​This is a Senior-level, 100% Remote position supporting the Department of Veterans Affairs (VA) Health Portfolio. LTS is looking for a practitioner who specializes in federal compliance and "Security-as-a-Service" within a PMO (Program Management Office) structure. Your primary objective is ensuring that VA health IT projects—which manage sensitive Veteran health data—achieve and maintain their Authority to Operate (ATO) while following the VA’s unique Veteran-Focused Integration Process (VIP).

• ​Job Code: 2943
• ​Location: Remote
• ​Clearance/Trust: Requires ability to work within VA Health Portfolio guidelines (typically Public Trust or Secret).
• ​Core Frameworks: NIST SP 800-53 Rev 4, VA Handbook 6500, HIPAA, and HITECH.
• ​Key Methodology: VA VIP (Agile-based) and NIST RMF.

​Key Responsibilities: ATO Success & Portfolio Governance

​This role acts as a bridge between high-level policy and technical implementation across multiple health-related IT projects.

​1. Security Certification & ATO Remediation

​You will lead the efforts to secure Authority to Operate (ATO) and Authority to Connect (ATC) for various applications. This is not just documentation; it involves active remediation. You will identify security gaps through system scans and audits, then work with development teams to fix them. You'll be a power user of the ServiceNow (SNOW) CAM and GRC tools to track these vulnerabilities.

​2. Artifact Development & Privacy

​A significant portion of the role involves building the "Body of Evidence" for security. This includes creating System Security Plans (SSP), Privacy Impact Analyses (PIA), and Privacy Threshold Analyses (PTA). Given the "Health" focus of the portfolio, you must ensure all artifacts comply with HIPAA and the HITECH Act regarding the protection of Electronic Health Records (EHR).

​3. Integration with Agile & VIP

​The VA uses the Veteran-Focused Integration Process (VIP), an Agile-based framework. You will participate in Scrum ceremonies and integrate security architecture and engineering efforts directly into the Software Development Life Cycle (SDLC). This ensures security is "baked in" rather than "bolted on" at the end of a project.

​Required Qualifications and Skills

​LTS is looking for a "hands-on" analyst who has navigated the specific complexities of the VA security environment before.

• ​Experience: 5 years of experience with a relevant Bachelor’s degree (or 10 years without).
• ​Federal Mastery: Deep understanding of FISMA, NIST 800-53, and the Information Assurance Certification and Accreditation (C&A) process.
• ​VA Specifics: Proven experience achieving an ATO within the VA and familiarity with the VA VIP methodology.
• ​Technical Tools: Proficiency in ServiceNow and GRC tracking systems.
• ​Certifications: Security+ is required; CISSP or CISM is highly preferred.

​Preferred "Deep-Dive" Skills

• ​Cloud & SaaS: Experience with FedRAMP and achieving ATOs for Cloud/SaaS applications.
• ​Scanning & Analysis: Hands-on time with ACAS, Nessus, and HBSS.
• ​Healthcare Tech: Knowledge of HL7 (Health Level Seven) protocols or experience with VistA (the VA’s legacy EHR system).

​Summary of Role Impact

​Within the VA Health Portfolio, the stakes are literal lives. If a security vulnerability delays an ATO, Veterans may lose access to critical digital health services. In this role, your expertise in the VA Risk and Governance Tool and your ability to coordinate across stakeholders ensures that innovation in Veteran healthcare doesn't come at the cost of data privacy. You are the guardian of the "mission-critical" systems that keep the VA Health mission moving.

​This is a Full-Time, Remote position (listed under Charlotte, NC, but remote-eligible) focused on the intersection of Enterprise IT and Industrial Control Systems (ICS). As a "Level II" engineer, you will be a hands-on practitioner responsible for implementing the technical safeguards that protect critical infrastructure for the U.S. Navy and other DoD agencies.

• ​Salary Range: Up to $83,133 (dependent on location and experience)
• ​Clearance: U.S. Citizenship with the ability to obtain a DoD Secret Clearance.
• ​Core Environment: Windows, Linux, and specialized embedded systems like VxWorks.
• ​Frameworks: Risk Management Framework (RMF), STIG/SRG compliance.

​Key Responsibilities: Vulnerability Management & ICS Security

​This role requires a blend of offensive testing knowledge and defensive engineering to protect "mission-critical" environments.

​Vulnerability Assessment & Penetration Testing

​You will perform active vulnerability assessments and penetration testing activities to identify security risks. Unlike standard IT roles, you must evaluate these risks within the context of Industrial Control Systems, where stability is paramount. You will recommend mitigation strategies and document them through POA&M (Plan of Action and Milestones) entries.

​STIG Compliance & OS Hardening

​A primary duty is the implementation and validation of STIG (Security Technical Implementation Guides) and SRG (Security Requirements Guides). You will perform operating system hardening across Windows and Linux, as well as embedded platforms like VxWorks, ensuring that configuration baselines meet the rigorous standards required for a Navy Authorization to Operate (ATO).

​Defensive Control Engineering

​You will be responsible for the configuration and tuning of IDS/IPS, firewalls, and Access Control Lists (ACLs). In an ICS environment, this often involves implementing Network Segmentation to isolate sensitive control traffic from the general enterprise network, reducing the lateral movement capabilities of an adversary.

​Required Qualifications and Skills

​Pantheon Data is looking for an engineer who has moved past entry-level work and can handle specialized OS environments.

• ​Education: Bachelor’s degree in a technical/ABET-accredited program (Cyber, Electrical Engineering, Math, etc.).
• ​Experience: 5 years of professional cybersecurity experience, with at least 1–2 years focused on ICS infrastructure or specific security controls (IDS/IPS, firewalls).
• ​OS Knowledge: Experience maintaining Windows, Linux, or VxWorks / embedded operating systems.
• ​Compliance: Familiarity with the RMF process and maintaining compliance tracking for DoD systems.
• ​Certifications (Preferred): OSCP (Offensive Security Certified Professional) or CEH (Certified Ethical Hacker).
• ​Travel: Ability to support CONUS/OCONUS travel as assigned for client site requirements.

​Summary of Role Impact

​Pantheon Data provides the "infrastructure resiliency" that the U.S. Coast Guard and Navy rely on for global operations. As a Cybersecurity Engineer II, you are the technical specialist ensuring that the hardware and software controlling these missions remain impenetrable. Your ability to harden embedded systems and tune network defenses directly prevents cyber-physical attacks, ensuring that mission-critical systems remain available and secure in contested environments.

​1Password, a leader in Extended Access Management and password security, is hiring a Senior Engineer to join their Application Security team. This role is highly strategic, moving beyond standard code reviews to focus on building and scaling a world-class Vulnerability Management Program. You will be responsible for the tools and processes that ensure 1Password’s products—used by over 180,000 businesses—remain secure.

• ​Salary Range (USA): $156,000 – $210,000 USD + Benefits & RSUs.
• ​Location: Remote (United States or Canada).
• ​Core Focus: Vulnerability Management, Tooling, and Security Engineering.
• ​Key Languages: Rust, Golang (Bonus).

​Key Responsibilities: Engineering the Vulnerability Lifecycle

​At 1Password, the Application Security team handles the "Security Engineering around Product Development." This role specifically centers on the Vulnerability Management Lifecycle.

​1. Security Solution Engineering

​You will design and build the backend infrastructure that powers 1Password's vulnerability program. This includes creating custom tools to correlate and enrich data from various sources (SAST, DAST, Bug Bounty, and Pentests) to create a "single source of truth" for security findings.

​2. Metrics and Auditing

​You will develop dashboards that translate raw security data into actionable insights. These metrics aren't just for engineers; you will tailor reporting for compliance teams (SOC2, ISO) and senior leadership to demonstrate the efficacy of the security program.

​3. Collaborative Triage & Analysis

​You will partner directly with product teams to solve complex security problems. Instead of just "tossing a bug over the fence," you will analyze classes of vulnerabilities to find root causes and work on remediation strategies that maintain a high-quality user experience.

​What 1Password is Looking For

• ​Experience: 5+ years in IT/Engineering with a dedicated security focus.
• ​AppSec Expertise: Deep knowledge of Bug Bounty programs, vulnerability research, and remediation.
• ​Code Proficiency: You are a developer at heart. You can read/write code (ideally Rust or Go) and understand how to integrate security into the SDLC.
• ​Project Ownership: Comfortable setting the technical direction for initiatives and mentoring other engineers.
• ​Soft Skills: Ability to communicate technical risks to non-technical stakeholders clearly and empathetically.

​Why This Role Matters

​1Password isn't just a utility; it's a critical piece of security infrastructure for some of the world's most innovative companies. In this role, your work on Vulnerability Management directly impacts the digital safety of millions. By building automated, risk-aware systems, you enable 1Password to innovate quickly while maintaining the absolute trust of their customers.

​This is a Remote, Funded position that supports both federal and commercial customers, specifically in the domains of Industrial Control Systems (ICS) and the Internet of Things (IoT). As a subsidiary of Goldbelt, Inc., Peregrine focuses on high-stakes cybersecurity and operational technology (OT) environments. In this role, you will be the primary technical analyst responsible for ensuring that classified and mission-critical systems meet the strict DCSA (Defense Counterintelligence and Security Agency) and NIST RMF standards.

• ​Requisition ID: 18508
• ​Salary Range: $60,000 – $65,000 annually
• ​Clearance: Active Secret (required)
• ​Travel: 50% (CONUS and OCONUS)
• ​Location: Remote Hire

​Key Responsibilities: RMF and A&A Support

​This role is centered on the Assessment and Authorization (A&A) lifecycle, ensuring that IT and OT systems are authorized to operate.

​RMF and DAAPM Compliance

​You will be responsible for maintaining an expert-level understanding of the Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM). This manual is the primary guide for implementing the Risk Management Framework (RMF) within the National Industrial Security Program (NISP). You will guide systems through the six-step RMF process—from categorization to continuous monitoring—to obtain and maintain an Authorization to Operate (ATO).

​Artifact Evaluation and System Testing

​A core part of your day involves reviewing A&A artifacts—technical documents like System Security Plans (SSP), Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M). You will evaluate these packages for authorization against government technical standards and conduct security product evaluations to ensure new technologies don't introduce unacceptable risk to the environment.

​Network and Systems Analysis

​Beyond documentation, you will perform active network and systems security analysis. This includes reviewing metric collection methods used by the NISP Authorization Office (NAO) and proposing functional improvements to existing security methodologies. Your analysis ensures that the security controls selected (based on NIST SP 800-53) are implemented correctly and remain effective.

​Required Qualifications and Skills

​Peregrine requires a certified professional who is ready to travel and work within classified government frameworks.

• ​Experience: Minimum of 3 years in Information Security.
• ​Certification: IAT Level II is mandatory (e.g., Security+ CE, CCNA Security, or CySA+).
• ​Clearance: You must possess an active Secret Clearance and be a U.S. Citizen.
• ​Technical Knowledge: Deep familiarity with DAAPM, RMF, and NIST 800-53 controls.
• ​Travel: Must be willing to travel up to 50% of the time, including potential international (OCONUS) locations.

​Preferred Qualifications

• ​IAT Level III (e.g., CASP+, CISSP) is highly preferred and may lead to higher responsibilities.
• ​Bachelor’s Degree in IT or Cybersecurity.

​Summary of Role Impact

​Peregrine serves as a thought leader in Industrial Control Systems (ICS) and Operational Technology (OT) security. As an Information Security Analyst, your work ensures that the critical infrastructure and classified systems supporting federal missions remain secure against evolving cyber threats. By meticulously documenting and testing security safeguards, you provide the "assurance" that enables government agencies to utilize transformative technology while staying within the guardrails of national security policy.

​This is a Senior-level, Remote position within the Information Security Governance, Risk, and Compliance (GRC) department. Compared to the mid-level role (Job 32036), this "Senior" version requires higher years of experience and commands a higher salary. You will lead the execution of Risk and Control Self-Assessments (RCSAs) and manage high-level security exceptions, ensuring that the bank’s technical operations align with its risk appetite and regulatory mandates.

• ​Requisition ID: 31830
• ​Base Pay: $120,000 – $180,000
• ​Location: Remote (US)
• ​Experience Required: 8 years with a degree (or 12 years with HS/GED).
• ​Core Frameworks: NIST CSF, NIST SP 800-53.

​Key Responsibilities: Risk Leadership and Control Architecture

​As a Senior Analyst, you are responsible for the accuracy of the bank's risk landscape and the maturity of its control environment.

​Strategic Risk Assessment (RCSA)

​You will partner with senior business function owners to execute process-level RCSAs. This involves a deep-dive analysis into how a specific cybersecurity process (like Identity Management or Vulnerability Patching) could fail. You will determine the Inherent Risk (pre-control) and Residual Risk (post-control) ratings, documenting the evidence required to satisfy auditors and regulators.

​Control Design and Rationalization

​A critical part of this role is drafting and refining "control statements." You will review existing controls for Design Effectiveness (DE)—asking, "Is this control built correctly to stop the risk?"—and Operating Effectiveness (OE)—asking, "Is it actually working day-to-day?" You will also support "control rationalization," which is the process of identifying and removing redundant or ineffective controls to streamline the security program.

​Security Exception Governance

​When a business unit cannot meet a security standard, they request an "exception." You will perform the risk assessments for these exceptions, calculating the aggregate risk to the bank and recommending remediation plans or "target-state" enhancements to eventually close the security gap.

​Required Qualifications and Skills

​First Citizens Bank is looking for an experienced GRC professional who can translate technical security gaps into business risk language.

• ​Experience: 8+ years in cybersecurity or risk management.
• ​Technical Frameworks: Advanced familiarity with NIST 800-53 and NIST CSF.
• ​Analytical Writing: Proven ability to write clear, actionable findings that can be presented to executive leadership or regulators.
• ​Collaborative Influence: Experience working with technical IT teams to implement control improvements without disrupting business operations.

​Preferred Qualifications

• ​Financial Services Context: Experience in a large, highly regulated financial institution.
• ​Certifications: CRISC (Certified in Risk and Information Systems Control), CISA, or CISSP.
• ​Tooling: Experience with GRC systems of record (e.g., Archer, ServiceNow GRC).

​Summary of Role Impact

​In the financial sector, "Risk" is the primary language of the business. As a Senior Cyber Risk & Controls Analyst, you ensure that cybersecurity is not just a technical silo, but a quantified business function. Your work ensures that First Citizens Bank remains resilient against threats while satisfying strict banking regulations. By identifying control gaps and driving remediation, you directly prevent financial loss and protect the bank's reputation.

​Quzara is a specialized cybersecurity firm that focuses heavily on government, DoD, and highly regulated environments. This L2 (Tier 2) SOC Analyst role is a technical escalation point within a 24/7/365 Security Operations Center. As an L2, you are expected to move beyond simple alert monitoring into deep-dive forensic analysis, proactive threat hunting, and end-to-end incident handling using the Microsoft Security Stack.

• ​Requisition ID: 1044
• ​Location: 100% Remote (US Citizenship Required)
• ​Experience Required: 5+ years in a SOC/MSSP/MXDR environment.
• ​Core Technology: Microsoft Sentinel (SIEM), Defender XDR, Splunk, and KQL/SPL.
• ​Shift Work: Required (24/7 environment including nights, weekends, and holidays).

​Key Responsibilities: Advanced Detection & Response

​This role bridges the gap between initial triage and high-level security engineering, requiring a practitioner who can handle "real-time" pressure.

​Microsoft Sentinel & XDR Operations

​You will be a power user of Microsoft Sentinel and the Defender suite. This includes utilizing Log Analytics and writing complex KQL (Kusto Query Language) and SPL queries to perform security analytics. You are responsible for implementing SIEM/SOAR automations that help the SOC scale its response capabilities.

​End-to-End Incident Response

​Following the NIST Incident Response Framework, you will own the lifecycle of an incident. This includes containment (isolating a host), eradication (removing the threat), and recovery. You will also participate in deeper forensic tasks such as packet analysis, log correlation across disparate sources, and endpoint forensics.

​Threat Hunting & MITRE Mapping

​You will conduct proactive threat hunts to identify anomalies that automated alerts might miss. These hunts are structured using the MITRE ATT&CK Framework, ensuring that the SOC is looking for specific adversary behaviors like lateral movement or credential dumping rather than just known malware hashes.

​Required Qualifications and Skills

​Quzara seeks a "Battle-Tested" analyst who understands the rigors of regulated and government-sector security operations.

• ​Experience: 5+ years of professional experience as an L2 SOC Analyst.
• ​Query Proficiency: Expert-level KQL and SPL skills are mandatory for investigation and hunting.
• ​Technical Breadth: Strong hands-on experience with EDRs (CrowdStrike, SentinelOne) and scripting languages (Python, PowerShell).
• ​Compliance Knowledge: Experience with DoD, FedRAMP, or CJIS requirements and NIST-based operational compliance.
• ​Education & Certs: A relevant degree is expected, alongside certifications such as GCIH, GCFA, SC-200 (Microsoft Security Operations Analyst), or CySA+.

​Summary of Role Impact

​At Quzara, L2 Analysts are the "defensive backbone." Because the firm handles government and regulated clients, the stakes for every incident are incredibly high. Your ability to distinguish a complex "low-and-slow" attack from a false positive ensures that critical national infrastructure and sensitive data remain protected. By refining playbooks and conducting post-incident reviews, you directly improve the security posture of both Quzara and its global client base.

​This is a Senior-level, Remote role (previously active as of Dec 15, 2025) requiring 10 years of experience. The position is heavily focused on the Risk Management Framework (RMF) and the Authorization to Operate (ATO) process. While no initial clearance is required, you must be a U.S. citizen capable of obtaining a Public Trust clearance, specifically aligned with Department of Veterans Affairs (VA) guidelines.

• ​Requisition ID: 2511716
• ​Location: Remote (Texas, US)
• ​Salary Range: $40,001 - $80,000 (Note: This is an unusually low estimate for a 10-year senior role; the "target" may be subject to adjustment based on experience).
• ​Core Tech/Frameworks: NIST RMF, NIST SP 800-53 Rev 4, eMASS, VA 6500.

​Key Responsibilities: Governance and Risk Management

​This role is less about "hacking" and more about the "Assurance" side of security—ensuring that systems are legally and technically authorized to handle government data.

​The RMF and ATO Process

​Your primary duty is navigating systems through the NIST Risk Management Framework (RMF) to achieve an Authorization to Operate (ATO). This is a rigorous 7-step process where you categorize the system, select and implement security controls, and then have those controls assessed by a third party. You will likely use eMASS (Enterprise Mission Assurance Support Service), the standard automated tool used by the DoD and VA to track these requirements.

​Control Assessment and Compliance

​You will be responsible for NIST SP 800-53 Rev 4 compliance. This involves performing self-assessments of security controls to identify gaps. You will work on SCA (Security Control Assessments) and support third-party audits. A critical part of this is documenting everything—creating and maintaining the System Security Plan (SSP), policies, procedures, and POA&Ms (Plan of Action and Milestones) to track vulnerability remediation.

​VA-Specific Standards (VA 6500)

​Because this role supports the Department of Veterans Affairs, you must be familiar with VA 6500, which is the VA's specific Information Security Program. This handbook adapts NIST standards to the unique needs of veteran data and healthcare privacy, adding another layer of regulatory requirements to your assessments.

​Required Qualifications and Skills

​This position requires a "Subject Matter Expert" level of knowledge in federal cybersecurity regulations.

• ​Experience: 10 years of relevant experience (8 years can be substituted for a degree).
• ​Technical Knowledge: Deep understanding of NIST 800-53 controls and vulnerability management.
• ​Tooling: Hands-on experience with GRC (Governance, Risk, and Compliance) tools like eMASS.
• ​Clearance: Must be a U.S. Citizen with the ability to pass a Public Trust background check.
• ​Soft Skills: Ability to foster an inclusive team environment and handle high-pressure tasks simultaneously.

​Preferred Experience

• ​Certifications: CISSP (highly desired for IA roles) or OSCP (for those leaning toward the assessment/technical side).
• ​Agency Experience: Prior experience with the VA or DoD is a significant advantage.
• ​Engineering Breadth: Familiarity with network topologies, PKI (Public Key Infrastructure), and intrusion detection systems.

​Summary of Role Impact

​Information Assurance Analysts are the "gatekeepers" of federal systems. Without your work on the RMF and ATO process, mission-critical applications—including those used to provide healthcare to veterans—cannot legally go live. Your expertise ensures that malicious actors cannot exploit gaps in system documentation or configuration, keeping the Department of Veterans Affairs resilient against evolving cyber threats.

​This is a Remote (Work from Home) position, but with a specific residency requirement: candidates must live in the NY/NJ/CT tri-state area for occasional onsite client visits. This role is designed for an experienced analyst who has worked in a mature 24x7x365 environment and is ready to move beyond basic monitoring into process development and automation.

• ​Requisition ID: #2976
• ​Salary Range: $120,000 - $145,000
• ​Shift Schedule: Friday - Monday, 7:00 AM - 5:00 PM ET (4x10 shift).
• ​Location: Remote (Residing in NY, NJ, or CT).
• ​Core Technology: SIEM, SOAR, EDR, and Threat Intel feeds (US-CERT, MS-ISAC).

​Key Responsibilities: Monitoring, Hunting, and Automation

​As a Mid-Level Analyst, you act as a technical leader within the shift, handling complex escalations and improving the SOC's underlying logic.

​Continuous Monitoring & Incident Handling

​You will monitor the SIEM alert queue, phishing inboxes, and intelligence feeds to identify intrusions. When a critical incident occurs, you are responsible for executing containment, remediation, and recovery activities. Following an incident, you will lead the "Lessons Learned" review to identify control failures or outdated procedures.

​Detection Engineering & SOAR Tuning

​A primary focus of this role is improving alert fidelity. You will coordinate with SIEM engineers to tune rules and reduce false positives. Furthermore, you will assist in creating and refining Security Orchestration, Automation, and Response (SOAR) playbooks, transforming manual investigative steps into automated workflows to speed up response times.

​Proactive Threat Hunting

​You won't just wait for alerts. You will perform proactive threat hunting to find emerging risks that automated systems might miss. Working closely with Cyber Threat Intel, you will analyze detection patterns and compile detailed hunt reports for SOC leadership, often mapping these findings to the MITRE ATT&CK Framework.

​Required Qualifications and Skills

​ECS is looking for a critical thinker who understands the nuances of log correlation and intrusion analysis.

• ​Experience: Minimum 3 years of experience in log analysis, intrusion detection, or info-sec operations.
• ​Technical Skills: Ability to build custom content in a SIEM and triage Indicators of Compromise (IoC).
• ​Education: Bachelor’s degree or equivalent experience.
• ​Environment: Proven experience working in a mature, high-volume 24x7 SOC.
• ​Certifications (Preferred): CISSP, CEH, CISA, Security+, or CHFI.

​Summary of Role Impact

​The "Mid-Level" designation at ECS signifies that you are the engine of the SOC's continuous improvement. By bridging the gap between raw monitoring and advanced automation, you ensure that the client's infrastructure—both on-premises and in the cloud—is protected by high-fidelity detections. Your ability to work the Friday-to-Monday "bridge" shift is vital for maintaining security posture during high-risk weekend windows when many enterprise teams are offline.

​This is a 100% Remote position (listed with a Raleigh, NC headquarters) within the Information Security Governance, Risk, and Compliance (GRC) department. The role is focused on the formal identification and evaluation of cybersecurity risks, specifically through Risk and Control Self-Assessments (RCSAs). You will act as a critical bridge between technical security teams and enterprise risk standards, ensuring that all security exceptions and process-level risks are documented, rated, and remediated according to regulatory and industry frameworks.

• ​Requisition ID: 32036
• ​Location: Remote (US)
• ​Schedule: Monday – Friday
• ​Core Frameworks: NIST CSF and NIST SP 800-53.
• ​Key Systems: Enterprise Risk System of Record (GRC Tooling).

​Key Responsibilities: Risk Assessment and Control Governance

​This role ensures that the organization’s "cyber posture" is accurately measured and that gaps are identified before they can be exploited.

​RCSA and Exception Management

​You will lead cybersecurity process-level RCSAs in partnership with business function owners. This involves analyzing both inherent risk (the risk level without controls) and residual risk (the risk remaining after controls are applied). You will also manage the lifecycle of Information Security Standard Exceptions, assessing the risks of non-compliance and reporting these aggregations to leadership.

​Control Design and Effectiveness

​A major part of your work involves drafting and refining control statements to ensure they are clear, actionable, and effective. You will review existing controls for design effectiveness, identifying where gaps or inconsistencies exist. You are responsible for updating the system of record with current risk ratings and control environment scores on a regular cadence to maintain an accurate risk profile.

​Compliance and Remediation Planning

​You will evaluate security controls against Enterprise Policies, regulatory requirements (common in financial institutions), and frameworks like NIST 800-53. When gaps are found, you will support remediation planning by documenting improvement recommendations and defining the "target-state" for enhanced controls.

​Required Qualifications and Skills

​The ideal candidate has a strong background in structured risk taxonomies and the ability to communicate complex risks to both technical and business stakeholders.

• ​Experience: 6 years in cybersecurity/risk management with a Bachelor’s degree (or 10 years with a HS Diploma/GED).
• ​Technical Knowledge: Proven experience performing RCSAs and a working knowledge of NIST CSF and NIST 800-53.
• ​Communication: Ability to write clear, professional risk and control descriptions and assessment findings.
• ​Analytical Skills: Strong attention to detail, specifically in mapping technical controls to broad regulatory requirements.

​Preferred Qualifications

• ​Industry Context: Experience within large financial institutions or highly regulated environments.
• ​Certifications: CISA, CRISC, CISM, CISSP, or Security+.
• ​Strategic Thinking: Background in control rationalization (simplifying redundant controls) and evidence evaluation.

​Summary of Role Impact

​In a large-scale enterprise, especially within the financial sector, "compliance is not security," but security cannot be proven without compliance. In this role, your analysis ensures that the organization understands its true risk exposure. By maintaining a rigorous RCSA process and managing security exceptions, you prevent "shadow IT" risks from going unnoticed and ensure that remediation efforts are prioritized based on actual business impact.

​Alkami is a leading provider of cloud-based digital banking solutions, serving over 19.5 million users. This Senior-level, Remote-first role is a high-visibility position within the Enterprise Information Security team. You will be responsible for the resilience and integrity of online banking platforms, with a heavy emphasis on Cloudflare WAF optimization, Palo Alto firewall governance, and Infrastructure-as-Code (IaC).

• ​Job Requisition ID: JR-000458
• ​Salary Range: $110,000 - $130,000
• ​Core Tech Stack: Cloudflare (WAF/Bot Management), Palo Alto Firewalls, Terraform, AWS, and Certificate Lifecycle Management.
• ​Compliance Environment: PCI DSS, SOC 2, and highly regulated Fintech standards.

​Key Responsibilities: Defensive Engineering and Automation

​This role blends traditional network security with modern DevOps practices to protect high-availability SaaS environments.

​Cloudflare & WAF Optimization

​You will serve as the primary Subject Matter Expert (SME) for Cloudflare. This involves engineering and tuning the Web Application Firewall (WAF), Bot Management, and traffic filtering. You won't just set rules; you will perform data analytics on WAF traffic to continuously improve threat detection and resolve complex operational issues as the primary escalation resource.

​Infrastructure-as-Code (IaC) with Terraform

​To maintain consistency and scale, you will use Terraform to deploy and manage security configurations. This ensures that Alkami’s security posture is reproducible and version-controlled. You will work closely with Site Reliability Engineering (SRE) to embed security requirements into the automated deployment pipelines of their AWS environment.

​Network Governance and Certificate Lifecycle

​You are responsible for managing Palo Alto firewall policies enterprise-wide, ensuring they are tuned against emerging risks. Additionally, you will participate in the enterprise certificate lifecycle program—a mission-critical task in banking that ensures all encrypted communications remain valid and secure.

​Required Qualifications and Skills

​Alkami is looking for a self-starter who excels in externally audited environments where zero-downtime is a requirement.

• ​Experience: 5+ years in Information/Network Security engineering, specifically protecting cloud (AWS) and web-facing environments.
• ​IaC Expertise: Expert proficiency with Terraform for managing Cloudflare and AWS configurations.
• ​Network Architecture: Deep knowledge of segmentation, secure protocols, and enterprise firewall management (Palo Alto).
• ​Communication: Ability to collaborate across SRE, Network Engineering, and Leadership teams to drive remediation and secure design.
• ​Education: Bachelor’s degree in Computer Science, InfoSec, or equivalent experience.

​Desired Skills

• ​Certifications: AWS Certified Security – Specialty, CISSP, CCSP, or CCSK.
• ​Industry Context: Prior experience in Fintech or Banking and supporting multi-tenant hosted solutions.

​Summary of Role Impact

​At Alkami, security is the foundation of trust for their 19.5 million banking users. As a Senior Network Security Engineer, your ability to automate defenses via Terraform and optimize Cloudflare WAF directly prevents fraud and ensures platform availability. By embedding security into the network path, you enable Alkami to "grow confidently" while meeting the rigorous audit standards of the financial industry.

​This is a Full-Time, Remote Individual Contributor role within CrowdStrike’s Exposure Management Content team. CrowdStrike is an AI-native cybersecurity leader, and this specific group is responsible for the research and development of Host and Network Vulnerability Assessment detections. You will be part of the engine that processes nearly 3 trillion events per day, focusing on how the platform identifies, tracks, and prioritizes vulnerabilities across a massive global asset footprint.

• ​Job Requisition ID: R25646
• ​Location: Remote (USA / Canada)
• ​Experience Required: 5+ years as an Individual Contributor.
• ​Core Technology: Go (Golang), Python, and AI/ML-native detection models.
• ​Focus Area: Vulnerability Assessment, Risk-Based Prioritization, and Software Detection.

​Key Responsibilities: Research, Detection, and Roadmap Execution

​This role focuses on the lifecycle of a vulnerability—from discovery in the wild to automated detection in the CrowdStrike Falcon platform.

​Vulnerability Detection Development

​You will research, develop, and deliver detection logic for host and network-based vulnerabilities. This involves understanding the nuances of how software is detected on an endpoint and creating high-fidelity signatures that identify missing patches or insecure configurations. You will collaborate with product management to ensure that CrowdStrike’s vulnerability coverage aligns with market needs and the emerging threat landscape.

​Risk-Based Vulnerability Management (RBVM)

​A core part of this role is participating in "Company Thought Leadership" regarding how vulnerabilities are prioritized. Rather than just identifying "missing patches," you will help build systems that analyze the data efficacy and accuracy of vulnerability findings. You’ll work on prioritization models that help customers understand which vulnerabilities pose the highest actual risk to their specific environment.

​Engineering Roadmap and Automation

​You will use Go and Python to automate daily tasks and develop detection pipelines. This includes designing and implementing validation workflows to ensure that security detections are accurate and performant before they are released to millions of sensors worldwide. You will also coordinate with distributed engineering teams to execute the broader Exposure Management roadmap.

​Required Qualifications and Skills

​CrowdStrike is looking for a senior-level engineer who combines deep security research with a pragmatic software engineering mindset.

• ​Technical Background: 5+ years of experience in Exposure Management and Vulnerability Analysis.
• ​Programming Mastery: Strong proficiency in Go (Golang) and/or Python for automation and backend logic.
• ​Security Depth: Deep understanding of software detection techniques, vulnerability mitigations, and remediation strategies.
• ​Process Knowledge: Experience working in an Agile environment and within remote, distributed teams.
• ​Leadership Qualities: While an IC role, you are expected to lead through technical influence, empowering peers and communicating clearly with executive staff.
• ​Bonus Skills: Familiarity with AI/ML models to enhance detection accuracy and predictive risk scoring.

​Summary of Role Impact

​At CrowdStrike, your work directly influences the security posture of global organizations ranging from small businesses to the Fortune 500. By building the next generation of "AI-native" vulnerability detections, you help shift the industry from reactive patching to proactive exposure management. You are not just finding bugs; you are building the logic that prevents the next global breach by identifying the path of least resistance before an attacker does.

​This is a Full-Time, Remote position (based out of Charlotte, NC, or Washington, DC area) supporting high-stakes environments for the Department of Defense (DoD) and the U.S. Navy. This role is a "Level III" senior position, meaning you are expected to provide expert-level technical oversight for Industrial Control Systems (ICS) and enterprise networks. You will be responsible for the entire security lifecycle, from secure architecture design to hands-on hardening and incident forensics.

• ​Requisition Date: Posted 11-Dec-2025
• ​Experience Required: Master's Degree + 5 years (ICS focus) OR 10 years (General Cyber focus).
• ​Clearance: U.S. Citizenship with the ability to obtain/maintain a DoD Secret Clearance.
• ​Core Environment: Windows, Linux, VxWorks (Embedded), and ICS/SCADA protocols.
• ​Compliance Frameworks: RMF, STIG/SRG, and Navy-specific cybersecurity policies.

​Key Responsibilities: ICS Protection and Engineering Oversight

​Unlike standard IT security, this role focuses on Operational Technology (OT) and mission-critical hardware where system availability is as vital as confidentiality.

​ICS and Enterprise Hardening

​You will lead the hardening of diverse environments, ranging from standard servers to embedded platforms like VxWorks. This involves applying STIGs (Security Technical Implementation Guides) and configuring deep-level security controls such as Access Control Lists (ACLs), IDS/IPS, and firewalls. You must ensure that these controls do not interfere with industrial communication protocols while maintaining strict network segmentation.

​RMF and Compliance Verification

​You are the lead for the Risk Management Framework (RMF) lifecycle. You will conduct vulnerability assessments and security control testing to verify that systems are compliant before they are authorized to operate on Navy networks. This includes creating technical documentation, risk reports, and engineering assessments for senior stakeholders.

​Advanced Incident Response and Forensics

​In the event of a breach or system anomaly, you will lead the response. This includes initial triage, root-cause investigation, and digital forensics. Because these systems often involve embedded hardware, you must be comfortable performing forensic analysis on non-traditional operating systems to identify how a threat entered the environment.

​Required Qualifications and Skills

​Pantheon Data requires a highly educated and certified professional capable of managing complex, cross-functional engineering tasks.

• ​Education: Master’s Degree in Cybersecurity or Engineering from an ABET-accredited program.
• ​Certifications: OSCP (Offensive Security Certified Professional) or CEH (Certified Ethical Hacker).
• ​Technical Breadth: Mastery of Windows, Linux, and VxWorks. Expert knowledge of industrial network protocols and segmentation.
• ​Hands-on Skill: Minimum 1 year of direct experience configuring IDS/IPS, firewalls, and ACLs.
• ​Regulatory Knowledge: Deep understanding of the DoD RMF process and Navy-specific OPSEC/CUI protocols.
• ​Travel: Ability to support periodic CONUS/OCONUS travel as required by the mission.

​Summary of Role Impact

​Pantheon Data started by supporting the US Coast Guard and has since become a critical partner for the DHS and DoD. In this Level III role, you are not just a contributor; you are a technical lead ensuring the resiliency of systems that the U.S. Navy relies on for mission command. Your expertise in ICS and embedded systems prevents cyber adversaries from disrupting physical infrastructure, directly contributing to national security and infrastructure resiliency.

​This is a Full-Time role (typically remote or hybrid depending on the specific branch) for an experienced engineer with a minimum of 4+ years in the field. Plan A Technologies is a software consultancy that builds high-scale systems, and this role focuses on the Operational Security (SecOps) side of their cloud infrastructure. You will be responsible for the "day-to-day" health of their AWS security stack, ensuring that defenses are not only implemented but actively tuned to provide high-fidelity alerts.

• ​Experience Required: 4+ years in Cybersecurity Engineering or SecOps.
• ​Core Environment: Amazon Web Services (AWS).
• ​Key Tech: IDS/IPS, Firewalls, Endpoint Security (EDR), and SIEM/SOAR.
• ​Primary Focus: Implementation, Alert Monitoring, and Visibility.

​Key Responsibilities: Defense and Visibility

​This role is centered on maintaining the "Security Tech Stack" and ensuring the engineering teams have a secure environment to build in.

​Security Systems & AWS Infrastructure

​You will implement and maintain cloud network security systems, specifically within AWS. This involves configuring VPCs, IAM policies, and Security Groups in alignment with "least privilege" and "segmentation" principles. You are responsible for the lifecycle of security tools, including routine patching, tuning, and optimization of firewalls and IDS/IPS to ensure they are actually blocking modern threats.

​Monitoring and Detection Engineering

​A major portion of your day is spent in the logs. You will monitor security alerts and detection systems, investigating anomalies as they arise. You won't just watch the alerts; you will tune the rules to improve fidelity. By reducing false positives, you ensure that the security team focuses only on meaningful signals. You will also help maintain the centralized logging infrastructure to ensure 100% visibility across all endpoints.

​Incident Support and Playbooks

​When an incident is escalated, you support the triage and containment phases. You will work within defined SLAs to report on findings and, more importantly, assist in refining the operational runbooks and playbooks. This ensures that the response to a specific threat (like a credential leak or malware infection) is repeatable and efficient.

​Required Qualifications and Skills

​Plan A Technologies is looking for a practitioner who understands "Defense-in-Depth" in a cloud-native context.

• ​Education: BS in Computer Science, Software Engineering, or equivalent practical experience.
• ​Cloud Expertise: Strong experience with AWS (Networking, IAM, VPC, CloudWatch/CloudTrail).
• ​Tool Proficiency: Hands-on experience with SIEM/SOAR platforms and cloud-native monitoring tools.
• ​Security Fundamentals: Deep understanding of core principles like Segmentation, Least Privilege, and Defense-in-Depth.
• ​Soft Skills: Strong documentation habits and the ability to collaborate with cross-functional IT and software engineering teams.
• ​Preferred: Certifications like Security+, CySA+, or AWS Security Specialty and basic scripting skills (Python/Bash).

​Summary of Role Impact

​Plan A Technologies handles complex software projects for a variety of clients. As their Cybersecurity Engineer, you are the guardian of the infrastructure that supports those projects. By maintaining a high-fidelity monitoring stack and a hardened AWS environment, you allow the software engineers to innovate with speed while ensuring that client data and company assets remain protected against unauthorized access and emerging vulnerabilities.

​This is a Senior-level, Remote role at Pennymac (NYSE: PFSI), a leading financial services firm specializing in U.S. mortgage loans. This position is a high-impact engineering role within the Information Security department, focusing on building the "intelligence" of the Security Operations Center (SOC). You are responsible for designing the detection logic that finds advanced threats across a complex hybrid-cloud environment, while also acting as a technical leader during major security incidents.

• ​Requisition ID: 36607
• ​Salary Range: $90,000 – $150,000
• ​Location: 100% Remote (United States)
• ​Core Technology: AWS, Azure, GCP, Snowflake, Git, CI/CD, and Python.
• ​Framework Focus: MITRE ATT&CK.

​Key Responsibilities: Detection Lifecycle & Incident Response

​This role is divided between proactive "defense engineering" and reactive "high-tier response."

​Detection Engineering Lifecycle

​You will lead the end-to-end detection engineering process. This involves using Git and CI/CD pipelines to develop, test, and deploy high-quality detection rules (signatures and queries). You will map these detections to the MITRE ATT&CK Framework to ensure comprehensive coverage of adversary techniques like lateral movement and credential access. To stay ahead of novel threats, you will leverage AI/ML capabilities to identify anomalies that traditional rules might miss.

​Incident Response & Triage (Tier-2)

​You serve as the primary escalation point for the L1 SOC. When complex alerts are triggered, you perform deep-dive forensics across Windows, Linux, and Cloud environments to identify the root cause. During major security events, you lead the incident handling process—from containment to retrospect—ensuring that lessons learned are turned back into new detection rules.

​Security Data Optimization

​You will partner with Security Engineering to optimize data ingestion into your SIEM or Data Lake (Snowflake). This ensures that the logs you are querying are of high quality and that search performance remains fast enough for real-time detection. You will also develop Standard Operating Procedures (SOPs) and automated playbooks to streamline response actions for the entire IR team.

​Required Qualifications and Skills

​Pennymac is looking for a "Detection-as-Code" practitioner who understands the nuances of the mortgage industry’s regulatory landscape.

• ​Experience: Extensive background in Security Operations (SOC) or Security Engineering.
• ​Technical Breadth: Expert knowledge of Windows, Linux, MacOS, and the big three cloud providers (AWS, Azure, GCP).
• ​Scripting/Automation: 2+ years of experience in Python or other languages to automate response actions and tasking.
• ​Security Frameworks: Mastery of the MITRE ATT&CK framework and a deep understanding of modern hacking techniques (exploitation, persistence, etc.).
• ​Data Platforms: Experience with Snowflake or similar Data Lake technologies for large-scale security analytics.
• ​Soft Skills: Strong leadership and mentorship abilities to guide junior incident responders.

​Summary of Role Impact

​As a specialty financial firm, Pennymac manages a massive volume of sensitive consumer data. In this role, your detection rules are the "first line of defense" that protects millions of American homeowners. By shifting detection to a version-controlled, automated model, you reduce the time it takes to identify an intruder from days to minutes. Your ability to bridge the gap between Threat Intelligence and SOC Operations ensures that Pennymac's security posture is constantly evolving to meet the latest cyber threats.

​This role at Expel is a specialized engineering position designed to automate the heavy lifting of a Security Operations Center (SOC). Expel is a leader in the Managed Detection and Response (MDR) space, known for its transparent, "technology-agnostic" platform called Workbench™. In this role, you aren't just reacting to alerts; you are the architect building the systems that enrich, triage, and potentially resolve those alerts before a human even touches them.

• ​Primary Platform: Expel Workbench™
• ​Location: 100% Remote
• ​Core Languages: Python and Go
• ​Target Experience: 1+ years in detection tools and 3+ years in IT/SecOps preferred
• ​Tech Integrations: EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Sumo Logic), and Cloud (AWS CloudTrail, GCP, Azure).

​Key Responsibilities: Automating the "Super Hero" Analyst

​Expel’s philosophy is that scaling a SOC shouldn't require more people; it should require better automation.

​Detection Strategy & Rule Engineering

​You will create and tune detections for Expel’s proprietary rule engine. This involves analyzing diverse datasets—such as Windows Event Logs, CloudTrail, and auditd—to identify attacker tactics. You will translate the latest threat research into automated detections that run across a combinatorial explosion of customer environments.

​Workflow Automation with Python

​A core part of your day involves writing automation in Python or Go using Expel's orchestration framework. Your goal is to eliminate manual "pivoting" between tools. You will build integrations that automatically enrich alerts with IP reputation, EDR context, and user identity data, ensuring that when an analyst does open an alert, they have the "whos, whats, and wheres" in seconds.

​Technology Evaluation & Integration

​Expel integrates with over 125 different security vendors. You will evaluate technology APIs to design new detection and response solutions. This includes understanding how to harness signals from cloud service providers and integrating them into the Workbench platform to uncover threats that single-tool silos might miss.

​Required Qualifications and Skills

​Expel is looking for an engineer with a "practitioner's empathy"—someone who understands the pain of alert fatigue and knows how to build tools to stop it.

• ​Technical Experience: 1+ years with EDR, NSM, and SIEM tools. Experience writing and tuning custom detections is mandatory.
• ​Programming: Proficiency in Python or Go. You should be comfortable with object-oriented programming to build scalable automation.
• ​Operating Systems: Deep understanding of Windows, macOS, and Linux, including command-line forensics and log analysis.
• ​Networking & Cloud: Solid grasp of TCP/IP and the OSI model, as well as cloud IAM (Identity and Access Management) models in AWS, Azure, or GCP.
• ​Soft Skills: A "culture of experimentation" mindset and high empathy for the demands of a 24/7 SOC environment.

​Why Expel is Unique: Transparency and "Anti-Burnout"

​Expel prides itself on being "100% transparent." Customers can see every action taken by an analyst or an automation script in real-time. For a Detection & Response Engineer, this means your code is the engine of that transparency. You are helping to drive a 23-minute Mean Time to Respond (MTTR) for critical threats, directly impacting the security posture of some of the world's largest brands.