Security engineer jobs in Ellicott City, MD

MANTECH seeks a motivated, career and customer-oriented Cyber Security Engineer Lead to join our team in Springfield, VA. The Cyber Security Engineer Lead is responsible for the detection, identification, analysis, and reporting of cyber threats, intrusions, anomalous activities, and potential misuse of systems. This role supports the protection of customer's digital assets and sensitive data through the administration, monitoring, and continuous improvement of cybersecurity technologies and processes. Responsibilities include but are not limited to: Threat Detection & Response: Identify, assess, and report potential cyber-attacks, intrusions, and abnormal system behaviors. Participate actively in incident response and recovery activities. Technology Administration: Administer and maintain systems supporting Identity Management, Privileged User Access, Access Control (firewall), End Point Protection, Internet Protection, Vulnerability Scanning, and Security Information and Event Management (SIEM) tools. Mitigation & Remediation: Develop and implement enterprise-level mitigation strategies to address complex vulnerabilities. Operational Support: Ensure proper installation, testing, patching, upgrading, and performance of cybersecurity tools and applications. Maintain system resiliency and availability across all managed technologies. Policy Enforcement & Compliance: Enforce cybersecurity policies, standards, and best practices in alignment with ManTech's security framework and regulatory requirements. Leadership & Collaboration: Lead or participate in cross-functional projects and initiatives. Provide technical mentorship and subject matter expertise to junior team members.; Continuous Improvement: Interpret internal and external cybersecurity trends and business challenges; recommend and implement innovative solutions to strengthen the enterprise security posture. Monitor intrusion detection and prevention systems and other security event data sources; determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. Minimum Qualifications: Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or a related Cyber Security field. Certified Information Systems Security Professional (CISSP) certification (required within 6 months of assignment to the position, otherwise failure to obtain certification within 6 months of assignment to the position may result in removal). 8+ years of relevant cybersecurity experience, including hands-on technical administration and operational security support. Strong analytical and problem-solving abilities Deep knowledge of cybersecurity frameworks, principles, and technologies Proficiency in SIEM, endpoint protection, and identity management tool Must be able to travel up to 25% Preferred Qualifications: Have a good understanding of DISA compliance directives and recommend having knowledge of the JSIG. Ability to lead small teams or projects Excellent communication and influence skills; Strong judgment in identifying and mitigating security risks Correlate data from intrusion detection and prevention systems with data from other sources Clearance Requirements: Must have current/active TS/SCI with the ability to obtain and maintain a Yankee White security clearance Physical Requirements: Must be able to remain in a stationary position 50% The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer. The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

Are you interested in developing advanced radar systems to make an impact on our nation's defense? Do you want to be part of an enthusiastic team dedicated to advancing the state of the art in radar systems? How about contributing to the design and test algorithms for defense against missiles, including but not limited to Hypersonics? If so, we're looking for someone like you to join our team at APL! We are seeking a creative and highly motivated problem solver to help us develop and analyze advanced radar systems within the Air and Missile Defense Sector, the Sensor Systems Engineering Group (A2B). You will work with other APL engineers as well as outside prime contractors and government sponsors. You will engage with a hardworking and enterprising team of scientists and engineers working to develop high-impact solutions for the Nation's defense. We are committed to excellence and strive to cultivate an environment of collaboration, coordination, creativity, and initiative. We value earnest communication, technical effort, and positive mindsets. Be part of a team of talented engineers tackling national security challenges! As a Radar Systems Engineer, you will... Conduct analysis of radar systems utilizing existing high fidelity radar system to understand capabilities and limitations of systems under highly variable operational conditions Research and develop realizable solutions to gaps and opportunities identified through modeling, simulation, and analysis Provide insightful documentation on analysis findings and new concepts Interact with sponsors to understand program priorities, share analysis results, and introduce new concepts Participate in design reviews, technical interchanges, working groups, and program status meetings, either as a presenter or as a reviewer Participate in meetings and collaborations at Navy and vendor locations Have the opportunity to develop and propose ideas for APL Internal Research and Development funding Qualifications You meet our minimum qualifications for the job if you... Have a Bachelor of Science degree in Physics, Mathematics, Electrical Engineering, Computer Science, Computer Engineering or related technical field Have at least 1-year of experience in Aerospace, Hypersonics, Radar, or RF systems Have familiarity with Python, MATLAB, MATLAB Toolboxes, and Microsoft Office products Possess excellent interpersonal skills and be able to effectively interact with sponsors, management, and working group team members in a fast-paced environment Are able to obtain an Interim Secret, clearance by your start date and can ultimately obtain a Secret level clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship. You'll go above and beyond our minimum requirements if you... Have an M.S. in the fields listed above Have 2+ years experience in Aerospace, Hypersonics, Radar or RF systems Can manage and manipulate large data sets and utilize various machine learning techniques Have experience scripting and coding in a variety of languages, applying signal processing, ML, stochastic processes, AI, or related subject areas to algorithm development for radar domain problems for phased arrays, dense mediums, digital radar, multi-static radar Current Secret clearance with an ability to obtain higher-level clearances About Us Why Work at APL? The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates. At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at ****************************** All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu. The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis. Minimum Rate $85,000 Annually Maximum Rate $180,000 Annually

We are seeking multiple mid-level (5 years minimum) Cyber Defense Incident Responders that are available to work the midnight shift (11pm-7:30am) in a Security Operations Center. Clearance Requirements: Top Secret w/SCI Location: Washington, D.C. Job Description: Coordinate incident response functions. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Perform cyber defense trend analysis and reporting. Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Track and document cyber defense incidents from initial detection through final resolution. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Coordinate with intelligence analysts to correlate threat assessment data. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Basic Qualifications- To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below: Bachelor's degree or higher 5+ years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling Must have,one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP). Strong written and verbal communication skills. Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of system administration, network, and operating system hardening techniques. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. Demonstrated ability to interact effectively with senior management and leadership. Ability to design incident response for cloud service models. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Desired Skills Experience identifying, capturing, containing, and reporting malware. Skill in preserving evidence integrity according to standard operating procedures or national standards. Strong securing network communications experience. Recognizing and categorizing types of vulnerabilities and associated attacks. Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). Experience performing damage assessments. Skill in using security event correlation tools and design incident response for cloud service models.

We are seeking a Cybersecurity Engineer with strong, hands-on experience implementing Data Loss Prevention (DLP) solutions, specifically using Azure Purview and Microsoft Intune. This role requires a technical practitioner who has directly deployed, configured, and operationalized security controls-not just monitored events. The engineer will design and implement secure architectures across cloud and hybrid environments, conduct threat modeling, integrate security into new platforms, and ensure alignment with industry best practices and regulatory frameworks such as NIST 800-53, FISMA, and FedRAMP. The ideal candidate must have 10+ years of experience that brings advanced knowledge of cloud security, IAM, encryption, authentication protocols, and modern DevSecOps practices. Additional responsibilities include developing reusable security patterns, performing architecture reviews, enhancing automation, and partnering with IT teams to mature the organization's security posture. Strong communication skills, deep technical proficiency, and experience with Azure/AWS infrastructures are essential for success in this role. This is an onsite direct hire opportunity in Arlington, VA, no contract, no sponsorship. Relocation assistance provided within the US. LI #HP-1

Come Forge the Future of Machine Identity Security for Operational Technology & Industrial Control Systems Where: Tysons, VA (Hybrid) Supporting: Our CTO At Corsha we're not just selling software; we're fundamentally reshaping how the most critical industrial and operational technology (OT) systems are secured. We're a cyber startup in the DC area, driven by a mission to bring trust, resilience, and identity to the operational systems that power our world - from factories to power grids. We're building the future of machine identity security, and we need a dynamic technical evangelist to join our front lines. Tired of the Status Quo? Ready to Secure the Unseen? Here's your Opportunity: If you're an engineer who thrives on solving hard problems, isn't afraid to get your hands dirty with industrial control systems and sees the immense potential of cybersecurity in unconventional environments, then read on. We move fast, we build for impact, and we need a security visionary to help us secure the machines that matter most. Your Mission: Secure the Industrial Edge We're looking for an OT Security Engineer to be a foundational engineer for our Machine Identity Platform (mIDP), specifically tailored for the unique and challenging landscape of OT systems. Your mission: implement, integrate, and defend the security infrastructure that underpins our cutting-edge solutions, with a heavy emphasis on industrial control systems and OT networks. This isn't just about keeping the lights on. It's about building security architectures that are inherently secure, highly available, and resilient against the most sophisticated threats, often in environments where traditional IT paradigms simply don't apply. You'll be bridging the gap between cutting-edge cybersecurity technologies and the operational realities of factories, power plants, and critical infrastructure. What You'll Be Forging: Architect and Implement OT Security Solutions: Design, deploy, and manage secure architectures for our mIDP, specifically tailored for OT environments. This includes network segmentation, routing, switching, firewall configurations, and intrusion detection systems. ICS/OT System Integration: Be the subject matter expert for integrating our mIDP with industrial control systems. This involves understanding and working with common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). Machine Identity Integration: Collaborate closely with our product and engineering teams to integrate security configurations with our mIDP, ensuring seamless and secure authentication and authorization for OT devices and applications. OT Network Hardening: Implement and enforce robust security best practices, including vulnerability management and access control for OT networks. Troubleshooting and Optimization: Proactively monitor, troubleshoot, and resolve complex security issues across ICS and OT environments. Identify and implement optimizations to enhance system performance, reliability, and security. Automation and Tooling: Develop and implement automation scripts and tools (e.g., Python, Ansible) to streamline provisioning, configuration management, and operational tasks. Documentation and Knowledge Sharing: Create comprehensive documentation, runbooks, and contribute to internal knowledge sharing to ensure maintainability and scalability of our infrastructure. Stay Ahead of the Curve: Continuously research and evaluate new cybersecurity technologies, security trends, and best practices, particularly as they relate to OT and industrial control systems. Collaborate and Mentor: Work closely with cross-functional teams (software engineers, security analysts, product managers) and provide mentorship to junior team members. What You'll Bring: 5+ years of intense experience in OT security or a related role, with a proven track record in complex, high-performance, and high-stakes environments. Deep, demonstrable expertise in industrial control systems and OT environments. You've implemented security products and solutions in real-world ICS/OT environments. Strong proficiency in network security principles: Firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), network access control (NAC), and secure communication protocols. Extensive hands-on experience with OT network architectures and protocols. You're comfortable with physical hardware and understand the nuances of industrial networks. Rock solid understanding of cybersecurity principles: vulnerability management, threat modeling, and incident response. Empathy for OT/ICS environments: You totally get the unique security challenges of Operational Technology, and understand common industrial protocols (Modbus, OPC UA) and architectures (e.g., Purdue Model). This isn't just a "nice-to-have"; it's critical. Proficiency in scripting and automation: Python, Ansible, or similar languages for automating security provisioning and operations. A relentless problem-solver: You thrive on diagnosing and resolving intricate security issues under pressure, with an unwavering focus on root cause analysis. Exceptional communication and collaboration skills: You can articulate complex technical concepts clearly and work seamlessly with cross-functional teams. Bachelor's degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience. Self-starter with an insatiable curiosity: You're eager to learn, adapt, and drive solutions in a rapidly evolving, high-impact startup environment. Bonus Points For: Experience with specific machine identity solutions (PKI, certificates, secrets management). Hands-on experience with Kubernetes Knowledge of software-defined networking (SDN) solutions. Relevant industry certifications (e.g., CISSP, GICSP, CISM). Experience in a fast-paced startup environment. Why Forge your Path with Corsha? Real-World Impact: Your work won't just sit on a server; it will actively defend the critical operational systems that underpin our society. This is an opportunity to make a tangible, immediate difference. Bleeding Edge: Be at the forefront of securing the intersection of cybersecurity, machine identity, and OT. We're defining the future, not just following trends. Growth & Ownership: This is a startup - your contributions will directly shape our product, our culture, and our success. You'll work with incredible people that care and have impact. Culture of Innovation: Join a team of brilliant, passionate engineers dedicated to solving the hardest problems. We foster a collaborative, intellectually stimulating, and supportive environment. Competitive Compensation & Benefits: Wellness days, Generous PTO, Company-covered healthcare, 401k matching, paid parental leave, and of course snacks, lunches, and sustenance. Ready to step up and secure the critical future of identity? Join Our Mission Today. Reach out to us with your resume and why you think you'd make a stellar Corshian to *****************. We are an Equal Opportunity Employer and reasonable accommodations may be made to enable individuals with disabilities.

Job Title: Senior Azure Security Engineer Rate: $80/Hr. w2 Job Qualifications: Skills: Security Controls, Security Tools, System Security Certifications: Active DoD 8570 IAT Level II Certification (Security+, CISSP, CISM) Experience: 10+ years of related experience Clearance Level Must Currently Possess: Secret Clearance Level Must Be Able to Obtain: None Job Description: Information Security Analyst Duties and Responsibilities: Design, implement, and maintain secure cloud architectures within Azure Government Secret classified environments Enforce zero trust principles, role-based access control (RBAC), and identity federation (e.g.,Azure AD B2B/B2C with CAC/PIV) Configure and manage security controls such as Microsoft Defender for Cloud, Key Vault, Azure Policy, NSGs, and Private Endpoints Automate compliance and security operations using PowerShell, Terraform, or ARM templates Integrate SIEM/SOAR tools (e.g., Microsoft Sentinel for IL6) for continuous monitoring, logging, and incident response Conduct vulnerability assessments and implement remediations aligned to NIST 800-53, DoD STIGs, and JSIG Collaborate with mission owners, compliance teams, and developers to ensure secure DevSecOps pipelines Support Authority to Operate (ATO) processes by generating security documentation, control evidence, and supporting audits Navigate federal systems through the authorization process to achieve and maintain Authority to Operate (ATO) Work with the ISSO, Program and DOC ITD IA teams to maintain the necessary security authorizations Develop comprehensive System Security Plans (SSPs) documenting all implemented NIST 800-53 controls Coordinate security assessments with third-party assessors Manage Plans of Actions & Milestones (POA&Ms) for addressing identified vulnerabilities Ensure continuous monitoring plans meet agency requirements Prepare authorization packages for government review Maintain ongoing compliance through change management processes Serve as the liaison between technical teams and authorizing officials Translate security requirements into actionable tasks Ensure all documentation meets the rigorous standards required for federal information systems Information Security Analyst Requirements and Qualifications: Bachelor's degree in information systems security; master's degree or equivalent professional experience in information security is preferred Active Secret clearance 5+ years in cloud security, including 2+ in Azure Government or DoD environments Strong knowledge of Azure-native security tools, IL6 data handling, and cloud networking Proficient in scripting (PowerShell, Python, or Bash) and Infrastructure as Code (ARM, Bicep, Terraform) Experiences with DoD SRG, FedRAMP High, JSIG, and ICD 503 compliance frameworks Hands-on experience with classified enclaves, hardened images, and enclave-to-enclave connectivity Comprehensive knowledge of corporate Systems/Solutions Architecture processes and trends Strong leadership, organizational, and communication skills Secret Clearance to start Knowledge of Agile software development process Required Technical Skills: SCAP, STIG, Patching, eMASS, and related RMF tools Cybersecurity, Systems Administration, implementation of RMF tools and processes Experience with gaining an ATO for systems and working the systems through the assessment and authorization process Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic email and access-list Excellent communication skills Experience working in Agile software development teams Experience with secure development, coding and engineering practices Experience with Cybersecurity, Information Security, and Information Technology Security processes, protocols, and procedures. Experience 10 years of relevant experience * may vary based on technical training, certification(s), or degree Experience with Cloud Security Experience working with leading firewall, network scanning and authentication technologies Experience working with internet, web, application and network security techniques Experience in Agile methodology Experience in Jira to support development team in agile environment Experience working in Federal or State government environments Ability to work independently and remotely Certification: Active DoD 8570 IAT Level II Certification (Security+, CISSP, CISM) Travel Required: Little to no travel anticipated (may be required upon customer request)

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Develops acceptance criteria for cybersecurity architecture. Investigates computer and information security incidents to determine extent of compromise to national security information and automated information systems. Assists with defining security objectives and system-level performance requirements. Researches and stays abreast of tools, techniques, countermeasures, and trends in computer network vulnerabilities. Configures and validates secure systems, tests security products/systems to detect computer and information security weaknesses. Maintains the computer and information security incident, damage and threat assessment programs. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Involved in the periodic conduct of a review of each system's audits and monitors corrective actions until all actions are closed. Supports the development of integrated system solutions ensuring proprietary/confidential data and systems are protected. Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Minimum Qualifications Bachelor's Degree in Computer Science or a related field or equivalent experience. 2-4 years of experience in systems security. Other Job Specific Skills Must be able to communicate effectively and clearly present technical approaches and findings. Exercises a limited degree of latitude in determining technical objectives of assignments. Excellent attention to detail. Must be able to balance multiple tasks simultaneously. #cjpost

BASIC FUNCTION: The Senior Cybersecurity Engineer is responsible for safeguarding the client information systems, digital assets, and technology infrastructure. This role designs, deploys, and maintains advanced cybersecurity solutions that protect patient data, clinical systems, and enterprise applications. The Senior Cybersecurity Engineer ensures the client's technology environment remains secure, compliant, and resilient against emerging threats. This position combines hands-on technical expertise with strategic leadership, driving initiatives that enhance cybersecurity maturity and operational readiness across on-premises, hybrid, and cloud environments (e.g., Azure, AWS). The role is pivotal in incident response, risk management, and ongoing improvement of security controls in alignment with hospital policies and regulatory standards such as HIPAA, NIST 800-53, and ISO/IEC 27001. Salary: $130-140k Employment Type: Full-time, direct hire Location: Onsite 3 days/week, remote 2 days/week in Washington DC SUPERVISORY ACCOUNTABILITIES: This role does not have direct supervisory responsibility but may provide technical guidance and mentorship to junior cybersecurity staff, contractors, and project teams. The Senior Cybersecurity Engineer may lead cross-functional implementation teams and coordinate security initiatives with other IT departments. NATURE AND SCOPE: Operating in a fast-paced, high-impact healthcare technology environment, the Senior Cybersecurity Engineer reports to the Senior Director of Cybersecurity and collaborates with colleagues across Technology Services, including Infrastructure, Applications, Network Operations, and Compliance. Internal contacts include hospital administrators, clinical and research staff, faculty, and IT personnel. External contacts include technology vendors, auditors, and regulatory agencies. The role requires strong analytical skills, proactive threat awareness, and the ability to balance operational needs with strategic security objectives in a mission-critical healthcare setting. PRINCIPAL ACCOUNTABILITIES: Security Operations & Incident Response Monitor, analyze, and respond to security alerts, incidents, and anomalies across hospital systems. Conduct vulnerability assessments, penetration tests, and threat-hunting activities to identify and mitigate risks. Investigate and document security incidents, performing root cause analyses and recommending remediation measures. Utilize SIEM, EDR, and IDS/IPS platforms (e.g., CrowdStrike, Microsoft Sentinel) to enhance continuous monitoring. Security Engineering & Architecture Design, implement, and manage enterprise cybersecurity controls, including firewalls, NAC, DLP, CASB, and endpoint protection systems. Support secure configuration management using CIS Benchmarks and STIGs. Implement and maintain identity and access management (IAM), multifactor authentication (MFA), and privileged access controls. Integrate security practices into DevOps processes and CI/CD pipelines (DevSecOps). Support the adoption and enforcement of Zero Trust Architecture principles across hybrid and cloud environments. Governance, Risk, and Compliance Ensure adherence to cybersecurity frameworks and regulatory standards, including HIPAA, NIST 800-53, ISO/IEC 27001, PCI DSS, and GDPR. Contribute to the creation and maintenance of security policies, procedures, and documentation. Support internal and external audits, risk assessments, and compliance reviews. Participate in disaster recovery and business continuity planning activities. Collaboration, Training, and Awareness Collaborate with IT, Compliance, and Clinical Operations to integrate security into all technology operations. Provide mentorship and technical guidance to IT staff and cybersecurity personnel. Develop and deliver training on secure computing, phishing prevention, and data protection best practices. Communicate complex technical concepts clearly to diverse audiences, promoting shared responsibility for security. CORE COMPETENCIES: Strategic Thinking: Align cybersecurity initiatives with hospital priorities and risk management goals. Technical Expertise: Deep knowledge of enterprise and cloud security controls, architectures, and technologies. Incident Response: Skilled in threat analysis, vulnerability mitigation, and incident management. Collaboration: Strong interpersonal and communication skills for cross-departmental teamwork. Innovation: Ability to evaluate emerging tools, techniques, and threat intelligence for proactive defense. Compliance Knowledge: Familiarity with HIPAA, NIST, ISO 27001, PCI DSS, and related standards. Problem Solving: Detail-oriented and methodical approach to resolving complex security challenges. Adaptability: Capable of managing multiple priorities and responding quickly to evolving threats. MINIMUM REQUIREMENTS: Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field required. Master's degree in Business Administration, Cybersecurity, or related discipline preferred. Experience: 7-10 years of progressive experience in information security, with at least 5 years in a security engineering role. Proven experience securing hybrid infrastructures, including on-premises systems and cloud environments (Azure, AWS, GCP). Hands-on expertise with enterprise tools such as Microsoft Defender Suite, Cisco ISE, CrowdStrike Falcon, and Azure Sentinel. Proficiency in scripting languages (e.g., PowerShell, Python) for automation and threat analysis. Certifications (one or more preferred): CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CCSP (Certified Cloud Security Professional) AWS Certified Security - Specialty Microsoft Certified: Azure Security Engineer Associate SABSA or TOGAF (preferred)

Employment Type: Full-Time Strategies SteerBridge Strategies is a CVE-Verified, Service-Disabled Veteran-Owned Small Business (SDVOSB) delivering a broad spectrum of professional services to the U.S. Government and private sector. Backed by decades of hands-on experience in federal acquisition and procurement, we deliver agile, best-in-class commercial solutions that drive mission success. Our strength lies in our people-especially the veterans whose leadership, discipline, and dedication shape everything we do. At SteerBridge, we don't just hire talent-we empower it. We cultivate meaningful career paths for those who have served and for those who share our commitment to excellence, innovation, and service. Position Overview SteerBridge Strategies is seeking a highly accomplished Security Architect to support our Modern Disability Claims (MDC) initiative-a transformative effort to modernize claims processing systems for the Department of Veterans Affairs (VA). This mission-critical project enhances the security, reliability, and operational efficiency of systems entrusted with sensitive Veteran information. As the Security Architect, you will serve as a strategic and technical authority, guiding cybersecurity architecture across cloud and hybrid environments, ensuring compliance with federal and VA mandates, and fortifying the systems that safeguard the data of those who have served our nation. This is a rare opportunity to apply your expertise at scale while shaping the future of secure digital services for millions of Veterans. Key Responsibilities Architect secure, scalable, and resilient solutions across cloud and hybrid infrastructures supporting VA claims systems. Partner with engineering, infrastructure, and compliance teams to embed secure design principles throughout the system lifecycle. Develop, maintain, and continuously refine System Security Plans (SSPs); lead all phases of the ATO process. Interpret and apply NIST 800-53, NIST 800-171, FedRAMP High, and VA-specific cybersecurity requirements across system and data environments. Lead full RMF lifecycle activities-from system categorization through continuous monitoring and ongoing authorization. Conduct comprehensive risk assessments, gap analyses, and vulnerability remediation planning. Oversee the creation of cyber policies, technical documentation, audit-ready control evidence, and security reporting. Coordinate and participate in security audits, penetration tests, incident response actions, and forensic investigations. Serve as a subject matter expert in data protection, encryption technologies, identity/access controls, and secure SDLC best practices. Collaborate with ISSOs, ISSEs, and federal security teams to ensure seamless security alignment and compliance. Required Qualifications U.S. Citizenship required Bachelor's or Master's degree in Cybersecurity, Information Systems, or a related field Active Secret clearance or ability to obtain one 10+ years of cybersecurity architecture experience in federal or large enterprise environments Deep expertise in NIST 800-171, NIST 800-53, FedRAMP, and federal cybersecurity frameworks Proven experience developing ATO packages and leading security authorization activities Strong background in system hardening, network security, encryption protocols, and secure SDLC Experience architecting secure solutions in AWS, Azure, and/or GCP environments Exceptional written and verbal communication skills with the ability to produce audit-ready documentation Experience coordinating with ISSOs, ISSEs, federal security teams, and cross-functional engineering groups Preferred Qualifications Certifications such as CISSP, CAP, CISM, or equivalent Cloud architecture experience or cloud-related certifications Familiarity with VA security requirements, VAEC, and Veteran-focused IT systems Hands-on experience designing solutions to FedRAMP High baselines Benefits Health Insurance Dental Insurance Vision Insurance Life Insurance 401(k) Retirement Plan with Company Matching Paid Time Off (PTO) Paid Federal Holidays A competitive salary commensurate with experience will be offered. Equal Opportunity Commitment SteerBridge Strategies is proud to be an Equal Opportunity Employer. We are committed to fostering a diverse and inclusive workplace where all qualified applicants and employees are treated with respect and dignity-regardless of race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation, or any other characteristic protected by law. We also provide reasonable accommodations for individuals with disabilities. If you require assistance during the application process, please reach out so we can support your needs.

Title: Safety & Security Data Analyst Duration: 6+ months contract At Cogent Infotech, we believe in creating opportunities that empower individuals and transform organizations. With over 21 years of excellence in consulting and talent solutions, we pride ourselves on building inclusive workplaces and driving innovation in everything we do. Our diverse teams bring unique perspectives to help deliver cutting-edge solutions to global clients across both public and private sectors. Position Summary The Client is responsible for collecting and analyzing safety and security data to support operational decision-making. To assist with this mission, requires an entry-level data analyst to help gather, organize, and maintain accurate data records, perform basic analysis, and produce clear reports that support safety and security initiatives. Key Responsibilities Entry-level Safety & Security Data Analyst to support the data collection and reporting needs. Responsibilities include: Gathering and organizing safety and security data from multiple sources. Maintaining accurate records and ensuring data integrity. Performing basic data analysis using Microsoft Excel (pivot tables, charts, formulas). Creating simple reports, charts, and summaries to support decision-making. Collaborating with internal teams to collect and validate data. Required Qualifications and Skills Strong proficiency in Microsoft Excel. Experience with data collection and basic reporting. Attention to detail and ability to maintain accurate records. Good communication skills and ability to work in a team environment. Ability to maintain confidentiality and protect the integrity of sensitive and proprietary data. Preferred: Familiarity with basic data visualization techniques. Familiarity with Python and SQL is a plus. Familiarity with Microsoft PowerBI and DAX queries is a plus. Exposure to safety, security, or transportation-related data is a plus. Equal Opportunity & Inclusion Statement Cogent Infotech is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment where everyone feels welcome and valued. We encourage applications from individuals of all backgrounds, identities, abilities, and experiences. If you're excited about this role but don't meet every requirement, we still encourage you to apply. Application Process Please submit your resume and a short cover letter through our online portal. Our process includes an initial resume review, a virtual interview, and a short technical assessment. If you need accommodations, feel free to inform us-we are happy to assist. Join Us At Cogent Infotech, your ideas matter. Join a purpose-driven organization that celebrates diversity, encourages collaboration, and invests in your future.

Job Title: Security Architect Terms: Full-time, Flexible for occasional telework - must be local to work location Requirements: Must be a U.S. Citizen with Active Security Clearance About the Role Currently seeking to hire an experienced Security Architect to join the Diplomatic Security Cyber Mission Program, delivering leading cyber and technology security expertise to enable innovative, effective, and secure business processes. Responsibilities Define, design, and enhance security architecture and security systems. Collaborate with Application, Data, and Infrastructure teams to architect, design, and implement security solutions. Define and document security standards; direct implementation of standards and guidelines. Perform security audits and reviews in compliance with Federal Government regulations and implement remediation. Create and manage the Security Risk plan. Review system configurations for compliance with Department-level security controls for new systems deployed into the enterprise. Identify gaps in security architecture, allocate appropriate security services, and select suitable security mechanisms for enterprise systems. Provide authoritative guidance on security architecture, including recommendations on controls, design patterns, and risk mitigation strategies. Support enterprise stakeholders by ensuring alignment of proposed solutions with established security frameworks and regulatory requirements. Qualifications: Basic Requirements Bachelor's degree in Science and 14 years of relevant security experience; 12 years with a Master's; 9 years with a PhD. An additional 4 years of experience may be substituted in lieu of a degree. Must possess or be able to obtain at least one of the following certifications before start date. Continued certification required as a condition of employment: CISSP, Security+, Net+, A+, MCP, MCSE, CCNA, MCSA; IAT II / III level cert U.S citizenship required. Active Secret clearance required to start, with the ability to obtain/maintain a Top Secret clearance. Preferred Qualifications: Experience conducting industry reviews. Experience writing white papers. About us Cyber Management International Corporation is actively recruiting highly IT Security professionals looking for challenging, exciting work in support of the U.S. Department of State (DOS). Specifically, our customer is the Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS). DS/CTS is a center of excellence that brings together cybersecurity, technology security, and investigative expertise as a unified security capability focused on solving critical and emerging issues enabling the State Department to fulfill its vital global mission. For more information about our company, please visit **************** or email us at ***********************

The Information Systems Security Officer (ISSO) will support the DC3 program and will be responsible for ensuring the implementation and maintenance of security controls in accordance with RMF v5, managing ATO packages, and drafting security documentation. Location DC3, Linthicum Heights, MD Full-time onsite/no telework The Work You'll Do Seeking an Information Systems Security Officer (ISSO) with a proven track record of DevSecOps success to include a combination of technical skills, communication skills, and cybersecurity skills. The successful candidate will be responsible for ensuring the implementation and maintenance of security controls in accordance with RMF v5, managing ATO packages, drafting security documentation including Operating Procedures, Cybersecurity Strategy (CSS), System Security Plans (SSP) ATO packages as well as System Security and Privacy Plan (SSPP) in accordance with DoD policies, Department of Airforce (DAF) regulations and our Federal Government customer's guidance. The candidate must have expert knowledge and demonstrated experience with cybersecurity technologies, risk management, and incident response procedures as well as have a solid working understanding of computer functions, including hardware, software, and operating systems. This includes knowledge of Windows, Unix, and Linux operating systems, along with other applications such as databases, web servers, networking technologies, including routing, switching, and VPNs. The ISSO must be able to work autonomously, manage their workload effectively, shift priorities with little to no loss of productivity and communicate effectively with technical and non-technical personnel. What You'll Bring Bachelor's degree and 8+ years of experience, or Master's Degree and 6+ years of experience, or 3+ years with PhD. Four (4) years of additional relevant experience will be considered in lieu of a Bachelor's degree. Active Secret Clearance required to start. Active Security+ Certification required to start. Well-versed in best practices for cyber security program standards, processes, and procedures compliance, industry-standard security frameworks and demonstrated expert working knowledge of NIST Special Publication (SP) 800-53: Recommended Security Controls for Federal Information Systems, NIST SP 800-53A: Guide for Assessing the Security Controls in Federal Information Systems, AFPD 17-1 and AFI 17-130, Cybersecurity Program Management. Ability writing security policies and procedures, CSS, SSP, SSPP, and assess all ATO package artifacts. Expert knowledge of Risk Management Framework (RMF) v5 (Processes, workflow, etc.). Ability to use eMASS to execute, RMF v5 to include document / update system status, identify, document, and manage implementation of operational and technical security controls, implementation and risk assessment tabs, non-compliant and non-validated controls, POAM management (entry, evidence, close-out), produce report and track Plan of Action and Milestone (POA&M) due dates, etc. The ability to complete a checklist to ensure Security Authorization Process documents are complete and comply with all guidance. Ability to work collaboratively with IT counterparts, communicate effectively (skilled in communicating complex technical information to non-technical audience) and coordinate STIG remediation with system administrators and developers. Ability to conduct risk assessments, monitor security Incidents and respond appropriately to Security Threats. Working understanding of network technology (includes knowledge of network protocols, TCP/IP), operating systems as well as the necessary security protocols, system details (Architecture, data flow, security cat, requirements, configuration management process/procedures, and user profile) firewalls, rules and configurations, intrusion detection tools and prevention systems, encryption techniques, Windows, Unix, and Linux) operating systems, along with other applications such as databases and web servers. Ability to execute tasks with little to no oversight or support as well as manage multiple, and at times, competing priorities without loss of productivity. Preferred Experience transitioning from RMF v4 to v5. Experience with cloud computing platforms such as AWS and Azure. Basic understanding of identity and access management system capabilities and configuration. Experience with TASKORDS, OPORDS, etc. Experience leading Cybersecurity (ISSO & ISSE) teams. Preferred Certifications: CISM, CISSP, CISSP-ISSMP, FITSP-M, GCIA, GCIH, GICSP, GSLC, CASP+, CCISO, CCSP, CISSO, Cloud+, GCSA, SSCP, GMON Salary Range: $110,000 - $135,000 Our Approach At SecureStrux, we are committed to core values that guide the way we work with one another and our clients. As a team member, you will Create Team Synergy, Drive Continuous Innovation, Deliver with Integrity, and have the Freedom to Own it. Our thriving company culture supports our employees as they seek to grow with us! What We Offer Between our virtual environment where you can evaluate recent technologies and enhance your skills, and a generous annual professional development stipend, you will join a team that enjoys working on leading-edge technologies for world-class clients. We offer a robust total compensation package that includes comprehensive health benefits to support you and your family, flexible time off, continuing education allowance, a donation allowance for charitable causes, and a matched 401k.

Senior Security Engineer (Information Security Analyst IV) Clearance: Public Trust (U.S. Citizen or Green Card Holder; 3+ years U.S. residency required) Business Unit: Digital Modernization Role Summary The Senior Security Engineer supports the Department of Transportation's (DOT) Cybersecurity mission by enhancing and maintaining the security posture of DOT information systems and infrastructure. These systems play a critical role in safeguarding U.S. critical infrastructure, including highways, bridges, and roadways. This position provides advanced security engineering, participates in strategic security design, and delivers technical expertise for integrated security systems and endpoint protection. The role requires independent decision-making, leadership, and the ability to guide less experienced staff. It also involves complex problem-solving, interaction with senior federal leadership, and contributions that directly impact mission and schedule outcomes. Key Responsibilities Implement endpoint protection profile changes to address external threats and enforce security requirements. Coordinate with application, infrastructure, and engineering teams to troubleshoot endpoint protection software issues. Integrate endpoint security data with security log aggregation tools, including SIEM platforms. Participate in cybersecurity incident handling activities as requested. Stay current on emerging threats, vulnerabilities, and industry best practices related to endpoint security. Work assigned cybersecurity and security operations ITSM (ServiceNow) tickets through completion. Participate in Cybersecurity and Security Operations (SecOps) meetings. Collaborate on cybersecurity solutions that enhance the DOT's security posture. Configure, validate, and test secure systems and physical controls to detect security weaknesses. Contribute to strategic security design efforts, translating business and security requirements into technical solutions. Recommend policy changes and guide others in achieving departmental cybersecurity objectives. Required Technical Skills Endpoint protection management solutions (hands-on experience). Proven understanding of Federal cybersecurity requirements, including FISMA and the NIST 800 series. Ability to articulate endpoint security concepts to non-technical stakeholders. Demonstrated experience collaborating across cross-functional cybersecurity teams. Ability to evaluate complex security problems and apply judgment within established practices and policies. Experience with integration of endpoint security data into SIEM or log aggregation tools. Experience working security operations tickets within ServiceNow. Knowledge of security systems, secure configuration, validation, and testing methodologies. Preferred / Nice-to-Have Skills Foundational understanding of: Application and technology stacks Cloud-based systems Operating systems Databases Networking Firewalls Data Loss Prevention (DLP) Endpoint security software Network IDS/IPS Host-based IDS/IPS General cybersecurity best practices and industry standards Qualifications & Experience 9+ years of experience in Cybersecurity or related IT fields. Bachelor's degree + 9 years OR Master's degree + 7 years of experience Technical Certifications (one or more required): Network+ Security+ SSCP GISF ISACA Cybersecurity Fundamentals Or similar technical cybersecurity certification Ability to obtain and maintain a Public Trust clearance. Benefits (employee contribution): Health insurance Health savings account Dental insurance Vision insurance Flexible spending accounts Life insurance Retirement plan All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Job Title: Security Data Analyst - Junior Level Duration: Long-term (24+ Months) Scope: Provide an entry-level Safety & Security Data Analyst to support the OIA's data collection and reporting needs. Responsibilities Include: Gathering and organizing safety and security data from multiple sources. Maintaining accurate records and ensuring data integrity. Performing basic data analysis using Microsoft Excel (pivot tables, charts, formulas). Creating simple reports, charts, and summaries to support decision-making. Collaborating with internal teams to collect and validate data. Minimum Qualifications: Strong proficiency in Microsoft Excel. Experience with data collection and basic reporting. Attention to detail and ability to maintain accurate records. Good communication skills and ability to work in a team environment. Ability to maintain confidentiality and protect the integrity of sensitive and proprietary data. Preferred Qualifications: Familiarity with basic data visualization techniques. Familiarity with Python and SQL is a plus. Familiarity with Microsoft PowerBI and DAX queries is a plus. Exposure to safety, security, or transportation-related data is a plus.

Through NRI (formally Core BTS) Resource Management Services (RMS), we offer custom talent solutions to help our clients meet their evolving technology and business needs. We help effectively match the right technology professional to their organization, recruiting for contract, contract-to-hire, and direct roles. Our client within the financial industry is in need of a Network Security Engineer to join their team. Qualified candidates MUST be US Citizens with the ability to obtain a US Government issued security clearance. Overview The Network Security Engineer is primarily responsible for configuring, deploying and maintaining secure network infrastructures to protect organizational data and resources from internal and external threats. This role involves monitoring networks for security vulnerabilities, investigating incidents, and deploying security solutions to mitigate attacks. This role also includes ensuring the high availability of networking security infrastructure and developing processes and procedures for ongoing management of the network environment. The ideal candidate possesses a strong technical background, analytical skills, and a proactive approach to network defense. Responsibilities Design, configure, and manage secure network architectures, including firewalls, VPNs, IDS/IPS, and other security appliances Maintain Next Generation firewalls and monitor/manage consoles or systems Manage all firewalls at our client, including firewall rules to ensure alignment with IT Security Policies Interact and negotiate with vendors, outsourcers, and contractors to secure network products and services Support the deployment of workstations, network devices, servers, printers, scanners, firewalls, encryption systems, and all host security systems Monitor network traffic and system logs to identify suspicious activities and potential threats Respond to and investigate security incidents, performing root cause analysis and implementing corrective actions Enforce network security policies, procedures, and best practices Manage and update network access controls, including user authentication and authorization mechanisms Collaborate with IT teams to ensure secure integration of new technologies and systems Maintain up-to-date knowledge of the latest cybersecurity trends, threats, and technologies Create and/or maintain network design diagrams and documentation Create and/or maintain network service monitoring, alerting, and responding to incidents Coach and guide team members with less experience Maintain excellent communication with internal and external parties Participate in rotational “on‐call” schedules Remain cognizant of and adheres to our client's policies, procedures, and regulations pertaining to the Bank Secrecy Act (BSA) Qualifications Required Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience) Minimum 5 years proven experience in configuring and administering on-premises and cloud based Next Generation Firewalls (NGFW) and IDS/IPS systems such as; Cisco Firepower, Fortinet FortiGate, and Microsoft Azure Minimum 5 years proven experience in network security engineering or a related IT security role Strong understanding of networking protocols, network routing, operating systems, and security technologies (e.g., firewalls, proxies, SIEM, IDS/IPS) Understanding of network security applications and systems such as e-mail gateway, web gateway, firewalls, and proxies The ability to assist in authoring and reviewing security policy, standards, and procedures Excellent problem-solving, analytical, and communication skills Ability to work independently and collaboratively in a fast-paced, dynamic environment Strong attention to detail and commitment to maintaining confidentiality and integrity of sensitive information Effective oral and written communication skills Ability to interact effectively with all levels of the organization and/or with vendors Ability to obtain and maintain a secret level security clearance A standard 8-hour shift between the core hours of 7:00 AM and 5:00 PM is required to support our client's operations Occasional after-hours or on-call work may be required to respond to security incidents or perform system upgrades. Ability to work effectively on-site in our Herndon, VA headquarters and equally effectively remotely Network Security Engineers typically work in hybrid work environment consisting of three days on site at our client's Corporate Headquarters in Herndon, VA, and 2 days remote. Hybrid work is at management discretion and typically granted after an initial onboarding period Preferred Professional certifications such as CCNA, CISM, CCNP Security, or similar

Veteran Owned Firm Seeking a Junior Information Systems Security Officer (ISSO) for an Onsite role in Washington, DC My name is Stephen Hrutka, and I am the owner of a Veteran Owned management consulting firm in Washington, DC focused on Technical/Cleared Recruiting for the DoD and IC. HRUCKUS helps other Veteran-Owned businesses recruit for positions across the VA, SBA, HHS, DARPA, and other cutting-edge R&D related defense agencies. We seek to fill a Junior Information Systems Security Officer (ISSO) position in Washington, DC. The ideal candidate is a DMV resident who holds active TS/SCI clearance with CI-Poly eligibility, a minimum of 3 years of ISSO experience, at least 5 years in a computer science or cybersecurity-related role, hands-on familiarity with tools such as Nessus or NMAP, and a core certification such as CISSP, GISP, or CASP. If you're interested, I'd be glad to provide more details about the role and further discuss your qualifications. Thanks, Stephen M Hrutka Principal Consultant HRUCKUS LLC Executive Summary: HRUCKUS is looking for an experienced Jr. ISSO for an onsite role in Washington, DC. The program provides support in the areas of Cybersecurity and Management to improve the Information Assurance (IA) posture of a federal customer. The contract's support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Key Responsibilities: Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis Conduct required IS vulnerability scans according to risk assessment parameters. Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an agency's IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed, and entity type Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary Ensure that new entities are created in the GRC application with the security categorization of agency ISs Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS Perform an independent review of the System Security Plan (SSP) and make approval decisions Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official Schedule security control assessments in coordination with the system owner. Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number Advise the agency Authorizing Official of IS vulnerabilities and residual risks. Ensure that all POA&M actions are completed and tested Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official Ensure the removal and retirement of agency ISs being decommissioned, in coordination with the SO, ISSO, and ISSR. Required Qualifications: Current U.S. Government Top Secret Clearance w/ SCI and a CI-Polygraph eligibility At least 3 years serving as an Information Systems Security Officer (ISSO) at a cleared facility Minimum of 5 years of work experience in a computer science or cybersecurity-related field Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WeblInspect, Network Mapper (NMAP), and/or similar applications. Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP) Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level I proficiency Preferred Education: A bachelor's and/or advanced degree in computer science, business management, or IT-related discipline. Details: Job Title: Jr. Information Systems Security Officer (ISSO) Location: Washington, DC 20535 Clearance Requirement: Active Top-Secret Clearance w/ SCI and a CI-Polygraph eligibility Assignment Type: Full-time, Onsite Salary Range: $70,000 - $95,000 per year with benefits: Competitive salary for well-qualified applicants Relocation assistance available for highly qualified candidates 401(k) plan Annual performance bonus Certification and advanced degree attainment bonuses Student Loan / Tuition reimbursement Health Care Insurance (medical, dental, vision) Up to four weeks of paid vacation 11 Federal Holidays, and 3 Floating Holidays Team bonding events

ISSO Industry: Government Contracting Our client is seeking a talented ISSO to join their team. This position will support the Assistant Secretary for Administration (ASA) under guidance from the CIO's Information System Security Manager (ISSM). The candidate will ensure a portfolio of 4 systems are in compliance with applicable NIST standards, and provide standard ISSO services. The candidate will also work closely with the other ISSOs supporting the client customers to provide leadership and mentoring and ensure consistent delivery of ISSO services. ISSO Key Responsibilities: · Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview. · Maintain operational security posture consistent with current security policy. · Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT. · Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed. · Serve as primary security to system owners, common control providers, and users. · Serve as focal point for cybersecurity incident reporting and subsequent resolution. · Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language. · Ensure all security-related SDLC documentation meets all identified security needs. · Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium. · Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium. · Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures. · Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium. · Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system. · Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring. · Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation. · Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan. · Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS). · Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium. · Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy. · Complete mandatory annual specialized information security training. ISSO Required Skills:8+ years of experience in IT Security Certified Information Systems Security Professional (CISSP) certification. Understanding of NIST 800.53 and its applicability to IT Systems. Expertise with Risk Management Framework, FEDRAMP and FISMA. Understanding authentication in the cloud environment. Experience with continuous monitoring of a cloud system Experience working on assessments with third party assessments organization (3PAO) AWS/Azure associate certified ISSO Compensation and benefits: $120,000 Company-supported medical, dental, vision, life, STD, and LTD insurance Benefits include 10 federal holidays and PTO. 401(k) with company matching Flexible Spending Accounts for commuter, medical, and dependent care expenses Tuition Assistance

The selected candidate will be responsible for the following: Support the ITP network infrastructure, perform all routine maintenance activities, provide guidance on upgrades and system recapitalization, perform availability/capacity management. Oversee High Speed Guard Cross Domain solution that supports the transfer of data between multiple classification domains. Support all documentation to effectively capture the configuration baseline. Design and support system recapitalization plans to account for capacity growth and changes as directed by the customer. Serve as the subject matter expert on all ITP network infrastructure. Basic Qualifications: Bachelors degree and (12)+ years of prior relevant experience or Masters with (10)+ years of prior relevant experience Prior leadership responsibilities Excellent written and oral communication skills Experienced and adept at developing and maintaining technical documents, analyses, and reports Experienced with preparing and presenting briefings to senior customer management, and customer stakeholders Working knowledge of defense-in-depth principles, network/HW/SW security architecture, network topology, IT device integrity, and common security elements Active Top Secret government security clearance; ability to obtain DHS EOD SCI Preferred Qualifications: Master's degree from an accredited college or university in IT Management, Engineering, or related field Proven experience (10+ years) in IT service delivery management Experience with User Activity Monitoring products and platforms Experience with Everfox High Speed Guard Platform Experience with Cisco, Juniper LAN/WAN network infrastructure Experience with Palo Alto Firewalls DHS Cleared preferred CCNP or Higher ForcePoint/FirePower Experience

MANTECH seeks a motivated, career and customer-oriented Systems Engineer III to join our team in Annapolis Junction, Maryland. ManTech is currently seeking Systems Engineer III to join our team at Annapolis Junction, MD. We are seeking a Senior Systems Engineer who is a seasoned IT professional responsible for designing, implementing, and a top-level trouble shooter supporting a high-level architecture of an organization's backend infrastructure. You will communicate with other project personnel, Government stakeholders, and senior executives. Responsibilities include but are not limited to: Administer and maintain IT infrastructure by utilizing expert-level knowledge of the Linux operating system, along with deep expertise in server administration, virtualization, and cloud platforms like AWS or Azure, to manage the organization's backend systems. Develop and implement automation solutions through creating scalable automation services using strong scripting and orchestration skills, with proficiency in tools like Python, Bash, and Ansible. Design and manage system architecture by applying systems engineering principles to design, implement, and manage the high-level architecture of the organization's backend infrastructure. Ensure network and system security through a strong understanding of networking and security fundamentals, including TCP/IP, firewalls, and VPNs, to protect the organization's infrastructure. Communicate with stakeholders - Interact directly with government personnel, senior executives, and other project members to discuss technical issues and project status. Provide technical guidance and troubleshooting as a top-level troubleshooter, addressing technical considerations, problems, and issues for both internal teams and government stakeholders. Minimum Qualifications: Bachelor's degree in STEM field or Highschool and 13 years of experience; Associates and 11 years of experience in lieu of degree, a candidate holding a relevant master's degree may be granted 2 years' experience credit for that extra education, a candidate holding a relevant PhD degree may be granted 4 years' experience credit for that extra education. 5 years of position-relevant work experience. DoD 8570.01-m IAT Level II. Strong proficiency in scripting and automation, with hands-on experience in Python, Bash, and an infrastructure orchestration tool like Ansible. Experience in front-end web development to create internal tools and solutions. Proven background as an Orchestration Engineer or in a similar role focused on building scalable automation services. Solid grasp of TCP/IP networking, firewalls, VLANs, and VPNs. Expert-level knowledge of the Linux operating system. Preferred Qualifications: Experience with full-stack development, including creating and interacting with databases and APIs. Knowledge of Infrastructure as Code (IaC) principles, preferably with experience using Terraform. Familiarity with public cloud platforms (AWS, Azure, GCP) and container technologies (Docker, Kubernetes). Proficiency with virtualization platforms such as VMware vSphere or Microsoft Hyper-V. Exceptional troubleshooting and problem-solving skills, with a talent for systematically diagnosing and resolving complex technical issues. A foundational understanding of traditional Systems Administration principles Clearance Requirements: Must have a current/active TS/SCI Physical Requirements: The person in this position must have the ability to perform tasks while stationary 50% of the time at a computer, with specific emphasis on visual acuity for close-range work. Occasionally move about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers, via email, phone, and or virtual communication, which may involve delivering presentations