Knowledge Management, Inc. (KMI) has the leadership and experience to deliver innovative technology, logistics and management solutions to meet real mission requirements. KMI is a Minority Business Enterprise (MBE) and Small Disadvantage Business (SDB) that specializes in Logistics, Warehouse Services, Distance Learning/Training, Enterprise Solutions, Financial Management Support, Program Management, Intelligence Analysis & Threat Assessment, and Data Analytics/Operations Research. Since 1998, our solutions and services have helped our clients improve performance, drive cost and operational effectives, and map technology needs for tomorrow's requirements. Title: Jr. Information Security Analyst Location: Remote with occasional on-site support at IRS facilities (e.g., New Carrollton, MD or Washington, DC area) Position: 1 Duration: 6 month base with 2 3-month options Start date: ASAP Security Clearance: IRS Moderate Risk Public Trust (Background Investigation required) Salary: Please provide your salary requirement, C2C or 1099 hourly rate Education/Experience: Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field Certifications: Security+ CE certification required, Higher-level certifications (e.g., CISSP, CISM, CEH, CAP) preferred and may substitute for additional years of experience The Junior Information Security Analyst will assist in conducting security control assessments, collecting evidence, and supporting compliance reporting for IRS systems under FISMA requirements. This role involves hands-on support for vulnerability scanning, control validation, and POA&M tracking using tools like ServiceNow and Qmulos. The analyst will contribute to assessments of cloud platforms (PaaS, SaaS, IaaS), pipeline security in CI/CD environments, and help develop metrics and dashboards for quarterly reporting. Required Qualifications - 1 to 3 years of relevant professional experience in information security, cyber risk management, network defense, or cybersecurity operations - Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development - IT security knowledge with professional certifications from ISC2, ISA, PMI, CompTIA, or SANS Institute - Knowledge and experience with technology risk assessments covering Webservices, network appliances, and software - Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements Security Clearance - IRS Moderate Risk Public Trust (Background Investigation required) Location - Remote with occasional on-site support at IRS facilities (e.g., New Carrollton, MD or Washington, DC area) Education - Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field Preferred Qualifications - Security+ CE certification required - Higher-level certifications (e.g., CISSP, CISM, CEH, CAP) preferred and may substitute for additional years of experience - Knowledge of the IRS infrastructure, technologies, and general support systems - Knowledge and experience with the IRS Enterprise Lifecycle and OneSDLC - Knowledge of System Interconnections including VPN and other encryption technologies - Knowledge of IRS Business Units and IT enterprise processes - Knowledge/experience with Qmulos Q-Compliance, SharePoint, Scanning tools, ServiceNow GRC, SPLUNK - Knowledge and experience with security architecture principles and system modeling - Experience with end-user troubleshooting for access and permission issues in GRC workflows Benefits: All full-time employees are eligible to participate in our benefits programs: - Health, dental, and vision insurance - 401(k) retirement plan - Paid time off (PTO) and holidays - Group Term Life and Accidental Death and Dismemberment Insurance - Voluntary Term Life Insurance - Short and Long-term disability insurance Equal Employment Opportunity Statement. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. E-Verify Statement. Knowledge Management, Inc. participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, KMI is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. Pay Transparency Non-Discrimination Provision. Knowledge Management, Inc. will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) Disability Statement. If you have a disability and need reasonable accommodation or assistance at any point in the application or onboarding process, please email us at marie@knowledgemanagement.com.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Senior Cybersecurity Assessment & Authorization (A&A) Risk Analyst provides advanced governance, risk, and compliance (GRC) support to federal information systems in alignment with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF). This position is responsible for managing external service authorization activities, conducting security risk assessments, and supporting NSF’s continuous monitoring efforts. The role requires strong analytical, documentation, and stakeholder engagement skills to ensure federal systems maintain compliance with applicable federal laws, regulations, and NSF directives. Essential Duties and Responsibilities - Assessment & Authorization (A&A) - Manage full lifecycle Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37. - Develop, review, and maintain security authorization documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). - Review and assess FedRAMP authorization packages, and package updates, to support the evaluation and use of cloud services. - Monitor ATO packages in the FedRAMP Secure Repository. - Communicate with system owners, information systems security officers (ISSOs), Cloud Service Providers, and security stakeholders frequently to review significant system changes and ensure continued compliance with federal security requirements. - Evaluate and validate implementation of security controls defined in NIST Special Publication 800-53 Rev. 5, including inherited and agency-implemented controls. - Conduct risk assessments using methodologies consistent with NIST Special Publication 800-30 and provide risk analysis and recommendations to Authorizing Officials and senior stakeholders. - Support continuous monitoring and ongoing authorization activities by reviewing vulnerability scans, tracking POA&Ms, and coordinating remediation efforts. - Governance, Risk & Compliance (GRC) - Peer review cybersecurity policies, standards, procedures, and implementation guidance. - Perform regulatory and policy analysis to ensure alignment with federal requirements and agency directives. - Conduct gap analyses to assess compliance posture and recommend remediation strategies. - Assist in development of control overlays, baseline updates, and security control tailoring guidance. - Provide subject matter expertise in governance discussions. - Support enterprise reporting activities, including risk metrics and compliance dashboards in ServiceNow. - Compliance & Oversight Support - Provide documentation and analysis support for internal and external reviews, including FISMA reporting activities. - Assist in preparing responses to oversight inquiries and tracking corrective actions. - Perform quality assurance reviews of security documentation to ensure accuracy and consistency. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience). - Professional certification(s) such as CISSP, CISM, or CAP. - Minimum of 7 years of progressive cybersecurity experience, including at least 4 years supporting federal RMF/A&A efforts. - Demonstrated experience implementing the NIST Risk Management Framework. - Strong knowledge of: - Federal Risk and Authorization Management Program (FedRAMP) - NIST Special Publication 800-53 Rev. 5 - Federal Information Security Modernization Act (FISMA) - Federal Zero Trust Strategy (OMB M-22-09) - Familiarity with federal cloud security requirements and FedRAMP-authorized environments. - Experience supporting Moderate and/or High impact systems. - Experience with Microsoft 365 office applications. - Excellent written and verbal communication skills. - Ability to engage effectively with technical teams and executive leadership. - Active Public Trust clearance or ability to obtain. Preferred Qualifications - Experience with ServiceNow, CSAM and/or comparable GRC tools. - Familiarity with Atlassian Confluence and JIRA. - Experience contributing to enterprise-level cybersecurity policy initiatives. - Familiarity with guidance pertaining to responsible AI usage by federal agencies (e.g., Executive Order 13960, OMB M-25-21 and M-25-22). - Experience supporting federal research or grant-management systems. Core Competencies - Federal Cybersecurity Governance - Risk Assessment & Analysis - Policy Development & Regulatory Interpretation - Technical Documentation & Quality Assurance - Stakeholder Engagement - Analytical Problem Solving Work Environment This is a full-time remote position supporting Cherokee Federal’s cybersecurity contract with the U.S. National Science Foundation in Alexandria, VA. This position reports to the Cybersecurity Oversight and Compliance Lead, operates within a structured federal compliance environment, and requires collaboration with system owners, security personnel, program offices, and senior stakeholders. The role supports ongoing authorization, governance initiatives, and periodic oversight reviews to maintain a strong cybersecurity posture across NSF systems.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Cybersecurity GRC Specialist is responsible for managing and strengthening MetLife Legal Plans' Technology Governance, Risk, and Compliance (GRC) program. This role helps ensure the organization effectively identifies, assesses, and mitigates technology and cybersecurity risks while maintaining compliance with regulatory requirements, industry standards, and internal policies. This individual plays a key role in protecting MetLife Legal Plans’ information assets by developing and maintaining risk management frameworks, overseeing security and compliance initiatives, and partnering with technology, legal, and business teams to integrate security best practices across the organization. The Cybersecurity GRC Specialist also supports the organization’s Third-Party Risk Management (TPRM) program, ensuring that vendors, partners, and sponsors meet required security and risk standards before and during their engagement with the organization. A successful candidate will have a strong background in IT risk management, cybersecurity, and information security governance, along with the ability to communicate effectively with both technical and non-technical stakeholders. Staying informed about emerging threats, evolving regulatory requirements, and industry best practices is essential to this role. Qualifications - 5+ years of experience in IT Governance, Risk, Compliance (GRC), cybersecurity, or information security - Bachelor’s degree in Computer Science, Information Security, or related field preferred - Security certifications such as CISSP, CISA, CRISC, or similar highly preferred - Experience with Third-Party Risk Management (TPRM) programs - Prior experience with the ISO 27001:2022 Framework - Prior experience leading projects, initiatives, or mentoring team members preferred Requirements - Support the development and ongoing maturity of MLP’s IT risk management framework - Conduct and oversee risk assessments to identify potential threats, vulnerabilities, and business impacts across systems and data environments - Contribute to the development, maintenance, and enforcement of IT security policies, standards, and procedures - Ensure policies align with regulatory requirements, internal governance standards, and industry best practices - Provide guidance on secure system and application design - Partner with IT teams to ensure security controls are incorporated into infrastructure, systems, and application development - Support the development and delivery of security awareness programs for employees - Promote a culture of security and risk awareness across the organization - Assist in the development and maintenance of incident response procedures - Participate in security incident investigations and response coordination as needed - Help ensure IT systems and security practices comply with applicable laws, regulations, and industry standards - Support internal and external audits and assist with remediation efforts when needed - Review vendor security documentation, certifications, and controls to ensure alignment with MLP security standards - Partner with procurement, legal, and technology teams to manage vendor risk throughout the vendor lifecycle - Support the continuous improvement of MLP’s third-party risk management program - Evaluate security technologies, tools, and solutions to strengthen the organization’s security posture - Stay informed on emerging cybersecurity trends and recommend improvements where appropriate - Work closely with IT teams including infrastructure, application development, and network security - Provide guidance on security best practices and assist with implementing appropriate controls - Communicate technology and security risks to leadership and key stakeholders - Translate technical security concepts into clear business impact and risk language - Review and respond to security questionnaires from clients, sponsors, and partners - Evaluate vendor and partner security responses to assess risk exposure - Support internal and external audit activities, including documentation preparation and evidence collection - Partner with internal teams to address audit findings and strengthen controls - Support contract reviews to ensure appropriate security and risk management provisions are included - Collaborate with legal, procurement, and technology teams to align vendor agreements with security standards - Contribute to the ongoing improvement of MLP’s risk, security, and governance programs - Identify opportunities to enhance processes, controls, and risk visibility across the organization Benefits - Occasional travel may be required (10% or less)

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking a Junior to Mid-Level Security Operations Center (SOC) Analyst to support the National Incident and Response Team (NIRT). In this role, you will: - Review security monitoring data and identify anomalies. - Assist with investigating potential security incidents. - Operate on a three 12-hour shift schedule per week on consecutive days, with occasional adjustments for team coverage. - Work alongside one additional NIRT team member during each shift. - Engage in a short-term engagement expected to last approximately five months, with the possibility of extension currently unknown. Qualifications - Bachelor's degree in Computer Science or a related discipline, with 0-2 years of experience, or - High school diploma with 6-8 years of relevant experience, or - Equivalent combination of education and professional experience. - Must be able to obtain and maintain a Public Trust clearance. - U.S. Citizenship is required. Requirements - Experience with SIEM tools and analyzing security events from multiple monitoring and logging systems. - Ability to identify suspicious activity through security event analysis and correlation. - Knowledge of TCP/IP networking protocols and network packet analysis. - Familiarity with current cybersecurity threats, tactics, and techniques. - Understanding of IT infrastructure and enterprise technology environments, including: - Networking protocols - Firewall functionality - Host and network intrusion detection systems - Operating systems - Databases - Encryption technologies - Load balancing - Enterprise security tools and services Benefits - Medical, dental, and vision coverage - Life and disability insurance - Additional voluntary benefits