Cyber Security Analyst jobs at Sentinel - 74 jobs

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Security (Threat Detection & Response) In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini's very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the cryptospace. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported. The Role: Senior Security Engineer In this role, you will be part of the team responsible for designing, building, and automating detection, response and intelligence gathering solutions, developing unique and creative detection mechanisms, monitoring security events, and leading responses to any security incidents. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Own individual security solutions throughout their lifecycle, including design, development, and deployment, in order to continuously improve Gemini's ability to detect and respond to advanced, targeted threats Develop and improve processes and tools that supports the team rapidly iterating and responding to threats Gemini faces Engage in incident response and investigation efforts Analyze technical threat data to extract TTPs, malware techniques, and adversary methods Create and enhance countermeasures and detections for malware, attacker techniques, threat actor methodology, and suspicious events associated with intelligence obtained by the Gemini Team Produce well documented, resilient and manageable code that supports the streamlining and automation of the above Provide mentorship and guidance to junior engineers on the team in their growth and implementation of the above Minimum Qualifications Significant DFIR/Threat Detection and Response experience Scripting proficiency in a common programming language (e.g. Python, Go) Hands‑on familiarity with CI/CD, infrastructure as code, and microservices Aptitude in the use of containerization technologies (eg. Docker) Experience in the design and implementation of detection signatures spanning multiple security log sources (Splunk, EDR, etc.) Able to troubleshoot and debug issues, and demonstrate a methodical approach to root‑cause analysis Excellent oral and written communication skills, including the ability to interact effectively with leadership, engineers, vendors and peers Preferred Qualifications Familiarity in the use of container orchestration systems (e.g. Kubernetes) Experience applying CI/CD concepts to the development and deployment of security detection mechanisms and tools Experience in host and memory forensics (including live response) for Windows, OSX, and / or Linux Experience with the analysis of new log and data sources and methodically incorporating them into a detection pipeline Practical experience applying analysis frameworks (e.g Kill Chain, ATT&CK, etc) Experience in automating any of the above using existing APIs and tools It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting pay A discretionary annual bonus Long‑term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in‑person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-DS1 #J-18808-Ljbffr

A leading data collaboration platform in San Francisco seeks a Senior Security Engineer to enhance threat detection and automation strategies. The role involves implementing detection logic, automating workflows, and developing scalable cloud solutions. Candidates should have a Bachelor's degree in a relevant field and strong skills in security automation and detection engineering. This position offers competitive compensation with a base range of $131,500 to $203,000. #J-18808-Ljbffr

A leading crypto platform is seeking a Senior IAM Security Engineer to secure identity and access management systems. The role involves developing IAM services, collaborating with engineering teams, and ensuring secure authentication patterns. Candidates should have solid software development skills in Python or Go, experience with PKI and secrets management, and a strong understanding of identity protocols. This position offers a competitive salary and a hybrid work approach, with office presence required twice a week in San Francisco or New York City. #J-18808-Ljbffr

Full-time Description In support of Marine Corps Intelligence Activity (MCIA), NATECH is recruiting for a Cyber Analyst. Duties and Responsibilities: Assess the cybersecurity posture of a USMC defense program, ensuring the program is evolving with the best cybersecurity practices, prioritizing cyber threats based on factual cyber analysis. Analyze foreign capabilities to detect, disrupt, and deny USMC emissions and signals throughout the cyber kill chain, to include, but not limited to emissions from targeting, communications, and intelligence, surveillance, and reconnaissance (ISR) assets, reversible and non-reversible attacks. Identify, monitor, and assess advancements in emerging and commercial technologies that could be employed by state and non-state actors to detect, disrupt, and deny USMC acquisition programs' network infrastructure. Identify significant risk characteristics of the environment such as classification of network, baseline activity, architecture, operating system, services, connectivity and bandwidth. Identify the limits of the network to be collected against. Establish limits of the supporting or connected networks that may need to be collected against. Evaluate existing databases and identify intelligence gaps. Use open source to gather Publicly Available Information (PAI). Explore the physical battlespace; how could the environment affect tactical operations. Define the battlespace effects. Analyze the battlespace environment for information, services and networks, such as confidentiality, integrity, availability; and protect, detect, respond, restore and conduct reviews. Analyze other characteristics of the battlespace such as security, auditing procedures, and backup systems. Evaluate the adversary on physical location of all assets, architecture and automation skills, security and policies, baseline activity, peculiarities and vulnerabilities, capabilities, and conclusions that address: Rules of Engagement (ROE) for Information Assurance (IA), Computer Network Defense (CND) and Computer Network Attack (CNA) Determine adversary's Courses of Action (COA). Identify the adversary's likely objectives and desired end state. Identify the full set of COA's available to the adversary, at a minimum the most likely and most dangerous should be developed. Develop COA's based on enemy perception of friendly information architecture (reverse cyber IPB). Evaluate and prioritize each adversary COA. Continue to refine COA's as time and new information allow. Evaluate foreign Computer Network Defense (CND) and Computer Network Attack (CNA) capabilities, limitations, and vulnerabilities. Assess potential vulnerabilities of USMC tactical systems to CNA to include systems related to targeting, ISR, and navigation assets. Requirements Must possess an active TS SCI clearance Must have relevant and demonstrated experience. Knowledgeable of and demonstrates ability to apply Intelligence Community (IC) and DoD classification guidelines and procedures. Demonstrates ability to work semi-independently with oversight and direction. Demonstrates ability to use logic when evaluating and synthesizing multiple sources of information. Demonstrates understanding of interpreting analysis to include, but not limited to, its meaning, importance, and implications. Demonstrates ability to defend analytic judgements with sound, logical conclusions and adapt analytic judgments when presented with new information, evolving conditions, or unexpected developments. Demonstrates ability to produce timely, logical, and concise analytic reports, documents, assessments, studies, and briefing materials in formats including Microsoft Office tools (e.g. Excel, Word, PowerPoint, etc.), electronic/ soft copy matrices and / or web-enabled formats. Demonstrates ability to communicate complex issues clearly in a concise and organized manner both verbally and non-verbally; with strong grammar skills. Demonstrates proficiency using Microsoft Office tools. Demonstrates ability to develop structured research including, but not limited to, obtaining, evaluating, organizing, and maintaining information within security and data protocols. Demonstrates ability to recognize nuances and resolve contradictions and inconsistencies in information. Demonstrates working knowledge using complex analytic methodologies, such as structured analytic techniques or alternative approaches. to examine biases, assumptions, and theories to eliminate uncertainty, strengthen analytic arguments, and mitigate surprise. Structured analytic techniques include, but not limited to, Analysis of Competing Hypotheses, Devil's Advocacy, High-Impact/ Low-Impact Analysis, Red Team Analysis and Alternative Futures Analysis. Demonstrates understanding of intelligence collection capabilities and limitations, to include but not limited to, technical sensors / platforms and human intelligence sources. Demonstrates understanding of evaluating collected intelligence reporting, engaging with collection managers, and developing collection requirements.

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Platform Security The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Principal Platform Security Engineer (Cloud/K8S) The Platform Security team builds and delivers zero-trust foundations and paved paths so every Gemini team can ship safely on supported cloud platforms. As a Principal Cloud and Kubernetes Security Engineer, you will architect and build security platforms that define how Gemini operates in the cloud. You will set technical direction for cloud security, design foundational services used across the organization, and establish engineering standards for secure infrastructure. This is a hands-on technical leadership role where you'll write production code daily while driving strategic initiatives. You will own the technical vision for cloud security architecture, mentor engineers across teams, and influence how the entire organization builds and deploys infrastructure. This role requires exceptional technical expertise in cloud security, mastery of Terraform and infrastructure-as-code, and proven ability to build production services that scale. You will shape security culture by creating platforms that make secure patterns the default choice for engineering teams. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Architect and build security platforms, frameworks, and services that scale across the organization Set technical standards and best practices for cloud security and infrastructure-as-code Design and implement foundational security services used by multiple engineering teams Drive adoption of new technologies and security patterns across the organization Lead technical decisions for multi-quarter initiatives spanning cloud, container, and infrastructure security Mentor engineers across teams on secure architecture and engineering practices Participate in on-call rotation for critical security incidents and infrastructure issues Minimum Qualifications: Exceptional software development skills in Python or Go with proven track record of building production platforms Deep expertise securing AWS environments at scale, including advanced IAM, network architecture, and security services Mastery of Terraform including provider development, complex module design, and enterprise-scale implementations Extensive experience with Kubernetes security, including building operators, admission controllers, and platform extensions Proven ability to architect distributed systems and cloud-native platforms Track record of leading technical initiatives that transformed organizational capabilities Preferred Qualifications: Experience building security platforms adopted by 100+ engineers Contributions to open source security tools or infrastructure projects Experience with GCP security services and multi-cloud architectures including Azure Expertise in policy-as-code frameworks and compliance automation Published research, conference talks, or thought leadership in cloud security Experience building developer platforms and improving engineering velocity It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $192,500 - $275,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-ES1

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Platform Security The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Staff Platform Security Engineer (Cloud/K8S) The Platform Security team builds and delivers zero-trust foundations and paved paths so every Gemini team can ship safely on supported cloud platforms. As a Staff Cloud and Kubernetes Security Engineer, you will build security services, tools, and automation while hardening our cloud environments (primarily AWS), securing container orchestration platforms, and implementing infrastructure-as-code security guardrails. This is a hands-on engineering role where you'll write production code daily, not just infrastructure-as-code. You'll design and build security platforms that scale across our engineering organization. This role requires deep technical expertise in cloud security, strong Terraform proficiency, and strong software development skills to build production services. You will partner closely with engineering teams to enable rapid, secure delivery while maintaining zero standing privilege and least-privilege access models. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Build and maintain security services, tools, and automation using Python or Go Design and implement security controls for AWS and Kubernetes environments using infrastructure-as-code Create reusable libraries, frameworks, and platforms that enable secure-by-default patterns Develop automated security monitoring, scanning, and remediation services Build CI/CD security gates and policy-as-code validation tools Partner with engineering teams on architecture decisions and provide security consultation Participate in on-call rotation for critical security incidents and infrastructure issues Minimum Qualifications: Strong software development skills in Python or Go with experience building production services Strong experience securing AWS environments including IAM, VPC, KMS, and native security services Deep Terraform expertise including module development, CI/CD gates, policy testing, remote state management, and zero-downtime deployments Proven expertise with Kubernetes security including admission controls, RBAC, network policies, and runtime protection Experience with distributed systems, cloud-native architectures, and SRE principles Demonstrated ability to build, deploy, and maintain security tools and services in production Preferred Qualifications: Experience with GCP security services and multi-cloud environments including Azure Knowledge of policy-as-code tools such as Open Policy Agent, Sentinel, or similar Experience with container security scanning, image signing, and supply chain security Background in incident response for cloud and container environments Experience with service mesh technologies and zero-trust networking Contributions to open source security tools or cloud security communities It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-ES1

Information Systems Security Analyst Dahlgren, VA Active Secret Clearance @Orchard is supporting a growing Federal contract with proven capabilities in cyber security. We are seeking a skilled Information Systems Security Analyst to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for overseeing and managing information security program implementation within organization and other areas of responsibility. If selected, you will be asked to sign a letter of intent to join the team upon program award. As the Information Systems Security Analyst you will: Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources. Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk. Advise and assist ISSM/ISSO in A&A process for command. Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements. Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP). Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources. Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report. Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline. Review, revise, develop, update, and maintain all RMF required artifacts associated with command's A&A program. Provide direct support for accreditation of systems/networks utilizing RMF process. Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives. Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review. Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations. Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing. Perform additional actions required to support electronic classroom deployment. Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies. Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission. Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions. Provide guidance on applicability of information systems to meet business needs. Guide, gather, and evaluate functional and security requirements. Translate requirements into guidance on applicability of information systems. Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions. Integrate and align information security and IA policies to ensure system analyses meet security requirements. Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications. Qualifications: Four (4) years of experience in Cybersecurity. Bachelor's Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required. May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340 Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification. Requires IAT Level II certification. Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.

Job Description Cyber Security Engineer I/II/III - Top Secret Clearance | Norfolk, VA Cambridge International Systems, Inc. Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you'll work alongside top talent worldwide, tackling some of today's most complex and critical challenges in defense and security. We are currently seeking a Cyber Security Engineer to support operations in Norfolk, VA. This is a full-time, CONUS position requiring an active DoD Top Secret clearance. This position is contingent upon contract award with an expected award date of March 2026. What You'll Do As a Cyber Security Engineer, you will play a critical role in monitoring, analyzing, and detecting cyber events and incidents within information systems and networks, that serve U.S. government missions at the Cambridge corporate office. You will: Monitor and analyze networks, system logs, and security alerts to identify, investigate, and escalate cybersecurity incidents. Support enterprise cyber defense operations by maintaining security tools and aligning activities with RMF, NIST, and organizational risk frameworks. Assess cybersecurity requirements, conduct vulnerability and risk assessments, and identify security gaps across systems and architectures. Develop, implement, and maintain cybersecurity controls, policies, and A&A documentation to support accreditation and compliance. Lead vulnerability management and incident response efforts, including remediation tracking and regulatory reporting. Test and validate security controls to ensure operational effectiveness and compliance. Design and support secure DoD Information Assurance architectures and system integrations. Provide cybersecurity training, lead post-incident reviews, and promote a strong security awareness culture. What You'll Bring Required Qualifications: Education & Experience: HS Diploma + 5 years of relevant experience Technical Expertise: Experience with the RMF Process Experience with policy and RMF artifact development. Ability to lead a team of cyber security professionals and direct tasking and provide mentorship and leadership. Experience web-based applications designed to support the RMF and A&A such as eMASS and MCCAST. Certifications: CISSP or CASP+ certification Must have a current and active DoD Top Secret security clearance. Proficient with modern IT tools and infrastructure technologies Develops technical solutions to complex problems. Exercises considerable latitude in determining objectives and approaches to assignment. Preferred (Nice to Have): Desire experience with HBSS. Travel & Passport Up to 25% travel, CONUS may be required; some overnight stays possible. Work Environment Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil. Office setting: Primarily an office-based role in Norfolk, VA. Standard desk/computer work with flexibility for walking and movement on site Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. May be required to travel short distances to offices/conference rooms and buildings on site. Background & Security Employment is contingent upon successful background investigation Drug screening may be required for federal contract compliance Benefits & Perks We believe in investing in our team-both professionally and personally: Medical, dental, vision, life, accident, and critical illness insurance 401(k) immediate vesting and match Paid time off and company holidays Generous tuition & training support Relocation assistance Sign-on and performance-based bonuses Employee referral program Access to Tickets at Work, EAP, wellness initiatives, and more Join Us If you're driven by mission, technology, and teamwork-we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome-both employees and non-employees may qualify for a bonus. Apply today and help shape the future of secure cloud computing for national security. About Cambridge International Systems At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at ******************* Powered by JazzHR WaITgtMbTB

Cyber Security Engineer I/II/III - Top Secret Clearance | Norfolk, VA Cambridge International Systems, Inc. Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you'll work alongside top talent worldwide, tackling some of today's most complex and critical challenges in defense and security. We are currently seeking a Cyber Security Engineer to support operations in Norfolk, VA. This is a full-time, CONUS position requiring an active DoD Top Secret clearance. This position is contingent upon contract award with an expected award date of March 2026. What You'll Do As a Cyber Security Engineer, you will play a critical role in monitoring, analyzing, and detecting cyber events and incidents within information systems and networks, that serve U.S. government missions at the Cambridge corporate office. You will: Monitor and analyze networks, system logs, and security alerts to identify, investigate, and escalate cybersecurity incidents. Support enterprise cyber defense operations by maintaining security tools and aligning activities with RMF, NIST, and organizational risk frameworks. Assess cybersecurity requirements, conduct vulnerability and risk assessments, and identify security gaps across systems and architectures. Develop, implement, and maintain cybersecurity controls, policies, and A&A documentation to support accreditation and compliance. Lead vulnerability management and incident response efforts, including remediation tracking and regulatory reporting. Test and validate security controls to ensure operational effectiveness and compliance. Design and support secure DoD Information Assurance architectures and system integrations. Provide cybersecurity training, lead post-incident reviews, and promote a strong security awareness culture. What You'll Bring Required Qualifications: Education & Experience: HS Diploma + 5 years of relevant experience Technical Expertise: Experience with the RMF Process Experience with policy and RMF artifact development. Ability to lead a team of cyber security professionals and direct tasking and provide mentorship and leadership. Experience web-based applications designed to support the RMF and A&A such as eMASS and MCCAST. Certifications: CISSP or CASP+ certification Must have a current and active DoD Top Secret security clearance. Proficient with modern IT tools and infrastructure technologies Develops technical solutions to complex problems. Exercises considerable latitude in determining objectives and approaches to assignment. Preferred (Nice to Have): Desire experience with HBSS. Travel & Passport Up to 25% travel, CONUS may be required; some overnight stays possible. Work Environment Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil. Office setting: Primarily an office-based role in Norfolk, VA. Standard desk/computer work with flexibility for walking and movement on site Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. May be required to travel short distances to offices/conference rooms and buildings on site. Background & Security Employment is contingent upon successful background investigation Drug screening may be required for federal contract compliance Benefits & Perks We believe in investing in our team-both professionally and personally: Medical, dental, vision, life, accident, and critical illness insurance 401(k) immediate vesting and match Paid time off and company holidays Generous tuition & training support Relocation assistance Sign-on and performance-based bonuses Employee referral program Access to Tickets at Work, EAP, wellness initiatives, and more Join Us If you're driven by mission, technology, and teamwork-we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome-both employees and non-employees may qualify for a bonus. Apply today and help shape the future of secure cloud computing for national security. About Cambridge International Systems At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at *******************

About the Company Rain makes the next generation of payments possible across the globe. We're a lean and mighty team of passionate builders and veteran founders. Our infrastructure makes stablecoins usable in the real-world by powering card transactions, cross-border payments, B2B purchases, remittances, and more. We partner with fintechs, neobanks, and institutions to help them launch solutions that are global, inclusive, and efficient. You will have the opportunity to deliver massive impact at a hypergrowth company that is funded by some of the top investors in fintech, crypto, and SaaS, including Sapphire Ventures, Norwest, Galaxy Ventures, Lightspeed, Khosla, and several more. If you're curious, bold, and excited to help shape a borderless financial future, we'd love to talk. Our Ethos We believe in an open and flat structure. You will be able to grow into the role that most aligns with your goals. Our team members at all levels have the freedom to explore ideas and impact the roadmap and vision of our company. What You'll Do As a Security Engineer with a focus on Application Security, you'll be a key contributor in embedding security into Rain's engineering lifecycle and supporting delivery of secure, trusted applications: Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teams Partner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficiently Integrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC) to shift security left Develop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid delivery Drive threat modeling and risk assessments for new features, APIs, and services Collaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirements Support incident response for application-level security events and contribute to root-cause analysis and future mitigation strategies Help build internal training and awareness programs to elevate secure coding and developer security literacy Track and surface key security metrics, trends, and continuous improvement insights to leadership What we're looking for 4-8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications Hands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysis Solid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10) Experience driving or participating in threat modeling and secure design reviews Familiarity with cloud concepts and securing cloud workloads Collaborative mindset - you enjoy working closely with engineers to co-create practical security solutions Practical understanding of SDLC and integrating security into development workflows Ability to independently identify, prioritize, and drive remediation on critical findings Experience balancing security risk with business and technical constraints Nice to have, but not mandatory Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling) Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements Security certifications like CISSP, CSSLP, OSCP, GWAPT, or similar Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controls Prior experience in fintech, payments, or highly regulated environments Exposure to API security tooling and design best practices Things that enable a fulfilling, healthy, and happy experience at Rain: Unlimited time off 🌴 Unlimited vacation can be daunting, so we require Rainmakers to take at least 10 days off. Flexible working ☕ We support a flexible workplace. If you feel comfortable at home, please work from home. If you'd like to work with others in an office, feel free to come in. We want everyone to be able to work in the environment in which they are their most confident and productive selves. New Rainmakers will receive a stipend to create a comfortable home environment. Easy to access benefits 🧠For US Rainmakers, we offer comprehensive health, dental, and vision plans for you and your dependents, as well as a 100% company subsidized life insurance plan. Retirement goals💡Plan for the future with confidence. We offer a 401(k) with a 4% company match. Equity plan 📦 We offer every Rainmaker an equity option plan so we can all benefit from our success. Rain Cards 🌧️ We want Rainmakers to be knowledgeable about our core products and services. To support this mission, we issue a card for our team to use for testing. Health and Wellness 📚 High performance begins from within. Rainmakers are welcome to use their card for eligible health and wellness spending like gym memberships/fitness classes, massages, acupuncture - whatever recharges you! Team summits ✨ Summits play an important role at Rain! Time spent together helps us get to know each other, strengthen our relationships, and build a common destiny. Expect team and company off-sites both domestically and internationally.

Job Description Cyber Security Engineer - TS/SCI Clearance | Quantico, Virginia Cambridge International Systems, Inc. Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you'll work alongside top talent worldwide, tackling some of today's most complex and critical challenges in defense and security. We are currently seeking a Cyber Security Engineer to support operations in Quantico, Virginia. This is a full-time, CONUS position requiring an active DoD TS/SCI clearance. What You'll Do As a Cyber Security Engineer, you will play a critical role in in monitoring, analyzing, and detecting cyber events and incidents within information systems and networks, that serve U.S. government missions at the Cambridge Customer Site. You will: Monitor and analyze network traffic, system logs, and security alerts to detect, investigate, and escalate cybersecurity threats and incidents, ensuring timely response and documentation. Support integrated cyber defense operations aligned with organizational risk management frameworks; maintain security tools to enable continuous monitoring and RMF/NIST authorization activities. Establish and apply methods to quantify and measure cyber risk, supporting risk-based decision-making across the enterprise. Evaluate business and system architectures to determine cybersecurity requirements and ensure alignment with information security standards and best practices. Conduct system security, vulnerability, and risk assessments to identify security gaps, integration challenges, and compliance issues. Develop cost estimates and implementation plans for cybersecurity solutions based on risk and compliance assessments. Prepare, implement, and enforce cybersecurity policies, standards, and Assessment & Authorization (A&A) requirements. Plan, implement, upgrade, and monitor security controls to enhance system resilience and support accreditation processes. Identify cybersecurity vulnerabilities, recommend remediation strategies, and track mitigation efforts to closure. Respond to and investigate cybersecurity incidents, restore protections, and produce required incident reports in accordance with regulatory guidance. Develop and execute security test scripts and validation activities to verify the effectiveness of technical and operational controls. Design, develop, and integrate DoD Information Assurance architectures and secure system components within computing, network, and enclave environments. Ensure system architectures, including programs of record and special-purpose processing nodes, meet functional, performance, and security requirements. Support secure integration of platform IT and special-purpose systems with existing infrastructure. Develop and deliver cybersecurity training, lead post-incident reviews, and promote a strong security awareness culture. What You'll Bring Required Qualifications: Education & Experience: HS Diploma + 5 years of relevant experience Technical Expertise: Experience with the RMF Process Experience with policy and RMF artifact development. Ability to lead a team of cyber security professionals and direct tasking and provide mentorship and leadership. Experience web-based applications designed to support the RMF and A&A such as eMASS and MCCAST. Certifications: CompTIA CISSP or CASP+ certification CompTIA CySA+ certification Must have a current and active DoD TS/SCI security clearance. Proficient with modern IT tools and infrastructure technologies Preferred (Nice to Have): Desire experience with HBSS. Travel & Passport Up to 25% travel, CONUS and OCONUS may be required. Work Environment Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil. Office setting: Primarily an office-based role in Quantico, VA Standard desk/computer work with flexibility for walking and movement on site Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. May be required to travel short distances to offices/conference rooms and buildings on site. Background & Security Employment is contingent upon successful background investigation Drug screening may be required for federal contract compliance Benefits & Perks We believe in investing in our team-both professionally and personally: Medical, dental, vision, life, accident, and critical illness insurance 401(k) immediate vesting and match Paid time off and company holidays Generous tuition & training support Relocation assistance Sign-on and performance-based bonuses Employee referral program Access to Tickets at Work, EAP, wellness initiatives, and more Join Us If you're driven by mission, technology, and teamwork-we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome-both employees and non-employees may qualify for a bonus. Apply today and help shape the future of secure cloud computing for national security. About Cambridge International Systems At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at ******************* Powered by JazzHR pWtaUTW2fo

Cyber Security Engineer - TS/SCI Clearance | Quantico, Virginia Cambridge International Systems, Inc. Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you'll work alongside top talent worldwide, tackling some of today's most complex and critical challenges in defense and security. We are currently seeking a Cyber Security Engineer to support operations in Quantico, Virginia. This is a full-time, CONUS position requiring an active DoD TS/SCI clearance. What You'll Do As a Cyber Security Engineer, you will play a critical role in in monitoring, analyzing, and detecting cyber events and incidents within information systems and networks, that serve U.S. government missions at the Cambridge Customer Site. You will: Monitor and analyze network traffic, system logs, and security alerts to detect, investigate, and escalate cybersecurity threats and incidents, ensuring timely response and documentation. Support integrated cyber defense operations aligned with organizational risk management frameworks; maintain security tools to enable continuous monitoring and RMF/NIST authorization activities. Establish and apply methods to quantify and measure cyber risk, supporting risk-based decision-making across the enterprise. Evaluate business and system architectures to determine cybersecurity requirements and ensure alignment with information security standards and best practices. Conduct system security, vulnerability, and risk assessments to identify security gaps, integration challenges, and compliance issues. Develop cost estimates and implementation plans for cybersecurity solutions based on risk and compliance assessments. Prepare, implement, and enforce cybersecurity policies, standards, and Assessment & Authorization (A&A) requirements. Plan, implement, upgrade, and monitor security controls to enhance system resilience and support accreditation processes. Identify cybersecurity vulnerabilities, recommend remediation strategies, and track mitigation efforts to closure. Respond to and investigate cybersecurity incidents, restore protections, and produce required incident reports in accordance with regulatory guidance. Develop and execute security test scripts and validation activities to verify the effectiveness of technical and operational controls. Design, develop, and integrate DoD Information Assurance architectures and secure system components within computing, network, and enclave environments. Ensure system architectures, including programs of record and special-purpose processing nodes, meet functional, performance, and security requirements. Support secure integration of platform IT and special-purpose systems with existing infrastructure. Develop and deliver cybersecurity training, lead post-incident reviews, and promote a strong security awareness culture. What You'll Bring Required Qualifications: Education & Experience: HS Diploma + 5 years of relevant experience Technical Expertise: Experience with the RMF Process Experience with policy and RMF artifact development. Ability to lead a team of cyber security professionals and direct tasking and provide mentorship and leadership. Experience web-based applications designed to support the RMF and A&A such as eMASS and MCCAST. Certifications: CompTIA CISSP or CASP+ certification CompTIA CySA+ certification Must have a current and active DoD TS/SCI security clearance. Proficient with modern IT tools and infrastructure technologies Preferred (Nice to Have): Desire experience with HBSS. Travel & Passport Up to 25% travel, CONUS and OCONUS may be required. Work Environment Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil. Office setting: Primarily an office-based role in Quantico, VA Standard desk/computer work with flexibility for walking and movement on site Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. May be required to travel short distances to offices/conference rooms and buildings on site. Background & Security Employment is contingent upon successful background investigation Drug screening may be required for federal contract compliance Benefits & Perks We believe in investing in our team-both professionally and personally: Medical, dental, vision, life, accident, and critical illness insurance 401(k) immediate vesting and match Paid time off and company holidays Generous tuition & training support Relocation assistance Sign-on and performance-based bonuses Employee referral program Access to Tickets at Work, EAP, wellness initiatives, and more Join Us If you're driven by mission, technology, and teamwork-we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome-both employees and non-employees may qualify for a bonus. Apply today and help shape the future of secure cloud computing for national security. About Cambridge International Systems At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at *******************

Job DescriptionSalary: Contingent on award, Ampersand Solutions Group ( AMPERSAND ) has a requirement for one or more Cyber Security Engineers who will support a critical DoD mission providing cybersecurity authorization support for systems, networks, and applications in a hybrid multicloud environment. Scope: Oversees the implementation of DoDD 8530.01, DoDD 8500.2, DoDI 8510.1, DoDI 8510.01, Risk Management Framework (RMF), and other applicable NIST and CNSS Information Assurance (IA) directives, instructions, and guidelines. Interfaces with DoD Information Assurance Management (ISSM) and case management. Capability to design, develop, and implement solutions that meet network and system security requirements. Will perform vulnerability/risk analysis on computer systems, networks, and applications. Leads and manages the implementation of required network security to properly safeguard all computer systems, networks, and software applications. Documents all in accordance with formal security and risk assessments and supporting artifacts associated with the DoD Designated Accrediting Authority and Certification Authority process. Drives cyber strategy and provides insight into all policy and technical decisions. Experience in providing Communications Security (COMSEC) Custodial Experience in testing to validate established security requirements, recommending security requirements and safeguards, supporting the formal testing required by government accrediting authorities, and preparing System Security Plans. Required Qualifications Minimum 0-10 years of relevant, related experience plus: Bachelors degree from an accredited institution in engineering, science, or other relevant field or: Associates Degree in a relevant field from an accredited institution plus 2 years relevant, related experience High School Diploma / GED from an accredited institution plus 4 years relevant, related experience Ability to obtain and maintain a DoD Security Clearance at the appropriate level DoD Instruction 8570.01M IA certification Willing to periodically travel in support of test events Desired Qualifications ACTIVE DoD SECRET or TOP SECRET Clearance Experience supporting the US Ballistic Missile Defense System Certified in relevant cybersecurity tools and processes Experience in obtaining ATOs in hybrid multicloud classified systems AWS, Azure, VMWare experience Necessary Qualifications Honesty, superior ethics Interpersonal savvy, excellent communication skills Ability to work as a team Initiative Positive attitude Professionalism

We are seeking a proactive and detail-oriented Information Security Analyst to join our team and help safeguard our organization's digital assets. This role is critical in identifying vulnerabilities, responding to threats, and ensuring compliance with security policies and regulations. The ideal candidate will have a strong technical background, analytical mindset, and a passion for cybersecurity. Key Responsibilities: * Monitor and analyze security alerts from various systems (SIEM, IDS/IPS, firewalls, etc.) * Conduct vulnerability assessments and penetration testing; recommend remediation strategies * Investigate security incidents and breaches, perform root cause analysis, and document findings * Develop and maintain security policies, standards, and procedures * Support compliance efforts (e.g., SOC, ISO 9001) and internal audits * Collaborate with IT and business units to implement secure solutions and mitigate risks * Manage identity and access controls, including privileged access management * Stay current with emerging threats, vulnerabilities, and regulatory changes Requirements Qualifications: * Bachelor's degree in computer science, Information Security, or related field (or equivalent experience) * 2+ years of experience in cybersecurity or IT security operations * Familiarity with security frameworks (e.g., SOC, NIST, CIS, ISO 9001) * Hands-on experience with security tools (e.g., Splunk, Sentinel, CrowdStrike, Palo Alto) * Strong understanding of network protocols, operating systems, and cloud security * Relevant certifications preferred: CISSP, CISM, CEH, Security+ Preferred Skills: * Experience with incident response and digital forensics * Knowledge of scripting languages (Python, PowerShell) for automation * Ability to work independently and in cross-functional teams * Excellent communication and documentation skills.

QBE LLC is a leading management and technology consulting organization for the federal government and defense and intelligence communities. Our unparalleled experience, in-depth insights and sought-after technical expertise allow us to transform mission-critical challenges into business-changing opportunities. With a proven record of accomplishment delivering full life cycle solutions, QBE LLC consistently exceeds customer expectations. Our experienced team delivers measurable and sustainable results that improve efficiencies, save money and ensure mission success. Job Description Designs and develops new cloud systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks. Supports the Certification and Accreditation (C&A) or the NIST Assess & Authorize (A&A) RMF process and develops system security plans (SSPs) under guidance of NIST SP 800s, NISPOM, DIACAP, ICD 503, or replacement guidance as released. Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis. Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features and relates existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues. Qualifications DoD Secret Clearance Minimum BS or equivalent + 14 yrs related experience, or MS + 12 yrs related experience Required Knowledge & Skill sets: Must have demonstrated past experience deploying/designing/implementing/operating cloud security enterprise technologies, in Federal, DoD, or IC environments. Strong experience aiding in the build out of environments that require FISMA & FedRAMP compliance Demonstrated experience with the capabilities and APIs of one or more major cloud provider Specifically focused on hands-on experience with AWS environments, with tertiary knowledge of Azure and/or Google Foundational understanding of Cloud and off-premises security best practices; to include ensuring proper security measures are implemented for federal environments. Experience with industry standard virtualized networking components (Cloud application firewalls, Cloud Services Routers, Cloud Gateways, etc.) Preferred qualifications: AWS Certified CISSP & CCSP Certified Agile certifications Additional Information The Facts: Why Choose QBE LLC! A leading management and technology consulting organization Founded in 2008 by senior architects and engineers 100+ employees Possess a strong foundation of solid engineering principles and business knowledge Focused on the federal government and defense and intelligence communities Services ranging from executive level consulting to staff augmentation and management Provides support in 7 states as well as full-time resources in Kuwait and Afghanistan

QBE LLC is a leading management and technology consulting organization for the federal government and defense and intelligence communities. Our unparalleled experience, in-depth insights and sought-after technical expertise allow us to transform mission-critical challenges into business-changing opportunities. With a proven record of accomplishment delivering full life cycle solutions, QBE LLC consistently exceeds customer expectations. Our experienced team delivers measurable and sustainable results that improve efficiencies, save money and ensure mission success. Job Description Designs and develops new cloud systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks. Supports the Certification and Accreditation (C&A) or the NIST Assess & Authorize (A&A) RMF process and develops system security plans (SSPs) under guidance of NIST SP 800s, NISPOM, DIACAP, ICD 503, or replacement guidance as released. Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis. Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features and relates existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues. Qualifications DoD Secret Clearance Minimum BS or equivalent + 14 yrs related experience, or MS + 12 yrs related experience Required Knowledge & Skill sets: Must have demonstrated past experience deploying/designing/implementing/operating cloud security enterprise technologies, in Federal, DoD, or IC environments. Strong experience aiding in the build out of environments that require FISMA & FedRAMP compliance Demonstrated experience with the capabilities and APIs of one or more major cloud provider Specifically focused on hands-on experience with AWS environments, with tertiary knowledge of Azure and/or Google Foundational understanding of Cloud and off-premises security best practices; to include ensuring proper security measures are implemented for federal environments. Experience with industry standard virtualized networking components (Cloud application firewalls, Cloud Services Routers, Cloud Gateways, etc.) Preferred qualifications: AWS Certified CISSP & CCSP Certified Agile certifications Additional Information The Facts: Why Choose QBE LLC! A leading management and technology consulting organization Founded in 2008 by senior architects and engineers 100+ employees Possess a strong foundation of solid engineering principles and business knowledge Focused on the federal government and defense and intelligence communities Services ranging from executive level consulting to staff augmentation and management Provides support in 7 states as well as full-time resources in Kuwait and Afghanistan

Systems Security Engineer Dahlgren, VA Active Secret Clearance @Orchard is supporting a growing Federal contract with proven capabilities in cybersecurity. We are seeking a skilled Systems Security Engineer to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for supporting the creation of hybrid software, web, and hardware products from initial specifications to final roll-out and maintenance, including sophisticated systems that run on the web. If awarded, this could be a fantastic opportunity to grow your career with a company that has built strong relationships within Defense and Intelligence. If selected, you will be asked to sign a letter of intent to join the team upon program award. As the Systems Security Engineer you will: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Providing SME support in Information Assurance and Cybersecurity Life-Cycle management, coordination, and implementation as required by the applicable Authorizing Official. Provide RMF A&A ISSE support for all ashore and afloat packages. Responsible to integrate various network operating systems, application programs, and hardware devices. Manage development cycle associated with producing resilient software, hardware, and web application, including specification, design, coding, testing, and maintenance. Perform classified and unclassified tasks and actions to support A&A activities, A&A package reviews, scanning, reporting and remediation, and overall system security; consult with relevant A&A Validation teams in normal course of activities. Assist in development and execution of A&A plans for complex networks and IT systems; may include providing ISSO, Information Systems Security Engineer, and DIO support, and A&A analysis supporting documentation and artifacts in support of A&A, and compliant system administration across variety of environments supporting department offices, conference facilities, and land-based tactical equipment suites and laboratories. Provide IT Project and System Administrative support for accreditation including full authority to operate, interim authority to operate, authority to connect, Interim authority to test, Local authority to proceed and other required authorizations to support normal operations, special user events and requirements, and test events. Implement and maintain system security requirements, including STIGs, anti-virus software installations and updates, ESS installation and monitoring, responding to Cyber Directives, and other direction to ensure IT and Information Assurance controls are maintained. Perform and review vulnerability scans on all ISs using latest approved vulnerability scanning tools and signatures and ensure results properly mitigated, reviewed, documented, and reported. Support, test, monitor, and report any changes in ISs that may affect security posture and/or performance of IS. Monitor all system and audit logs and report potential security issues to ISSM; assist ISSM, Cybersecurity Branch Head, DIO, incident handling team, and law enforcement personnel in any investigations involving suspected security violations. Maintain accurate and up-to-date information in all required A&A applications. Provide subject matter expertise to perform cybersecurity operations for Corporate Operations IT and Technical Department IT. Collaborate with Government and other Contractor personnel to coordinate test and operation activities for Department IT. Develop, collect, maintain and submit A&A artifacts. Provide support for installing, managing, and troubleshooting any issues with vulnerability scanning software; perform scans on monthly and ad hoc basis for all Department IT and generate/consolidate scanning reports in centralized location; provide vulnerability scanning support for IT; responsible for opening trouble tickets with respective scanning software support for scanning and IA support. Responsible for creation, development, support, and lifecycle sustainment of all RMF A&A processes, including, but not limited to: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Qualifications: Four (4) years professional experience IT security with DoD or Navy. Experience with vulnerability analysis, risk analysis, scanning for viruses and other detrimental software. Qualified experience in accreditation of systems and audits. Designated as IAT II level with T3. Bachelor's Degree in Engineering discipline desired but not required. Professional experience in systems engineering a plus.

Contingent on award, Ampersand Solutions Group ( AMPERSAND ) has a requirement for one or more Cyber Security Engineers who will support a critical DoD mission providing cybersecurity authorization support for systems, networks, and applications in a hybrid multicloud environment. Scope: Oversees the implementation of DoDD 8530.01, DoDD 8500.2, DoDI 8510.1, DoDI 8510.01, Risk Management Framework (RMF), and other applicable NIST and CNSS Information Assurance (IA) directives, instructions, and guidelines. Interfaces with DoD Information Assurance Management (ISSM) and case management. Capability to design, develop, and implement solutions that meet network and system security requirements. Will perform vulnerability/risk analysis on computer systems, networks, and applications. Leads and manages the implementation of required network security to properly safeguard all computer systems, networks, and software applications. Documents all in accordance with formal security and risk assessments and supporting artifacts associated with the DoD Designated Accrediting Authority and Certification Authority process. Drives cyber strategy and provides insight into all policy and technical decisions. Experience in providing Communications Security (COMSEC) Custodial Experience in testing to validate established security requirements, recommending security requirements and safeguards, supporting the formal testing required by government accrediting authorities, and preparing System Security Plans. Required Qualifications Minimum 0-10 years of relevant, related experience plus: Bachelors degree from an accredited institution in engineering, science, or other relevant field or: Associates Degree in a relevant field from an accredited institution plus 2 years relevant, related experience High School Diploma / GED from an accredited institution plus 4 years relevant, related experience Ability to obtain and maintain a DoD Security Clearance at the appropriate level DoD Instruction 8570.01M IA certification Willing to periodically travel in support of test events Desired Qualifications ACTIVE DoD SECRET or TOP SECRET Clearance Experience supporting the US Ballistic Missile Defense System Certified in relevant cybersecurity tools and processes Experience in obtaining ATOs in hybrid multicloud classified systems AWS, Azure, VMWare experience Necessary Qualifications Honesty, superior ethics Interpersonal savvy, excellent communication skills Ability to work as a team Initiative Positive attitude Professionalism

| Major goals and objectives and location requirements People Inc is looking for an Application Security Engineer with a track record of innovative thinking, technical expertise, and collaboration. This role will be tasked with supporting software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC. As a valued member of the Security team, you will be responsible for helping to set technical direction, delivering technical projects, and collaborating with other groups within the organization. Hybrid 3x a week- (New York, NY) In-office Expectations: This position is hybrid in-office, with the ability to work remotely for up to 2 days per week. About The Positions Contributions: Weight % Accountabilities, Actions and Expected Measurable Results 50% - Solutions Function as a subject matter expert for security solutions within the organization's platform. Integrate security solutions into the SDLC process. Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure. Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements. Help evolve application security functions and services. 50% - Vulnerability Assessment Prioritize, triage and remediate vulnerabilities and findings from security scans and bug bounty programs. Review security test results from vulnerability scans and penetration tests and propose appropriate remediation measures or mitigation controls, conduct a remediation plan and supervise its progress. Improve and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools. Conduct security code reviews for various languages and frameworks of web and mobile applications. Identify security exposures and develop mitigation plans. Investigate and report vulnerabilities in systems and platforms. Assess the application threat landscape through threat modeling and architecture reviews. Develop metrics and reporting on the posture of the application security program. The Role's Minimum Qualifications and Job Requirements: Education: Bachelor's degree in Business, Management, Information Systems, OR equivalent professional experience. Experience: Technical Skills: 2+ years experience in a security technical role or software development. Application Development and Security: Experience with application security tooling and processes, including code review, static code analysis, penetration testing, risk management, etc. Infrastructure: Experience with data encryption, cryptography and encryption key management. Experience with configuration management and DevOps practices to ensure security is built into the SDLC process. Specific Knowledge, Skills, Certifications and Abilities: Technical Skills Development experience in Java, JavaScript and Python. Scripting and automation experience using RESTful APIs. Application Development and Security Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals. Strong knowledge and experience in implementing SDLC best practices. Knowledge with Git and version control best practices. Ability to innovate and find creative solutions that balance business needs with security needs. Familiarity with application layer assessment tools, such as local proxies and fuzzers. Familiarity with threat modeling and security design review methodologies. Infrastructure Solid understanding of OSI model, TCP/IP, HTTP and TLS. Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model. Interpersonal Skills Passion for application security and continuous learning. Able to concisely communicate security risks to both technical and business audiences. Attention to detail. Ability to work independently, and as part of a team. Ability to multitask and prioritize work effectively. It is the policy of People Inc. to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, the Company will provide reasonable accommodations for qualified individuals with disabilities. Accommodation requests can be made by emailing *************. The Company participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: ********************************** Pay Range Salary: New York: $115,000 - $135,000 Remote US: $100,000 - $120,000 The pay range above represents the anticipated low and high end of the pay range for this position and may change in the future. Actual pay may vary and may be above or below the range based on various factors including but not limited to work location, experience, and performance. The range listed is just one component of People Inc's total compensation package for employees. Other compensation may include annual bonuses, and short- and long-term incentives. In addition, People Inc. provides to employees (and their eligible family members) a variety of benefits, including medical, dental, vision, prescription drug coverage, unlimited paid time off (PTO), adoption or surrogate assistance, donation matching, tuition reimbursement, basic life insurance, basic accidental death & dismemberment, supplemental life insurance, supplemental accident insurance, commuter benefits, short term and long term disability, health savings and flexible spending accounts, family care benefits, a generous 401K savings plan with a company match program, 10-12 paid holidays annually, and generous paid parental leave (birthing and non-birthing parents), all of which may vary depending on the specific nature of your employment with People Inc. and your work location. We also offer voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance. #NMG#