Security Analyst III

*** This role is contingent upon Contract Award*** The COMSEC Support Specialist is responsible for supporting the lifecycle management and accountability of Communications Security (COMSEC) material and equipment in accordance with National and Department of the Navy (DON) standards. The ideal candidate has prior experience as a COMSEC Manager or Key Management Infrastructure (KMI) Registration Manager and a strong understanding of CNSSI 4005, CNSSI 4006, and DON CMS (Communications Material System) policies. Key Responsibilities: Provide technical and operational support to COMSEC account managers in the daily handling, safeguarding, distribution, and destruction of COMSEC keying material and equipment. Serve as a subject matter expert on KMI operations, including user registration, key generation, and key transfer activities. Assist with the administration and operation of Tier 0–Tier 3 KMI components, including Local Management Devices (LMDs) and Electronic Key Management System (EKMS) devices. Perform accountability and inventory tasks in accordance with CNSSI 4005/4006, EKMS-1(series), and DON CMS policy. Monitor and maintain accurate records of COMSEC assets via KMI/EKMS or other COMSEC accounting systems. Prepare and process COMSEC material requests, transaction reports, and other documentation as required. Support audit readiness by conducting internal inspections and assisting with external inspections by NSA or designated authorities. Provide training and guidance to COMSEC users and assist in ensuring compliance with physical and information security regulations. Coordinate with Information Assurance, Network, and Security teams to support secure communications in SIPRNet and other mission-critical environments. Requirements Active Secret clearance (with TS/SCI eligibility preferred). 3–5 years of experience in COMSEC operations, including key management, handling classified COMSEC material, and supporting audit and inspection activities. Previous experience as a COMSEC Manager, Alternate COMSEC Manager, or KMI Registration Manager. In-depth knowledge of CNSSI 4005 (Safeguarding COMSEC) and CNSSI 4006 (Communications Security (COMSEC) Monitoring). Familiarity with Department of the Navy (DON) CMS policies, including EKMS and LMD/KP procedures. Proficient with COMSEC equipment such as SKL, DTD, KIK-30, KIK-11, and legacy key loaders. Strong organizational and documentation skills; ability to maintain 100% accountability in high-tempo environments. DoD 8570 IAT Level II certification (e.g., Security+ CE) preferred. Excellent interpersonal and communication skills; capable of working independently and as part of a secure operations team. Preferred Qualifications: Completion of NSA COMSEC Manager or KMI Operator training courses. Familiarity with Navy-specific COMSEC systems (e.g., Navy Key Management System - NKMS). Experience supporting Navy, Marine Corps, or Joint COMSEC operations in garrison or deployed environments. Benefits Essential Network Security (ENS) Solutions, LLC is a service-disabled veteran owned, highly regarded IT consulting and management firm. ENS consults for the Department of Defense (DoD) and Intelligence Community (IC) providing innovative solutions in the core competency area of Identity, Credential and Access Management (ICAM), Software Development, Cyber and Network Security, System Engineering, Program/Project Management, IT support, Solutions, and Services that yield enduring results. Our strong technical and management experts have been able to maintain a standard of excellence in their relationships while delivering innovative, scalable and collaborative infrastructure to our clients. Why ENS? Free Platinum-Level Medical/Dental/Vision coverage, 100% paid for by ENS 401k Contribution from Day 1 PTO + 11 Paid Federal Holidays Long & Short Term Disability Insurance Group Term Life Insurance Tuition, Certification & Professional Development Assistance Workers’ Compensation Relocation Assistance

Penetration Tester, Expert (Federal agency) Core Hours: 9:00 am – 3:00 pm Location: Tysons, VA • Job Type: Full-time (40 hours per week) with benefits. • Availability: immediate. • Security Clearance: TS/SCI with CI of FS Polygraph.   Years of Experience: 4 years with a PhD 8 years with a BS degree. 6 years with a master’s degree 10 years with an AA degree 12 years with an HS diploma   Job Description Required Skills • Conduct internal penetration testing and vulnerability assessment of servers, web applications, webservices, and databases • Manually exploit and compromise operating systems, web applications, and databases • Examine results of web/OS scanners, scans and static source code analysis • Identify vulnerabilities, misconfigurations, and compliance issues • Write final reports, defend all findings to include the risk or vulnerability, mitigation strategies, and references • Ability to meet and coordinate with various audiences to include developers, system administrators, project managers, and senior government stakeholders • Provide security recommendations for developers, system administrators, project managers, and senior government stakeholders • Report vulnerabilities identified during security assessments • Write penetration testing Rules of Engagements (RoE), Test Plans, and Standard operating procedures (SOP) • Conduct security reviews, technical research, and provided reporting to increase security defense mechanisms • Experience with NIST 800-53 and Risk Management Framework Desired Skills • Certifications: CEH – Certified Ethical Hacker Certification, CPT – Certified Penetration Tester • Strong writing skills • Experience with AWS Cloud Security

Avint LLC is seeking a dedicated and technically skilled Dragos Cyber Security Specialist/Analyst for an on-site position in Camp Jejeune, NC. In this critical role, you will support and maintain enterprise IT infrastructure in a mission-driven environment, ensuring system reliability, security, and performance. You’ll be responsible for administering and monitoring servers, applying system patches and updates, managing user accounts, and supporting virtualization platforms. Experience with tools such as Active Directory, Windows Server, Linux, VMware or Nutanix, and scripting for automation (PowerShell, Bash, etc.) is essential. Familiarity with security tools and practices, including STIGs, vulnerability remediation, and participation in system accreditation processes, is highly desirable. This position involves working closely with IT, cybersecurity, and operations teams to support day-to-day system functionality, troubleshoot issues, and contribute to system hardening and compliance initiatives. Location: 100% on-site in Camp Lejeune, NC **THIS POSITION REQUIRES AT LEAST 1 YEAR OF EXPERIENCE WITH THE DRAGOS PLATFORM** Responsibilities: Assist with the administration and monitoring of Nutanix Hyperconverged environments supporting FRCS Monitoring servers and applications. Support the deployment, configuration, and maintenance of the Cyber Monitoring Services OT Monitoring Platform, including Central Store, Site Store, and Sensors in lab and production settings. Perform routine configuration and maintenance of Microsoft SQL Server and Windows Server systems to support cybersecurity operations. Utilize the Marine Corps Certification and Accreditation Support Tool (MCCAST V2) to help document compliance efforts and system security posture. Provide day-to-day support for network infrastructure within a DoD environment, helping to ensure secure and stable connectivity. Understand and assist with interfacing cybersecurity practices across high voltage, water/wastewater, and mechanical control systems. Support the administration and monitoring of Unix and Windows systems, applying knowledge of TCP/IP protocols and basic security controls. Monitor and maintain Host-Based Security System (HBSS) to detect and respond to potential threats within DoD systems. Assist in the monitoring and basic troubleshooting of Automated Metering systems used for energy and utilities management. Support DEVSECOPS-aligned activities within USMC environments, ensuring compliance with established cybersecurity policies for ICS/OT systems. Assist in routine updates and support of ICS systems such as Metasys, Niagara AX, Alerton, Honeywell, Trend, KMC, American Automatrix, Loytec, Rockwell, and OSI. Support communications and system integration using protocols such as BACnet/MSTP, BACnet/IP, N2, LON, and SCADA systems related to high voltage and water/wastewater. Apply system and security patches to ICS/OT systems including Metasys, Niagara, Itron, Honeywell, Rockwell, and OSI as part of standard maintenance procedures. Assist in executing components of the USMC Assessment & Authorization (A&A) process, including use of MCCAST 2.0 and support for RMF documentation and compliance. Help manage and track Plans of Action and Milestones (POAMs) to address findings and vulnerabilities. Apply DISA STIGs in coordination with senior staff to ensure systems meet DoD security baselines. Assist in interpreting and implementing security controls based on NIST 800-53 and DoDI 8510.01 frameworks. Conduct preliminary vulnerability assessments and support risk analysis activities to identify and report on security issues. Monitor and analyze cybersecurity data using the Dragos platform to support OT threat detection and situational awareness. Requirements Experience: Minimum 3 years of relevant IT/system administration experience supporting virtualized environments, networks, and OT systems. Minimum 1 year of experience using the Dragos Platform. Education: Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Security Clearance: Active Secret clearance required. Certifications: One or more of the following certifications (or equivalent) are highly desired: Cyber Monitoring Services Platform Certified User Certification ITIL v4 Foundations ICS-VLP Certificate (Courses 210W-01 through 210W-10) Risk Management Framework (RMF) Training – USMC specific Cisco Certified Entry Networking Technician (CCENT) or Cisco Certified Network Associate (CCNA) CompTIA Security+ (Sec+) Certified Information Systems Security Professional (CISSP) Microsoft Certifications (Server, Azure, or related) Benefits Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, and generous PTO and Federal Holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development! Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. The salary range for this position is: $100,000-$110,000

RP Professional Services is a rapidly growing Technology consulting firm headquartered in Virginia. We’re an 8a and Service-Disabled Veteran-Owned Small Business (SDVOSB) serving both federal and commercial customers. At RP, we help our clients achieve their mission by developing value driven, customized solutions that are executed by the best people. Our dedication to our employees and clients is driven by our promise to deliver Excellence, Value, and Flexibility. "People, not just Resources" is more than our motto; it's the foundation on which we are built! RP Professional Services is seeking a Mid-Level Cybersecurity Specialist to support and advise security professionals on emerging cyber threats, risk mitigation strategies, and compliance standards within the Department of Defense (DoD) Intelligence Community (IC). The ideal candidate will have a strong technical background in classified and unclassified systems, insider threat tools, user activity monitoring (UAM), and cyber threat intelligence. This role requires expertise in offensive and defensive cyber capabilities, network security frameworks, and collaboration across government organizations to enhance cybersecurity posture and threat detection capabilities. This position is contingent upon the contract being awarded to RP Professional Services. Requirements: Advise security professionals on emerging cyber threats, risk mitigation strategies, and industry regulations. Support DoD Intelligence Community operations with expertise in cybersecurity threat management. Apply classified and unclassified system knowledge to facilitate security standards and compliance. Assist non-IT professionals in understanding Department of Defense network standards for effective insider threat tool deployment. Coordinate with cyber threat intelligence teams to develop strategic threat assessments and response plans. Promote and implement technical solutions that support mission-critical cybersecurity objectives. Conduct user activity monitoring (UAM) and cybersecurity evaluations to detect anomalous behaviors and insider threats. Assess and advise on both offensive and defensive cybersecurity strategies within DoD and Intelligence frameworks. Utilize expertise in at least one of the following cybersecurity domains: Risk/Vulnerability/Threat Assessments Cloud Security Security Operations Firewall (FW), Intrusion Prevention System (IPS), Intrusion Detection System (IDS) Configuration Penetration Testing Forensics Threat Intelligence Threat Hunting Maintain awareness of state, local, and federal cybersecurity developments, standards, frameworks, and regulations and their impact on operations. Support counterintelligence, insider threat, and law enforcement investigations through cybersecurity expertise. Requirements Bachelor’s degree in Computer Science or a related field. Minimum eight (8) years of experience advising security professionals on emerging cyber threats. Minimum eight (8) years of experience working within the DoD Intelligence Community. Demonstrated knowledge of DoD/IC computer systems, protections, and cybersecurity threats. Experience advising non-IT professionals on DoD network standards for insider threat tools. Strong coordination skills for collaborating across organizations and implementing cybersecurity solutions. Preferred Qualifications:  Certified Information Systems Security Professional (CISSP). Knowledge of user activity monitoring (UAM) software and processes. Expertise in DoD cybersecurity compliance frameworks and regulations. Strong background in counterintelligence and insider threat investigations. Experience working across government security agencies, military cybersecurity teams, and intelligence divisions. Salary Range: $175,000 - $195,000 The salary range for this role considers a wide range of factors, including, but not limited to, skill sets, equity, experience and training, licensure and certifications, and other business and organizational needs. It is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.   Benefits Health Benefits: Medical, Vision, Dental Up to 4% retirement match with 100% vesting Company paid STD and LTD Company paid basic life insurance Competitive PTO package RP Professional Services, LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

The Georgia Department of Human Services, Office of Information Technology, is seeking a qualified candidate for the temporary contractor staffing position of Cybersecurity Analyst as part of the Information Security Team. *REQUIRED CERTIFICATIONS MUST BE UPLOADED* The Office of Information Technology is the office within DHS that provides computing, applications management, IT procurement, network and telecommunications services to all DHS divisions and offices. Responsibilities Proven experience in cybersecurity operations with hands-on expertise in monitoring and managing multiple security tools, including vulnerability scanning platforms such as Tenable (Nessus, Tenable.sc, or Tenable.io). Continuously monitor security tools and systems (e.g., SIEM, IDS/IPS, CrowdStrike EDR,  DLP, Tenable vulnerability scanners) to detect, investigate, and respond to potential threats in real time. Maintain and oversee the CrowdStrike platform, ensuring proper configuration, alert triage, threat hunting, and endpoint coverage across the organization. Analyze data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations. Interact at multiple levels of the organization to establish and maintain a strong and adaptive security posture that aligns with organizational risk tolerance, information access requirements, business strategies, and compliance requirements. Integrate overarching security frameworks across multiple, complex disciplines in support of the business needs of the Agency to provide customer-focused technology solutions in a secure, cost-effective, and efficient manner. Strong knowledge of system administration, including configuration, hardening, patch management, and monitoring of Windows and Linux servers Coordinate and oversee the production of evidence to support internal and external audits. Conduct internal risk, vulnerability, and compliance assessments to: Identify risks, vulnerabilities, and compliance shortcomings; and recommend/develop security measures, policies, and controls for risk/vulnerability mitigation and remediation of compliance findings. Prepare and/or update incident response plans and perform incident response activities as directed and in accordance with established Agency procedures and guidelines and those of the Georgia Technology Authority (GTA). Ensure periodic monitoring of audit logs occurs in accordance with requirements, and report findings and concerns for further analysis and/or action, including breach notification and initiation of incident response, in accordance with Agency protocols/procedures and CISO direction/guidance. Work with developers to plan, implement, manage, and coordinate appropriate security measures for information systems/applications that control access to data, and prevent unauthorized modification, destruction, or disclosure of information in accordance with federal, state, local, and agency requirements, policies, and directives. Prepare and/or update Plan of Actions & Milestones (POA&M) that identify security weaknesses and establish milestones and compensating controls for remediating these weaknesses and tracking the progress and effectiveness of the remediation. Serve as a Subject Matter Expert (SME), advising on current best practice and strategies for the protection, auditing, and monitoring of data, data storage, and transmission paths. Work with business owners, IT managers, staff, and vendors to provide timely and efficient coordination of information assurance/security services to meet Agency needs. Prepare and communicate status of Agency information security programs and projects to senior executives through oral and written reports and presentations. Assist with information security awareness training activities and preparation of awareness training materials. Develop and communicate security metrics to assess effectiveness of, and compliance with, the Agency’s InfoSec policies and controls. Performs other professional responsibilities as assigned. Qualifications: Bachelor's degree in information technology, computer science, information assurance, or a related field from an accredited college or university AND Five years of information technology experience, One year of which in information security or information assurance. Note: An equivalent combination of education and job specific experience that provided the knowledge, experience and competencies required to successfully perform the job at the level listed may be substituted on a year-over-year basis. Desired Skills/Qualifications: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Demonstrated professional experience developing and communicating an information security strategy and aligning projects, initiatives, and resources to execute against the strategy.

Primary responsibilities include Develop and Design Secure platform architectures, ensuring that architecture is consistent with enterprise architecture standards, guidelines and principles. Review Architecture and Implementations for consistency to CFG security standards Develop standards, recommendations, requirements, and security guidance in support of business activities Evaluate, design, and test IAM technologies to ensure secure, scalable, and cost-effective solutions. Guide IAM integration for new tools and systems, including configuration, debugging and deployment. Perform security assessments on projects across multiple CFG business product lines Participate in code and design reviews with teams of software, network and cloud engineers to ensure that solutions meet enterprise IAM and security standards. Collaborate with application teams across CFG to guide the direction of designing secure products.  Collaborate with other functional teams' leadership and engineers to ensure solutions align with organizational goals and user needs.   Contribute to technology direction, develop architecture and influence implementation to gain measurable business improvements. Stay ahead of industry trends to advise CFG identity strategies and strengthen the company security posture. Qualifications, Education, Certifications and/or Other Professional Credentials 8+ years of professional Security & Identity experience with 5+ years as a Principal Architect Experience designing security and identity solutions for 10K+ headcount organizations Extensive experience designing and implementing IAM solutions in enterprise environments with strong knowledge of identity lifecycle, access control, authentication and hybrid cloud security Demonstrable experience in leading IAM modernization initiatives, encompassing Active Directory, Entra ID, Single Sign On, MFA, Privileged Identity Management, and Zero Trust. Experience with IAM tools such as SailPoint, Okta, CyberArk, HashiCorp, Entra ID and Active Directory preferred Strong working knowledge of regulatory and compliance frameworks, including GDPR, NIST, and ISO 27001, and their application to enterprise identity preferred. Familiar with public cloud platforms (e.g. AWS, Entra, GCP) and Continuous Integration/Continuous Delivery (CI/CD) practices preferred. Deep understanding of Zero Trust, SD WAN and SASE approaches and platforms preferred Industry certifications like CISSP, CISM, CCSP, AWS, Azure or GCP highly valued