Security Engineer jobs at TEKsystems

Job Family: Technology Consulting Travel Required: Up to 25% Clearance Required: Active Top Secret SCI with Polygraph What You Will Do: Guidehouse has an opportunity for a cleared Sr. Information Security Consultant to leverage their understanding of IC/DOD Risk Management Frameworks (RMF), continuous monitoring, risk scoring, and risk management experience to lead our team of Assessors in conducting rigorous technical testing of security controls across various domains such as access control, cryptography, network security, and incident response for our Intelligence Community customer. This role is 100% on-site and you must be a self-starter able to work independently. Responsibilities include but are not limited to: Works with senior members of the client organization to ensure that overall program and project direction, strategy and expectations are met. Quickly Gain understanding of customer's mission and impact managerial practices. Act as a high-level assessor to help all the Security Control Assessors (SCA) on the RMF Team with their assessments and assessment report reviews prior to submission to the government Manage security controls assessments including kickoff, submission of deliverables, final report, and executive briefing Conduct audits to ensure that security controls are implemented correctly and operating effectively Monitor and evaluate a system's compliance with security, resilience, and dependability requirements Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations through the development of POA&Ms Lead continuous improvement initiatives aimed at enhancing the effectiveness and efficiency of security assessment processes. Identify opportunities for automation, optimization, and enhancement of assessment methodologies and tools. Mentor to junior Security Control Assessors What You Will Need: An ACTIVE and MAINTAINED TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph Bachelor's Degree FIVE (5) or more years' experience in cybersecurity Ability to obtain a DoD 8570.01-M (IAT III) certification (i.e. CASP+CE, CISSP, CISA, GCED, GCIH, CCSP) within the first 90 days of starting at Guidehouse What Would Be Nice To Have: An active DoD 8570.01-M (IAT III) certification (i.e. CASP+CE, CISSP, CISA, GCED, GCIH, CCSP) Proficient computer skills and experience using Microsoft applications (Word, Excel, PowerPoint, Visio and Outlook) Exceptional oral and written communication skills What We Offer: Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace. Benefits include: Medical, Rx, Dental & Vision Insurance Personal and Family Sick Time & Company Paid Holidays Position may be eligible for a discretionary variable incentive bonus Parental Leave and Adoption Assistance 401(k) Retirement Plan Basic Life & Supplemental Life Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts Short-Term & Long-Term Disability Student Loan PayDown Tuition Reimbursement, Personal Development & Learning Opportunities Skills Development & Certifications Employee Referral Program Corporate Sponsored Events & Community Outreach Emergency Back-Up Childcare Program Mobility Stipend About Guidehouse Guidehouse is an Equal Opportunity Employer-Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation. Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco. If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at ************** or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation. All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or ************************. Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process. If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse's Ethics Hotline. If you want to check the validity of correspondence you have received, please contact *************************. Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant's dealings with unauthorized third parties. Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

Title: Security Engineer Job Type: Contract (12 months) Compensation: $90.00 - $112.00 per hour (W2) Industry: Retail --- About the Role We are seeking a Security Engineer to join a leading organization in the retail and e-commerce industry. This role focuses on implementing secure identity frameworks and workload authentication across distributed systems. You will work on cutting-edge technologies to ensure secure communication between services in a dynamic, large-scale environment. Job Description As a Security Engineer, you will be responsible for designing, deploying, and maintaining SPIFFE/SPIRE-based identity solutions. You will integrate these frameworks with container orchestration platforms, service meshes, and proxy workloads to enhance security posture. This position requires hands-on experience with SPIRE components and the ability to customize attestors and identity issuance workflows. Key responsibilities include: Deploy and manage SPIRE Server and SPIRE Agent in production environments. Design and implement secure workload identity solutions using SPIFFE IDs and trust domains. Build or customize workload and node attestors to meet organizational needs. Implement SVID issuance and rotation for X.509 and JWT formats. Integrate SPIRE with Kubernetes clusters, service meshes (e.g., Istio, Linkerd), and Envoy-based workloads. Collaborate with cross-functional teams to ensure seamless identity management across distributed systems. Qualifications Required: Proven hands-on experience deploying and managing SPIRE Server and SPIRE Agent. Strong understanding of SPIFFE IDs, trust domains, and workload identity concepts. Experience designing and implementing SVID issuance and rotation (X.509/JWT). Ability to build or customize workload and node attestors. Practical experience integrating SPIRE with Kubernetes, service meshes (Istio, Linkerd), and Envoy-based workloads. Preferred: Background in large-scale distributed systems or cloud-native environments. Familiarity with container security and zero-trust architectures. Experience with scripting or automation tools for identity management. Knowledge of TLS, PKI, and cryptographic principles. --- Benefits Dahl Consulting is proud to offer a comprehensive benefits package to eligible employees that will allow you to choose the best coverage to meet your family's needs. For details, please review the DAHL Benefits Summary: *********************************************** Equal Opportunity Statement As an equal opportunity employer, Dahl Consulting welcomes candidates of all backgrounds and experiences to apply. If this position sounds like the right opportunity for you, we encourage you to take the next step and connect with us. We look forward to meeting you!

We are seeking a Security Engineer II to support threat and vulnerability management across on-premises and cloud environments. This role focuses on identifying security risks, assessing vulnerabilities, ensuring secure configurations, and driving remediation efforts to improve overall security posture. Key Responsibilities: Identify, assess, and remediate vulnerabilities across on-prem and cloud environments (AWS/Azure/GCP) Monitor and analyze threat intelligence using frameworks such as MITRE ATT&CK, OWASP, and CVSS Utilize vulnerability and cloud security tools (Tenable, Qualys, Rapid7, Prisma Cloud, Defender for Cloud, Wiz) Perform secure configuration audits using CIS Benchmarks, NIST, and STIGs Collaborate with IT, Cloud, and DevOps teams to implement remediation Automate security processes using scripting (Python, PowerShell, Bash) Track remediation progress and communicate risks to technical and non-technical stakeholders Required Skills & Experience: 4+ years of experience in Cybersecurity or IT with exposure to vulnerability or cloud security Hands-on experience with vulnerability management tools Strong understanding of security controls, risk management, and compliance Experience with scripting/automation and API integrations Familiarity with SIEM, logging, monitoring, and ticketing systems

Infrastructure Security Engineer Compensation: $40-50 /hour, depending on experience Inceed has partnered with a great company to help find a skilled Infrastructure Security Engineer to join their team! Join a dynamic team in a company that values culture and work-life balance. As an Infrastructure Engineer, you will play a crucial role in designing and maintaining a secure hybrid infrastructure. This is an exciting opportunity for someone who thrives in a technical environment and is passionate about security compliance. Enjoy working in a supportive and collaborative setting where your skills and expertise will make a significant impact. Key Responsibilities & Duties: Design and manage Azure environments and Azure Virtual Desktop. Ensure compliance with security frameworks like CMMC and NIST. Administer Windows Server and Active Directory. Implement and monitor network security. Translate compliance requirements into technical controls. Collaborate with high-level executives and cross-functional teams. Required Qualifications & Experience: Bachelor's degree in IT or 10 years of IT experience. Proven experience with cloud and on-premises environments. Strong understanding of CMMC or NIST frameworks. Excellent written and verbal communication skills. Strong analytical and troubleshooting skills. Nice to Have Skills & Experience: Experience with Hyper-V and VMware. Knowledge of PowerShell scripting and automation. Familiarity with vulnerability management and incident response. Perks & Benefits: 3 different medical health insurance plans, dental, and vision insurance Voluntary and Long-term disability insurance Paid time off, 401k, and holiday pay Weekly direct deposit or pay card deposit If you are interested in learning more about the Infrastructure Security Engineer opportunity, please submit your resume for consideration. Our client is unable to provide sponsorship at this time. We are Inceed, a staffing direct placement firm who believes in the possibility of something better. Our mission is simple: We're here to help every person, whether client, candidate, or employee, find and secure what's better for them. Inceed is an equal opportunity employer. Inceed prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. #IND

ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind the technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at ******************* Position Title: Endpoint Security Engineer Location Information Kansas City Metro (Onsite) Position Responsibilities: The Endpoint Security Engineer will play a critical role within the IT security and operations team, responsible for the administration, implementation, and continual improvement of endpoint security solutions-primarily utilizing Microsoft Intune. The ideal candidate must possess advanced expertise in Intune for Mobile Device Management (MDM) and Mobile Application Management (MAM), and be prepared to respond to security incidents beyond regular business hours. Experience with Jamf in Apple environments is an advantage. Design, deploy, and manage the organization's Microsoft Intune environment for both corporate-owned and BYOD (Bring Your Own Device) devices, ensuring a secure yet seamless user experience. Develop and maintain solutions for device enrollment, authentication, and complete lifecycle management utilizing Intune, while leveraging Jamf for Apple device environments when required. Configure, optimize, and monitor Microsoft Intune settings for MDM and MAM across Windows, Android, and iOS devices to ensure security and compliance. Establish and enforce device compliance policies, security baselines, encryption protocols, and remote wipe capabilities for rapid incident response. Manage application deployment, app protection policies, and conditional access requirements via Intune and related tools. Continuously monitor the performance of security solutions via analytics, logs, and user feedback; proactively identify areas for improvement to enhance protection and efficiency. Lead or contribute to large-scale device migrations, OS upgrades, and mobility transformation projects, ensuring minimal business impact and service continuity. Regularly monitor, investigate, and respond to endpoint threats, vulnerabilities, and anomalies; promptly remediate endpoint security incidents and collaborate with SOC and IT support teams for escalated security issues and rapid resolution. Ensure that endpoint security implementations meet regulatory standards and internal governance requirements; stay up to date with relevant compliance frameworks (HIPAA, GDPR, SOC 2, etc.). Generate detailed reports on device compliance, application usage, and security incidents, supplying metrics and documentation for audits and stakeholders as required. Develop, refine, and deliver training sessions and materials for end-users and IT helpdesk staff on device enrollment, usage, and security best practices. Provide Tier 2/3 support for complex endpoint security, mobility, and compliance issues; serve as a subject matter expert for cross-functional teams implementing security initiatives. Promote a culture of continuous improvement by researching and recommending new endpoint security technologies, trends, and best practices; implement process and tool enhancements as appropriate. Essential Skills, Experience 3-5 years of hands-on experience in administering and supporting Microsoft Intune, Office 365, and enterprise device security solutions. Strong proficiency in configuring, managing, and troubleshooting Intune, Microsoft Endpoint Manager, and Azure Active Directory settings. Proven expertise in designing, deploying, and supporting MDM/MAM solutions for large enterprise environments. Comprehensive understanding of endpoint security principles, including antivirus, EDR, encryption, secure authentication, and access controls. Practical experience with endpoint compliance and governance requirements; strong working knowledge of frameworks such as HIPAA, GDPR, or SOC 2 and involvement in audit processes. Familiarity with automation and scripting tools (e.g., PowerShell, Bash) for task automation, device management, and mobile application deployment. Demonstrated ability to manage multiple complex projects simultaneously, with excellent organizational, analytical, and documentation skills. Knowledge of Active Directory, Group Policy Objects (GPO), and remote support tools for user and device management. Exceptional interpersonal and communication skills, with a proven track record of successful cross-functional collaboration and the ability to operate independently or as part of a team. Preferred: Hands-on experience with Jamf administration for mac OS and iOS device management, including policy configuration and endpoint protection. Preparedness to provide support and incident response outside normal business hours as needed. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field (advanced degrees or relevant certifications are a plus). Preferred certifications: Microsoft Certified (Intune, Azure, or Endpoint Manager), Jamf Certification. ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities. Equal Employment Opportunity is The Law This Organization Participates in E-Verify

Job Title: Sr. Cybersecurity Risk Analyst Duration: 24+Months Responsibilities: Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise; Work with stakeholders across various divisions, soliciting input and working through feedback; Evaluate risk of third parties used by New York City agencies; Document and track remediation of risks in the Risk Register; Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies; Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines; Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary; Engage in communications with NYC Agencies; Handle special projects and initiatives as assigned. Required Sklls: A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team. DESIRABLE SKILLS/EXPERIENCE: BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field. One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) CompTIA Security+ CompTIA Network+ CompTIA A+ CompTIA CySA+ Cisco Certified Network Associate - CCNA CEH: Certified Ethical Hacker GIAC Information Security Fundamentals (GISF) GIAC Security Essentials (GSEC) (ISC)2 Systems Security Certified Practitioner (SSCP) Ability to work effectively in a team environment. Being highly organized, motivated and a self-directed professional. Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. Understanding of commonly used computer operating systems, databases, network structures. Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) Investigative and analytical skills. Excellent oral and written communication skills; Knowledge of the current and evolving cyber threat landscape; Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;

Role: AI Security Engineer Contract: 12 to 24 months Key Responsibilities: Provide tuning and optimization support for Security AI data discovery and classification (structured & unstructured data). Execute data classification efficacy validation strategies to ensure high accuracy and consistency. Apply precise feedback mechanisms to prevent cascading misclassifications across thousands of columns and datasets. Monitor and analyze tuning impact on classification results and ensure ongoing compliance alignment. Maintain data governance integrity and support audit readiness. Perform internal data scanning across servers and virtual machines. Scan and analyze large-scale datasets (up to 100+ TB) across enterprise platforms. Work with cloud-based data sources, primarily on AWS. Collaborate with analytics, governance, security, and platform teams to align classification outcomes. Support regulatory compliance efforts related to GDPR, SOX, and other data protection frameworks. Utilize SQL or other database technologies to analyze, validate, and troubleshoot classification results. Develop scripts and automation to support scanning, tuning, and reporting activities. Required Skills & Qualifications: 4-6 years of experience in data classification, data governance, or data analytics roles. Hands-on experience with Securiti AI or similar data discovery and classification platforms. Strong understanding of data classification techniques and semantic similarity across enterprise data. Experience scanning structured and unstructured data at scale. Proficiency in SQL and experience with relational or enterprise databases. Experience working with cloud platforms, preferably AWS. Knowledge of GDPR, SOX, or other data privacy and compliance regulations. Strong problem-solving and analytical skills. Experience with scripting (Python, Shell, or similar) for automation and analysis. Ability to scan data from servers and virtual machines. Nice-to-Have Skills: Experience with data governance frameworks and tools. Familiarity with metadata management, data catalogs, and audit reporting. Exposure to AI/ML-driven classification or NLP-based data discovery. Prior experience in large-scale enterprise data environments. EEO: “Mindlance is an Equal Opportunity Employer and does not discriminate in employment based on - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”

SAP Security Administrator Compensation: $130,000 - $160,000 annually, depending on experience Inceed has partnered with a great company to help find a skilled SAP Security Administrator to join their team! Join an innovative environment where you will play a critical role in managing and supporting SAP Roles and Security within a dynamic SAP landscape. This is an exciting opportunity to contribute to the design, development, and implementation of SAP Role Administration functions. If you are passionate about SAP security and thrive in a collaborative setting, this role is for you! Key Responsibilities & Duties: Design and maintain security solutions for identity and access management Analyze processes to deliver quality solutions meeting business requirements Drive security strategy for S4Hana ecosystem Identify and mitigate security risks and violations Ensure SAP security aligns with standards and methodologies Provide technical support and resolve security issues Collaborate with IT management for user/system access controls Generate SOX and adhoc reports regularly Maintain Segregation of Duties for SAP environment Conduct vulnerability assessments and penetration tests Required Qualifications & Experience: Bachelor's Degree in Business Management, Information Systems, or related field 4+ years experience in SAP GRC, Role Administration & Security Experience with SAP S/4 HANA security and authorizations In-depth understanding of SAP Security Role design & GRC Architecture Expertise in SAP Security automation and scripts creation Nice to Have Skills & Experience: Experience with cloud applications and Azure SAP GRC Certification Oil and Gas industry experience Experience with SAP GRC Access Control configuration Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal Perks & Benefits: Comprehensive and competitive benefits package-details shared during later stages If you are interested in learning more about the SAP Security Administrator opportunity, please submit your resume for consideration. Our client is unable to provide sponsorship at this time. We are Inceed, a staffing direct placement firm who believes in the possibility of something better. Our mission is simple: We're here to help every person, whether client, candidate, or employee, find and secure what's better for them. Inceed is an equal opportunity employer. Inceed prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Candidates Only no 3rd Party Candidates! Company is seeking a Senior Security Engineer or Security Solutions Architect with deep experience in Zscaler Internet Access (ZIA) and Secure Web Gateway (SWG) solutions. The resource will review and assess the current Zscaler deployment, identify best practices, implement configuration and policy improvements, and optimize workflows to improve security posture and user experience. Key Responsibilities Assess Company's current Zscaler ZIA (SWG) deployment and provide best practice recommendations. Perform configuration updates, policy tuning, and remediations based on assessment findings. Review and optimize the website approval workflow, reducing turnaround time for URL requests (currently 2-3 days). Implement granular Zscaler policies allowing differentiated access based on user identity (e.g., allow downloads but restrict uploads). Assist with Zscaler DLP policy design and management. Develop and document end-user and administrator processes, ensuring consistency and clarity. Identify opportunities to automate policy or workflow management via scripting or ServiceNow integrations. Collaborate with internal teams (SOC, Engineering, GRC) to align configurations with security requirements. Required Qualifications 7+ years of experience in IT security engineering or architecture. Proven expertise with Zscaler Internet Access (ZIA) and Secure Web Gateway (SWG) design, deployment, and optimization. Working knowledge of Zscaler Private Access (ZPA) and Zscaler DLP. Strong understanding of enterprise networking, including firewalls, proxies, and DNS. Experience designing and implementing identity-based policies within Zscaler. Familiarity with Zero Trust architecture, encryption, and access control principles. Proficiency in Python scripting or API integration for automation and workflow improvements. Experience integrating with ServiceNow or similar platforms. Excellent communication skills and ability to operate independently in a fast-paced environment. Strong process orientation with proven experience analyzing, optimizing, and documenting workflows.

The Information Security Compliance Analyst plays a pivotal role in safeguarding the organization's information assets by leading compliance initiatives, managing vendor and client security assessments, and supporting incident response efforts. This position ensures alignment with industry standards such as ISO27001, SOC 2, PCI DSS, and GDPR, while maintaining robust governance frameworks and security policies. The analyst collaborates cross-functionally to enhance security operations, drive continuous improvement, and uphold regulatory compliance across ITA Group's systems and third-party relationships. ACCOUNTABILITIES & PERFORMANCE EXPECTATIONS Security Operations & Compliance Lead client and vendor security assessments, including third-party reviews, risk assessments, and questionnaire responses. Build and manage workflows for vendor assessments and due diligence. Oversee compliance audits (SOC2, PCI, ISO27001, TruSight), including evidence collection and process optimization. Support the Information Systems Incident Response Team (ISIRT) during security events. Assist in developing requirements for security tools and operational procedures. Evaluate and recommend emerging security technologies and products. Provide off-hours support on a rotating and as-needed basis. Coordinate with external suppliers to resolve security incidents. Systems & Tools Management Administer and monitor various security tools to ensure optimal performance and coverage. Audit & Incident Management Conduct quarterly audits of systems in scope for compliance. Maintain incident logs and ensure readiness for ISO27001 certification. Investigate and remediate Microsoft Security alerts. Compliance Certifications Collaborate with Legal to support privacy regulations and ensure compliance with GDPR and other frameworks. Governance Management Develop and implement Data Loss Prevention (DLP) rules for sensitive document handling. Enhance Insider Threat Protection capabilities. Maintain and update InfoSec policies and procedures. Provide organization-wide coaching and mentorship on security policies. Ensure regulatory and compliance requirements are consistently met. Establish and maintain a security framework and auditing process. Manage security questionnaires and third-party data security risk assessments. Analyze and investigate security anomalies using platform reports, logs, and alerts. POSITION REQUIREMENTS Bachelor's degree in computer science, information technology, or equivalent experience. Five-to-eight years experience in information technology support with at least five years of experience in system administration and system design. Security certification such as CISSP, CISA, or CISM are required. Technical certifications in Cisco and Microsoft products is preferred. Excellent communication and documentation skills. Strong experience with ISO27001, SOC 2, PCI DSS 4.x, GDPR, and other regulatory frameworks and privacy regulations. Ability to demonstrate ownership of systems and drive the technology forward to the goals of the company. Direct involvement in the annual planning and budgeting process for Information Technology. Strong communication skills and the ability to interact with other systems personnel in a team environment. Ability to maintain confidentiality pertaining to nonpublic business, financial, personnel, salary, and technological information, plans or data. Ability to think analytically to solve technical problems individually and in a team environment. Ability to effectively plan, schedule and coordinate projects and meet deadlines, managing multiple project concurrently. Ability to analyze and communicate technology performance results. Specific experience working with our current primary technology and software preferred. Ability to listen, understand and respond to external and internal customers' needs in a timely manner; customer service experience in a service-related industry preferred. Ability to work the time necessary to complete projects and/or meet deadlines. ABOUT ITA GROUP ITA Group is an employee-owned engagement and loyalty company that provides data-driven solutions designed to uniquely motivate and inspire our clients' employees, channel partners and customers. Creating engaging employee experiences is at the heart of what we do and who we are, and we continuously evaluate our team member benefits to ensure our team members are cared for. We offer an array of competitive benefits, including healthy retirement contributions, health, dental and vision insurance, paid parental leave, flexible work arrangements, Volunteer Time Off, paid sabbaticals, anniversary awards and more! Come join our team, recently recognized by several top organizations as a Great Place to Work.

The Cybersecurity Engineer is responsible for the technical implementation and management of cybersecurity measures. This role involves extensive hands-on work with security technologies, developing and maintaining security protocols, and ensuring the protection of sensitive data. The Cybersecurity Engineer collaborates within the various IT teams to integrate security solutions into business projects and solutions, while supporting overall compliance with HIPAA regulations. Technical Implementation: Architect, deploy, and maintain enterprise-grade security technologies, including firewalls, intrusion detection/prevention systems, encryption platforms, and vulnerability management tools. Implement and support security controls for network infrastructure such as routers, switches, and wireless access points. Configure, administer, and secure Active Directory and Azure AD environments. Deploy and oversee endpoint protection platforms and Security Information and Event Management (SIEM) solutions. Manage Microsoft 365 security capabilities, including conditional access, data loss prevention (DLP), and advanced threat protection. Evaluate, test, and recommend new security tools, processes, and technologies to strengthen the organization's security posture. Security Operations: Continuously monitor systems for security events, investigate alerts, and respond to incidents with appropriate documentation. Perform ongoing risk assessments and vulnerability scans to identify exposures and drive remediation efforts. Lead technical response efforts during security incidents or breaches in coordination with the incident response team. Administer and monitor Identity and Access Management (IAM) systems to ensure secure and appropriate access. Conduct routine vulnerability assessments and threat analysis to support continual improvement. Perform digital forensics and incident response activities as needed. Compliance: Ensure adherence to HIPAA and all applicable regulatory and security standards. Design and implement technical safeguards that protect sensitive information and support organizational objectives. Collaboration: Partner with IT and business teams to embed security controls into systems, applications, and workflows. Educate and support staff on cybersecurity awareness, best practices, and evolving threats. Documentation: Create and maintain accurate documentation for security configurations, procedures, and incident activity. Remain informed on current cybersecurity trends and recommend enhancements to existing controls. Security Audits: Plan and conduct scheduled and ad-hoc security audits to validate adherence to security policies and standards. Security Standards and Policies: Develop, review, and update security policies and standards in alignment with industry best practices and regulatory requirements. Security Infrastructure Maintenance and Monitoring: Configure, troubleshoot, and maintain security-related hardware and software. Implement and manage monitoring tools to detect intrusions and potential security breaches. Security Strategy Development: Support the planning, execution, and ongoing refinement of the organization's information security strategy. Adhere to organizational policies, procedures, and safety standards; complete required training annually; contribute to performance goals and quality improvement initiatives. Perform additional duties as assigned. Minimum Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline required. Minimum Experience: Ten (10) years of overall IT experience, including at least five (5) years of hands-on cybersecurity leadership with demonstrated success designing, engineering, and deploying security solutions in an enterprise environment. Certifications: Relevant industry certifications such as CISSP, CISM, CISA, CCSP, CEH, Microsoft Azure Engineer, or equivalent are required.

STRATEGIC STAFFING SOLUTIONS HAS AN OPENING! This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below. “Beware of scams. S3 never asks for money during its onboarding process.” Job Title: Information Security Engineer- Automation (Cisco ISE) Location: Charlotte, NC 28262/ Raleigh, NC 27607 Onsite Work Contract Length: 24+ Months Pay: 75-80 an hr on W2 About the Role We are seeking a highly motivated Information Security Engineer to design and implement automation solutions that streamline and enhance management of the Cisco Identity Services Engine (ISE) platform. This role is ideal for a proactive, self-directed engineer who thrives in complex environments and enjoys building scalable, secure automation that reduces manual effort and improves operational efficiency. You will play a key role in developing automation workflows, integrating systems via APIs, and collaborating with cross-functional teams to translate business and security requirements into reliable, maintainable solutions. Key Responsibilities Design, develop, and implement automation workflows to support Cisco ISE configuration, policy updates, and operational tasks Build and maintain Python-based automation scripts and Ansible playbooks aligned with business and security requirements Develop application and system integrations using RESTful and/or SOAP APIs, including authentication mechanisms (OAuth, JWT), data transformation, and error handling Create secure, scalable API integrations with internal systems and third-party services Utilize API testing tools such as Postman and Swagger to validate functionality, performance, and security compliance Integrate automation solutions with external platforms (e.g., HashiCorp Vault) for secure credential and secrets management Develop custom tooling to simplify administrative processes and reduce manual day-to-day operational tasks Collaborate with internal stakeholders to gather requirements and deliver scalable automation solutions Document automation architecture, workflows, and usage guidelines to support maintainability and knowledge transfer Troubleshoot, optimize, and enhance automation scripts for reliability, scalability, and performance Required Qualifications Strong experience managing network infrastructure as code Advanced Python development skills Proven experience building Ansible playbooks based on business and operational requirements Hands-on experience creating and maintaining technical documentation (automation architecture, READMEs, runbooks) Ability to work independently, adapt to evolving requirements, and navigate complex or ambiguous processes with minimal supervision Nice-to-Have Qualifications Experience with Cisco Identity Services Engine (ISE) Background in network engineering or network security Work Location & Schedule This is a hybrid role requiring 3 full days per week onsite (8 hours per day) at one of the following locations:

• DevSecOps' expertise in building and supporting security solutions for Windows, Linux, above mentioned platforms, including services such as Enterprise Vulnerability Management, data protection, privacy and compliance, network protection. • Building and deploying security solutions using technologies such as Docker, Kubernetes, and GIT Hub. • Experience in low code environments such as Appian and Microsoft Power Platforms is mandatory. • Experience with Alteryx ETL and Workflow Designer platform is plus. • Experience with Identity and Access, Endpoint, Vulnerability management and other cybersecurity automation workflows. • Experience writing Automation scripts in Python and deploying them leveraging APIs. • Experience with AI enabled automation workflows. • Experience with Agile methodology and Atlassian tools including JIRA and Confluence. • Communicating with various audiences, including business leaders, engineers, clients, and team members, with excellent ability to convey information that is relevant to the audience. • Written communication for excellent documentation and reporting. • Outstanding teamwork across multidiscipline plan-build-run teams. • Applying your understanding and expertise with systems automation platforms and technologies. • Automating security controls, data, and processes to provide metrics and operational support. • Employing cloud-based APIs when suitable to integrate and orchestrate across various systems in the automation workflow. • Developing and delivering solutions using Agile methodology. “Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”

Local candidates only. Resource will work as an Information Security Analyst responsible for auditing and monitoring systems containing confidential information. This position is also responsible for helping the organization manage its risks by monitoring the organization's IT systems for inefficiencies, inaccuracies, mismanagement, etc. Tasks will include assisting with the configuration of data, application, network, and IAAM logs; assisting with log reporting tools; and monitoring systems for security problems. The position participates in all aspects of the technology audit and monitoring including the planning, control analysis, testing, issue development, and reporting phases. This position will also participate in all federal and state audits against DCS technology systems. Employee works in an Information Technology Division of a State Agency, the Department of Child Services (DCS-IT) under the guidance of the Security Manager. The essential functions of this role are as follows: • Monitors and keep supervisor informed of status of information security and confidentiality conditions, including problem areas and recommended enhancement; • Interfaces with user customers to understand their security needs and implement procedures to accommodate them including training and assessment. • Assists with preparing for security audits (e.g. IRS, SSA, OCSE, FBI, SBOA) and remediating any findings; assists with creating and submitting reports relevant to security audits. • Develop information security policies and standards for protection of information systems in compliance with state and federal requirements (e.g. IRS, SSA, OCSE, FBI, IOT) and guidelines (e.g. NIST SP 800-53). • Develops Standard Operating Procedures (SOP) for implementing security polices; • Recommends appropriate security safeguards to be included during development of new information technology systems and legacy systems; • Ensures maximum utilization of computer hardware and software features to secure automated systems and associated data; • Develops and implements procedures for use of information security management software; • Proposes information security software enhancements; • Performs periodic audits to assure security policies and standards are being followed and are effective. • Develops recommendations for enhancements and generates reports where necessary; • Keeps abreast of new laws and changes affecting privacy standards, network security, cloud security, remote access, and physical security; • Mentors and provides guidance to new or other staff as needed; • Performs related duties as assigned. • Assist on other task as assigned. Thorough knowledge of information security management tools, policies, and standards of information security procedures; • Thorough knowledge of state and federal legislation and regulatory laws pertaining to information system security and privacy; • Thorough knowledge of software vulnerabilities, vulnerabilities scanning tools, and vulnerabilities remediation; • Familiarity with domain structures, user authentication, and digital signatures; • Ability to develop and maintain information security standards; • Ability to understand and apply complex computer logic to work; • Ability to work effectively with a wide range of information technologists, including systems administrators, technical support, application development, end users and management; • Experience in assessing security needs of teams and assist in their security training. • Ability to communicate effectively both orally and in writing; • Ability to be a team member as well as a team leader depending on the situation; • Degree in information security or technology preferred; • Security certification preferred (e.g. CISSP). • Network Admin experience preferred. Supervisory Responsibilities/Direct Reports: This role does not provide direct supervision to direct reports.

STRATEGIC STAFFING SOLUTIONS HAS AN OPENING! This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below. “Beware of scams. S3 never asks for money during its onboarding process.” Job Title: Information Security Analyst Location: Chandler, AZ 85286 Onsite Work Contract Length: 6+ Months Pay: 45-48 an hr on W2 Overview We are seeking an Information Security Analysts to support a Central Access Provisioning team during a transition from a manual to an automated Identity and Access Management (IAM) environment. These roles will also provide flexible support across IAM Operations teams to address capacity needs resulting from workforce attrition and evolving operational demands. The ideal candidates will have hands-on experience with IAM tools, strong foundational knowledge of authentication standards, and the ability to operate effectively in a regulated, security-focused environment. Key Responsibilities Support Identity and Access Management (IAM) operations, including access provisioning and related security processes. Participate in low- to moderately complex information security initiatives and identify opportunities for process improvement. Review, analyze, and resolve basic to intermediate information security assignments requiring research, evaluation, and selection of appropriate solutions. Assist with low- to medium-risk deliverables in alignment with established policies, procedures, and compliance requirements. Develop and present recommendations to address security-related issues, exercising independent judgment within defined guidelines. Provide timely and accurate information to internal stakeholders and client personnel related to information security analysis. Collaborate with cross-functional teams and interact effectively with multiple levels of leadership. Manage priorities, meet deadlines, and deliver high-quality results in a fast-paced environment. Required Qualifications Minimum of 2 years of experience in Information Security Analysis or a related field, or equivalent experience demonstrated through a combination of work experience, consulting, training, military service, or education. Hands-on experience with IAM tools, such as: SailPoint Okta CyberArk Ping Microsoft Entra ID (Azure AD) Working knowledge of authentication and identity standards, including: LDAP SAML OAuth OpenID SCIM Familiarity with security and compliance frameworks, such as ISO, NIST, SOX, and PCI. Strong organizational skills with the ability to multitask and prioritize competing requests. Customer-service mindset with a demonstrated ability to respond to requests in a timely and professional manner. Proficiency in Microsoft Office applications, including Word, Excel, Outlook, PowerPoint, Access, and Project.

Jr. Security Analyst Our client is currently looking for a Jr. Security Analyst to join their team in a long term contract capacity focusing on an increase in compliance and audit work heading into the new year. This person will be brought on to support an established information security and compliance team. This role is ideal for someone looking to grow in TPA (Third Party Assessment), audit support, compliance operations, NIST frameworks, and GRC practices. Below is a breakdown of what our enterprise client is looking for in their potential candidate! Key Responsibilities Support Third Party Assessments (TPAs) by gathering evidence, tracking documentation, and helping review vendor security controls. Participate in internal and external audit readiness tasks including evidence collection, control testing preparation, remediation tracking, and audit log review coordination. Assist with vulnerability scan reporting, ticket creation, and follow-up with technical teams on remediation tasks. Support intake, documentation, and status tracking of new compliance and security projects. Help maintain dashboards, risk registers, and compliance reporting metrics within the GRC tool. Participate in annual assessment activities including contingency plan exercises, incident response tests, access reviews, and other required security program tasks. Assist with audit log reviews and routine monitoring processes as assigned. Maintain structured, accurate documentation to support continuous compliance efforts. Minimum Qualifications 1-3 years of experience in security, IT, audit, or compliance support roles (internships or rotational experience accepted). Foundational knowledge of NIST frameworks, FISMA requirements, or other security compliance standards (HIPAA, SOC 2, ISO 27001 a plus). Experience with GRC platforms (ServiceNow, Archer, OneTrust, ZenGRC, etc.) OR strong interest in learning. Strong attention to detail with the ability to create, edit, and maintain structured documentation. Proficiency with Microsoft Office and basic workflow tracking tools (Excel, SharePoint, Confluence, Smartsheet, etc.). Familiarity with basic cybersecurity terminology and frameworks (e.g., CIS Controls). Experience supporting compliance evidence collection or policy documentation. Interest in security governance, risk, and compliance as a long-term career path.

The Senior InfoSec GRC Analyst is responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that are aligned to industry standards and regulatory requirements. This role ensures that technology processes adhere to regulatory requirements, manage risks effectively, and establish strong governance practices. The position also develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective. Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Collaborate with cross-functional teams, including IT, legal, compliance, and business stakeholders, to ensure cybersecurity policies align with organizational objectives. Translate complex information and documentation into clear and simple concepts for end-users. Provide specialized expertise to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend actionable solutions to mitigate risks and strengthen overall security posture. Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmark policies against industry standards and best practices. Develop and implement governance frameworks for cybersecurity policy management. Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls. Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings and actions are tracked to closure. Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to relevant stakeholders. Identify opportunities for innovation and improvement in cybersecurity policies and practices. Propose mitigation strategies and verify the effectiveness of remediation plans. Requirements: Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field (preferred). Minimum of six (6)+ years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency with data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA (highly desirable). Strong knowledge of regulatory frameworks (NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Understanding of risk management concepts, control frameworks, and compliance auditing. Ability to provide consultation and recommendations to management. Strong communication skills with the ability to present effectively to both technical and non-technical audiences.

Hybrid - remote allowed, but should live in driving proximity to Springfield, VA Travel: up to 25 percent mostly to Chicago and Atlanta** Direct Hire with Benefits In this role you will guide the security direction for a hybrid environment that spans on premises systems and cloud platforms including Microsoft Dynamics Microsoft 365 Azure directory and the Microsoft security ecosystem. You will also work hands on with firewalls support multi-site network uptime document standards train users and collaborate closely with software and security vendors. This position requires someone who enjoys being the subject matter expert who can see the big picture while also building and improving day to day systems. What you will do Lead security operations including assessment mitigation and incident response Support and maintain the network across multiple facilities with a focus on reliability and resilience Plan and implement architecture improvements for both on premises and cloud based environments Work with business and software vendors to evaluate tools resolve issues and drive enhancements Develop and maintain documentation playbooks and standards for network and security operations Provide user training on security best practices and new technologies Drive continuous improvement by exploring and recommending modern solutions What we are looking for Five or more years of hands on experience in security engineering or network security Experience supporting hybrid environments on premises and cloud Strong familiarity with Microsoft based ecosystems including Dynamics M365 Azure directory Sentinel Defender P2 and E5 Background working with firewalls pfsense or similar Ability to design troubleshoot and document network architectures Experience responding to security events and closing security gaps Comfort interacting with external vendors and internal teams Clear communication skills solid documentation habits and a growth mindset Candidates must be based in Virginia and open to regional travel up to 25 percent If you enjoy being the trusted expert for both networking and security and want the freedom to influence modern solutions this role offers the autonomy and impact you are looking for.