Role Description This is a position that requires a senior professional with strong knowledge of the Windows Client Operating System and managing Windows in an enterprise environment. This includes, but is not limited to: - Strong knowledge of Windows as a Service - Microsoft Configuration Manager - Operating System Deployment - Software/application packaging - Group Policy - Remote administration and troubleshooting Creative and critical thinking skills are essential. Work is performed with general oversight and consists of making moderate to substantial improvements or enhancements to systems and processes that improve performance of job area. Typically, responsible for creation and maintenance of technical documentation within job area, as well as providing guidance, coaching, and training to other employees. May also be responsible for managing complex projects at this level, involving delegation of work and review of work products, both inside and outside of immediate job area. Essential Functions: - Lifecycle management of Windows as a Service - Windows Client OS configuration, testing, deployment, and issue tracking - Managing bare metal deployments of the Windows Client OS - Managing Windows Client OS upgrade deployments - Software package development, testing, deployment, and issue tracking - Maintaining enterprise level configuration and management of Windows Client OS - Proactive discovery and remediation of potential issues within job area - Interpret a customer’s description of a problem and determines possible solutions - Educate and train support level staff in the use of established processes - Coordinate with hardware and software vendors to troubleshoot problems as needed - Create and maintain detailed documentation on processes and procedures for all systems within job area - Ability to create and maintain technical documentation for support level staff - Relevant vendor certifications (ITIL, CompTIA, Microsoft, etc.) - Ability to communicate ideas in both technical and user-friendly language - Highly self-motivated and directed, with keen attention to detail - Proven analytical and creative problem-solving abilities - Able to prioritize and execute tasks in a high-pressure environment - Strong customer service orientation - Ability to work in a team oriented, collaborative environment Qualifications - Bachelor’s Degree and minimum 6 years of prior relevant experience - Graduate Degree and a minimum of 4 years of prior related experience - In lieu of a degree, minimum of 10 years of prior related experience Requirements - Microsoft Configuration Manager - Windows Client OS Deployment - Microsoft Active Directory Administration (GPO) - Software/application packaging and deployment - Remote troubleshooting - Scripting (preferably with Visual Basic and PowerShell) - Microsoft Windows Client Administration - Microsoft Bitlocker Administration and Monitoring - Deep knowledge of Microsoft Configuration Manager - Deep knowledge of Windows as a Service - Experience with Visual Studio - Experience with ServiceNow - Experience with Microsoft SQL Benefits - Health and disability insurance - 401(k) match - Flexible spending accounts - EAP - Education assistance - Parental leave - Paid time off - Company-paid holidays

Title: Technical Cybersecurity Manager Location: Washington, District of Columbia, United States Job Description: Description At MetaPhase, we believe Quirky is Cool and being authentic is the only way to be! We take the work we do very seriously and do a lot of important mission-focused work for our clients. We are individuals with different passions and strengths who take as much joy in the work we do as from those we work with. Today, we have a team that is invested in creating new solutions that lean forward, challenge the status quo, but also reflect our intimate knowledge of our customers’ business. Over the years we have fostered a culture in which we are united by shared values—passion, solidarity, generosity, curiosity, and boldness—and these come alive in the work we do and how we do it. Together, we know our people are our difference—for our clients and our colleagues. Are you ready to: - Work alongside a dedicated and diverse set of people to offer honest advice and practical guidance to our clients? - Learn and grow by taking advantage of every opportunity available to you? - Join a company which prides itself on its shared values and inclusive culture? - Be the difference and make it happen? Role Summary MetaPhase is seeking an experienced Technical Cybersecurity Manager with eight or more (8+) year of experience to support a high-impact federal transportation security program. This role will lead the systems, tools, controls, and technical team responsible for protecting complex mission environments, including cloud, on-premise, enterprise IT, and operational technology environments. The ideal candidate is a hands-on cybersecurity leader with deep experience managing technical security controls such as firewalls, data loss prevention systems, vulnerability scanning, penetration testing, patching, encryption, endpoint protection, system hardening, and security monitoring. This individual will provide highly technical and specialized guidance, develop solutions to complex security problems, prepare reports and presentations for senior leadership, and may serve as a contractor task order Project Manager. What You Will Be Doing - Leading the technical cybersecurity team responsible for securing mission systems, cloud environments, on-premise infrastructure, and connected operational technology environments. - Managing and overseeing security controls including firewalls, DLP, encryption, endpoint protection, vulnerability scanning, penetration testing, patch management, configuration hardening, security monitoring, and incident response support. - Providing highly technical guidance and specialized cybersecurity solutions for complex security, architecture, engineering, and compliance challenges. - Supporting cybersecurity engineering activities across system design, development, deployment, operations, maintenance, and modernization efforts. - Managing security documentation and artifacts supporting ATO processes, including System Security Plans, Risk Assessments, Contingency Plans, POA&Ms, security packages, control implementation evidence, and continuous monitoring materials. - Supporting RMF, FedRAMP, FISMA, NIST 800-53, DHS/TSA cybersecurity requirements, and federal security governance processes. - Leading vulnerability management activities, including scan analysis, remediation planning, prioritization, tracking, reporting, and closure. - Overseeing patch management, operating system hardening, STIG implementation, configuration management, and remediation of security weaknesses. - Coordinating with ISSOs, system owners, architects, engineers, OEMs, infrastructure teams, cloud teams, and federal stakeholders to resolve technical security issues. - Performing detailed technical analyses, security studies, risk assessments, root cause analysis, and cybersecurity impact assessments. - Preparing reports, briefings, dashboards, and executive-level presentations for program leadership and upper management. - Supporting cloud security services, including secure architecture, control implementation, monitoring, compliance, and remediation for cloud or hybrid environments. - Supporting OT/IT convergence security, including environments involving connected devices, endpoint security, SCADA-adjacent concepts, industrial control considerations, and operational mission systems. - Leading or contributing to incident response, critical incident management, after-action reviews, and corrective action planning. - Serving independently or as part of an integrated Agile, DevSecOps, cybersecurity, engineering, or program management team. - Potentially serving as a contractor task order Project Manager, including planning, staffing, schedule tracking, risk management, performance reporting, and stakeholder coordination. What We Need From You (Required) - Minimum of eight or more (8+) years of progressive experience in IT, cybersecurity, security engineering, systems engineering, infrastructure, cloud, or related disciplines. - Minimum of six or more (6+) years of specialized experience across multiple advanced IT or cybersecurity disciplines involving a wide range of hardware and software solutions. - Minimum of four or more (4+) years of concentrated, hands-on experience delivering cloud-related security services. - Demonstrated experience managing technical cybersecurity systems, tools, controls, and the teams responsible for operating or supporting those systems. - Strong knowledge across security architecture, engineering, operations, compliance, vulnerability management, incident response, identity/access, endpoint security, and security monitoring. - Experience managing ATO documentation and ATO processes in federal environments. - Experience supporting RMF, NIST 800-53, FISMA, FedRAMP, POA&M management, security control assessment, continuous monitoring, and audit evidence development. - Experience with vulnerability scanning, penetration testing coordination, remediation planning, patch management, encryption, DLP, firewall rules, endpoint protection, and system hardening. - Familiarity with SCADA, ICS, OT, connected device, or industrial cybersecurity concepts. - Ability to analyze complex cybersecurity issues and develop practical, technically sound recommendations. - Experience preparing formal reports, technical briefings, risk summaries, and executive presentations. - Ability to work independently, lead teams, and collaborate across engineering, cybersecurity, cloud, infrastructure, program management, and federal stakeholder groups. What Sets You Apart (Preferred) - GIAC Global Industrial Cyber Security Professional (GICSP) certification. - CISSP, CISM, CCSP, CEH, Security+, CASP+, AWS Security Specialty, Azure Security Engineer, or equivalent certification. - Prior experience supporting DHS, TSA, transportation security, airport operations, defense, law enforcement, critical infrastructure, or national security missions. - Experience securing operational technology, industrial control systems, edge devices, connected equipment, or IoT/IIoT environments. - Experience with SIEM, SOAR, EDR/XDR, CSPM, CNAPP, SAST/DAST, container security, cloud logging, and cloud-native security services. - Experience supporting FedRAMP High, High/High/High FIPS systems, zero trust initiatives, or federal cloud migration programs. - Experience managing technical teams in Agile, DevSecOps, SAFe, or hybrid federal delivery environments. - Experience serving as a task order lead, technical lead, cybersecurity workstream lead, or contractor Project Manager. Work Location - Washington, DC / Nations Capital Region Remote Schedule - Hybrid; Remote work may be supported, with periodic onsite meetings at federal facilities or local field sites as required. Travel - Limited travel may be required for stakeholder meetings, integration activities, or OEM coordination. Education Level - Minimum bachelor’s degree in Computer Science, Information Technology, or Computer Engineering, or related field; equivalent experience may be considered. Clearance Level - Ability to obtain and maintain federal suitability or Public Trust is required - Active DHS suitability, Public Trust, Secret, or higher clearance preferred. - U.S. Citizenship required (NO EXCEPTIONS) About MetaPhase Consulting MetaPhase Consulting is different with a purpose - demonstrating a new approach to the industry that puts employees and culture first! We continue to be recognized by industry as one of the fastest growing and most impactful consultancies in the nation, and are aggressively hiring to grow our team: Fastest Growing - Inc 5000 Fastest Growing Company - 2020, 2021, 2022, 2023, 2024, 2025 - Washington Technology Fast 50 Award - 2020, 2021 - Financial Times America's Fastest Growing Companies – 2021, 2022, 2023, 2025, 2026 Best Places to Work - USA TODAY Top Workplaces – 2022, 2023, 2024, 2025 - Washington Post Best Places to Work – 2022, 2023, 2024, 2025 - Washington's Business Journal’s Best Places to Work – 2021, 2022 - Virginia Businesses Best Place to Work – 2021, 2022, 2023, 2024, 2025 - Northern Virginia Technology Council Top 100 Technology Firms – 2020 Company & Individual Awards - 2021, 2023, 2024, 2025 Moxie Award Finalist - 2022 SECAF Government Contractor Awards ($27.5 to $50 Million in Revenue) - 2022 FedHealth IT and G2XChange Women in in Leadership Awards – Beth Angerman - 2022 George Mason University Prominent Patriots in Business – Fred Costa - 2022 TiE DC Capital ELITE Award - 2023, 2024, 2025 Elev8 Engage GovCon Finalist - 2023, 2024 Maryland Tech Council ICON Awards Finalist for Government Contracting Company of the Year: Over $50 Million - 2023 Greater Washington Government Contractor of the Year ($25 to $75 million) Awards Finalist - 2024 Consulting Magazine Tech Innovator - 2025 Northern Virginia Technology Council Tech100 Company - 2026 FORUM Innovation Awards – ChallengeAI by Brian Funk (CTO) - 2026 FORUM Disruptive Tech Change Agent – Brian Funk (CTO) - 2026 Orange Slices Elev8[X] Finalist MetaPhase Consulting is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability or veteran status, or any other factors protected by federal, state, or local law. #dice #LI-Hybrid

Title: Sr Information Security Advisor /AWS (Secret Cleared) Location: USA VA Fairfax - 2677 Prosperity Ave (VAC779) Work Type: Hybrid, Full Time Job ID: RQ213364 Job Description: Type of Requisition: Regular Clearance Level Must Currently Possess: Secret Clearance Level Must Be Able to Obtain: Secret Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Data Security, Information Assurance, Information Security, System Security Certifications: AWS Certified Security - Specialty | Amazon Web Services (AWS) - Amazon Web Services (AWS), Certified Cloud Security Professional (CCSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2), Certified Ethical Hacker (CEH) | EC-Council - EC-Council, Certified Information Systems Security Professional (CISSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2) Experience: 8 + years of related experience US Citizenship Required: Yes Job Description: Information Security Analyst Sr Advisor Transform technology into opportunity as an Information Security Analyst Sr Advisor with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate. At GDIT, people are our differentiator. As an Information Security Analyst Sr Advisor you will help ensure today is safe and tomorrow is smarter. Our work depends on Information Security Analyst Sr Advisor joining our team to protect and defend critical law enforcement information systems and data. The successful candidate will be responsible for designing, implementing, and managing security measures across on-premises and cloud-based environments in compliance with policy and other applicable security standards. This role requires deep cybersecurity expertise and experience securing sensitive law enforcement data in highly regulated environments. HOW AN INFORMATION SECURITY ANALYST SR ADVISOR WILL MAKE AN IMPACT ● Performs all procedures necessary to ensure the safety of information threat detection /prevention systems assets and to protect systems from intentional or inadvertent access or destruction - Integrate and correlate logs from firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security tools for holistic situational awareness. ● Mentor the IT services team to achieve leadership in our cybersecurity posture ●Monitor, analyze systems and identify security issues for remediation, for example Splunk Enterprise Security ● Provide information assurance project management, technical security staff oversight, and development of mission critical technical documents ● The customer mission of national law enforcement requires cybersecurity compliance ● Ensure compliance with FISMA, NIST SP 800-53, and state/federal agency standards. - Conduct internal audits using tools such as Nessus to identify vulnerabilities and validate compliance. - Design and implement security controls in AWS GovCloud and secure on-prem environments. - Maintain secure Identity and Access Management (IAM) policies; manage roles and policies using AWS IAM or Okta. - Enforce secure data handling practices and monitor access to sensitive or classified data repositories. ● Education: Technical Training, Certification(s) or Degree: Bachelors degree ● Required Experience: Minimum of 5 years of experience in information security, with at least 2 years in a government or law enforcement environment. WHAT YOU’LL NEED TO SUCCEED: ● Required Technical Skills: Comprehensive knowledge of data security administration principles, methods, and techniques including both on-premises and cloud - Requires familiarity with domain structures, user authentication, and digital signatures - Requires understanding of firewall theory and configuration - Knowledge of NIST, FISMA, and FedRAMP compliance standards. Preferred Skills: One or more security related certifications like ISACA CISA, (ISC)2 CISSP, and/or CEH, CCSP, AWS Certified Security – Specialty ● Location: Hybrid ● U.S. Citizenship with the ability to pass a comprehensive background check and obtain/maintain agency fitness eligibility or other applicable security clearances. Clearance: Secret GDIT IS YOUR PLACE: ● Full-flex work week to own your priorities at work and at home ● 401K with company match ● Comprehensive health and wellness packages ● Internal mobility team dedicated to helping you own your career ● Professional growth opportunities including paid education and certifications ● Cutting-edge technology you can learn from ● Rest and recharge with paid vacation and holidays The likely salary range for this position is $140,250 - $189,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: None Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

Role Description We are looking for a hands-on Security Operations Engineer to own and evolve our security posture across infrastructure, endpoints, and internal systems. You will be the primary driver of day-to-day security operations — from managing protective tooling to responding to incidents and coordinating audits. This is a high-ownership role with direct impact on how the company detects, responds to, and prevents security threats. - Security Systems Management: - Own the configuration, maintenance, and continuous improvement of security tooling across the organization — including DLP, MDM, SIEM, and endpoint protection platforms. - Ensure policies are enforced, coverage is complete, and tooling stays current with evolving threats and business needs. - Incident Management: - Act as the first responder for security incidents: triage alerts, investigate root causes, coordinate containment and remediation, and produce clear post-mortem reports. - Build and refine runbooks and playbooks to reduce response time and improve team readiness over time. - Infrastructure Security: - Partner with DevOps and Engineering teams to embed security across cloud infrastructure, Kubernetes workloads, CI/CD pipelines, and network layers. - Conduct regular reviews of IAM policies, secrets management, network segmentation, and access controls to identify and close gaps before they become incidents. - Audit & Penetration Testing: - Coordinate internal and external security audits, manage relationships with pentest vendors, and track remediation of findings through to closure. - Conduct ongoing vulnerability assessments and support compliance activities (SOC 2, ISO 27001, PCI DSS, or equivalent) by maintaining evidence and responding to auditor requests. Qualifications - Hands-on experience administering DLP platforms (Forcepoint, Symantec DLP, Teramind, Nightfall, or similar) — policy authoring, tuning, and alert management. - MDM administration experience: Jamf, Kandji, Microsoft Intune, or equivalent — device enrollment, compliance policies, remote wipe, certificate management. - Familiarity with PAM solutions (CyberArk, HashiCorp Vault, BeyondTrust) and secrets lifecycle management. - Email security tooling: DMARC/DKIM/SPF configuration, anti-phishing platforms (Proofpoint, Mimecast). - Network security fundamentals: firewall rule management, IDS/IPS configuration, zero-trust access models, VPN and ZTNA (Cloudflare Access, Tailscale, Zscaler). - Infrastructure-as-Code security scanning: Checkov, tfsec, KICS for Terraform/Helm/Kubernetes manifests. - Structured incident response methodology: NIST SP 800-61, PICERL, or equivalent framework. - Digital forensics basics: memory and disk image acquisition, log preservation and chain of custody, timeline reconstruction. - Threat intelligence platforms and feeds: MISP, OpenCTI, VirusTotal, Shodan — IOC enrichment and threat correlation. - Practical knowledge of MITRE ATT&CK framework for detection mapping and adversary emulation. - Vulnerability scanning and management: Nessus, Qualys, Wiz, Orca Security — prioritization, SLA tracking, and remediation coordination. - Pentest coordination: scoping, managing NDA/RoE, validating findings, tracking remediation through to closure. - Web application security fundamentals: OWASP Top 10, common API vulnerabilities, ability to validate findings from external researchers. Requirements - Experience in fintech, crypto, or another regulated industry. - Relevant certifications: OSCP, CEH, GCIA, GCIH, GWAPT, Security+, CISSP, AWS Security Specialty, or CKS (Certified Kubernetes Security Specialist). - Compliance frameworks: SOC 2 Type II, ISO 27001, PCI DSS — evidence collection, control mapping, auditor interaction. - Exposure to blockchain-specific security considerations: smart contract audit basics, wallet security, on-chain threat monitoring. - Experience operating or hardening Web3-facing infrastructure. - SIEM deployment and tuning: Splunk, Elastic SIEM, Microsoft Sentinel, or similar — writing detection rules, building dashboards, reducing false positive rates. - Bug bounty program management: HackerOne, Bugcrowd, or equivalent — triage, researcher communication, severity classification. Benefits - Learning support - courses, English classes, and conferences (up to 100% reimbursement). - Unique loyalty program - receive corporate digital miners and earn passive income with no investment. - Team culture: retreats in international locations (for example, company apartments in Cyprus). - Memorable events with wow prizes - we celebrate big occasions in a big way. - “Employee of the Month” award - we recognize and reward our top performers. - Paid leave: up to 28 vacation days + 8 company holidays + 5 personal days per year. - New career tracks - real opportunities to grow into expert or top management roles. - Work-life fit - flexible hours and remote work. You don’t need to chase balance - here, work is a part of life, not the opposite. We aim to make work inspiring, not exhausting. For us, results matter most.