Enforce and maintain information security policies for CUI systems, ensuring NIST SP 800-171 compliance and CMMC 2.0 accreditation. Coordinate with ISSM, admins, and leadership on risk management, incident response, and continuous monitoring.
95k – 120k
Hybrid2+ YOESecurity Engineering
About the role
Key Responsibilities
Operations Support
Review user requests in conjunction with ISSM and System Administrators to determine security impacts of software additions or configuration changes to systems.
Onboard users to systems, including development and delivery of training and briefings of Roles and Responsibilities operating on systems.
Risk Management and Assessment
Conduct regular risk assessments and vulnerability assessments to identify potential security threats.
Implement risk mitigation strategies and manage the risk management framework.
Continuous Monitoring and Audit Management
Prepare for and execute both self-assessments and external assessments with Government Security Control Assessors in support of achieving and maintaining CMMC accreditation.
Execute Continuous Monitoring activities of employed security controls to ensure comprehensive and effective implementation over time, including but not limited to analyzing user/system audit logs, malware protections, vulnerability reporting, and access reviews.
Incident Response and Management
Develop and maintain an Incident Response Plan, partnering with Government Customers/Prime/Subcontractors for reporting procedures.
Lead incident response activities, including investigation, containment, and remediation of security incidents.
Investigate and adjudicate SIEM events.
System Security Plans (SSPs)
Maintain System Security Plans and collecting all required artifacts (Compliance and Vulnerability reports, documented Policies/Procedures, etc.).
Ensure that SSPs are regularly reviewed, updated, and compliant with regulatory requirements.
Collaboration and Communication
Work closely with System Administrators, compliance, and other departments to ensure cohesive and comprehensive security strategies.
Serve as a point of contact for security-related issues and provide guidance and support to other teams.
Continuous Improvement
Stay up-to-date with the latest security trends, technologies, and regulatory requirements.
Continuously improve security measures and processes to protect information systems effectively.
Qualifications
Requirements
US Citizenship
Eligibility for a US Government Security Clearance
Bachelor's degree in Information Security, Computer Science, or a related field
2+ years of experience in information security, working with Federal Regulations
Proven experience in leading the management and implementation of an Information Security Program
Strong understanding of security frameworks and standards for NIST SP 800-171 and DevSecOps
Proficiency in security tools and technologies, such as SIEM, IDS/IPS, STIG Hardening, and vulnerability management solutions
Exposure to technologies and concepts including Kubernetes Containerization, AWS GovCloud Environments and Tooling, CI/CD pipelines, and Secure Network Architecture
Excellent communication and interpersonal skills
Strong analytical and problem-solving abilities
Ability to manage multiple projects and priorities in a fast-paced environment
Nice-to-Haves
Experience with CMMC 2.0 accreditation
Experience with Controlled Unclassified Information (CUI) protection
Conducts daily trade surveillance reviews for active trader clients using Nasdaq Trade Surveillance (NTS), detecting and investigating market manipulation in equities and listed options. Requires 3-5 years NTS experience and strong analytical skills in abusive trading patterns.
95k – 110k
Hybrid3+ YOESecurity Engineering
IAM Engineer
KrakenUnited States
IAM Engineer responsible for implementing and improving identity and access management tooling (Okta, ConductorOne, Terraform) with RBAC/ABAC/JIT controls. Requires 2+ years experience in IAM infrastructure, scripting, and IGA platforms in a fast-paced crypto environment.
96k – 192k
Remote2+ YOESecurity Engineering
Security Engineer 1, Application Security
Trail of BitsUnited States
Security Engineer contributing to application security assessments, vulnerability discovery, and custom tooling development. Owns components of client engagements and drives findings from discovery through delivery.
100k – 160k
RemoteEntry levelSecurity Engineering
Security Analyst
Imagen TechnologiesUnited States
Security Analyst responsible for managing endpoint security, DLP, SIEM monitoring, incident response, and compliance for a healthcare AI company. Requires 2+ years in security operations or SOC experience.
80k – 90k
Remote2+ YOESecurity Engineering
Fraud Investigations Analyst
IdmeMcLean, VA
Investigates account takeover activity, analyzes fraud patterns across accounts using SQL/Python/AI tools, and supports detection strategy improvements to protect users. Requires 2+ years in fraud/risk and bachelor's degree.