Dragonfli Group

• Drive identity security initiatives by generating metrics-that-matter within existing enterprise identity platforms • Extract, transform, and analyze identity and security data using the Databricks platform • Develop and deliver reports and dashboards from Databricks to support program visibility and decision-making • Apply AI/ML techniques to detect fraudulent activity and support authentication of user identities at enterprise scale • Contribute to data quality improvement efforts across identity and security data sets • Support technical implementations related to identity tools including Okta and Ping • Prepare and deliver executive briefings that communicate complex identity security data in a clear and compelling narrative format • Manage stakeholder relationships across multiple functional groups, translating technical findings into business-relevant insights • Collaborate with cross-functional teams to align identity metrics with broader security program goals • Document processes, findings, and reporting outputs to maintain program continuity and institutional knowledge • Support continuous improvement of identity security reporting frameworks and measurement methodologies

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP • Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors • Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment • Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions • Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience • Drive the organization's transition to a Zero Standing Privilege model for all production environments • Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks • Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity • Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP) • Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders • Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice

• Manage security assessments for a variety of applications and domains, including cloud computing environments • Lead multiple large, complex, high-risk security assessment initiatives concurrently • Implement security controls and verify control effectiveness in alignment with NIST RMF and ISO standards • Conduct risk assessments and document compliance measures to meet organizational and regulatory requirements • Evaluate, validate, and support documentation required for A&A and accreditation activities for new and existing IT systems • Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives • Support development of actionable security blueprints, principles, models, designs, standards, and guidelines • Apply security architecture principles and best practices to help design and maintain secure IT infrastructures aligned to A&A policies • Use network and vulnerability scanning tools to interrogate systems for configuration and security status • Utilize GRC tools to manage and track A&A workflows, artifacts, and approvals • Serve as an A&A subject matter expert, providing guidance to stakeholders, business units, and new A&A resources • Build and maintain schedules and step-by-step action plans; brief cross-functional teams and executives on status and risk

• Lead the evolution of the software delivery lifecycle by embedding security into every stage of CI/CD • Architect and maintain automated CI/CD pipelines using AI/ML for SAST/DAST to detect complex vulnerabilities • Design security frameworks for the end-to-end AI lifecycle, including data ingestion security and model protection • Implement guardrail architectures for Large Language Models (LLMs) and AI-native applications • Develop AI-driven orchestration (SOAR) to automate triage and remediation of security findings • Implement Policy as Code governance using Open Policy Agent (OPA) to enforce compliance across multi-cloud environments • Integrate SAST, DAST, SCA, and secret scanning into GitHub Actions, GitLab CI, or Jenkins pipelines • Conduct advanced threat modeling for cloud-native applications, including AI-specific attack vectors (e.g., model inversion, data poisoning) • Create self-service security tools and Golden Paths to enable secure developer workflows with minimal friction • Establish and enhance observability for security and reliability using eBPF, Prometheus, and logging/monitoring platforms (e.g., Dynatrace or Datadog)

• Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering • Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives • Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity • Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement • Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse • Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation • Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents • Develop and maintain playbooks and response workflows for insider risk scenarios • Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies • Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage • Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms • Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses • Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture • Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status

• Build, maintain, and enhance CI/CD pipeline templates to support services deployed into AWS and client-managed environments • Triage and resolve failed pipelines and deployments, conducting thorough root cause analysis and implementing corrective actions • Support codebases requiring new pipeline template development and modernization • Perform patching, administration, and lifecycle management of core DevOps tooling, including: SonarQube, Sonatype, Nexus, Harness, GitHub, Azure DevOps, and Jira • Lead and support GitHub repository onboarding and associated automation workflows • Operate, maintain, and tune security scanning tools, including rule configuration and optimization for SonarQube, Sonatype, and Nexus • Identify opportunities to improve pipeline efficiency, reduce technical debt, and strengthen secure delivery practices

• Lead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholders. • Own attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&M documentation. • Manage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentation. • Lead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations). • Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent). • Scope, schedule, execute, and report on vulnerability scans across large, complex federal environments. • Analyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activities. • Manage hardware/software certification pipelines; process ServiceNow tickets within defined SLAs. • Support transition from legacy tools to modernized scanning platforms with minimal operational disruption. • Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs. • Maintain accurate POA&M records for all open findings across program scope. • Produce and present vulnerability dashboards, compliance reports, and executive-level status briefings. • Validate remediation effectiveness through post-remediation scanning and analysis. • Monitor HTTPS/HSTS compliance and other BOD requirements (BOD 18-01, BOD 20-01, and others as applicable). • Build and maintain working relationships with CISA contacts, agency system owners, SOC personnel, and contractor teams. • Communicate vulnerability risks and remediation recommendations clearly to both technical and non-technical audiences. • Serve as subject matter expert and primary point of contact for assigned programs. • Provide backfill coverage across vulnerability management workstreams as needed.

• Execute hands-on remediation tasks across NERC CIP standards CIP-003 through CIP-013 as directed by the audit readiness lead • Implement technical and procedural controls to close compliance gaps identified through gap assessments and mock audit findings • Compile, organize, and QA/QC compliance evidence packages in support of WECC audit submission • Document remediation activities, control test results, and closure evidence with precision • Coordinate with internal IT, OT, and compliance staff to validate remediation completion across technical and regulatory domains • Support cyber asset identification, BES Cyber System categorization, and control implementation activities • Maintain detailed work logs in support of T&M billing and audit trail requirements • Escalate blockers and risks to engagement lead without delay

• Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring • Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages • Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule • Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure • Conduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validation • Support incident response activities including documentation, escalation, and remediation tracking • Maintain system inventory, hardware/software baselines, and interconnection agreements • Ensure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policies • Participate in security reviews, audits, and inspections as required

• Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis • Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data • Build a 3-year total cost of ownership model across five vendor platforms • Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework • Participate in and provide technical defense during two client-facing working sessions (90 min each, video call) • Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement • Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions