Senior Security Consultant Jobs At Deloitte

- Product Security Architect - Mobile Applications Type : Hybrid (3 days work from client location) Product Security Architect focused on mobile application security. He/She will be responsible for reviewing mobile app architectures, evaluating security controls, creating threat models, and contributing to the overall security of mobile products. Provide support for mobile application security tooling automation and troubleshooting, security testing for PSE engagements, review security architecture and evaluate security controls, create threat models, and contribute to the product security engagements. The contractor will focus on Cloud and Communications products with VzCloud being the main product, and also act as a backup on mobile security SME testing, security reviews and vulnerability management of the VzCloud products. Key Responsibilities: Perform security architecture reviews for iOS and Android applications. Create and maintain threat models for mobile products and services. Evaluate and advise on security controls embedded within mobile application frameworks. Identify mobile-specific vulnerabilities (e.g., insecure storage, improper platform usage) Build and maintain automation for mobile security tooling (e.g., custom scripts, CI/CD integration). Must-Have Skills: Strong understanding of mobile platforms (Android, iOS) and mobile development frameworks. Experience with mobile app security testing tools (MobSF, Frida, Burp Suite, OWASP MASVS). Familiarity with mobile application threat modeling and common attack vectors. Knowledge of CI/CD pipeline integration for mobile app security checks. Scripting experience (Python, Bash, or equivalent) for automation.

Required Skills I. Foundational Technical Skills: Networking: Understanding of networking concepts like VPCs, subnets, routing, DNS, firewalls (Security Groups, NACLs), and load balancing is crucial. They need to be able to design and implement network architectures for various applications. Operating Systems: Familiarity with Linux (especially Amazon Linux and Red Hat) and Windows Server, including system administration, shell scripting, and command-line tools. Security Best Practices: A deep understanding of security principles and how to implement them in the cloud, including IAM roles and policies, encryption, security auditing, and incident response. Programming/Scripting: Proficiency in at least one scripting language like Python, Bash, or PowerShell for automation and infrastructure-as-code. Knowledge of other languages like Java, Node.js, or .NET can be beneficial depending on the role. II. AWS Specific Knowledge:Core AWS Services: Deep understanding of core AWS services like EC2, S3, VPC, IAM, CloudWatch, CloudFormation, and Lambda. Networking Services: Proficiency in configuring and managing VPCs, subnets, route tables, internet gateways, NAT gateways, and Direct Connect. III. Soft Skills & Other Important Qualities:Problem-Solving: Ability to troubleshoot and resolve technical issues effectively; Leads by doing - translates client ideas into slide materials, communicating technical ideas to non-technical people, guide junior resources through installations Communication: Strong communication skills to collaborate with other team members and stakeholders. Documentation: Ability to create clear and concise documentation for infrastructure and processes. Automation Mindset: A focus on automating repetitive tasks and infrastructure deployments. Continuous Learning: AWS is constantly evolving, so a commitment to continuous learning and staying up-to-date with new services and best practices is essential. Collaboration: Working effectively within a team and with other departments.

Job Description MKS2 Technologies, LLC, an award-winning high growth small business, creates innovative and customer-centric technology solutions in the areas of Cyber Security, Instructional Design and Training, Software Engineering and IT Support Services to improve the security and well-being of our clients. Our commitment to excellence and our "Mission First" orientation has resulted in steady growth and an expanding client base across government agencies. We have employees nationwide and for the past three consecutive years were named one of the fastest growing Veteran-owned companies in the nation. Please take a moment to browse through our website and learn more about what it means to serve with MKS2. Location: Off-site Description: Performs actions to protect, monitor, detect, analyze, and respond to unauthorized activity within assigned information systems and computer networks. Employs Cybersecurity capabilities and deliberate actions to respond to a CND alert or emerging situational awareness/threat. Serves as an expert on CND requirements and compliance to such requirements by using IA tools and techniques to perform compliance analysis and correlation, tracking and remediation coordination, and escalating CND non-compliance. Provides technical analysis and sustainment support for the enterprise for IA tools and applications and assists with the application of Defense-In-Depth signatures and perimeter defense controls to diminish network threats. Minimum Requirements: 5+ years relevant experience Current CNDSP / CSSO-IR certification Computing Environment: Current AWS Solution Architect or equivalent cloud certification Current DoD secret security clearance, Tier 2 (T2) Diversity creates a healthier atmosphere: MKS2 Technologies is proud to be an Equal Employment Opportunity / Affirmative Action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

Job Description Defense Analyst Overview: Group W is a 100% employee-owned company that hires great people to provide analysis, modeling, simulation, wargaming, and research, for visionary clients in government, commercial, and non-governmental entities. Founded in 2004. Group W is comprised of the brightest critical thinkers that balance an unconventional culture in support of one of the most conservative, conventional client groups, to bring forward the best ideas and get to "the right answer" through creativity, truth, passion, intellect, and skill. We are seeking a Defense Analyst to serve as a subject matter expert (SME). The successful individual will provide a full range of technical assistance, data collection, and analytical support to operational and technical communities within the Department of Defense. Requirements: Bachelor's degree from an accredited university 2+ years' military or operations research experience DoD Secret Clearance Understanding of current U.S. Military Operations U.S. Citizenship required Preferred: Master's degree in international relations, operations research, or technical field 5+ years' experience in defense or military operations research analysis Knowledge and understanding of U.S. current military operations to include the ideology, doctrine, strategy, or tactics related to one or more of the following: Operational planning Campaign analysis Capability development Force sizing and structure Open-source or classified Intelligence collection and analysis Wargaming Modeling and simulation Emerging technologies Experience with Joint or Interagency processes Experience navigating classified networks Interest in international alliances and partnerships Duties/Responsibilities: Work independently and collaboratively to: Develop new methodologies for aggregating and managing data sets Collect, conduct, and support the quantitative and qualitative analysis and assessment of data sets Develop and brief analysis results to internal and external leadership Salary: $75,000 - $115,000 (provided as a general guideline only. Compensation dependent upon relevant work experience related to the scope of the position, education, training, and market considerations). Benefits: 100% employer-paid, medical, dental, and vision plan Immediate vesting in the Employee Stock Ownership Plan Safe Harbor 401(k) contributions with no matching required 33 days of accrued PTO Group W is an Equal Opportunity Employer Group W is committed to providing equal employment opportunities to all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, status as a protected veteran, or other similarly protected status in accordance with applicable federal, state, and local laws. Job Posted by ApplicantPro

Job Title: OT Cyber Security Engineer Duration: 6+ Months Travelling would be required as below: 1 week in a month 3 days charlotte 2 days Indianapolis. RESPONSIBILITIES Lead the design, delivery, and maintenance of secure, scalable cyber security infrastructure for complex projects. Collaborate with Cyber Architecture and Test teams to engineer innovative and effective security solutions. Ensure alignment with cyber security standards, policies, and technical designs throughout the development lifecycle. Provide expert guidance on incident response, including mitigation, forensic investigation, and recovery strategies. Develop and implement tools and strategies to detect, prevent, and analyze advanced cyber threats. Qualifications Deep expertise in cyber security tools and technologies, including intrusion detection, firewalls, and risk assessment methods Proven experience designing and debugging secure network, system, and application architectures, including OT/IoT and cloud platforms Strong background in security engineering roles with hands-on delivery of technical solutions and stakeholder engagement Familiarity with industry certifications such as CISSP, CISM, ISSEP, and experience with SCADA/DCS and MES systems Solid project management skills within a cyber security context, with a degree in Computer Science, Engineering, Cyber Security, or related fields

As a partner technology architect, you will work closely with partner directors of specific products, sales and delivery teams, to design, develop and build custom solutions for our customers. You will need to have in-depth technical skills of Zscaler and Rubrik (Zscaler - ZIA, ZPA, Advance DLP, SSE Rubrik - Data Protection, DSPM, Data Threat Analytics, Cyber Recovery) and should be able to orchestrate and build the solution based on the customer's problem statement. Responsibilities Include: Own the Zscaler and Rubrik opportunities from a technical point of view (pre-sales, solution, PoC, use case demonstration, technical workshops) Work with partner directors to identify proactive opportunities and build pipeline. Collaborate with customers, partner director and sales teams to understand requirements and develop custom solutions using the suite of Zscaler and Rubrik products. Develop Zscaler and Rubrik product specific labs, demonstrable use cases and artifacts which can showcase the various features and capabilities. Collaborate with cross-functional teams to ensure seamless integration of Zscaler and Rubrik products into the solution. Provide architectural expertise for Zscaler and Rubrik products including design, build, PoC and MVPs. Lead security architecture discussions along with customer and Zscaler and Rubrik teams and provide input on design and implementation of the solution. Continual learning and be up-to-date on the latest developments in the Zscaler and Rubrik suite of products and apply these to strengthen customer's security posture. Define / develop and document target reference architecture which includes capabilities and services of Zscaler and Rubrik products. Build a technology strategy and an actionable roadmap which addresses customers' needs using Zscaler and Rubrik suite of products. Act as a trusted advisor to clients, providing insights into industry trends, best practices, and compliance requirements. Connect with CXOs and present the capabilities and features of Zscaler and Rubrik products. Qualifications: 15+ years of relevant experience Bachelor's degree in computer science, Information Technology, Cyber Security or a related field. Technical and solution relevant certifications in Zscaler and Rubrik products. Willingness to travel and work in a fast-faced result-oriented environment. Strong Communication skills and an ability to communicate complex technical concepts to technical and non-technical stakeholders. EOE: Our client is an Equal Opportunity Employer, committed to a workplace free from discrimination and harassment. Employment decisions are based on business needs, job requirements, and individual qualifications without regard to race, color, religion, gender, age, disability, sexual orientation, gender identity, marital status, military service, genetic information, or any other status protected by law.

Job DescriptionDescription: Our government client is seeking a Systems Engineer. Rate: ($65 - $75 / hr. w2 ) Duration: 6 months contract to hire Responsibilities: Description for PdM Network Modernization Secure Wireless Systems Engineer: Communications Engineer needed to support the Secure Wireless program. Must be familiar with the Commercial Solutions for Classified (CSfC) program and architecture. Supports PdM NetMod with Documentation and Software configuration management between up to three different Secure Wireless baselines. Validate quarterly release updates from PDSS efforts. Works on development efforts with Secure Wireless engineering team. Tests new and emerging technologies and software for inclusion into the Secure Wireless baseline. Engineer a test network, write test plans and test threads for performance testing. Provides train the trainer instruction. Creates network diagrams using MS Visio. Step by step documentation of procedures (DTPs) Network and Client access troubleshooting using error messages and logs. WIN-T or Tactical Network Configuration Items (CIs) and Architecture. Needs a cross functional basis of knowledge on Signal Modernization products including Small Form Factor Wi-Fi and SWMRE. Experience Requirements: Expertise in static routing and virtualized environments Cisco IOS and Networking Aruba OS and Wireless Networking Palo Alto Networks OS VMWare Windows Server and Windows 10/11 Network security configuration expertise to include VPN, IPSec, Public Key Infrastructure (PKI), Certificate Authorities, Firewalls, and Active Directory NetOps Tools including but not limited to: PacStar IQ Core, Solarwinds, Splunk, SNMPc Education Requirements: No degree required Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range. W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality. Please be advised- If anyone reaches out to you about an open position connected with Eliassen Group, please confirm that they have an Eliassen.com email address and never provide personal or financial information to anyone who is not clearly associated with Eliassen Group. If you have any indication of fraudulent activity, please contact ********************. About Eliassen Group: Eliassen Group is a leading strategic consulting company for human-powered solutions. For over 30 years, Eliassen has helped thousands of companies reach further and achieve more with their technology solutions, financial, risk & compliance, and advisory solutions, and clinical solutions. With offices from coast to coast and throughout Europe, Eliassen provides a local community presence, balanced with international reach. Eliassen Group strives to positively impact the lives of their employees, clients, consultants, and the communities in which they operate. Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Don’t miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!

Job Description Toeroek Associates is seeking qualified candidates for the Chemical Weapons Convention (CWC) National Security Analyst position to assist the Naval Treaty Implementation Program (NTIP) with the preparation of multi-phased instructional products, training plans, and exercises ranging from classroom tutorials to small team-size field training to full-scale multi-day exercises. This position is in Alexandria, VA. In-office support is expected (mix between Alexandria, VA and the Navy Yard, Washington DC), must be willing to support 5 days a week as needed. Travel is 10% or less per year to prepare for and support exercises as needed. International travel may be required. Applicants must have an active DoD SECRET clearance, Chemical Weapons Convention (CWC) experience desired, and 3+ years Arms Control, DoD, and/or national security experience to be eligible for this role. This opportunity and description are subject to change pending the release of the final solicitation by the Navy. Start of work is tentatively late September / early October 2025. Duties Ability to prioritize work and complete multiple tasks under deadlines. Must be able to effectively communicate in writing and verbally on both technical and non-technical subjects to senior leaders. Assist in management of storage, monthly testing (according to the manufacturer's recommendations), and maintenance of Challenge Inspection support equipment (Government Furnished Property). Support preparation of multi-phased instructional products, training plans and exercises ranging from classroom tutorials to small team-size field training, to full scale multi-day exercises. Support the planning, facilitation, execution, and assessment of Challenge Inspections and Challenge Inspection training events and exercises. Exercise support includes but not limited to training event facilitation, assisting in exercise design and development, and After-Action Review support. Provide analyses and reports in the form of standard correspondence (Executive Summaries, Information Papers, Memoranda, briefings, etc.), to assess the impacts of USG policy guidance, OSD and Joint Staff implementation guidance, and current DoD planning and provide assistance to the Treaty Manager and other USG staff. Monitor and assess the status of arms control treaties and other nonproliferation agreements. Qualifications: Bachelor's degree (B.A. or B.S.) or equivalent. ACTIVE DOD SECRET CLEARANCE REQUIRED. 3+ years in arms control, chemical, and/or DoD consultant support required. Working knowledge of other arms control treaties and agreements desired. Ability to comprehend complex issues, organize and prioritize work schedule. Ability to communicate and work with people at all levels of the organization. Must be able and willing to travel domestically and / or internationally to support various levels of exercises (less than 10% of time). Career background in WMD, CBRN, and/or Arms Control with an understanding of CWC Challenge Inspection desired. The target salary hiring range is $80,000 - $120,000 annually, DOQ. This is a good faith and reasonable estimate of the base compensation at the time of posting. Toeroek offers a competitive benefits package including medical, dental, vision, Life, LTD, STD, and 401K. Qualified applicants should include their resume, and completed application for further consideration. Toeroek Associates is a dynamic small business provider of specialty consulting and analysis services to the U.S. Government. Our National Security experts include technical and policy specialists in biological threat reduction, nuclear non-proliferation, arms control and treaty compliance, nuclear stockpile management, and CBRN support to the warfighter. We currently support DTRA, Air Force, Army, Navy, OSD, and EPA as both prime contractors and subcontractor team members. Toeroek Associates, Inc. is an Equal Employment Opportunity employer. Toeroek Associates, Inc. maintains the policy of equal employment opportunity (EEO) shall apply to all terms, conditions, and privileges of employment, including hiring, testing, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. Toeroek is committed to making employment decisions based on valid requirements, without regard to age, color, disability, gender identity, genetic information, military or veteran status, national origin, race, religion, sex, sexual orientation, or any other applicable status protected by state or local law. Applicants with disabilities may contact Toeroek Associates, Inc., Human Resources via telephone, fax, e-mail, and other means to request and arrange for accommodations. If you need assistance to accommodate a disability, you may request an accommodation at any time. Please contact Human Resources at **************.

*Pay Rate: $70-$80 /hr. on W2 with benefits * *Long Term Contract, possibility of conversion to full time * \** We are seeking a Senior Information Security & Risk Analyst with a Fortune Life Sciences organization located in Raritan, NJ. As a Security Analyst, you will work alongside the information security and risk management team assess and advise on security controls for hybrid cloud infrastructure and systems, particularly during new implementations and acquisitions. *Responsibilities * * Serve as the security subject matter expert for internal IT shared services teams. * Assess and advise on security controls for hybrid cloud infrastructure and systems, particularly during new implementations and acquisitions. * Perform security assessments as part of the Software Development Life Cycle (SDLC). * Integrate standard security user stories into technology projects. * Provide recommendations to ensure systems and tools are secure from inception. * Conduct due diligence and risk mitigation efforts for third-party vendors. * Collaborate with procurement and compliance teams on vendor assessments. * Evaluate and support security controls for AWS, Azure, and/or GCP environments. * Consult on vulnerabilities and guide remediation strategies. * Assist with internal controls, SOX compliance, and audits related to TS functions. * Contribute to physical site security assessments of data centers. * Produce monthly reports on activities and resource capacity to inform leadership. * Present findings and recommendations to senior leaders and stakeholders. *Qualifications * * Bachelor's degree in Information Security, Computer Science, Information Systems, or related field. * 5-8 years of experience in information security or risk management * Ability to develop and present to senior leaders on security topics * Demonstrated proficiency in info security, and cloud computing domains as evidenced by industry certifications, including understanding of traditional and emerging threats with particular emphasis in Information Security controls and technologies to reduce operational and security risk covering AWS, Azure and/or GCP. * Deep knowledge, understanding, and technical proficiency in cloud technologies/services (Virtual Private/Hybrid Cloud, SaaS, IaaS, PaaS, DBaaS) and the appropriate controls and processes to secure them or reduce risk * Experience with vulnerability management and consulting on vulnerability remediation * Knowledge of or experience with security technologies such as Data Loss Prevention, Cloud Access Security Broker, Cloud Security Posture Management, Endpoint Detection and Response, etc. * Knowledge and experience with security control frameworks such as ISO 27001 NIST 800-53, etc. * Knowledge and experience with internal audits and SOX compliance *What's in it For You? * * Working for a well-known, international Fortune 50 company * Exposure to high-level business professionals in a variety of departments and global locations * Access to cutting edge tools and technology * Culture driven, hybrid remote work environment * The opportunity to not only create solutions, but impact life, technology and the world _Eight Eleven group offers Health, Dental and Vision benefits, weekly pay, holiday paid time off and sick leave. Eight Eleven Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws._ Job Type: Contract Pay: $70.00 - $80.00 per hour Benefits: * Dental insurance * Health insurance * Vision insurance Schedule: * 8 hour shift * Monday to Friday Location: * Raritan, NJ 08869 (Required) Ability to Commute: * Raritan, NJ 08869 (Required) Work Location: Hybrid remote in Raritan, NJ 08869

Call me @T: *************** Function of the Group: Mitigating Risk Initiatives/Projects: Mainframe Modernization project Industry background: Security Team Dynamic: Nine individuals on the team - ranging from C2s to C4s Roles and Responsibilities: • Migration of the solution from old product to new product Must Have Technical Skills: Level 3 -10-15 years experience is preferred by the HM • RACF • Zsecure Flex Skills/Nice to Have: ACF2, Oracle Identity Manager, SailPoint, CyberArk Soft Skills: Communication, Teamwork, Strong Work Ethic, Curiosity Education/Certifications: Bachelors Required Screening Questions: Explain the core differences between ACF2 and RACF in terms of access control and user identification. What are the primary considerations when designing a migration strategy from ACF2 to RACF? How does RACF handle access control differently from UID strings in ACF2? Role Differentiator: n/a Interview Process: Panel interview with minimum of three individuals - about 30 questions in total

Required Skills I. Foundational Technical Skills: Networking: Understanding of networking concepts like VPCs, subnets, routing, DNS, firewalls (Security Groups, NACLs), and load balancing is crucial. They need to be able to design and implement network architectures for various applications. Operating Systems: Familiarity with Linux (especially Amazon Linux and Red Hat) and Windows Server, including system administration, shell scripting, and command-line tools. Security Best Practices: A deep understanding of security principles and how to implement them in the cloud, including IAM roles and policies, encryption, security auditing, and incident response. Programming/Scripting: Proficiency in at least one scripting language like Python, Bash, or PowerShell for automation and infrastructure-as-code. Knowledge of other languages like Java, Node.js, or .NET can be beneficial depending on the role. II. AWS Specific Knowledge:Core AWS Services: Deep understanding of core AWS services like EC2, S3, VPC, IAM, CloudWatch, CloudFormation, and Lambda. Networking Services: Proficiency in configuring and managing VPCs, subnets, route tables, internet gateways, NAT gateways, and Direct Connect. III. Soft Skills & Other Important Qualities:Problem-Solving: Ability to troubleshoot and resolve technical issues effectively; Leads by doing – translates client ideas into slide materials, communicating technical ideas to non-technical people, guide junior resources through installations Communication: Strong communication skills to collaborate with other team members and stakeholders. Documentation: Ability to create clear and concise documentation for infrastructure and processes. Automation Mindset: A focus on automating repetitive tasks and infrastructure deployments. Continuous Learning: AWS is constantly evolving, so a commitment to continuous learning and staying up-to-date with new services and best practices is essential. Collaboration: Working effectively within a team and with other departments.

About Us At the Commonwealth of Kentucky, we are committed to enhancing our community through technology and innovation. Our healthcare professionals and application specialists work to ensure the safety and well-being of our residents. If you are seeking a meaningful role where you can make a tangible impact on healthcare and technological advancement, this opportunity may be the perfect fit. The Opportunity The Office of Application and Technology Services (OATS) is seeking a highly motivated Information Security Architect to join our team. Reporting to the Chief Information Security Officer (CISO), this role serves as the principal security advisor responsible for planning, designing, implementing, and maintaining security frameworks across the division. As the Subject Matter Expert (SME) for security operations, you will collaborate with internal development teams and vendor partners to strengthen the security posture of our systems. This role requires expertise in risk assessment, compliance, security architecture, and strategic planning to protect sensitive information and assets. Key Responsibilities Security Program Development & Strategy * Assess the current security program, define future security strategies, and develop an implementation roadmap. * Develop key performance indicators (KPIs) to measure security program effectiveness. * Collaborate with division leaders to ensure security initiatives align with business objectives. Security Policy & Compliance * Design and enforce security policies and procedures aligned with industry best practices. * Ensure compliance with regulatory frameworks such as FISMA, FedRAMP, ISO 27001, NIST, and COBIT. * Provide guidance on security decisions based on organizational vision and mission. Security Architecture & Infrastructure * Develop a security architecture framework aligned with business and technology needs. * Design security strategies and roadmaps for cloud and on-premise environments. * Establish baseline security configurations for operating systems, network segmentation, and access management. Risk Assessment & Incident Response * Conduct risk assessments, threat modeling, and vulnerability analysis for applications and services. * Develop and maintain incident response plans to effectively mitigate security threats. * Perform forensic investigations to analyze and prevent future security incidents. Collaboration & Secure Development * Work closely with DevOps teams to integrate security best practices into the development lifecycle. * Advocate for secure coding standards and escalate concerns regarding insecure coding practices. * Partner with privacy and compliance teams to safeguard sensitive data. Security Awareness & Training * Develop and deliver security awareness training to educate employees on risks and best practices. * Provide ongoing support to teams regarding security-related inquiries. Preferred Qualifications Education & Experience * Bachelor's degree in Computer Science, Information Security, or a related field (advanced degree preferred). * 5+ years of experience in information security architecture, design, and implementation. * Strong background in security regulations, compliance, and risk management. Certifications (Preferred but Not Required) * Certified Information Systems Security Professional (CISSP) * Certified Information Security Manager (CISM) * Certified Information System Auditor (CISA) * Other relevant security certifications Technical & Leadership Skills * In-depth knowledge of network security, encryption, authentication, and identity management. * Experience implementing security tools and technologies (firewalls, IDS/IPS, endpoint protection, etc.). * Strong communication skills to translate security concepts for technical and non-technical stakeholders. * Ability to work independently and lead security initiatives across teams. * Strong problem-solving and analytical skills with an innovative mindset. Job Type: Contract Pay: $50.00 per hour Schedule: * Monday to Friday Work Location: Remote

Who we're looking for: We are looking for an individual who has experience in the common criteria evaluations of IT products and who has experience with FIPS validation of cryptographic modules ( FIPS 140-3) . They will be responsible for the end-end validation of the products ( performing initial assessment of the security functions and specifications; consult with various teams in the development of the process, design, and documentation required for the common criteria evaluations of our Mobile Device products and the FIPS 140-2/3 accreditation of our cryptographic modules. Role and Responsibilities: Develop the security target for our products, assist with the testing, documentation and working with the necessary engineering teams during the evaluation. Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment, and verification), assist with the CAVP algorithm testing ,drafting and review of the security policies for our cryptographic modules according to the FIPS 140-3 specifications, possess information around the DCID 6/3, DoD 8500, or NIST SP 800-53. Assist in the development and review of all test reports and required certification documentation for all the Common Criteria evaluations and FIPS 140-2/3 accreditation. Experience building testing environments, performing testing and reporting results (technical writing) for all of the common criteria and FIPS evaluations. Develop mitigation strategies to address vulnerabilities uncovered during security testing; and assist with completing all the required documentation to meet the specifications and certification requirements, as required. Perform vulnerability analysis of product or system designs against applicable security criteria using common tools, including Nessus, NMAP, and Wireshark. Project POC with Internal/External audience when required. Skills: Self-motivated individual with the ability to thrive in a team-based or independent environment. Detail-oriented with strong organization skills. Ability to work in a fast-paced environment. Limited supervision and the exercise of discretion. Ability to comprehend security standard requirements and specifications and apply them to products. Excellent communication (written/verbal) skills and analytical skills. Required Experience and Education: 5+ years of technical experience in Common Criteria evaluations NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme) of any product in the US scheme . Mobile device and Software knowledge highly preferred. Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred). Knowledge of common security related protocols and their design (i.e., SSH, IPsec, TLS, etc.) Be highly proficient in FIPS 186-4/5, SP 800-186, SP800-90B and the FIPS 140-3 requirements and have knowledge around the cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, random number generators .

Job Description CyberSheath Services International LLC is a rapidly growing Security and IT Managed Services Provider primarily focused on providing Cybersecurity services to the Defense Industrial Base (DIB). We are excited to be expanding our staff due to our growth and are looking to add a Cyber Security Analyst to our Security Operations team! CyberSheath integrates compliance and threat mitigation efforts and eliminates redundant security practices that don't improve and, in fact, may weaken an organization's security posture. Our professionals tell clients where to stop spending, where to invest, and how to take what they are already doing and integrate it in a way that delivers improved security. Successful candidates for CyberSheath are self-motivated, think out of the box, work, and solve issues independently. Additionally, our most successful people are self-starters and willing to put on many hats in order to succeed. CyberSheath is fast-growing and seeks candidates who want to be part of our upward trajectory. Job Overview The Cyber Security Analyst (Tier 2) is responsible for advanced security incident triage, investigation, and response across Microsoft 365, Azure, and on-premises infrastructure. Serves as the escalation point for complex security incidents while implementing containment and remediation procedures in hybrid environments. Key Responsibilities Investigate and respond to escalated security incidents across Microsoft cloud and on-premises environments Perform advanced incident analysis using Microsoft Defender suite and Azure Sentinel Conduct security assessment of Azure/Microsoft 365 configurations and implement hardening recommendations Analyze and respond to advanced Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket) Monitor and investigate Exchange Server logs, email flow patterns, and phishing campaigns Analyze federation security including ADFS token-based attacks and SAML token manipulation Configure and tune WAF/firewall rule sets and investigate related security incidents Develop network segmentation strategies and identify lateral movement attempts Develop and maintain incident response playbooks for various attack scenarios Coordinate incident response activities with cross-functional teams Required Qualifications 3-5 years in cybersecurity with 2+ years SOC experience Deep knowledge of hybrid Microsoft environments (Microsoft 365, Azure, on-premises AD) Experience with SIEM platforms and security monitoring tools Scripting proficiency (PowerShell, Python) Strong analytical and communication skills Microsoft Certified: Security Operations Analyst (SC-200) One additional security certification: EC-Council CSA, CompTIA Security+, or similar Preferred Qualifications Microsoft Certified: Azure Security Engineer (AZ-500) Microsoft Certified: Identity and Access Administrator (SC-300) CrowdStrike Certified Falcon Responder (CCFR) or equivalent EDR certification CISSP, SSCP, CCSP Skills & Expertise Strong Proficiency with Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps) Azure Sentinel KQL query development and alert configuration Azure AD/Entra ID security configuration and attack path analysis Active Directory security assessment including GPOs, trust relationships, and delegation Email security and phishing detection/response Cloud security posture management Incident handling and digital forensics Threat intelligence analysis and implementation Work Environment CyberSheath is a fully remote organization, and this will be a work-from-home position Travel requirements: 0-5% yearly. Please note that this role is slated to work overnights: Week 1 - Monday - Thursday 8pm-8am local time Week 2 - Tuesday - Thursday 8pm-8am local time CyberSheath is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, among other things, or status as a qualified individual with a disability. Budgeted Pay Range$70,000—$100,000 USD

Call me @T: *************** Function of the Group: Mitigating Risk Initiatives/Projects: Mainframe Modernization project Industry background: Security Team Dynamic: Nine individuals on the team – ranging from C2s to C4s Roles and Responsibilities: • Migration of the solution from old product to new product Must Have Technical Skills: Level 3 –10-15 years experience is preferred by the HM • RACF • Zsecure Flex Skills/Nice to Have: ACF2, Oracle Identity Manager, SailPoint, CyberArk Soft Skills: Communication, Teamwork, Strong Work Ethic, Curiosity Education/Certifications: Bachelors Required Screening Questions: Explain the core differences between ACF2 and RACF in terms of access control and user identification. What are the primary considerations when designing a migration strategy from ACF2 to RACF? How does RACF handle access control differently from UID strings in ACF2? Role Differentiator: n/a Interview Process: Panel interview with minimum of three individuals - about 30 questions in total

Job Title: Permanent Sr. Cyber Security Engineer~ Hybrid~ 9/80 Schedule Onsite Requirements: Risk Management framework security assessments, vulnerability management Job Description: We are seeking a highly motivated and experienced Senior Cybersecurity Engineer to join our team, focusing on the security assessment and risk management of IT systems embedded within tactical vehicles. This role will be critical in ensuring the confidentiality, integrity, and availability of sensitive data and systems operating in challenging and dynamic environments. The ideal candidate will possess a deep understanding of the Risk Management Framework (RMF) and demonstrable experience applying it to complex, real-world systems. This role requires hands-on technical expertise, strong analytical skills, and the ability to work both independently and collaboratively within a team. Job Responsibilities: Risk Management Framework (RMF) Implementation: Lead and execute the RMF process for IT systems within tactical vehicles, from system categorization (SP 800-60) through security control selection (SP 800-53), implementation, assessment, authorization, and continuous monitoring. Security Assessments:Conduct comprehensive security assessments of tactical vehicle IT systems, including hardware, software, and network configurations. This includes vulnerability scanning, penetration testing (where appropriate and authorized), security architecture reviews, and configuration analysis. Documentation:Prepare and maintain detailed RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, Plans of Action and Milestones (POA&Ms), and other required artifacts. Ensure documentation is compliant with relevant standards and regulations. Security Control Implementation and Validation:Work with engineering and IT teams to implement and validate security controls on tactical vehicle systems. This may involve hands-on configuration of systems, development of security hardening guidelines, and collaboration on system design. Vulnerability Management:Identify, analyze, and prioritize vulnerabilities discovered through assessments or continuous monitoring. Develop and recommend remediation strategies, working with technical teams to implement solutions. Compliance:Ensure that all security activities and documentation comply with relevant Department of Defense (DoD) instructions, NIST publications (specifically 800-series), and other applicable regulations and policies (e.g., DoDI 8510.01, DoDI 8500.01). Collaboration: Work effectively with cross-functional teams, including engineers, system administrators, program managers, and government representatives, to ensure security is integrated throughout the system lifecycle. Continuous Improvement:Stay current with the latest cybersecurity threats, vulnerabilities, and technologies relevant to tactical vehicle systems. Recommend improvements to security processes and technologies. Travel:This position may require travel to test facilities, potentially up to 33% travel, occasional travel for 1-2-week periods. Additional Responsibilities:Support, communicate, reinforce and defend the mission, values and culture of the organization. Attend appropriate engineering, customer or business meetings. Lead less experienced engineers. Qualifications: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Electrical Engineering, or a related technical field 5+ years of experience in cybersecurity engineering, with a demonstrated focus on applying the Risk Management Framework (RMF). This experience must include performing security assessments of IT systems. Strong understanding of NIST SP 800-37, SP 800-53, SP 800-60, SP 800-160, and other relevant NIST publications Experience conducting security assessments, including vulnerability scanning and security architecture review Experience with vulnerability scanning tools, specifically Nessus or ACAS Experience with a variety of security assessment tools, such as static code analyzers, dynamic application security testing (DAST) tools, or network analysis tools Proficiency in both Linux and Windows operating systems Experience with scripting in one or more common scripting languages (e.g., Python, PowerShell, Bash, Perl) Experience with the configuration, security hardening, and/or troubleshooting of network hardware Experience with security hardening techniques for operating systems (e.g., Windows, Linux), network devices, and applications Excellent written and verbal communication skills, with the ability to clearly articulate technical information to both technical and non-technical audiences Ability to work independently and as part of a team Strong problem-solving and analytical skills S. Citizenship required and must have the ability to obtain a DoD security clearance now or within 6 months Ability to travel up to 33% as required **This client is a US Federal Government contractor and is legally required to hire US Citizens. US Citizens will only be considered for this role. Due to the nature of the work, a United States Government Clearance is required to be eligible for the position**

Our client is looking for a Product Security Engineer to join its Office of Product Safety and Security (OPSS). This role is part of the Product Security Incident Response Team (PSIRT), which manages product security vulnerabilities and coordinates resolution and disclosure efforts. The ideal candidate will have a background in cybersecurity and an interest or experience in OT product environments or incident response. You'll work closely with internal teams, external researchers, and industry partners to address reported vulnerabilities and improve overall product security. Required Experience: 3+ years in cybersecurity, vulnerability management, or a related role Experience working with OT (Operational Technology) device automation systems Familiarity with vulnerability management platforms Understanding of common security vulnerabilities and mitigation techniques Experience coordinating responses to security incidents and vulnerabilities Strong analytical and problem-solving skills Excellent communication and collaboration abilities Ability to work effectively in cross-functional teams Preferred Experience: Experience on a PSIRT (Product Security Incident Response Team) Knowledge of public vulnerability disclosure processes and CNA (CVE Numbering Authority) guidelines Experience administering or supporting bug bounty programs Familiarity with incident response procedures and coordination practices Relevant cybersecurity certifications (e.g., CEH, OSCP, GCIH) Understanding of regulatory and industry standards (e.g., ISA/IEC 62443, NIST 800-82, ISO 27001/27017, NIS2, CRA, CIP Security) Experience coordinating with external researchers and third-party reporting bodies (e.g., CISA, national CERTs)

Job Description This is a FULL-TIME, onsite position located in Omaha, NE. Active SECRET government security clearance required at the time of application. NCC is seeking an Information Security Compliance Specialist for an upcoming contract. Key Areas of Responsibility Planning: Cyber Operational Readiness Assessment Planning (CORA) consisting of the following: Testing and analysis of all applicable STIGs. Scheduling and implementation of all applicable STIGs. Monitoring and execution of the quarterly revalidation schedule. Monitoring emerging changes to the applicable STIGs outside of the quarterly schedules. (CDRL A003). Meeting Support: The contractor personnel shall support the following: (a) briefing 557 WW leadership on Cyber Security updates; (b) preparing biweekly Cyber Security Update meetings; (c) meeting with stakeholders to facilitate Cyber Security collaboration and (d) obtaining input from stakeholders to present to 557 WW leadership. (CDRL A002, A003, A005). Monitoring the cybersecurity risk and threat to the 557 WW’s cyber environment. Assisting with the implementation plans for the 557 WW’s transition to a cloud environment. Minimum Qualifications Active Secret Government Security Clearance. 5 years of relevant experience in Cyber Security and system accreditation. Experience in the following: Endpoint Security Assured Compliance Assurance Solutions (ACAS) Threat hunting and risk analysis Intrusion Detection Systems DISA STIGS IAT Level II Certification Preferred Qualifications Bachelors Degree in relevant field. NCC provides reasonable accommodations to qualified individuals with disabilities. If you are an applicant that requires a reasonable accommodation, please email us. Please reference the position in your email. NCC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristic. E-Verify Employer. VEVRAA Federal Contractor.

Job DescriptionGeneral Definition of Work Performs technical and analytical work in cybersecurity. Identifies, monitors and defends systems from unauthorized users or threats. Performs in a red team/blue team role to identify, respond and resolve security incidents. Manages end user and group access to network resources, systems and configures permissions across the enterprise. Conducts daily operations in cybersecurity and physical security systems. Maintains and develops corporate intranet systems. Provisions public records requests and ensures retention and storage of all records in accordance with public record laws. Provides end user and external support on access to network, data shares, financial, and core business systems. Manages video surveillance and key card programs. Does related work as required. Work is performed under the general supervision of the Information Security Manager. Typical Tasks Uses cyber defense tools, systems, and practices in defending an enterprise network, and subsidiary network systems. Participates as a member of a red/blue team for incident response to possible attacks/intrusions. Detects and analyzes anomalous activities and distinguishes these incidents and events from benign occurrences. Takes action on possible intrusion or exploitation by locking accounts or disabling access. Performs urgent and high profile indicator of compromise searches using multiple systems, documents findings and provides results to upper management. Receives and analyzes network alerts from various sources within the enterprise and determines possible causes/sources of such alerts. Documents and escalates incidents for action across multiple work centers or as part of a coordinated response. Performs event correlation from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Administers network and physical security policy in an active directory environment. Coordinates with external vendors for access to network systems. Establishes and configures end user permissions, group controls, application whitelisting and performs forensic analysis. Works with external auditors and risk analysis teams. Serves as the gateway for whitelisting approval and security sandbox testing of new applications prior to launch. Conducts day to day operation and maintenance of physical security systems including, surveillance cameras, video recording, employee access cards, door and gate control operations, alarms and produces electronic artifacts from those systems as requested. Administers, maintains, and develops the corporate intranet system. Serves as the public records office for the company, including records retention, disposition, and provisions public records requests in accordance with Florida Statutes. Manages the end user cybersecurity training program. Administers computer equipment inventory and conducts routine audits for accuracy. May be called upon to work additional hours during weekends or in an after-hours standby capacity. Knowledge, Skills, and Abilities Knowledge of network security principles, concepts, protocols, methodologies and practices at a certified level of proficiency is required. Must have working knowledge of cyber defense and cybersecurity policies, procedures, detection of cyber threats, vulnerabilities, and common attack vectors on the network layer. Must have the ability to query and corelate events and indicators across a range of systems. Must be able to perform accurate and reliable searches for hash and file name based indicators of compromise in a thorough manner across the entire enterprise. Knowledge of the operation and uses of personal computers, network administration practices, hardware and software interoperability for video surveillance and control systems. Knowledge of active directory at the user and group level, video surveillance and cyber security. Advanced knowledge of the State of Florida and Federal Guidelines for records retention and public records laws. Must understand multiple network environments, operating systems and their interconnectivity into the records storage program, including retrieval of records, administration of security access and audit practices. Must be able to retrieve, video, security, voice, and phone traffic records as directed. Safeguards information system assets by identifying and solving potential and actual security problems. Maintains technical knowledge by attending continuing educational workshops to maintain relevant certifications. Ability to communicate effectively orally and in writing, document, and present findings for senior management. Must be able to understand and carry out written and oral instructions or procedures. Ability to establish effective relationships with fellow workers and handle sensitive or confidential material. Must be able to do moderate lifting up to 50 pounds. Education and Experience Bachelor of Science degree in Cyber Security, Network Security, Network Engineering, Information Systems or related discipline. A current CompTIA Security+, EC-Council Certified Ethical Hacker, or equivalent certification is required. Microsoft certifications and network experience is preferred. Four plus (4+) years of experience in a cybersecurity or computer network related position including hardware/software troubleshooting, at the server and PC level, and use of cybersecurity tools or systems. Experience as a member of an incident response team is desired. Any combination of education and experience.