Dragonfli Group logo

Dragonfli Group

Remote Jobs

CyberSecurity as a Solution: Enabling Secure Business.

30 open rolesTeam 11,50H1B No SponsorLatest: Jul 17, 2026, 7:39 PM UTCCompany SiteLinkedIn
Post Date
Minimum Salary
Experience

30 Jobs

Dragonfli Group logo

Vulnerability Management Engineer

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Engineer6 hours ago
Full TimeRemoteMid LevelTeam 11-50H1B No Sponsor

Role Description The Senior Vulnerability Management Analyst will own and operate vulnerability management programs for a large federal client. This is a delivery-oriented role with direct program accountability. The analyst will lead scanning operations, manage attack surface reduction programs, maintain stakeholder relationships, and drive remediation to closure. The right candidate can manage ambiguity, produce results with minimal supervision, and operate across technical and program management workstreams simultaneously. Responsibilities - Program Ownership - Lead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholders. - Own attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&M documentation. - Manage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentation. - Lead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations). - Scanning and Technical Execution - Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent). - Scope, schedule, execute, and report on vulnerability scans across large, complex federal environments. - Analyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activities. - Manage hardware/software certification pipelines; process ServiceNow tickets within defined SLAs. - Support transition from legacy tools to modernized scanning platforms with minimal operational disruption. - Remediation and Risk Management - Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs. - Maintain accurate POA&M records for all open findings across program scope. - Produce and present vulnerability dashboards, compliance reports, and executive-level status briefings. - Validate remediation effectiveness through post-remediation scanning and analysis. - Monitor HTTPS/HSTS compliance and other BOD requirements (BOD 18-01, BOD 20-01, and others as applicable). - Stakeholder Engagement - Build and maintain working relationships with CISA contacts, agency system owners, SOC personnel, and contractor teams. - Communicate vulnerability risks and remediation recommendations clearly to both technical and non-technical audiences. - Serve as subject matter expert and primary point of contact for assigned programs. - Provide backfill coverage across vulnerability management workstreams as needed. Qualifications - 3+ years of hands-on vulnerability management experience. - Demonstrated program ownership: VDP, attack surface management, or equivalent independently managed programs. - Proficiency with Tenable.sc and/or Tenable.io (scan configuration, report generation, false positive management). - Experience with CISA programs (VDP, FAST, BOD compliance) or equivalent federal cybersecurity initiatives. - Working knowledge of ServiceNow or equivalent ITSM platforms for ticket management. - Ability to produce clean, accurate SOPs, POA&Ms, and stakeholder-facing documentation. - Active security clearance or eligibility to obtain one preferred. Requirements - 3+ years of hands-on vulnerability management experience within a federal agency environment. - Experience operating WebInspect, OpenText ScanCentral, or equivalent DAST/web application scanning tools. - Familiarity with Bugcrowd or other managed bug bounty platforms. - Experience with HSTS/HTTPS compliance monitoring aligned to BOD 18-01. - Active certifications: Security+, CEH, CISSP, CISM, or Certified Vulnerability Assessor (CVA). - Experience leading or co-leading standing meetings with federal stakeholders. - Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience. Benefits - Health, Dental, and Vision Insurance - PTO - 401(k) - Remote work flexibility - Exposure to high-impact federal cybersecurity programs - Direct access to firm leadership and career development opportunities

United States
Dragonfli Group logo

Technical Writer

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Technical Writer28 days ago
ContractRemoteMid LevelTeam 11-50H1B No Sponsor

• Translate complex cybersecurity concepts, processes, and technical findings into plain-language written content for a range of audiences, including non-technical stakeholders • Develop and maintain technical documentation including policies, procedures, user guides, standard operating procedures (SOPs), and program reports • Apply knowledge of NIST, NIST Cybersecurity Framework (CSF), and CIS Controls to inform and structure documentation deliverables • Collaborate with subject matter experts (SMEs), engineers, and program managers to gather technical information and validate accuracy • Support cybersecurity program communications, including presentations, briefings, and executive summaries • Review and edit existing documentation for clarity, consistency, accuracy, and compliance with agency style standards • Assist in documenting AI tools and their appropriate use within the program context • Maintain version control and documentation repositories in accordance with program standards • Participate in team meetings and contribute to sprint planning or project milestone reviews as applicable

United States
Job Closed
Dragonfli Group logo

Identity Security Engineer – ITDR, CSPM

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

ContractRemoteLeadTeam 11-50H1B No Sponsor

• Own end-to-end strategy, implementation, and operational health of CrowdStrike Falcon Identity Protection and the CSPM capabilities within CrowdStrike Cloud Security • Proactively identify identity-based threats, misconfigurations, and cloud security gaps; drive remediation to closure in accordance with client policies and procedures • Configure, tune, and maintain identity protection policies, IOM and IOA policies, and risk-based authentication controls • Serve as the escalation point and trusted technical advisor to client leadership on identity and cloud security matters • Develop runbooks, detection logic, and automation to reduce manual effort and improve response times • Monitor the threat landscape and translate emerging risks into actionable hardening recommendations • Coordinate and lead governance calls with stakeholders; produce agenda, notes, and follow-up actions independently • Partner with other cybersecurity teams to integrate CrowdStrike telemetry into broader security operations • Produce metrics, dashboards, and executive-level reporting on identity and cloud security posture • Apply deep knowledge of identity-based attack techniques — including lateral movement, credential theft, Kerberoasting, and pass-the-hash — to inform detection and response strategy

United States
Job Closed
Dragonfli Group logo

NERC CIP Virtualization Consultant

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Consultant50 days ago
ContractRemoteSeniorTeam 11-50H1B No Sponsor

• Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02 • Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery • Document technical and procedural requirements for virtualized environments supporting critical infrastructure • Develop testing and evidence collection strategies to support CIP compliance audits • Update Management Model documentation to reflect changes in processes and procedures • Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes • Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring • Collaborate with internal stakeholders across IT, OT, and compliance functions to socialize policy changes • Serve as a subject matter expert on NERC CIP standards, providing technical and regulatory guidance to project teams • Support engagement planning, analysis, and stakeholder coordination throughout all project phases

United States
Dragonfli Group logo

Junior Identity Security Analyst

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Security Analyst57 days ago
Full TimeRemoteJuniorTeam 11-50H1B No Sponsor

• Drive identity security initiatives by generating metrics-that-matter within existing enterprise identity platforms • Extract, transform, and analyze identity and security data using the Databricks platform • Develop and deliver reports and dashboards from Databricks to support program visibility and decision-making • Apply AI/ML techniques to detect fraudulent activity and support authentication of user identities at enterprise scale • Contribute to data quality improvement efforts across identity and security data sets • Support technical implementations related to identity tools including Okta and Ping • Prepare and deliver executive briefings that communicate complex identity security data in a clear and compelling narrative format • Manage stakeholder relationships across multiple functional groups, translating technical findings into business-relevant insights • Collaborate with cross-functional teams to align identity metrics with broader security program goals • Document processes, findings, and reporting outputs to maintain program continuity and institutional knowledge • Support continuous improvement of identity security reporting frameworks and measurement methodologies

United States
Job Closed
Dragonfli Group logo

Senior Cloud Security Architect

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Full TimeRemoteSeniorTeam 11-50H1B No Sponsor

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP • Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors • Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment • Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions • Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience • Drive the organization's transition to a Zero Standing Privilege model for all production environments • Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks • Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity • Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP) • Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders • Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice

District Of Columbia
Job Closed
Full TimeRemoteSeniorTeam 11-50H1B No Sponsor

• Manage security assessments for a variety of applications and domains, including cloud computing environments • Lead multiple large, complex, high-risk security assessment initiatives concurrently • Implement security controls and verify control effectiveness in alignment with NIST RMF and ISO standards • Conduct risk assessments and document compliance measures to meet organizational and regulatory requirements • Evaluate, validate, and support documentation required for A&A and accreditation activities for new and existing IT systems • Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives • Support development of actionable security blueprints, principles, models, designs, standards, and guidelines • Apply security architecture principles and best practices to help design and maintain secure IT infrastructures aligned to A&A policies • Use network and vulnerability scanning tools to interrogate systems for configuration and security status • Utilize GRC tools to manage and track A&A workflows, artifacts, and approvals • Serve as an A&A subject matter expert, providing guidance to stakeholders, business units, and new A&A resources • Build and maintain schedules and step-by-step action plans; brief cross-functional teams and executives on status and risk

United States
Job Closed
Dragonfli Group logo

Senior DevSecOps Architect

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

DevOps Engineer77 days ago
ContractRemoteSeniorTeam 11-50H1B No Sponsor

• Lead the evolution of the software delivery lifecycle by embedding security into every stage of CI/CD • Architect and maintain automated CI/CD pipelines using AI/ML for SAST/DAST to detect complex vulnerabilities • Design security frameworks for the end-to-end AI lifecycle, including data ingestion security and model protection • Implement guardrail architectures for Large Language Models (LLMs) and AI-native applications • Develop AI-driven orchestration (SOAR) to automate triage and remediation of security findings • Implement Policy as Code governance using Open Policy Agent (OPA) to enforce compliance across multi-cloud environments • Integrate SAST, DAST, SCA, and secret scanning into GitHub Actions, GitLab CI, or Jenkins pipelines • Conduct advanced threat modeling for cloud-native applications, including AI-specific attack vectors (e.g., model inversion, data poisoning) • Create self-service security tools and Golden Paths to enable secure developer workflows with minimal friction • Establish and enhance observability for security and reliability using eBPF, Prometheus, and logging/monitoring platforms (e.g., Dynatrace or Datadog)

United States
Job Closed
Dragonfli Group logo

Insider Risk Engineer

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

Risk94 days ago
ContractRemoteLeadTeam 11-50H1B No Sponsor

• Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering • Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives • Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity • Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement • Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse • Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation • Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents • Develop and maintain playbooks and response workflows for insider risk scenarios • Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies • Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage • Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms • Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses • Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture • Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status

United States
Job Closed
Dragonfli Group logo

DevSecOps Pipeline, Tooling Engineer

Dragonfli Group

CyberSecurity as a Solution: Enabling Secure Business.

DevOps Engineer101 days ago
ContractRemoteSeniorTeam 11-50H1B No Sponsor

• Build, maintain, and enhance CI/CD pipeline templates to support services deployed into AWS and client-managed environments • Triage and resolve failed pipelines and deployments, conducting thorough root cause analysis and implementing corrective actions • Support codebases requiring new pipeline template development and modernization • Perform patching, administration, and lifecycle management of core DevOps tooling, including: SonarQube, Sonatype, Nexus, Harness, GitHub, Azure DevOps, and Jira • Lead and support GitHub repository onboarding and associated automation workflows • Operate, maintain, and tune security scanning tools, including rule configuration and optimization for SonarQube, Sonatype, and Nexus • Identify opportunities to improve pipeline efficiency, reduce technical debt, and strengthen secure delivery practices

United States
Job Closed

20more opportunities are still waiting for you.Log in now and take your next shot before someone else does.