• IT support: Be the first line of support for the organisation. Resolve issues, hit SLAs, and keep things moving. • Endpoint management: Own the full lifecycle of our devices — laptops, desktops, mobiles, and virtual desktops. Deployment, configuration, troubleshooting, all of it. • Patch management: Keep endpoints, workstations, cloud servers, and VDI environments up to date. Track what needs patching, get it done, and report on it. • Vulnerability management: Run regular vulnerability scans across our environment. Understand what the results mean, prioritise by risk, and drive remediation to closure. • Access & identity: Manage user accounts and access rights. Enforce least privilege. Make provisioning and deprovisioning slick and secure. • Threat prevention: Help implement and monitor our security controls — endpoint protection, DLP, email security, network controls. Keep an eye on what's happening. • Asset management: Know what we have, where it is, and who has it. Keep the inventory accurate. • Onboarding & offboarding: Set people up properly when they join and make sure access is cleanly revoked when they leave. • AI enablement & security: Work with teams to help them adopt AI tools safely. Spot risks like prompt injection, data leakage, or insecure integrations. Help us keep track of what AI tools are in use and make sure we have the right guardrails in place.

Senior Network Security Engineer MSP4, LLC | Full-Time | Remote | Up to 25% Travel About the Role MSP4 operates as the embedded IT department for a portfolio of clients spanning professional services, legal, distribution, manufacturing, and government sectors. Environments range from 50 to 1,500 users and carry real compliance obligations: CMMC L2, NIST 800-171, and SOC 2 are active requirements across multiple clients, not aspirational targets. This role owns network and security engineering across that portfolio. You will design, deploy, and maintain firewall, switching, routing, and SD-WAN infrastructure for clients with serious uptime and regulatory requirements. Platform depth across Palo Alto, Fortinet, and Cisco is the baseline. Security posture work (segmentation, policy review, compliance evidence, hardening) is part of the job, not an afterthought. You will work under the direction of our Principal Solutions Architect, who owns design authority. The expectation is precise execution, thorough documentation, and sound judgment applied within established architecture, not the impulse to re-platform what is already working. This is a remote role. Travel is required up to 25% for major client project deployments. Day-to-day work is executed remotely. What You Will Do - Design and implement network and security infrastructure across multi-site client environments: campus, branch, datacenter, and cloud-connected architectures - Manage firewall platforms at scale: Palo Alto with Panorama, Fortinet with FortiManager, Cisco ASA/FTD, Juniper SRX, and Sophos XG/XGS - Configure and maintain enterprise switching and routing (BGP, OSPF, HSRP/VRRP, VLANs, spanning tree, QoS) across Cisco Catalyst/Nexus, Juniper EX, Aruba, and Meraki environments - Implement and manage SD-WAN solutions where applicable, including failover design, policy routing, and carrier diversity - Apply network segmentation, micro-segmentation, and zero-trust access controls in support of CMMC L2, NIST 800-171, and SOC 2 compliance requirements - Conduct firewall policy audits, rule cleanup, and hardening reviews; produce documentation that satisfies compliance evidence requirements - Support VPN and remote access infrastructure (IPsec, SSL/TLS, GlobalProtect, FortiClient) across client environments - Respond to network security incidents, assist with forensic review, and implement corrective controls - Produce network diagrams, runbooks, and change documentation that meet audit standards and enable other engineers to maintain what you build - Travel to client sites up to 25% for major project-based deployments What You Bring - 6 or more years of network and security engineering experience across complex, multi-site production environments in professional services, manufacturing, distribution, legal, or government sectors - Hands-on depth with at least two major firewall platforms (Palo Alto with Panorama, Fortinet with FortiManager, Cisco FTD/ASA, Juniper SRX, or Sophos XGS), including policy management at scale - Routing and switching fluency: BGP, OSPF, EIGRP, HSRP/VRRP, spanning tree variants, 802.1Q, and QoS. Not conceptual familiarity. Operational depth. - Experience supporting compliance audits. SOC 2 Type II is the most common baseline in this client base; you should know what it means to produce audit-ready network diagrams, collect evidence for access controls, and document firewall policy in a way that satisfies an auditor - Familiarity with NIST 800-171 or CMMC L2 network controls is a plus, not a requirement. Several clients are actively pursuing CMMC Level 2 certification and we will bring you up to speed on the specifics. What matters is the ability to translate a compliance requirement into a network policy. - Familiarity with datacenter networking (top-of-rack switching, spine/leaf topologies, VXLAN) is a plus - Network security tooling experience: IDS/IPS, NAC (Cisco ISE, Aruba ClearPass), SIEM integration, and log forwarding - Ability to read and apply architecture standards established by others without requiring constant design input - Relevant certifications (PCNSE, NSE 4+, CCNP Enterprise or Security, JNCIS) are a plus, not a requirement - Ability to produce clear technical documentation: network diagrams, firewall policy documentation, change records, and audit-ready evidence packages that another engineer can follow and an auditor can rely on - Prior experience in a multi-client service delivery environment is an advantage; comfort maintaining consistent security posture across varied client environments matters here How We Work MSP4 does not operate like a traditional IT department or a ticket-centric help desk. We function as embedded IT leadership for our clients, accountable to their outcomes, not to our own preferences about how networks should be designed. Our Principal Solutions Architect owns the design framework. Engineers at every level, including senior, operate within that framework. This is not a limitation. It is what allows us to maintain consistent, auditable, defensible environments across a complex multi-client portfolio. If you need to own every platform and policy decision to feel effective, this role is not the right fit. If you find satisfaction in executing at a high level, holding a client's security posture to a standard, and building trust through reliability, it is. We are building the operating model in real time. Some processes are documented; others are being written as we go. Senior engineers are expected to help shape what does not yet exist while executing reliably within what does. We expect senior engineers to push back when something is wrong. We do not expect them to redesign based on personal preference. About MSP4 MSP4, LLC provides infrastructure, security, and IT advisory services to mid-market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2. We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.

TITLE: Facility Security Officer (FSO) / Insider Threat Program Senior Official (ITPSO) LOCATION: Remote CLEARANCE REQUIRED: Active DoD Top Secret Clearance EMPLOYMENT TYPE: Part-time, W2 POSITION SUMMARY The Facility Security Officer (FSO) / Insider Threat Program Senior Official (ITPSO) is responsible for managing the organization's industrial security program and insider threat program in compliance with the National Industrial Security Program (NISPOM) and DCSA requirements. This role ensures the protection of classified information, personnel, and operations while proactively identifying and mitigating insider threat risks. RESPONSIBILITIES (not limited to): Industrial Security (FSO) - Administer and maintain the facility security program in accordance with NISPOM requirements. - Oversee classified information control, including receipt, storage, transmission, and destruction. - Manage personnel security processes, including clearances, visit requests, and access determinations. - Conduct initial, annual, and refresher security training, briefings, and debriefings. - Maintain accurate security records, files, and compliance documentation. - Prepare for and support DCSA security reviews, audits, and inspections. - Serve as the primary liaison with DCSA and provide security guidance to leadership. - Ensure timely reporting of adverse information, incidents, and security violations. - Implement and enforce security policies, procedures, and best practices. - Ensure cleared personnel maintain eligibility for access to classified information. Insider Threat Program (ITPSO) - Establish, implement, and maintain an effective insider threat program in compliance with NISPOM requirements. - Gather, integrate, and report relevant information indicative of potential insider threat risks. - Serve as a key member or advisor to the organization's insider threat program. - Ensure insider threat responsibilities are integrated across all cleared programs and personnel. - Collaborate with leadership, security, and HR to identify and mitigate insider threat risks. - Ensure insider threat training and awareness is conducted for cleared personnel. - Report insider threat information and required data to DCSA as appropriate. - Maintain documentation and records supporting insider threat program compliance. REQUIRED SKILLS AND QUALIFICATIONS - Must possess an active Department of Defense (DoD) Top Secret security clearance. - Bachelor's degree in Security Management, Criminal Justice, Business Administration, or a related field preferred, or equivalent combination of education and relevant experience. - Experience serving as a Facility Security Officer (FSO) and/or contributing to an Insider Threat Program in a cleared environment. - Comprehensive knowledge of NISPOM and DCSA security requirements, with the ability to interpret and apply guidance effectively. - Experience leading or supporting DCSA audits, inspections, and compliance initiatives, including remediation efforts. - Experience developing and maintaining standard operating procedures (SOPs), security policies, and compliance documentation in accordance with NISPOM and DCSA requirements. - Experience leveraging Microsoft SharePoint and Teams to manage security documentation, track compliance activities, and support team collaboration. - Strong organizational, communication, and analytical skills with a proactive, solutions-oriented mindset. - Demonstrated ability to manage sensitive and classified information with discretion, integrity, and sound judgment. WHY THIS ROLE MATTERS This role is essential to protecting classified information and ensuring the integrity of personnel and operations. By integrating industrial security with insider threat oversight, the FSO/ITPSO plays a critical role in safeguarding the organization and supporting mission success. *Applicants selected will be United States citizens and may be subject to a government security investigation for access to classified information.* ABOUT US At MGS, we believe a people-first culture corresponds to organizational success through a commitment to excellence, integrity, inclusion, and an attitude that welcomes challenges meets demands, sustains growth, and drives innovation. We provide expert mission-first technical and programmatic services and solutions for the US intelligence community, the US Department of Defense, and other governmental agencies. We create people-first organizational cultures where employees feel needed in the system, not a system that needs employees. We provide you with long-term career opportunities centrally focused on our core value system: inclusion, integrity, and a commitment to excellence. MGS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status, and will not be discriminated against on the basis of disability.

Role Description We seek a highly skilled and experienced Senior Security Engineer to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. This role will be heavily geared towards CrowdStrike Falcon EDR, Cloud, and Identity modules. Your responsibilities will include: - Perform implementations, best practices reviews, and configuring of CrowdStrike Falcon Modules. - Implement and enforce security policies and procedures based on industry standards. - Conduct regular security assessments, audits, and ensure compliance with security standards. - Serve as a senior technical escalation for internal and client technical staff. - Implement and manage core security tools and solutions (EDR, Cloud, Identity, NGSIEM, Vulnerability, CSPM, Email Security, MDM, etc.). - Deploy and maintain endpoint and managed detection and response solutions (EDR/MDR), intrusion detection systems (IDS), and intrusion prevention systems (IPS). - Design and implement secure cloud policies and controls (Azure and AWS). - Utilize Cloud Security Posture Management (CSPM) technologies. - Ensure the security of SaaS platforms, including email, file sharing, and 3rd party applications. - Configure and manage security controls for servers and endpoints. - Implement security policies for Mobile Device Management (MDM). - Implement vulnerability scanning and automated penetration tests utilizing in-house tools. - Implement and manage IAM solutions, including single sign-on (SSO) and privileged access management (PAM). - Apply and enforce security configuration benchmarks (e.g., CIS, NIST). - Configure and manage network security policies across perimeter and internal network equipment. - Assist with the implementation and configuration of security awareness training programs and solutions. - Work closely with clients to understand their security needs and provide tailored solutions. - Collaborate with cross-functional teams to ensure security is integrated into all aspects of IT infrastructure. Qualifications - Bachelor's degree in Computer Science, Information Security, or related field. - Experience working in managed IT or Security services (MSP or MSSP). - Strong understanding of security technologies and frameworks. - Direct experience working with the CrowdStrike Falcon Platform required. - Direct experience working with Microsoft 365 required. - Excellent problem-solving and analytical skills. - Strong communication and interpersonal skills. - Authorization to work in the United States without current or future visa sponsorship. - CrowdStrike Certified Falcon Administrator (CCFA). Requirements - CrowdStrike Certified Identity Specialist (CCIS) preferred. - CrowdStrike Certified Cloud Specialist (CCCS) preferred. - Experience with enterprise security technologies (firewalls such as Palo Alto and FortiGate). - Experience with Cloud Solutions (Azure and/or AWS). - Experience participating in Security Assessments or hardening activities. - Ability to manage multiple clients, initiatives, and priorities effectively. - Skilled in gathering, assessing, and presenting technical security metrics and trends. Benefits - Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer. - Employer funding to HSA accounts and FSA access. - Access to a 401(k) through Vanguard with a guaranteed employer contribution. - Flexible vacation policy that allows you to manage your schedule. - 11 holidays with flexibility based on personal needs. - Family-friendly benefits, including extended parental leave and employer-paid disability and life insurance. - Support on individual development through certifications, continued learning, and conferences.