Role Description SkyePoint Decisions is seeking a Penetration Testing Team Lead to join our team supporting the Department of Education’s (DoED) Federal Student Aid (FSA) Cybersecurity and Privacy Support Services (CPSS) in Washington, DC. This is a remote position. - Plans, coordinates and leads red team and penetration testing engagements across FSA systems. - Oversees test planning, execution, and reporting. - Maintain tools (patches and upgrades), their environment and inventory used in pen testing/Red Team exercises. - Ensures alignment with NIST SP 800-115, MITRE ATT&CK, and DHS RVA standards. - Mentors junior testers and evaluates new testing tools. Qualifications - 12+ years of experience in offensive security. - At least one of: OSCP, OSCE, GXPN, CEH. - Experience with network, application, AWS cloud, and API testing in complex environments. Requirements - U.S. Citizenship is required for most positions. Benefits - Salary Range: $100,000-$120,000. - Certification incentive program. - PTO and floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans and Vision. - Short-Term/Long-Term Disability and Life Insurance. - 401k matched. - Flexible Work Environment.

Title: Information Security Engineer [Remote] Location: Belgrade, Serbia Job Description: About the job The Information Security Engineer is responsible for designing, implementing, and maintaining security controls across the organization’s cloud, identity, endpoint, and network environments. This role focuses on engineering secure configurations, building automation, integrating security tooling, and ensuring the ongoing protection of systems and data. The Information Security Engineer works closely with the IT & InfoSec Helpdesk, Infrastructure teams, and Development teams to architect secure solutions, conduct security assessments, and implement governance frameworks aligned to ISO 27001 and internal InfoSec policies. This role also supports complex incident response activities, assists in root-cause analysis, and ensures controls are implemented following secure-by-design principles. The shift for these positions is 08.00 - 17.00 CET/CEST with Saturday & Sunday off. Responsibilities Security Engineering & Control Implementation: - Design, implement, and maintain security controls across Azure, Entra ID, Microsoft 365, network, and endpoint environments. - Develop and maintain secure configurations, baselines, and policy frameworks using Azure Policy, Intune compliance, and conditional access. - Integrate and optimize security tools including Microsoft Defender suite, SIEM/SOAR platforms, cloud security posture management, and identity governance systems. Cloud & Infrastructure Security Architecture: - Support the design and review of cloud architectures, including secure VNet design, firewalls/NSGs, Private Link, and hybrid connectivity. - Implement key cloud security protections such as encryption, identity governance, privileged access control, and secure automation frameworks. - Partner with Cloud Engineers to codify security controls using Infrastructure-as-Code (IaC). Identity & Acess Security (Entra ID & M365): - Implement and manage identity governance: MFA, Conditional Access, PIM, RBAC, role lifecycle automation. - Review, assess, and refine authentication and access control configurations. - Conduct periodic privileged access audits and align identity practices with Zero Trust principles. Security Monitoring & Threat Engineering: - Tune and enhance SIEM/Sentinel detections, automation, and response playbooks. - Develop KQL detection queries aligned to threat behaviours and emerging attack patterns. - Improve signal fidelity across Defender platforms and integrate new data sources Incident Response & Digital Forensics Support: - Serve as technical escalation during high-severity incidents. - Perform deep-dive investigations into identity compromise, cloud misconfigurations, lateral movement, and high-risk endpoint activity. - Provide forensic artefact analysis support (logs, file metadata, registry data, process analysis). - Implement long-term remediation items and drive post-incident improvements. Vulnerability & Risk Management - Support vulnerability assessment programs across cloud, endpoints, and SaaS platforms. - · Validate remediation efforts with system owners and ensure alignment to risk thresholds. - · Interpret vulnerabilities based on severity, real-world exploitability, and exposure in Microsoft, cloud, and identity stacks. Compliance, Governance & ISO 27001 Alignment - Implement and maintain controls aligned with ISO 27001:2022 requirements. - Support evidence collection, audit preparation, and remediation of nonconformities. - Maintain accurate documentation including policies, baselines, runbooks, and reference diagrams. Automation, Scripting & Continuous Improvement - Build and maintain automation using PowerShell, Azure CLI, Logic Apps, and Functions. - Automate user lifecycle, security state validation, incident containment tasks, and compliance reporting. - Continuously identify opportunities to strengthen security posture through modernization, simplification, and automation. Collaboration & Knowledge Leadership - Work closely with Cloud, IT Support, Development, and Compliance teams to embed security into operational and architectural decision-making. - Mentor InfoSec Analysts and provide guidance on investigation techniques, threat identification, and control operation. - Deliver internal training, knowledge-transfer sessions, and documentation. Ticket Resolution & Request Fulfilment - Respond to and resolve incidents and requests within the agreed SLAs. - Handle user and complex incidents across Azure, AVD, and M365; drive quick MTTR and reduce ticket reopens via robust post-resolution notes and KB updates. - Fulfil service requests (e.g., resource provisioning, AVD image updates, M365 security baselines, conditional access adjustments). - Problem management: identify recurring issues, perform root-cause analysis, raise Problem records, and propose corrective/preventive actions. - Escalation management: engage vendor support only after thorough triage and data collection (logs, timelines, impacted scope). About You Required Experience - 4+ years of experience in information security engineering, cloud security, or infrastructure security roles. - Hands-on experience implementing security controls in Azure and Microsoft 365 ecosystems. - Experience with Defender for Endpoint, Defender for Cloud, Defender for Identity, and Sentinel. - Experience with secure cloud networking, identity governance, and Zero Trust principles. - Experience supporting complex incident response investigations. - Familiarity with ITIL processes (incident, change, problem). - Understanding of security frameworks (i.e. ISO 27001:2022) and data privacy regulations (i.e. GDPR). Technical Skills - Azure security architecture, governance, and configuration. - Advanced Entra ID identity governance and access control. - Endpoint and cloud threat detection (Defender suite). - SIEM/SOAR engineering (Sentinel, Logic Apps). - PowerShell, automation, and API integration. - KQL, log analysis, and detection engineering. - Infrastructure-as-Code familiarity (Bicep/ARM/Terraform). - Secure network design, segmentation, and encryption practices. Soft skills - Customer focused: prioritizing the needs and satisfaction of users and clients in every interaction. - Communication: effective communication skills to collaborate with cross-functional teams, management, and external stakeholders. - Collaborative: working effectively with cross-functional teams to achieve common goals. - Innovative: consistently seeking new ideas and approaches to solve problems and improve processes. - Problem-solving: analytical mindset to identify gaps and recommend solutions. - Adaptability: the infrastructure, security, and client landscape evolve rapidly, so adaptability is crucial. The following qualifications are mandatory: - CompTIA Security+ or similar (i.e. ISC2 Certified in Cybersecurity) - SC-300: Identity & Access Administrator The following qualifications would be advantageous: - AZ-500: Azure Security Engineer - SC-200: Security Operations Analyst - ISO 27001: 2022 Foundations

• Deploy and configure Endpoint Detection and Response (EDR) agents across client environments. Customize detection policies to minimize false positives and ensure seamless client business operations. • Analyze EDR telemetry to detect "living off the land" attacks and anomalies that traditional antivirus would miss. • Actively monitor client endpoints for malicious indicators. When threats are detected, immediately isolate compromised devices and communicate the scope of the incident to the customer and cross-functional teams supporting the customer. • Generate monthly executive summaries for clients detailing blocked attacks, health status, and ROI on their security investment. • Schedule and run next-gen vulnerability scans on client networks and execute penetration tests as applicable against client assets.. Review the results with the client's (or their IT point-of-contact), prioritize critical patches, and verify their remediation. • Monitor for threats and vulnerabilities specific to “Smart Home” and Internet of Things (IoT), alert impacted clients, and assist clients in the hardening of their home networks and IoT devices. • Proactively monitor the Dark Web and criminal forums for our clients' compromised credentials, leaked intellectual property, or domain spoofing. • Work with cross-functional teams to alert clients immediately upon discovery of leaked data and provide specific instructions on changing passwords or locking down accounts. • Manage the credit monitoring platform, and alert clients to changes in credit scores, new credit inquiries/accounts and other identity alerts that could indicate fraudulent activity. • In conjunction with Client Success Managers, serve as the dedicated case manager for confirmed identity theft incidents. Handle the end-to-end resolution process so the client does not have to navigate the bureaucracy alone. • Assist in the restoration of compromised accounts, including synthetic identity fraud, medical identity theft, and tax refund fraud. • Actively hunt for client PII on people-search sites and data broker databases. Manage the "opt-out" and removal process to minimize their public attack surface. • Identify repetitive manual tasks (e.g., alert triage, monthly reporting, initial containment) and build SOAR playbooks or scripts (Python/PowerShell) to automate them. • Evaluate and implement AI-driven tools to enhance threat detection accuracy. Utilize Machine Learning features within our stack to reduce "alert fatigue" and false positives. • Continuously assess our toolset's architecture. optimize API integrations between our Identity platforms, EDR, and ticketing systems to ensure we can handle increased client volume without linear headcount growth. • Conduct "Post-Mortem" reviews after incidents or complex identity cases to identify process gaps, updating standard operating procedures (SOPs) to be faster and smarter next time. • Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations • Develop custom scripts, tools, or methodologies to enhance our Incident Response processes • Develop comprehensive and accurate reports of forensic findings and Incident Response activities for both technical and executive audiences • Be part of an on-call rotation and escalation team • Participate in knowledge transfer sessions, product training and other strategic initiatives as needed • Maintain working knowledge of BlackCloak’s solutions, platform features and best practices • Mentor and support Client Success and Security Team Members • Work closely with the engineering and product teams to continuously improve BlackCloak products • Perform research and development on the latest cyber security attack and defense trends • Work with the sales team to do technical demonstrations and provide subject matter expertise • This position will require occasional time on nights and weekends to address client incidents, emergency onboardings and issues.

Role Description SkyePoint Decisions is seeking a Cyber Hunt Team Leader to join our team supporting the Department of Education’s (DoED) Federal Student Aid (FSA) Cybersecurity and Privacy Support Services (CPSS) in Washington, DC. This is a remote position. - Leads proactive threat hunting missions and advanced analytics. - Coordinates with SOC, CTI and other business partners and government teams to identify and mitigate advanced persistent threats (APTs). - Develops threat hypotheses, detection logic, and knowledge base of IoCs. - Supports Purple Team exercises and threat emulation. Qualifications - 10+ years of cybersecurity experience. - At least one of: CISSP, GCIH, GCFA, CEH. - Experience with EDR/NDR, SIEM, MITRE ATT&CK, and threat emulation. - Strong understanding of operating systems, networking, adversary tactics, techniques, and procedures (TTPs). - Must be a U.S. citizen. - Must be able to obtain a Public Trust. Requirements - Salary Range: $100,000-$120,000 - Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate’s combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations. Benefits - Certification incentive program. - PTO and floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans and Vision. - Short-Term/Long-Term Disability and Life Insurance. - 401k matched. - Flexible Work Environment.