IT Security and Risk Engineer
Security Engineer Job In Erlanger, KY
Encore Talent Solutions is looking for an IT Security, Risk and Compliance Engineer-
The ideal candidate will have experience in:
Creating and managing policies around HIPPA and PCI
Experience managing security awareness programs and managing security audits
Conduct reviews to measure compliance with NIST, PCI, and ISO standards, regulations and frameworks
Provides strategic risk guidance for IT projects, including evaluation and recommendation of technical controls
SAP GRC and Security Analyst
Security Engineer Job In Cincinnati, OH
PLEASE READ BEFORE APPLYING:
Due to the nature of the work being performed this role requires active US Citizenship.
We can
ONLY
consider
US Citizen's
for this role (
NO
Green Card, EAD, H1B, etc..)
Job Title: SAP GRC and Security TPM
Location: Cincinnati, OH
Job Summary: We are seeking a skilled SAP GRC and Security Analyst with 3-5 years of experience to join our team. The ideal candidate will be responsible for managing and enhancing our SAP GRC and security processes, ensuring compliance with SOX and CMMC requirements, and supporting the overall security posture of our SAP environment.
Key Responsibilities:
SAP GRC Management:
Implement and maintain SAP GRC Access Control and Process Control modules.
Conduct risk assessments and manage risk mitigation plans.
Monitor and report on compliance with internal policies and external regulations.
Security Administration:
Design, implement, and manage SAP security roles and authorizations.
Perform user access reviews and segregation of duties (SoD) analysis.
Ensure proper user provisioning and de-provisioning processes.
SOX Compliance:
Support SOX compliance efforts by ensuring that SAP security controls are in place and effective.
Prepare and maintain SOX documentation and evidence for audits.
Collaborate with internal and external auditors to facilitate SOX audits.
CMMC Compliance:
Ensure compliance with CMMC requirements by implementing necessary security controls and practices.
Prepare and maintain CMMC documentation and evidence for audits.
Work with internal and external stakeholders to ensure CMMC certification and compliance.
Incident Management:
Investigate and respond to security incidents and breaches.
Implement corrective actions to prevent future incidents.
Continuous Improvement:
Identify opportunities for process improvements and automation within the SAP GRC and security framework.
Stay updated with the latest SAP security patches and updates.
Collaboration:
Work closely with IT, internal audit, and business teams to ensure alignment on security and compliance objectives.
Provide training and support to end-users on SAP security best practices.
Qualifications:
Bachelor's degree in Information Technology, Computer Science, or a related field.
3-5 years of experience in SAP GRC and security roles.
Strong understanding of SAP GRC Access Control and Process Control modules.
Experience with SOX and CMMC compliance and audit processes.
Proficiency in SAP security concepts, including roles, authorizations, and user management.
Knowledge of segregation of duties (SoD) principles and risk management.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills.
SAP GRC certification is a plus.
Preferred Skills:
Experience with SAP S/4HANA.
Familiarity with other compliance frameworks (e.g., GDPR, HIPAA).
Experience with SAP security tools and technologies.
Understanding of CMMC levels and requirements.
Strategic Cyber Security Engineer and Subject Matter Expert
Security Engineer Job In Dayton, OH
Applied Research Solutions is seeking an energetic and experienced full-time Strategic Cyber Security Engineer and Subject Matter Expert to support our customer at the Air Force Research Laboratory located at Wright-Patterson AFB. The Cyber Security Engineer will be supporting a cutting-edge program in the development of cyber security strategy and assist in the development of related program protection plans and support program related RMF processes.
Why Work with us?
Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support. Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.
Responsibilities include:
Aid in developing cyber strategy and designing anti-tamper solutions for weapon systems (hardware and software).
Draft and staff specific cybersecurity assessment and authorization artifacts for military programs:
S&T (or Program) Protection Plan
Anti-Tamper Plan
Cybersecurity Strategy,
DevSecOps CONOPS including SAST and DAST, and
RMF/ATO Artifacts.
Provide cyber security technical expertise related to preparation, processing and approval of IATT/ATO documents in support of the AFRL programs of interest.
Advise and contribute to the production of documentation and other artifacts related to DISA approvals and RMF approvals.
Lead discussions and execute processes for approvals of candidate solutions.
Engage with other contractors to share technical data necessary to guide the development of system architectures.
Participate in technical interchanges with relevant team members as necessary
Support and/or lead associated cyber security working groups and/or IPTs.
Other duties as assigned
Qualifications/ Technical Experience Requirements:
Must be a US citizen
Must have an active TS with SCI eligibility
BA/BS degree in relevant field and a minimum of 8-10 Years' relevant experience required, MS preferred.
Security+ required, CISM preferred, CISSP very desirable.
Demonstrated experience in developing strategy for designing anti-tamper solutions for weapon systems (hardware and software)
Demonstrated experience in developing cyber security assessments and authorization artifacts for military programs.
Demonstrated experience developing and staffing cyber security, and cyber-related, plans.
Experience with DevSecOps including use of Gitlab on Agile software development programs or software factories, where software was taken from development to production.
Demonstrated and recent experience with Risk Management Framework (RMF) and RMF tools
Demonstrated experience leading working groups, teams and IPTs.
Ability to work efficiently on teams and also individually with minimal supervision.
Strong analytical, communication, and attention to detail skills
Familiarity with key cyber security policies and national security counterterrorism objectives.
All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.
Network Engineer
Security Engineer Job In Mason, OH
Job Title: Network Engineer (Advanced)
Come join us:
Vernovis is an Inc. 5000 staffing and consulting firm, serving small and mid-sized businesses in the Cincinnati, Dayton and Columbus, Ohio areas. We help companies complete critical business initiatives that are championed by their Technology and Financial leaders. Additionally, we offer expertise in the Cybersecurity space.
Vernovis is currently recruiting for a Network Engineer at a well-known partner here in Cincinnati.
If interested, please email Jonathon Juriga at ********************
What You'll Do:
Researching advanced technology trends
Identifying emerging trends and initiating research projects for team members
Designing innovative solutions using new technologies
Recommending short-term alternatives when appropriate
Creating prototypes and leading initial development and testing through to production
Defining enterprise-wide scoped SLAs to ensure requirements are met or exceeded
Escalating problems as required based on SLAs
Developing client satisfaction and capacity planning metrics
Coordinating assessment of emerging technologies typically as the lead subject matter expert
Evaluating and recommending new projects or tools for the organization; overseeing cost-benefit analysis and presenting options to management teams
Assisting in the resolution of support issues escalated by senior operations or development personnel
Providing technical expertise across business functions; articulating the relationship between business and the data and technology that support the business
Identifying opportunities to improve business processes via new technologies; making
What Experience You'll Have:
Required:
High school diploma/GED required; Bachelor's degree in IT discipline, preferred
Minimum 10 years of experience in Information Technology
Minimum 5 years of experience with design, implementation, configuration, and troubleshooting enterprise-level WAN/LAN technology including Internet Edge routers, campus switching (core, distribution, and access), and data center switching; experience with Cisco ASR and ISR routers, Cisco Catalyst switches, and Nexus switches; experience with DCNM/NDFC, VXLAN, and FabricPath preferred
Minimum 5 years of experience designing, configuring, and troubleshooting WAN protocols and technologies including BGP, EIGRP, OSPF, MPLS, DMVPN, VRF, and GRE/IPSec tunnels; experience with ISIS, Multicast, preferred
Minimum 5 years of experience designing, configuring, and troubleshooting LAN protocols and technologies including VLAN, Spanning-tree, VTP, 802.1Q, HSRP, GLBP, VPC, and EtherChannel
Minimum 5 years of experience with management, configuration, and troubleshooting of an enterprise-level wireless environment using centralized command and control or wireless controllers; experience with Cisco WLCs (9800, 5520, and 5508) and APs, preferred
Minimum 3 years of experience with management, configuration, and troubleshooting of enterprise firewalls; experience with Cisco Firepower Threat Defense firewalls and Firepower Management Console, preferred
Preferred:
Experience with management, configuration, and troubleshooting of: Cisco ISE with 802.1x implementation, F5 environment running LTM, GTM, ASM, and BigIQ
Experience with applications Cisco Prime/DNAC, Chrionicel/Splunk, SolarWinds, Infoblox, Wireshark, CradlePoint ECM, Cloudflare
Working knowledge of policy-based routing, CoS/QoS, AAA, RADIUS, TACACS+, SNMP, NTP, and IPv6
CCNP or equivalent competency
Experience with configuring and troubleshooting: Viptela SDWAN, Cisco Umbrella, networking components of GCP and Azure
Cyber Security Support Engineer - Secret Clearance
Security Engineer Job In Dayton, OH
Piper Companies is looking for a Cyber Security Support Engineer to join a government contractor in Dayton, OH. This role requires the candidate to report onsite 2 days a week and have an active Secret Clearance Essential Duties of the Cyber Security Support Engineer:
* Develop interface specifications for use within the enclave environments
* Confirm that enclave systems and network designs support the incorporation of DoD directed vulnerability solutions
* Maintain a schedule for upcoming software and hardware upgrades and follow procedures for regularly scheduled maintenance
* Confirm secure backup of systems and data through formally documented backup plan
Qualifications of the Cyber Security Support Engineer:
* Bachelors degree in Computer Science or related field
* At least 5 years Linux and 3 years IPS, IDS experience required
* Sec + certification required
* Linux +, CASP and CEH certs highly preferred
* Red/Blue Pen testing experience required
* Active Secret clearance required
Compensation for the Cyber Security Support Engineer:
* $170,000 - $180,000 (based on experience)
* Medical, Dental, Vision, 401K, PTO, Sick Leave as required by law, and Holidays
* Flexible hybrid schedule (2x a week onsite)
This job opens for applications on 12/13/24. Applications for this job will be accepted for at least 30 days from the posting date
#LI-HYBRID
#LI-BM2
linux, network, sys admin, systems administrator, lan, local area network, wan, wide area network, sec+, security +, sec +, user support, ccna, network engineer, cisco, security, penetration testing, red team, blue team, vulnerability, certified ethical hacker
Security Engineer - Okta
Security Engineer Job In Dayton, OH
**Security Engineer - Okta** Location **OH, Dayton** Job Type **Full Time / W2 with Benefits** Job Code **1135** **Security Engineer - Okta** **OH, Dayton 45433** **Security Clearance:** U.S. Citizen, Current Security Clearance, Interim Secret, Secret **Skills: Security Engineering, Access Control, Okta, TIBA, SailPoint, ICAM, Zero Trust, IGA, CloudOne**
**Security Engineer - Okta** Security Clearance: Current Secret
Location: Must be local to support hybrid schedule at one of these locations: Arlington, VA, San Antonio, TX, Hanscom AFB, MA, Wright Patterson AFB, OH or Huntsville, AL
Relocation: Relo support will be considered for candidates outside the commuting area.
We are recruiting for multiple Okta Engineer openings at the junior and senior levels to provide security engineering and access control support for a DoD program. These positions are direct hire working for our client and offer competitive W2 salary + benefits. Qualified candidates will have experience with Identity, Credentialing, and Access Management (ICAM) and experience working with Okta and SailPoint technologies. An active security clearance is required for consideration. **Role and responsibilities vary for junior and senior engineers and may include but are not limited to:**
* Work as part of a collaborative team supporting system architecture and security working with Agile, cyber, and cloud technologies for ICAM transformation
* Support service design to identify opportunities for improvement
* Support technical solutions using Okta and SailPoint tools (responsibilities vary for junior and senior roles) including:
+ Requirements gathering, workflows, use case development, and developing map build rules
+ Developing and executing test plans
+ Installation, configuration, and customization for provisioning and governance tools
+ Troubleshooting, and resolutions to enhance program capabilities supporting system security
+ Hands-on administration, design and development to support ICAM capabilities and solution
* Use Tactical Identity Bridge Appliance (TIBA) technology to expands Okta's capabilities for identity-aware network monitoring and routing
* Implement Identity Governance and Administration (IGA) solutions including designing, developing, and advising on Zero Trust ICAM enterprise architectures
* Contribute to technical plan through program reporting and tracking including creating reports, templates, and ad hoc reports, as required
* Support cybersecurity initiatives for front-end and back-end development
* Manage source codes and builds for compliance reporting and other tasks, as needed
* Manage and maintain documentation, as needed
* Provide problem solving and research support, as needed
* Support requirements gathering and definition for designing and implementing processes and workflows within web applications and business process management system
* Identify risk and issues for complex areas and develop recommendations for design improvements to improve business processes
* Support on-site hybrid schedule, as assigned
* Other duties, as assigned, to support delivery requirements
**Requirements vary by junior/senior levels and may include:**
* U.S. citizenship
* Current Secret clearance
* Bachelor's degree in Cybersecurity, Computer Science, or related discipline preferred; related experience will be considered in lieu of a degree
* Current certification to meet DOD 8570 IAT Level II compliance (Security+)
* 3-12 years of related experience implementing and supporting ICAM security architecture and solutions (years of experience vary for junior and senior positions)
* Experience working with Okta cyber security technologies
* Experience working with SailPoint tools
* Experience working with TIBA connections
* Experience advising with Zero Trust ICAM architectures
* Experience implementing IGA solutions
* Experience troubleshooting ICAM hosting services and network performance issues, as needed
* Experience working with security tools such as Tenable, Splunk, Carbon Black, FireEye, etc.
* Experience developing program documentation and reports
* Strong development skills using Java, .NET, C#
* Experience with scripting using PowerShell, Bash, Python, and other front end/back end technologies
* Effective written and verbal communication skills to work with a blended government and contractor team
* Ability to convey technical information to a non-technical audience
* Availability to support hybrid on-site schedule
**Preferred experience includes:**
* Experience working with CloudOne is preferred
* Understanding of NIST 800, FedRAMP, and FISMA operating standards and guidelines
* SailPoint certification
* Networking experience working with Cisco, Palo Alto, Juniper
* Experience with Agile development methodologies and environments
**CJ #HJ#OKTA**
*Tallon Recruiting and Staffing provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.*
*We comply with Form I-9 identity and legal work authorization requirements and utilize E-Verify for Employment Eligibility Verification in accordance the Immigration Reform and Control Act of 1986 (IRCA).*
*Individuals with disabilities who need assistance with the application process can reach us by email at ***************** or telephone ************.*
*For more information please visit us at .*
Cyber Security Senior DLP Engineer
Security Engineer Job In Cincinnati, OH
Make your mark at one of the biggest names in payments. With proven technology, we process the largest volume of payments in the world, driving the global economy every day. When you join Worldpay, you join a global community of experts and changemakers, working to reinvent an industry by constantly evolving how we work and making the way millions of people pay easier, every day.
**About the role:**
We are seeking a talented Senior Security Engineer to join a new dynamic team. As a Senior Security DLP Engineer, you will play a crucial role in safeguarding our organization's technology from cyber threats and ensuring the overall security posture of our systems. You will be responsible for designing, implementing, and maintaining security solutions, as well as reviewing and recommending new technologies, identifying areas for improvement, and contributing to the overall security program.
**What you will be doing:**
* Design, implement/deploy, and manage various DLP solutions, strategies, and tools across enterprise-wide environment.
* Develop, test and implement DLP security policies and procedures to ensure compliance with company policy, industry standards and regulatory requirements.
* Provide analysis and review of current security solutions, make recommendations for any changes to environment. Demonstrate a strong working knowledge of product offerings and make recommendations based on past experiences.
* Tune, configure and optimize security tools to defend against new tactics, techniques, and procedures as well as lead initiatives to develop processes for any existing process deficiencies.
* Work closely and frictionlessly with insider risk team, threat management team, security operations team, and more.
* Expand scope of work into additional engineering disciplines as organizational needs and requirements change.
* Collaborate with cross-functional teams to integrate security solutions into existing infrastructure and workflows.
* Stay up-to-date with the latest cybersecurity threats, trends, and technologies, and recommend appropriate security controls and countermeasures.
* Provide expertise and guidance on security best practices to internal stakeholders and support teams. Create and deliver technical presentations to peers, other teams and leadership.
* Act as subject matter expert within team and provide mentoring and guidance to team members and peers within other organizations. Advocate for security best practices within other teams and organizations.
* Work with minimal supervision and drive projects through to completion. Provide visibility and reporting to project activities, present to senior staff and escalate needs as a means to ensure completion against deadlines.
**What you need:**
* Bachelor's degree in computer science, Information Security, or a related field, or the combination of demonstrable relevant experience and skills.
* In-depth knowledge of various security technologies, including antivirus, EDR/XDR, DLP, application whitelisting, privilege management, endpoint encryption, WAF, firewalls, web content filtering, CI/CD pipeline inspection tools, CASB, CSPM, SIEM, forensic network collection, DDoS mitigation tools, and vulnerability management.
* Advanced level knowledge and experience with market leading security management platforms and deployment tools such as Tanium, InTune, SCCM, etc.
* Proven experience in designing, implementing, and managing security solutions in enterprise environments as a project lead or subject matter expert.
* Strong understanding of data as it flows from detection and prevention tools to SIEM and how incident handling teams will leverage this data for casework.
* Understanding of cybersecurity principles, best practices, and industry requirements and frameworks (e.g. NIST CSF, ISO 27001, PCI DSS Mitre Attack and Defend).
* Strong familiarity with network security concepts and technologies (firewalls, intrusion detection/prevention systems, web application firewalls etc.).
* Deep understanding of operating system technology, including Microsoft Windows, MacOS and various Linux distributions.
* Knowledge of virtualization platforms both centrally managed as well as locally managed as well as the means to provide visibility and control to guest systems.
* Working knowledge of cloud-based security solutions and experience with public cloud platforms such as AWS, Azure, or Google Cloud Platform. Ability to deploy tools in these environments as well as provide critical feedback for requirements in a security capacity.
* Knowledge of scripting languages (Python, PowerShell, etc.) for automation and customization of various security solutions.
* Excellent analytical and problem-solving skills, with the ability to troubleshoot complex security issues. Experience with writing detailed root-cause analysis for senior leadership after major incidents.
* Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
* Experience with using data analysis tools such as Excel, PowerBI, Splunk, etc. and the ability to drive change based on evidence as well as design new means of collecting, storing and building views.
* Experience using Agile practices for project and program management
**What makes a Worldpayer**
At Worldpay, we take our Values seriously, and we live them every day. Think like a customer, Act like an owner, and Win as a team.
* **Curious. Humble. Creative**. We ask the right questions, listening and learning to get better every day. We simplify the complex and we're always looking to create a bigger impact for our colleagues and customers.
* **Empowered. Accountable. Dynamic**. We stay agile, using our initiative, taking calculated risks to progress. Never standing still, never settling, we work at pace to achieve our goals. We champion our ideas and stay flexible to make them happen. We know that every action adds up.
* **Determined. Inclusive. Open.** Unlocking potential means working as one global community. Our work spans borders, and we stay united by our purpose. We collaborate, always encouraging others to perform at their best, welcoming new perspectives.
Apply now to write the next chapter in your career. We can't wait to hear from you.
To find out more about working with us, find us on .
#LI-JK1
Worldpay is committed to providing its employees with an exciting career opportunity and competitive compensation. The pay range for this full-time position is $89,180.00 - $149,820.00 and reflects the minimum and maximum target for new hire salaries for this position based on the posted role, level, and location. Within the range, actual individual starting pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Any changes in work location will also impact actual individual starting pay. Please consult with your recruiter about the specific salary range for your preferred location during the hiring process. The job duties outlined above may be directly, and negatively impacted by a criminal history, which could lead to the withdrawal of a conditional offer. However, all qualified candidates with arrests or convictions will still be considered.**Privacy Statement**
Worldpay is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how Worldpay protects personal information online, please see the .
**EEOC Statement**
Worldpay is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, genetic information, natio
API Security Engineer Company Hidden Finance Cincinnati, OH 1 Opening 2 months ago $1,500 reward per hire
Security Engineer Job In Cincinnati, OH
**API Security Engineer** Company Hidden Finance Cincinnati, OH Base pay $12,345 - $678,910 or to view salary and company information Other Contract 1 Opening $1,500 reward per hire **About this Role** Agility Partners is seeking a qualified API Security Engineer to fill an open position with one of our banking clients. In this exciting opportunity, you will play a crucial role in securing APIs, leading technical conversations, and establishing an API management strategy.
**Responsibilities:**
* Lead technical discussions to determine API security items and define API patterns.
* Write best practices and create business and security requirements with a focus on threat modeling.
* Collaborate with stakeholders to determine control criticality and work with application owners to create patterns.
* Address Information Security risks, ensuring alignment with business objectives and regulatory requirements.
* Provide expertise on decisions and priorities regarding the enterprise's Information Security strategy.
**Benefits and Perks**
***Reasons to Love It:***
Work within a collaborative team environment where ideas and creativity are welcomed! Family and Work Life balance are important to this organization and valued for the employees.
* Working for an organization that focuses on company culture, inclusion and diversity
* 50% medical coverage for you and your entire family, short/long term disability and life insurance options
* 401(k)
* Life Insurance
* Disability coverage
**The Ideal Candidate**
**Qualifications:**
* Bachelor's degree in a relevant technology field or equivalent combination of education and work experience.
* 8+ years of engineering or IT/Security work experience.
* 5+ years of interdisciplinary experience in Access Control Systems, Application Security, Application SDLC, Operating Systems, Cryptographic Controls, API Security, and Networking.
* Excellent communication skills and the ability to build effective relationships with business leaders.
* Strong organizational skills with the ability to manage multiple tasks simultaneously.
* Solid understanding of IT security best practices.
* Skilled in designing, implementing, and supporting complex technical solutions.
* Experience in API security testing, architecture, design, and lifecycle management.
* Proficient in integrating security-focused API initiatives with other development teams.
* Ability to provide clear and concise documentation on delivered code and customer onboarding.
**Additional Preferred Skills:**
* Experience with Jenkins pipelines and automating security controls within CI/CD pipelines.
* Extensive development experience with different API capabilities.
* Previous microservice development and application vulnerability remediation experience.
* Knowledge of serverless solutions within AWS.
Share this job. Make $1,500.
When a friend applies to this position and gets hired, you'll get credited with a referral reward!*
*Reward paid upon hire of your candidate according to our Recruiting Agreement Policy (see right).
Cyber Security Engineer I
Security Engineer Job In Fairborn, OH
Job Details Dayton, OH - Fairborn, OH Full Time 4 Year Degree Negligible Information TechnologyDescription
Cyber Security Engineer I
Level: Experienced Department: Intelligence Services Job Type: Full-time
Job Summary
The Cyber Engineer I supports the research, development, and sustainment of old and new hardware systems and software capabilities for intelligence production.
Duties and Responsibilities
Plan, conduct, and accomplish assessments of systems and networks within the networking environment.
Identify systems/networks deviations from acceptable configurations, enclave policy, or local policy.
Conduct passive evaluations (compliance audits) and active evaluations (vulnerability assessments).
Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems.
Provide process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
Assist in the implementation of the required Government policy (i.e., NISPOM, DCID 6/3), and make recommendations on process tailoring.
Support the formal Security Test and Evaluation required by each Government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
Periodically conduct of a review of each system's audits and monitors corrective actions until all actions are closed.
Qualifications
Required Qualifications
Bachelors Degree cyber security, computer science, engineering, or information technology.
At least three years of experience working a cyber security role in the DoD space.
Must have an active TS/SCI clearance.
Proven experience in cyber security planning, assessment, and analysis
Proven experience performing and reviewing technical security assessments
Proficiency with Microsoft Office Suite, especially Excel and PowerPoint.
Experience implementing risk management processes, specifically related to cyber security
Working knowledge of the DoD Information Assurance Vulnerability Management Process.
Meets Department of Defense Cyber Security Workforce (CSWF) requirements for Information Assurance Management (IAM) Level I
Experience in planning, organizing, completing and presenting assessments of National Security/IA-related concepts, analyses, studies and procedures.
Thorough understanding of DoD Computer Network Defense policy and requirements, and have cursory familiarity with CND tools and processes (e.g. network scanners; vulnerability mitigation; remediation; risk management).
Working understanding of secure software development and assessment.
Must be U.S. Citizen.
AA/EOE M/F/Disabled/Vet
This company is an affirmative action/equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, national origin, age, disability or protected veteran status. All qualified applicants will receive consideration for employment.
Systems Security Engineer
Security Engineer Job In Dayton, OH
SYSTEMS SECURITY ENGINEER (HITS-R): Bowhead seeks a Systems Security Engineer to support the High Performance Computing Modernization Program (HPCMP) Integrated Technical Services -Restricted (HITS-R) contract located in Dayton, OH. Bowhead will provide the High Performance Computing Modernization Program (HPCMP) with technical and professional support elements required for the operation of the HPCMP Office (HPCMPO) in all phases of planning and execution of its mission, including: technical and administrative support in all areas of program activity, program management support, meeting facilities and office environment, to include a complete telecommunications and computer systems capability and full logistical services.
The Systems Security Engineer will provide systems engineering expertise in the design, integration, operation, and maintenance of cybersecurity infrastructure and capabilities. They will define and employ documented procedures for sustainable, continued operations of enterprise Computer Network Defense capabilities, including centralized vulnerability/patch management processes for all systems. These highly skilled individuals will work in various capacities alongside Computer Network Defense (CND) Incident Responders and Warning Intelligence Analysts. The System Security Engineer will maintain the establishment of infrastructure services supporting cybersecurity environments such as directory services in support of authentication, networking monitoring services, domain name services, virtual hosting infrastructure, etc. They will support the functionality of an environment designed to foster cybersecurity research, development, and operations.
**Responsibilities**
- Develop interface specifications for use within the enclave environments.
- Ensure that enclave systems and network designs support the incorporation of DoD-directed vulnerability solutions, e.g. IAVA requirements.
- Apply and maintain cybersecurity for systems;
- Utilize defense-in-depth strategies and methods to harden systems and networks (e.g. blocking/filtering, IDS/IPS, A/V, logical separation of management traffic, content detonation and automated analysis, and DISA SRG/STIG compliance)
- Responsible for interfacing with both cybersecurity operations and project personnel in order to formulate engineering requirements, and seek concurrence in satisfying stated objectives
- Maintain a schedule for upcoming software and hardware upgrades and follow procedures for regularly scheduled maintenance and, in the instances necessary, ad hoc or emergency maintenance
- Ensure secure backup of systems and data through formally documented backup plan, accurate and up-to-date listing of systems to be backed up, proper storing and labeling of completed backups
- Possess the necessary technical skills to lead the overall design, engineering, integration, operation and maintenance of a defense-in-depth strategy for cybersecurity infrastructure
**Qualifications**
- Must possess BS/A degree in Computer Science or related field.
- Must have a CompTIA Security+ CE certificate (IAT Level II) and a Certified Ethical Hacker (CND-IS) certificate prior to starting.
- A minimum of five (5) years of Linux and three (3) years' experience with IDS, IPS and Host Based Security Solutions is required.
- Experience with tools such as kali, burpsuite professional, writing exploits in python or bash.
- Possess the necessary technical skills to lead the overall design, engineering, integration, operation and maintenance of a defense-in-depth strategy for cybersecurity infrastructure.
- Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint.
- Ability to communicate effectively, interpret regulatory guidance and identified vulnerabilities to a wide audience.
- Presentation and strong public speaking skills are required.
- Strong interpersonal skills and good judgment with the ability to work alone or as part of a team.
Physical Demands:
- Must be able to lift up to 25 pounds
- Must be able to stand and walk for prolonged amounts of time
- Must be able to twist, bend, and squat periodically
SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret level, may be required to obtain a Top Secret/SCI clearance upon hire. US Citizenship is a requirement for Top Secret clearance at this location.
\#LI-KC1
Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.
Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.
UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity Posters provided by OFCCPhere (******************************************* .
All candidates must apply online at ****************** and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (********************************************
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.
**Join our Talent Community!**
Join our Talent Community (************************************************************************ to receive updates on new opportunities and future events.
**ID** _2024-21940_
**Category** _Engineering_
**Location : Location** _US-OH-Dayton_
**Clearance Level Must Be Able to Obtain** _Top Secret_
**Minimum Clearance Required** _Top Secret_
**Travel Requirement** _N/A_
Cyber Security Incident Responder
Security Engineer Job In Blue Ash, OH
We are looking for an enthusiastic and experienced Cyber Security Incident Responder (IR) to join our dynamic and growing team. The role holder will play a critical role in maintaining the security and resilience of Element's digital infrastructure by effectively handling cyber incidents. This is an opportunity to join an emerging team and become a key contributor on day one. You will work closely with peers to develop what you see as a great 24/7 operational cyber defense capability. We encourage applications from those with direct experience in Digital Forensics and Incident Response (DFIR).
This position requires paid on call and overtime if there are serious cyber-attacks. This position is hybrid.
Responsibilities
Help build Element's IR capability. Implement best practice in line with NIST, SANS and other industry frameworks
Govern and coordinate cyber incidents. Act as the lead incident manager and technical authority for Cyber Defense. Conduct thorough investigations to reduce risk. Determine the root cause, impact, and identify remediation actions
Collaborate with cross-functional teams including IT, Privacy and Legal and senior stakeholders. Prepare and present written and verbal incident status reports to ensure the business is kept up to date
Conduct post-incident reviews and analysis to identify areas for improvement and help drive continuous improvement
Perform digital forensics on computer/network artefacts to assess the risk and impact of an incident. Perform malware analysis
Work closely with the Senior Manager Incident Response to Input into the development of cyber defense metrics
Stay abreast of the latest cyber threats, attack vectors, and security technologies to continuously improve the organization's incident response capabilities
Skills / Qualifications
A minimum of two years' experience working in cyber security. Technical experience as a Cyber Incident Responder e.g., Digital Forensics Incident Response (DFIR). Experience in managing complex cyber incidents would be great
Experience of in working within a complex highly federated organization. A comprehensive understanding of cyber defense operations in both the public and private sectors
A bachelor's degree in Computer Science, Information Technology, or a related field is desirable but not essential, as are other relevant certifications (e.g., CISSP, CISM, GIAC)
Attention to detail, strong analytical skills and efficient problem solving. The ability to think critically and make sound decisions in high-pressure situations
Cultural sensitivity and social flexibility in a global corporate environment
Experience in proactive communication to, and direct interaction with senior staff. The ability to convey complex information to a non-technical audience
A highly self-motivated individual with positive mindset and can-do attitude. A strong believer of security as an enabler to support business growth
This position requires on call and overtime if there are very serious cyber attacks
Knowledge of SIEM tooling, including experience in writing and developing advanced hunting and correlation search queries for alerts
Must be a US Citizen or Green Card holder
#LI-SL1
#LI-SL1
Company Overview
Element is one of the fastest growing testing, inspection and certification businesses in the world. Globally we have more than 9,000 brilliant minds operating from 270 sites across 30 countries. Together we share an ambitious purpose to ‘Make tomorrow safer than today'.
When failure in use is not an option, we help customers make certain that their products, materials, processes and services are safe, compliant and fit for purpose. From early R&D, through complex regulatory approvals and into production, our global laboratory network of scientists, engineers, and technologists support customers to achieve assurance over product quality, sustainable outcomes, and market access.
While we are proud of our global reach, working at Element feels like being part of a smaller company. We empower you to take charge of your career, and reward excellence and integrity with growth and development.
Industries across the world depend on our care, attention to detail and the absolute accuracy of our work. The role we have to play in creating a safer world is much bigger than our organization.
Diversity Statement
At Element, we always take pride in putting our people first. We are an equal opportunity employer that recognizes diversity and inclusion as fundamental to our Vision of becoming “the world's most trusted testing partner”.
All suitably qualified candidates will receive consideration for employment on the basis of objective work related criteria and without regard for the following: age, disability, ethnic origin, gender, marital status, race, religion, responsibility of dependents, sexual orientation, or gender identity or other characteristics in accordance with the applicable governing laws or other characteristics in accordance with the applicable governing laws.
Cyber Engineer
Security Engineer Job In Beckett Ridge, OH
At Cryptic Vector, we are dedicated to mission success. We take the time to understand our customers' needs, delivering products that perform when our nation needs them most. We understand that properly supporting the most unique missions of the United States government requires the nation's best. Our focus is on creating a culture where the best and brightest want to grow, learn, and stay. If coming up with out-of-the-box solutions is your specialty, then you'll feel right at home at Cryptic Vector. We are solving the country's most unique problems in an environment where problem solvers and hard workers thrive. We've replaced corporate red tape with transparency and servant leadership. Honestly, it's hard not to love this culture!
We value the individual experiences that our team members add to our culture and capabilities. Please don't hesitate to apply even if you don't meet the exact qualifications! We are interested in varying levels of experience.
Cryptic Vector is looking for Cyber Engineers with experience or interest in offensive cyber engineering. Cyber Engineering at Cryptic Vector is a research and development position spanning a variety of disciplines.
The responsibilities of the Cyber Engineer position may include the following:
Reverse Engineering (RE) of software/firmware, Vulnerability Research (VR), exploit development/productization
Design/develop post-exploitation effects in software/firmware, which can withstand scrutiny and attack
Design/develop secure, reliable, software-based communication solutions
Design/develop stealth solutions
Collaborate with engineering teams and product end users to translate customer/business/technical requirements into architectural designs and software solutions
Write unit tests, functional tests, and end-to-end tests
Provide constructive code reviews for colleagues
Programming languages:
Direct and recent experience coding in C and/or C++
Interest in new systems programming languages
Proficiency in modern scripting languages (like Python) is important but not central
An ideal candidate for these positions will have:
Experience developing user-mode applications for traditional platforms (Windows, Linux, mac OS, Android, iOS) or user/kernel-mode capabilities for non-traditional platforms (embedded/proprietary/custom firmware or operating systems)
A hacker mindset. Interest analyzing software/firmware for weaknesses.
Participation or interest in Capture the Flag (CTF)/hacking competitions
Interest in the architecture/internals of proprietary operating systems
Comfort working with assembly, machine code, hexadecimal, and binary. Familiarity with reverse engineering tools, such as IDA Pro and/or Ghidra.
Experience using, analyzing, and manipulating old/new network protocols. Interest in network/socket programming using TCP/UDP.
Working knowledge of basic cryptography functions and programming
Humble confidence, with a desire to work in a team setting (perhaps using an agile methodology)
Familiarity with software engineering methods/process. Familiarity with CI/CD pipelines and best practices.
Requirements
Preference for B.S. degree in Computer Science, Cyber Operations, Computer Engineering, Electrical Engineering, or related field
Ability to obtain/maintain a US security clearance
Willing to work in the greater Cincinnati area
Information Security Analyst 3, Digital Technology Solutions
Security Engineer Job In Cincinnati, OH
Information Security Analyst 3, Digital Technology Solutions University of Cincinnati Posted: December 10, 2024 Location: Cincinnati, Ohio * Assist with developing strategies to achieve organizational goals; understand organization's strengths and weaknesses; analyze potential risks and opportunities; adapt recommendations to changing conditions and aligns with best practices.
* Help facilitate large collaborative teams to achieve organizational goals.
* Support community communication efforts, presenting security insights to leadership.
* Develop technical documentation (designs, specifications, processes, workflows) and communications.
* Develop and validate baseline security configurations for operating systems, applications, networking, and telecommunications equipment.
* Participate in multiple, moderate- to high-risk projects.
* Work with a team to advance project goals and provide technical help and subject matter expertise. Actively engage in project support and solutioning.
* Share technical knowledge with teammates and help solve more complex problems.
* Document individual progress on assigned deliverables.
* Gather, maintain, and validate metrics for area of responsibility.
* Mentor student workers and junior employees.
* Carry out procedures to ensure that all systems, products, and services meet organization security standards. Recommend procedural improvements.
* Research information security trends to maintain technical understanding of the latest vulnerabilities and threats.
* Assist with providing artifacts to Governance, Risk & Compliance in relation to internal & external audits.
* Independently work with business units to achieve security objectives and identifies, reports, and resolves security risks and violations.
* Perform cyber investigations through forensic fact gathering with a focus on e-discovery.
* Analyze high volumes of logs, network data, and other attack artifacts in support of incident investigations.
* Provide guidance and technical expertise as needed for information security training and awareness programs.
* Participate in troubleshooting processes during and outside of normal business hours and participate in change management and root cause analysis.
* Mentor others regarding risk management, information security controls, incident analysis, incident response, monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Office of Information Security (OIS).
* Serve as an expert resource to others.
* Perform related duties based on departmental need. This job description can be changed at any time.
****Required Education****
Bachelor's Degree in Computer Science, Information Technology, Computer Engineering, or related field.
Eight (8) years of relevant work experience and/or other specialized training can be used in lieu of education requirement.
****Required Experience****
* Two (2) years of related experience
* Advanced knowledge of security tool administration.
* Moderate project management skills.
* Experience with system administration.
* Experience with network architecture or some level of related technical training.
* Advanced understanding of risk and vulnerability management.
* Experience with incident response.
* Advanced knowledge of industry standard security and compliance frameworks.
****Additional Qualifications Considered****
This position will primarily work in the area of information security risk management. The ideal candidate will have experience in the field of information security risk. Responsibilities may include, but are not limited to: assessing information security reviews to identify business risk, make recommendations for implementation of security controls, performing gap analysis of contracts and ensuring appropriate data security verbiage is included in contracts, documenting excessive risk via institutional risk acceptance processes, participating on projects with data security concerns to represent the office of information security and ensure appropriate documentation is in place, as well as departmental customer service via enterprise incident ticketing system and departmental mailboxes, and supervision/mentorship of co-op and student workers.2. CISSP, CISM, GISP or similar information security certification(s) are preferred.
****Physical Requirements/Work Environment****
* Sitting - Continuously
* Repetitive hand motion (such as typing) - Continuously
* Hearing, listening - Continuously
* Talking - Continuously
* Standing - Seldom
* Walking - Seldom
* Bending - Seldom
* Stooping - Seldom
* Climbing stairs/ladders - Seldom
* Kneeling, squatting - Seldom
* Crouching - Seldom
* Crawling - Seldom
* Reaching overhead - Seldom
* Pulling, pushing - Seldom
* Lifting - up to 20 pounds - Seldom
* Lifting - up to 50 pounds - Seldom
* Lifting - over 50 pounds - Seldom
Competitive salary range dependent on the candidate's experience. HISTORY IN BRIEF - The University of Cincinnati is a public urban serving research institution that was founded in 1819 and today is one of the country's largest universities offering more than 350 academic programs to more than 44,000 students. UC has many top ranked programs in areas such as Music and Arts, Medical and Human-Services, Criminal Justice and more. Located in an urban setting, UC is close to the heart of Cincinnati and allows easy access for students to enjoy all that the city offers. UC is also the alma mater of many notables such as President William Howard Taft; Albert Sabin, developer of the oral polio vaccine; Astronaut Neil Armstrong and Mary Weinberg, 2008 Olympic gold medalist. UC is classified as a Research University (Very High Research Activity) by the Carnegie Commission and is ranked as one of America's top 35 public research universities by the National Science Foundation. UC jumped 17 spots in the U.S. News & World Report rankings in the past two years alone. In addition to being named a “green university” by Princeton Review, UC has been named one of the world's most beautiful campuses by Forbes and Delta Sky magazines. Learn more at ******************** N STATEMENT - The University of Cincinnati serves the people of Ohio, the nation, and the world as a premier, public, urban research university dedicated to undergraduate, graduate, and professional education, experience-based learning, and research. We are committed to excellence and diversity in our students, faculty, staff, and all of our activities. We provide an inclusive environment where innovation and freedom of intellectual inquiry flourish. Through scholarship, service, partnerships, and leadership, we create opportunity, develop educated and engaged citizens, enhance the economy and enrich our University, city, state and global community. Show more Show less ISACA Career Center is Just One of the Benefits. Discover what else ISACA has to offer!
Information Security Analyst
Security Engineer Job In Cincinnati, OH
JOB\_DESCRIPTION.SHARE.HTML CAROUSEL\_PARAGRAPH JOB\_DESCRIPTION.SHARE.HTML * Cincinnati, Ohio * IT Infrastructure & Support * 9379 We are hiring a full-time Information Security Analyst who is technical, dedicated to learning new things, security-minded, has strong initiative, and is able to manage projects autonomously. The Information Security team defends the company's digital infrastructure by designing, implementing, and improving the company's cybersecurity architecture. This is a critical role responsible for protecting infrastructure, cloud, edge devices, and data against unauthorized use, modification, exfiltration, or damage. If you're excited to be part of a fast-growing, then Medpace is a great place to grow your career.
**Responsibilities**
* Engineer security solutions without oversight while collaborating with multiple internal departments and vendors;
* Analyze security systems and seek continuous improvements;
* Research vulnerabilities, perform vulnerability scanning and alleviate threats;
* Mature security best practices and policies internal to the organization;
* Develop new processes while cross-training coworkers and assisting employees on security-related matters;
* Provide security awareness training and testing for employees to verify proper security protocols are being adhered to;
* Performing cyber security incident triage, reviewing logs, and performing remediation activities; and
* Review and reduce inappropriate/overprovisioned access to drive least privileged access.
**Qualifications**
* Minimum of bachelor's degree, preferably in Cybersecurity or Information Technology'
* 1+ years of experience within Information Security;
* Understanding of security best practices and how to implement them at a business-wide level;
* Experience with managing, configuring, and deploying enterprise-grade security solutions in some of the following:
+ SIEM
+ Privileged Access Management/Identity Access
+ Endpoint Detection & Response
+ Cloud based architecture such as Azure/AWS
+ Active Directory
* Exceptional communication skills; and
* Fundamental scripting skills, such as PowerShell/Python.
**Nice to have:**
* Experience with vulnerability assessment tools such as Nessus and Tenable;
* Experience with enterprise web proxy solutions, web filters, and VPN such as Zscaler;
* Experience with governing Windows environment including GPO;
* Previous employment or experience in a highly regulated industry such as healthcare, financial, or defense experience with standards such as ISO, NIST, HIPPA, and/or SOC2; and
* Auditing and policy-writing experience.
**Medpace Overview**
Medpace is a full-service clinical contract research organization (CRO). We provide Phase I-IV clinical development services to the biotechnology, pharmaceutical and medical device industries. Our mission is to accelerate the global development of safe and effective medical therapeutics through its scientific and disciplined approach. We leverage local regulatory and therapeutic expertise across all major areas including oncology, cardiology, metabolic disease, endocrinology, central nervous system, anti-viral and anti-infective. Headquartered in Cincinnati, Ohio, employing more than 5,000 people across 40+ countries.
People. Purpose. Passion. Make a Difference Tomorrow. Join Us Today.
The work we've done over the past 30+ years has positively impacted the lives of countless patients and families who face hundreds of diseases across all key therapeutic areas. The work we do today will improve the lives of people living with illness and disease in the future.
**Cincinnati Perks**
* Flexible work environment
* Competitive PTO packages, starting at 20+ days
* Competitive compensation and benefits package
* Company-sponsored employee appreciation events
* Employee health and wellness initiatives
* Community involvement with local nonprofit organizations
* Discounts on local sports games, fitness gyms and attractions
* Modern, ecofriendly campus with an on-site fitness center
* Structured career paths with opportunities for professional growth
* Discounted tuition for UC online programs
**Awards**
* Named a Top Workplace in 2024 by The Cincinnati Enquirer
* Recognized by Forbes as one of America's Most Successful Midsize Companies in 2021, 2022, 2023 and 2024
* Continually recognized with CRO Leadership Awards from Life Science Leader magazine based on expertise, quality, capabilities, reliability, and compatibility
**What to Expect Next**
A Medpace team member will review your qualifications and, if interested, you will be contacted with details for next steps.
EO/AA Employer M/F/Disability/Vets
Information Security Analyst
Security Engineer Job In Dayton, OH
** Information Security Analyst-Hybrid** **Job Details** Dayton Office - Dayton, OH **Description** **McGohan Brabender** ** Information Security Analyst McGohan Brabender is renowned for recruiting top-tier talent within the employee benefits industry. As one of the nation's largest employee-owned (ESOP) benefit firms, we are true entrepreneurial disruptors in the field. Our team embodies agility, serving as advisors, financial strategists, and innovative problem solvers.
Our culture is infectious, grounded in our unwavering commitment to fostering a diverse and inclusive workplace where every individual is accorded the utmost dignity and respect. At the core of all our values, whether in life or business, lies our dedication to people. We wholeheartedly encourage everyone to bring their authentic selves to work every single day.
**About the Role:**
As an Information Security Analyst at McGohan Brabender, you will play an integral role in safeguarding our organization's data, systems, and networks from cyber threats. The ideal candidate will be a proactive and detail-oriented individual, focused on collaboration with other IT and non-IT resources to create the best solutions for the organization.
**Key Responsibilities:**
• Monitor network traffic, system logs, and security alerts for suspicious activity.
• Analyze security incidents to assess impact and identify root causes.
• Respond to security breaches, implement corrective actions, and mitigate threats.
• Coordinate with IT to resolve vulnerabilities and recover affected systems.
• Perform vulnerability assessments and risk analyses to identify security risks.
• Recommend measures to mitigate identified risks.
• Ensure security protocols align with industry regulations and best practices.
• Conduct regular security audits for compliance with regulatory requirements.
• Assist in designing, implementing, and managing security measures.
• Collaborate with IT teams to deploy updates, patches, and configurations.
• Provide security awareness training and develop best practice guidelines.
• Collaborate with various departments to align security strategies with organizational goals.
• Communicate security findings and recommendations to senior management.
• Stay current with cyber threats and participate in continuous learning.
**Qualifications:**
* Knowledge of common information security management frameworks.
* Experience implementing SOC2.
* Understanding & experience implementing security protocols in a Microsoft client and server systems.
* Security & configuration knowledge of O365, Azure, Exchange, Active Directory and related tools.
* Experience with computer network penetration testing and techniques required.
* Experience with proactive network, systems monitoring and threat management.
* Three or more years of related experience.
**Preferred Qualifications:**
* Previously worked in a HIPAA environment.
* Scripting language knowledge.
* Process Automation experience (automating security related functions, scans, reports, etc.)
* Linux knowledge.
* Security certifications: CISSP, CISA, Security+ or similar.
System Engineer - Datacenter
Security Engineer Job In Cincinnati, OH
Encore Technologies is seeking a Datacenter Engineer/Architect to join our team in Cincinnati, OH. This is a salaried position that includes competitive compensation and a strong benefits package.
Encore Technologies is a customer-centric provider of comprehensive IT solutions. We specialize in Data Center Infrastructure, Managed Services, Professional Services & Staffing, Cloud Computing, Networking & Collaboration, Cybersecurity, DevOps & Automation, and Apple services. At Encore, we are committed to building a long and enduring relationship with our employees and to creating an environment that rewards and empowers. Our mission is to constantly exceed our employees' expectations in the same way that we strive to exceed our clients' expectations. We offer an environment that celebrates innovation and helps you to achieve a good balance between your professional and personal life. We strive to be an employer of choice!
The Datacenter Engineer/Architect is an engineering forward position focused on virtualization infrastructure solutions and business outcomes for our clients. The ideal candidate will be a senior level datacenter consulting engineer with 5+ years of compute/storage/virtualization datacenter solution design and delivery experience. The individual must be self-motivated, and results focused and will be responsible for working with project managers to lead projects to completion as well as mentoring junior engineers and providing architectural guidance for the datacenter practice.
Duties and Responsibilities:
· Engineering, installation, and configuration of datacenter virtualization solutions
· Solution design, deployment, and documentation for, server systems, virtualization software and hypervisors, storage and storage networking, and data protection/BC/DR solutions
· Assist pre-sales in solution engineering and professional services estimation
· Assist other engineers in low-level design and deployment
· Actively participate during the project transition phase to perform knowledge transfer and documentation.
· Provide technical analysis, integration expertise and critical data analysis related to system architecture.
· Assist with troubleshooting and resolution of infrastructure reported incidents, participate and lead Root Cause Analysis process.
· Work with customer and 3rd party vendor technical solution engineers toward resolution of incidents.
· Maintain high level of customer satisfaction.
Required Skills:
· A minimum of 5 years' experience in a technical or data center support role.
· Highly skilled and proficient in data center experience in installing/moving equipment, cabling, and communicating requirements to field engineers.
· Cisco UCS and Dell hardware configuration, installation, and maintenance experience.
· Strong understanding of multi-tiered storage concepts, protocols, and architectures such as FC SANs, iSCSI, NAS, CIFS and NFS.
· Pure Storage, NetApp ONTAP/E-series, DellEMC PowerStore/Unity/Isilon
· Strong understanding of VMware vSphere architecture and design
· VMware vSphere 6.x/7.x, VSAN and OpsManager
· Cohesity DataProtect, Veeam Backup and Recovery, Dell Avamar/DataDomain
· Windows Networking and general TCP/IP networking.
· Familiarity with configuring Microsoft Windows, and various versions of Linux.
· Excellent customer service skills, written and verbal
· Ability to work independently and provide direction to other engineers.
· Certifications are highly desirable: VMware VCP, Pure, Dell, NetApp, Brocade, Cisco UCS/MDS
Encore Talent Solutions is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences within our workforce.
Senior API Security Engineer Company Hidden Finance Cincinnati, OH Developer 1 Opening Posted today $1,000 reward per hire
Security Engineer Job In Cincinnati, OH
**Senior API Security Engineer** Company Hidden Finance Cincinnati, OH Base pay $12,345 - $678,910 or to view salary and company information Developer Contract 1 Opening $1,000 reward per hire **About this Role** Agility Partners is seeking a qualified Senior API Security Engineer to fill an open position with one of our banking clients. This is an exciting opportunity to play a critical role in shifting left the technology development by securing APIs and mitigating security risks. This role requires extensive experience in API security and a strong understanding of IT security best practices.
Responsibilities:
* Participate in technical discussions to identify API security risks and establish API security scanning strategies.
* Write and define API patterns and create business and security requirements with a focus on threat modeling.
* Collaborate with technical and business stakeholders to address Information Security risks while meeting business objectives and regulatory requirements.
* Provide expertise and support on decisions and priorities regarding the enterprise's overall Information Security strategy and posture.
**Benefits and Perks**
Work within a collaborative team environment where ideas and creativity are welcomed! Family and Work Life balance are important to this organization and valued for the employees.
* Working for an organization that focuses on company culture, inclusion and diversity
* 50% medical coverage for you and your entire family, short/long term disability and life insurance options
* 401(k)
* Life Insurance
* Disability coverage
**The Ideal Candidate**
* 8+ years of engineering or other IT/Security work experience relevant to the position.
* Extensive experience designing, developing, and implementing serverless solutions within AWS.
* Extensive development experience with different API capabilities and building and deploying CI/CD pipelines.
* 5+ years of interdisciplinary experience in 4 or more of the following: Access Control Systems, Application Security, Application SDLC, Operating Systems, Cryptographic Controls, API Security, API Scanning, secure development tools, and Networking.
Share this job. Make $1,000.
When a friend applies to this position and gets hired, you'll get credited with a referral reward!*
*Reward paid upon hire of your candidate according to our Recruiting Agreement Policy (see right).
Cyber Security Engineer
Security Engineer Job In Dayton, OH
Applied Research Solutions is seeking a full-time Cyber Security Engineer, located at Wright-Patterson AFB, OH support the ISR Crosscutter program.
Why Work with us?
Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support. Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.
Responsibilities Include:
The Contractor shall provide expert weapons system cybersecurity guidance and recommendations to program engineers, program managers, acquisition security program executive officer, Milestone Decision Authority (MDA), and AO.
The Contractor shall have current and demonstrated background related to supply chain risk management to prevent an adversary subverting weapon systems and critical networks.
The Contractor shall translate and provide comprehensive NIST 800-53 requirements to ensure SSE and procurement solutions are incorporated into an integrated program protection scheme based upon known or anticipated risks. Knowledge of systems engineering principles, network architecture analysis, verification and validation of requirements, and understanding the risk management process and understanding of the operational context of weapon systems employment is critical.
The Contractor shall provide subject matter expertise to support the AFPEO's intent to execute RMF to support assessment & authorization of assigned systems including generating required artifacts such as Interim Authority to Test (IATT), Authority to Connect (ATC), and Authority to Operate (ATO) packages as well as associated reports and presentations.
The Contractor shall have verifiable experience with Authorization Officials (AOs), their associated action officers and their processes, preferably for platform systems.
The Contractor shall execute risk reduction based policies and procedures, and develop system specific comprehensive cybersecurity processes to include implementation of continuous monitoring.
The Contractor shall document system architectures, utilizing original equipment manufacturer documentation and system interface specifications, to support the cyber analysis, identification, selection, and tailoring of security and privacy controls necessary to protect the system.
The Contractor shall provide expert level evaluation of designs and proposed implementation solutions to defend weapon systems and critical networks against malicious and non-malicious exploitation throughout the full acquisition lifecycle of portfolio programs. The Contractor shall evaluate threat data and develop residual risk recommendations and mitigations to senior DoD and AF leadership based on identification and analysis of weapons vulnerabilities.
The Contractor shall review and analyze interoperability requirements and shall review, develop and evaluate resultant specifications and internal and external Interface Control Documents (ICDs).
The Contractor shall review and propose technical recommendations at both the strategic and operational levels regarding critical technologies requiring protection, Program Protection Plans (PPP), and anti-tamper (AT) plans, cyber findings, vulnerabilities, and risks.
The Contractor shall conduct technical evaluations on vendors' proposals to ensure that cybersecurity requirements are properly addressed.
The Contractor shall assist and advise various working groups, planning teams and IPTs by preparing and reviewing agendas, coordinating topics and speakers, and researching, tracking and closing action items.
The Contractor shall support multiple systems security working groups to develop a secure, resilient aircraft based on SSE principles.
The Contractor shall provide expert identification, documentation, and assessment of threats, cyber findings, vulnerabilities, attack scenarios, impacts if exploited, and likely timelines for exploitation.
The Contractor shall provide stakeholders with on-time deliverables, RMF artifacts, cyber impact assessments, and approaches to meet growing ISR & SOF requirements.
The Contractor shall deliver solutions which are ready for the AO approval under significantly reduced timelines required by special operations and quick reaction capability programs.
The Contractor shall ensure that contractual documentation, such as statements of work, CDRLs, and SRDs, incorporate cybersecurity requirements that support the development of the assessment and authorization process.
The Contractor shall be able to support up to 33% of contract time on travel to support remote site, site visits, site audits, design reviews and engineering implementation reviews of network architectures.
Other duties as assigned
Qualifications/Technical Experience Required:
Must be a US Citizen
Top Secret clearance required
The Contractor must have demonstrated expert level DoD acquisition processes experience related to acquisition platform and sensor cybersecurity engineering along with an expert understanding of Risk Management Framework (RMF), Cybersecurity strategies, developing cyber resilient systems of systems (SoS), systems engineering, network engineering, and technical interface design to ensure weapon systems meet cyber resilient and Systems Security Engineering (SSE) criteria.
Senior level cybersecurity positions will require IAT level 3 and/or level 2 certifications. be DoD 8570 certified and have a current T-5 special sensitive eligibility on the first day of the task order.
The DoD directive 8570 Information Assurance Technical Level 3 (IAT III) or Information Assurance Management Level 3 (IAM III) certification must be achieved within one year of the task order start date; and maintained throughout the period of performance.
Senior: Possesses the advanced knowledge, experience and recognized ability to be considered an expert in their technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and journeyman personnel within the technical/professional discipline. Will demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures and practices in their area of expertise. (Program Office, Enterprise and Staff Level Support interface)
Functionally Aligned Minimum Recommended Education and Experience:
Advanced Degree (Master of Arts (MA) / Master of Science (MS)) and 12 years of experience in the respective technical / professional discipline being performed, five years of which must be in the DoD
OR, BA/BS degree and 15 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoD
OR, 20 years of directly related experience with proper certifications as described in the Functionally Aligned Job Descriptions, eight of which must be in the DOD.
All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals based on disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.
Information Security Analyst 3, Digital Technology Solutions
Security Engineer Job In Cincinnati, OH
Information Security Analyst 3, Digital Technology Solutions University of Cincinnati Posted: December 10, 2024 Location: Cincinnati, Ohio **Current UC employees must apply internally via *SuccessFactors*** Assist in performing procedures and provides technical solutions that serve to provide appropriate access to and protect systems from unauthorized users.
****Essential Functions****
* Assist with developing strategies to achieve organizational goals; understand organization's strengths and weaknesses; analyze potential risks and opportunities; adapt recommendations to changing conditions and aligns with best practices.
* Help facilitate large collaborative teams to achieve organizational goals.
* Support community communication efforts, presenting security insights to leadership.
* Develop technical documentation (designs, specifications, processes, workflows) and communications.
* Develop and validate baseline security configurations for operating systems, applications, networking, and telecommunications equipment.
* Participate in multiple, moderate- to high-risk projects.
* Work with a team to advance project goals and provide technical help and subject matter expertise. Actively engage in project support and solutioning.
* Share technical knowledge with teammates and help solve more complex problems.
* Document individual progress on assigned deliverables.
* Gather, maintain, and validate metrics for area of responsibility.
* Mentor student workers and junior employees.
* Carry out procedures to ensure that all systems, products, and services meet organization security standards. Recommend procedural improvements.
* Research information security trends to maintain technical understanding of the latest vulnerabilities and threats.
* Assist with providing artifacts to Governance, Risk & Compliance in relation to internal & external audits.
* Independently work with business units to achieve security objectives and identifies, reports, and resolves security risks and violations.
* Perform cyber investigations through forensic fact gathering with a focus on e-discovery.
* Analyze high volumes of logs, network data, and other attack artifacts in support of incident investigations.
* Provide guidance and technical expertise as needed for information security training and awareness programs.
* Participate in troubleshooting processes during and outside of normal business hours and participate in change management and root cause analysis.
* Mentor others regarding risk management, information security controls, incident analysis, incident response, monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Office of Information Security (OIS).
* Serve as an expert resource to others.
* Perform related duties based on departmental need. This job description can be changed at any time.
****Required Education****
Bachelor's Degree in Computer Science, Information Technology, Computer Engineering, or related field.
Eight (8) years of relevant work experience and/or other specialized training can be used in lieu of education requirement.
****Required Experience****
* Two (2) years of related experience
* Advanced knowledge of security tool administration.
* Moderate project management skills.
* Experience with system administration.
* Experience with network architecture or some level of related technical training.
* Advanced understanding of risk and vulnerability management.
* Experience with incident response.
* Advanced knowledge of industry standard security and compliance frameworks.
****Additional Qualifications Considered****
This position will primarily work in the area of information security operations. The ideal candidate will have experience in the field of information security operations. Responsibilities may include, but are not limited to: endpoint security, full-disk encryption, multi-factor authentication, security incident and event management (SIEM), SSL and client certificate management, vulnerability management, privileged access management, password management, system/application administration for security related technologies, as well as departmental customer service via enterprise incident ticketing system and departmental mailboxes, and supervision/mentorship of co-op and student workers.2. CISSP, CISM, GISP or similar information security certification(s) are preferred.
****Physical Requirements/Work Environment****
* Sitting - Continuously
* Repetitive hand motion (such as typing) - Continuously
* Hearing, listening - Continuously
* Talking - Continuously
* Standing - Seldom
* Walking - Seldom
* Bending - Seldom
* Stooping - Seldom
* Climbing stairs/ladders - Seldom
* Kneeling, squatting - Seldom
* Crouching - Seldom
* Crawling - Seldom
* Reaching overhead - Seldom
* Pulling, pushing - Seldom
* Lifting - up to 20 pounds - Seldom
* Lifting - up to 50 pounds - Seldom
* Lifting - over 50 pounds - Seldom
**Compensation and Benefits**
UC offers a wide array of complementary and affordable benefit options, to meet the financial, educational, health, and wellness needs of you and your family. Eligibility varies by position and FTE.
* Competitive salary range of $76,000 - $86,000 dependent on the candidate's experience.
* Comprehensive insurance plans including medical, dental, vision, and prescription coverage.
* Flexible spending accounts and an award-winning employee wellness program, plus an employee assistance program.
* Financial security via our life and long-term disability insurance, accident and illness insurance, and retirement savings plans.
* Generous paid time off work options including vacation, sick leave, annual holidays, and winter season days in addition to paid parental leave.
* Tuition remission is available for employees and their eligible dependents.
* Enjoy discounts for on and off-campus activities and services.
For questions about the UC recruiting process or to request accommodations with the application, please contact Human Resources at ***********.
**The University of Cincinnati is an Equal Opportunity Employer.**
REQ: 97767
HISTORY IN BRIEF - The University of Cincinnati is a public urban serving research institution that was founded in 1819 and today is one of the country's largest universities offering more than 350 academic programs to more than 44,000 students. UC has many top ranked programs in areas such as Music and Arts, Medical and Human-Services, Criminal Justice and more. Located in an urban setting, UC is close to the heart of Cincinnati and allows easy access for students to enjoy all that the city offers. UC is also the alma mater of many notables such as President William Howard Taft; Albert Sabin, developer of the oral polio vaccine; Astronaut Neil Armstrong and Mary Weinberg, 2008 Olympic gold medalist. UC is classified as a Research University (Very High Research Activity) by the Carnegie Commission and is ranked as one of America's top 35 public research universities by the National Science Foundation. UC jumped 17 spots in the U.S. News & World Report rankings in the past two years alone. In addition to being named a “green university” by Princeton Review, UC has been named one of the world's most beautiful campuses by Forbes and Delta Sky magazines. Learn more at ******************** N STATEMENT - The University of Cincinnati serves the people of Ohio, the nation, and the world as a premier, public, urban research university dedicated to undergraduate, graduate, and professional education, experience-based learning, and research. We are committed to excellence and diversity in our students, faculty, staff, and all of our activities. We provide an inclusive environment where innovation and freedom of intellectual inquiry flourish. Through scholarship, service, partnerships,
Strategic Cyber Security Engineer and Subject Matter Expert
Security Engineer Job In Dayton, OH
Applied Research Solutions is seeking an energetic and experienced full-time Strategic Cyber Security Engineer and Subject Matter Expert to support our customer at the Air Force Research Laboratory located at Wright-Patterson AFB. The Cyber Security Engineer will be supporting a cutting-edge program in the development of cyber security strategy and assist in the development of related program protection plans and support program related RMF processes.
Why Work with us?
Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support. Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.
Responsibilities include:
+ Aid in developing cyber strategy and designing anti-tamper solutions for weapon systems (hardware and software).
+ Draft and staff specific cybersecurity assessment and authorization artifacts for military programs:
+ S&T (or Program) Protection Plan
+ Anti-Tamper Plan
+ Cybersecurity Strategy,
+ DevSecOps CONOPS including SAST and DAST, and
+ RMF/ATO Artifacts.
+ Provide cyber security technical expertise related to preparation, processing and approval of IATT/ATO documents in support of the AFRL programs of interest.
+ Advise and contribute to the production of documentation and other artifacts related to DISA approvals and RMF approvals.
+ Lead discussions and execute processes for approvals of candidate solutions.
+ Engage with other contractors to share technical data necessary to guide the development of system architectures.
+ Participate in technical interchanges with relevant team members as necessary
+ Support and/or lead associated cyber security working groups and/or IPTs.
+ Other duties as assigned
Qualifications/ Technical Experience Requirements:
+ Must be a US citizen
+ Must have an active TS with SCI eligibility
+ BA/BS degree in relevant field and a minimum of 8-10 Years' relevant experience required, MS preferred.
+ Security+ required, CISM preferred, CISSP very desirable.
+ Demonstrated experience in developing strategy for designing anti-tamper solutions for weapon systems (hardware and software)
+ Demonstrated experience in developing cyber security assessments and authorization artifacts for military programs.
+ Demonstrated experience developing and staffing cyber security, and cyber-related, plans.
+ Experience with DevSecOps including use of Gitlab on Agile software development programs or software factories, where software was taken from development to production.
+ Demonstrated and recent experience with Risk Management Framework (RMF) and RMF tools
+ Demonstrated experience leading working groups, teams and IPTs.
+ Ability to work efficiently on teams and also individually with minimal supervision.
+ Strong analytical, communication, and attention to detail skills
+ Familiarity with key cyber security policies and national security counterterrorism objectives.
All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)