructure Maintenance and Monitoring: Configure, troubleshoot, and maintain security-related hardware and software. Implement and manage monitoring tools to detect intrusions and potential security breaches. Security Strategy Development: Support the planning, execution, and ongoing refinement of the organization's information security strategy. Adhere to organizational policies, procedures, and safety standards; complete required training annually; contribute to performance goals and quality improvement initiatives. Perform additional duties as assigned. Minimum Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline required. Minimum Experience: Ten (10) years of overall IT experience, including at least five (5) years of hands-on cybersecurity leadership with demonstrated success designing, engineering, and deploying security solutions in an enterprise environment. Certifications: Relevant industry certifications such as CISSP, CISM, CISA, CCSP, CEH, Microsoft Azure Engineer, or equivalent are required.

Knoxville, TN | Cybersecurity Engineer | Full-time We are actively recruiting a Cybersecurity Engineer for our client in Knoxville, TN. This is a hybrid direct placement opportunity that will require some onsite work in Knoxville. The successful candidate will be responsible for the design, implementation, and ongoing management of advanced cybersecurity measures to protect sensitive data, systems, and networks. This role involves hands-on work with a wide range of security technologies, development and enforcement of security protocols, and proactive risk mitigation. The engineer collaborates with cross-functional IT teams to integrate security solutions into enterprise projects and ensure compliance with applicable regulatory requirements, including HIPAA. Must have a minimum of five years' experience in cybersecurity engineering, with a proven track record in designing and implementing security solutions within an enterprise environment. Due to client request, candidates must be eligible to work in the United States without sponsorship. Equal Opportunity Employer/Veterans/Disabled

Infosec Engineer - GRC Focus Hybrid - Atlanta, GA Contract - 6-month + extensions We're looking for a hands-on Information Security Engineer with deep GRC expertise to join a leading financial organization. This role combines technical security engineering with governance, risk, and compliance, supporting enterprise-wide compliance initiatives and automation programs. About the Role: You'll work across security and compliance domains, implementing and automating controls, integrating GRC platforms, and embedding compliance into enterprise systems. You'll support ISO 27001, NIST, SOC 2, SOX, PCI DSS, GDPR, and HIPAA programs while collaborating with security, IT, and business teams. Responsibilities: Lead implementation and automation of GRC platforms (RSA Archer, ServiceNow GRC, BitSight, ProcessUnity, Vanta) Develop and maintain integrations, scripts, and automation using Python, PowerShell, JavaScript, SQL, or other relevant tools Support SIEM monitoring, incident response, and technical controls aligned with compliance frameworks Embed risk and compliance controls into enterprise systems and IT processes Assist with audits, regulatory assessments, and reporting to demonstrate governance effectiveness Drive improvements in risk management processes through technology and automation Requirements: 5+ years' experience in information security engineering or technical GRC roles Hands-on experience with GRC platforms and automation (RSA Archer, ServiceNow, BitSight, etc.) Coding/scripting experience (Python, PowerShell, JavaScript, SQL) for integrations and automation Solid understanding of regulatory and compliance frameworks (ISO 27001, NIST, SOC 2, SOX, PCI DSS, GDPR, HIPAA) CISSP or equivalent security certification preferred Proven track record of embedding compliance into enterprise systems and leading automation initiatives If you're an experienced Infosec Engineer with a GRC background, this is a unique opportunity to combine hands-on engineering with compliance and risk leadership.

Information Security Compliance Analyst Start Date ASAP Type 6-month contract to hire Process to Close: Teams Screening with AM/Recruiter Interview with CISO Will most likely ask for a writing sample/letter of recommendation Must Haves: Bachelor's in IT, IS, Computer Science, etc 2+ years of related (general cybersecurity) experience in a professional setting (work and/or internships) Excellent written and verbal communication skills Knowledge of NIST CSF and ISO 27001 security frameworks Plusses: Certifications (Security+, CISA, or equivalent) strongly preferred Day to Day: The Information Security Compliance Analyst I supports cybersecurity compliance and risk management matters, working closely with IT members, business partners, and internal and external auditors and regulators. This position impacts the company's security posture, including contributing to cybersecurity policy development & awareness, identity & access management, and data governance initiatives. Duties and Responsibilities · Continuously exhibit and uphold Core Values of Integrity, Accountability, Communication and Teamwork, Innovation and Customer Service · Maintain, and refine cybersecurity risk management practices using established frameworks such as NIST CSF and ISO 27001 · Assist with the creation and maintenance of information security policies, standards, procedures, and guidelines · Preparation and review of control narratives and descriptions · Maintenance of risk registers and risk/control matrices · Assist with the planning and execution of Data Governance and other security programs · Maintain performance metrics for the Security program · Utilize security compliance tools and identify opportunities for improvements and reporting · Collaborate with the security team, IT, and business partners to document security controls, identify gaps and implement new controls · Performance of security assessments to ensure that management, operational, and technical security controls are properly implemented and maintained · Partner with internal and external auditors and regulators to demonstrate cybersecurity compliance and build attainable plans to remediate deficiencies · Assist in the planning and testing of cybersecurity incident response activities, including coordination with internal stakeholders · Keep abreast of current threats and vulnerabilities and alert IT and Information Security teams · Maintain awareness of information security best practices and evaluate their applicability to James River · Stay current with latest changes in external cybersecurity compliance initiatives that may affect the organization's external requirements · Drive security awareness activities to improve business and IT security knowledge and practices

ABOUT THE ROLE Individual is able to work without assistance; provides leadership for others; able to manage highly complex work efforts; may have advanced education; has extensive industry experience. The IT Security Analyst monitors and advises on information security issues related to the systems and workflow at an agency to ensure the internal IT security controls for an agency are appropriate and operating as intended. Coordinates and executes IT security related projects for the agency. Coordinates response to information security incidents. Develops and publishes Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance with Commonwealth IT Security policies, standards, and guidelines. Conducts campus-wide data classification assessment and security audits and manages remediation plans. Collaborates with IT management, Internal Audit, and VITA to manage security vulnerabilities. Creates, manages and maintains user security awareness. Conducts security research and keeps abreast of latest security issues. Prepares IT security documentation, including department policies and procedures, agency notifications, Web content, and alerts.

WorkForce Unlimited is searching for a proactive Security Analyst to analyze vulnerabilities, optimize security tools, and help our client stay ahead of emerging threats. The Security Analyst is responsible for independently managing third-party vulnerability data sources, executing scans using proprietary tools, and collaborating with IT teams to prioritize mitigation efforts. The role involves leveraging vulnerability management tools to generate metrics and reports that track progress and effectiveness. Additionally, the Security Analyst may contribute to reviewing project scopes to recommend security benchmarks, optimizing security tool alerts and policies, and integrating logs and large data sets into existing systems. Role Responsibilities Analyze vulnerabilities from various sources and input them into the vulnerability management tool using approved methods to ensure a complete overview of exposures. Evaluate existing vulnerabilities to identify problem areas or opportunities for mass-mitigation. Communicate with cross-functional teams to explain risks, opportunities, or required actions. Escalate vulnerabilities that exceed defined time-to-resolve thresholds. Configure vulnerability scanning tools and manage ongoing scan schedules. Collect and maintain departmental metrics and KPIs. Identify opportunities to apply AI technologies to improve vulnerability management processes. Technical Qualifications Strong familiarity and prior experience with: HTTP, PKI, digital signatures/encryption, SMTP, DNS, CWEs, CVEs, and related security frameworks. Vulnerability and security scanning tools such as Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei, or similar. Web application scanning and web application firewalls (WAFs). Containers and associated security considerations. CIS Benchmarks, STIGs, or other security hardening standards. Additional desirable skills or experience: Authentication and identity protocols: SAML, Kerberos, OAuth, OIDC, LDAP. Scripting and automation using PowerShell and Python. CI/CD tools such as Jenkins. Splunk data onboarding (indexes, sourcetypes, data models, forwarders, apps, HECs). Log ingestion and transport technologies: Azure Event Hubs, Kafka, syslog. EDR/XDR tools such as Microsoft Sentinel, Microsoft Defender, CrowdStrike, or similar. General Qualifications Ability to conduct independent research, analyze data, and produce clear plans of action. Strong systematic thinking and troubleshooting skills. Ability to create clear and detailed documentation of designs and processes for diverse technical audiences. Excellent communication skills, including the ability to clearly articulate requirements, priorities, and project status. Education Requirements Bachelor's Degree in Information Technology or a related field is preferred but not mandatory.

Jr. Security Analyst Our client is currently looking for a Jr. Security Analyst to join their team in a long term contract capacity focusing on an increase in compliance and audit work heading into the new year. This person will be brought on to support an established information security and compliance team. This role is ideal for someone looking to grow in TPA (Third Party Assessment), audit support, compliance operations, NIST frameworks, and GRC practices. Below is a breakdown of what our enterprise client is looking for in their potential candidate! Key Responsibilities Support Third Party Assessments (TPAs) by gathering evidence, tracking documentation, and helping review vendor security controls. Participate in internal and external audit readiness tasks including evidence collection, control testing preparation, remediation tracking, and audit log review coordination. Assist with vulnerability scan reporting, ticket creation, and follow-up with technical teams on remediation tasks. Support intake, documentation, and status tracking of new compliance and security projects. Help maintain dashboards, risk registers, and compliance reporting metrics within the GRC tool. Participate in annual assessment activities including contingency plan exercises, incident response tests, access reviews, and other required security program tasks. Assist with audit log reviews and routine monitoring processes as assigned. Maintain structured, accurate documentation to support continuous compliance efforts. Minimum Qualifications 1-3 years of experience in security, IT, audit, or compliance support roles (internships or rotational experience accepted). Foundational knowledge of NIST frameworks, FISMA requirements, or other security compliance standards (HIPAA, SOC 2, ISO 27001 a plus). Experience with GRC platforms (ServiceNow, Archer, OneTrust, ZenGRC, etc.) OR strong interest in learning. Strong attention to detail with the ability to create, edit, and maintain structured documentation. Proficiency with Microsoft Office and basic workflow tracking tools (Excel, SharePoint, Confluence, Smartsheet, etc.). Familiarity with basic cybersecurity terminology and frameworks (e.g., CIS Controls). Experience supporting compliance evidence collection or policy documentation. Interest in security governance, risk, and compliance as a long-term career path.

Hybrid - remote allowed, but should live in driving proximity to Springfield, VA Travel: up to 25 percent mostly to Chicago and Atlanta** Direct Hire with Benefits In this role you will guide the security direction for a hybrid environment that spans on premises systems and cloud platforms including Microsoft Dynamics Microsoft 365 Azure directory and the Microsoft security ecosystem. You will also work hands on with firewalls support multi-site network uptime document standards train users and collaborate closely with software and security vendors. This position requires someone who enjoys being the subject matter expert who can see the big picture while also building and improving day to day systems. What you will do Lead security operations including assessment mitigation and incident response Support and maintain the network across multiple facilities with a focus on reliability and resilience Plan and implement architecture improvements for both on premises and cloud based environments Work with business and software vendors to evaluate tools resolve issues and drive enhancements Develop and maintain documentation playbooks and standards for network and security operations Provide user training on security best practices and new technologies Drive continuous improvement by exploring and recommending modern solutions What we are looking for Five or more years of hands on experience in security engineering or network security Experience supporting hybrid environments on premises and cloud Strong familiarity with Microsoft based ecosystems including Dynamics M365 Azure directory Sentinel Defender P2 and E5 Background working with firewalls pfsense or similar Ability to design troubleshoot and document network architectures Experience responding to security events and closing security gaps Comfort interacting with external vendors and internal teams Clear communication skills solid documentation habits and a growth mindset Candidates must be based in Virginia and open to regional travel up to 25 percent If you enjoy being the trusted expert for both networking and security and want the freedom to influence modern solutions this role offers the autonomy and impact you are looking for.

Title: Security Analyst - Project Lead (8780) Work Mode: Hybrid (3 days onsite per week required) Contract Duration: 12 months (Extension possible) Interview Process: 1 round, virtual video interview required Candidate Requirement: Candidate must be a current South Carolina resident. No relocation allowed. Scope of Work The resource will plan, coordinate, evaluate, document, and report on IRS Pub 1075 compliance activities, including security controls, corrective action plans (CAPs), artifacts, SCSEM requirements, and follow-up remediation. Key Responsibilities • Lead, coordinate, and support preparation efforts for an IRS Safeguard Review. • Review Corrective Action Plans (CAPs) for effectiveness and determine compliance readiness. • Review SSR, SSPs, and SSAs to ensure alignment with IRS Publication 1075. • Identify relevant IRS Safeguard Computer Security Evaluation Matrix (SCSEM) controls and assess agency compliance. • Provide technical advice for remediation of non-compliant SCSEM control areas. • Assist and coordinate follow-up actions after the Safeguard Review, including CAP development for findings. • Provide expert analysis of proposed technical solutions to ensure compliance with IRS Pub 1075. • Conduct research and recommend security improvements for systems and infrastructure. • Use the agency's established project management methods for planning, coordination, communication, and reporting. • Communicate effectively with both technical and non-technical staff, including federal and state stakeholders and executive leadership. Required Skills (Must Have) • 5+ years of expert-level experience as a Security Analyst, including risk assessment, vulnerability management, and incident response. • 3+ years of experience preparing for and actively supporting at least one IRS Safeguard Review at a state agency. • 3+ years of experience working with and applying IRS SCSEM requirements including implementation, compliance assessment, and documentation. • 3+ years of experience with IRS Publication 1075 (Rev. 11-2021) compliance. • Strong proficiency with Microsoft Office, SharePoint, and Microsoft Teams. • Excellent oral and written communication skills across multidisciplinary teams. • Knowledge of applicable IT security standards (e.g., ISO, IEEE). Preferred Skills • Experience with Child Support Enforcement systems or knowledge of Child Support program operations and objectives. • Experience with federal or state regulatory compliance frameworks such as FISMA, NIST, or IRS Publication 1075. • Experience developing and maintaining technical documentation and audit support for safeguard reviews, security audits, and compliance assessments.

DNI is on the lookout for a Senior Cyber Security Analyst - Information Systems Security Manager (ISSM) to deliver expert guidance in Information Systems Security and cybersecurity support for the Enterprise Information Services at the Department of Energy (DOE) Savannah River Operations Office (DOE-SR), located at the Savannah River Site (SRS) in Aiken, SC. Requirements Reports to the Chief Information Security Officer (CISO) and Program Manager. Oversee the Authority to Operate (ATO) lifecycle, manage risk assessments, develop and monitor Plan of Action and Milestones (POAMs), ensuring compliance with security standards and timely mitigation of organizational boundary security risks. Actively participate in the bi-weekly accreditation boundary meetings and keep the AODR informed of any changes/updates to eRAMS/POA&Ms/STAR items or any new VPM and CM issues that may arise. Provide technical and procedural cyber security advice to DOE, associate contractor partners, and Industrial Control Systems (ICS) teams as necessary. Oversee operational information systems security implementation programs. Coordinate with Information System Security Officer (ISSO) or PSO on approval of External Information Systems (e.g. guest systems, interconnected system with another organization). Oversee ISSOs to ensure they follow established policies and procedures and timelines. Ensure CM policies and procedures for authorizing the use of hardware/software on an IT system are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the AODR prior to the addition, change or modification. ISSM shall have authority to veto any proposed change they feel is detrimental to security in boundaries under their purview. Appeals on an ISSM/ISSO veto may be taken to the AODR. Ensure approved procedures are used for sanitizing and releasing system components and media as necessary. Ensure proper measures are taken when cyber security incident or vulnerability is discovered. Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures. Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Manage, maintain, and execute the information security continuous monitoring plan. Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AODR; and assess changes to the system, its environment, and operational needs that could affect the security authorization. Other related tasks as assigned. Support information technology (IT) security goals and objectives and reduce overall organizational risk; Advise senior management (e.g., Chief Information Security Officer [CISO] and Chief Information Officer [CIO] on risk levels and security posture.); Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture; Communicate the value of information technology (IT) security. Knowledge, Skills, and Abilities: Highly organized individual with exceptional communication skills, ensuring all stakeholders are consistently informed and updated as required. Excellent written and oral communication skills (writing samples may be requested). Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result. Ability to identify problems, brainstorm and analyze answers, and implement the best solutions. Ability to develop and review security related procedures or processes and reports. Demonstrated ability to provide clear, precise, and factual information to senior leaders, team members, and external stakeholders. Capable of attending all customer-required meetings and promptly providing responses as requested. Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards. Clearance: Must possess (or be able to obtain) a “Q” level security clearance. Education: A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis. Experience: 7+ years in IT security or related field. Authority to Operate Life Cycle (ATO), Risk Management, POAMS & Milestones Certification: Highly desired certifications: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Benefits Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental Matching 401K Short- and Long-Term Disability Pet Insurance Professional Development/Education Reimbursement Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Duration: 12 months contract (with possible extension) Scope of the project: The Division of Technology Services is responsible for developing, implementing, maintaining, and obtaining multiple mission critical applications for the Department of Social Services. The Department seeks a highly motivated individual who has extensive technical project lead experience and SDLC to head the Web Application Development team that will deliver new DSS Re-Engineering projects and maintain and support IT systems in the Economic Services program area. Primary Responsibilities Lead the design and architecture of modernized IT systems supporting SNAP and TANF programs. Oversee technical planning, system integration, and development lifecycle for Economic Services modernization efforts. Collaborate with cross-functional teams including business analysts, developers, QA, and federal partners (e.g., FNS) Ensure compliance with federal APD (Advance Planning Document) requirements and security standards. Provide technical leadership in coordination and project implantation with 3rd party vendors. Mentor Business Analysts, and developers and ensure adherence to architectural standards and best practices. Leads team effort to supply new user stories or use cases by analyzing requirements; constructing workflow charts and diagrams; studying system capabilities; writing specifications. Assist in the design or review of test cases, process change requests and manage project scope through requirements. Key Projects SNAP/TANF Systems Integration: Lead efforts to align new development with federal reporting and performance tracking. API Modernization & UAT: Oversee testing and integration of third-party APIs. ESSAM (Economic Services System Application Modernization): Core modernization of eligibility and case management systems. Desired Qualifications Leadership ability Understanding of system engineering concepts; modeling techniques and methods Demonstrate strong ability to take initiative and the ability to work with minimal guidance. Written and verbal communication, including technical writing skills, to communicate effectively with technical, non-technical staff, and customers/ stakeholders as needed or directed. Ability to communicate effectively with company and other state information technology staff. Required Skills Bachelor's degree in Computer Science, Information Systems, or related field. 8+ years of experience in enterprise software architecture and project leadership. 8+ years of experience in project leadership Preferred Skills Familiarity with State and/or federal compliance requirements (NIST, FISMA, or similar) Experience with Human Services Systems like Child welfare, SNAP, or TANF Understanding of Data Privacy Laws (PII, PHI) Prior work experience with public sector agencies or government contracts About US Tech Solutions: US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit *********************** . US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.