• Develop NIST 800-53 Rev5 based System Security Plan (SSP) • Create/Update the applicable documents identified by NIST 800-53 Rev 5, specifically the Security Assessment Report (SAR) • Create/Update the associated Plan of Actions and Milestones (POA&M) • Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities • Verify and document the implementation of security controls necessary to achieve compliance • Keep management apprised of impending areas of concern, verbally and in writing • Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (PO&Ms), and as well as other necessary artifacts • Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities to include valid remediation of findings • Develop various policy documents (SOPs/CONOPs) as required • This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments • Develop new, and mature existing information security and risk policies • Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture • Produce and review key performance indicators for implemented security measures and distribute KPIs • Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources

• Conduct independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL • Utilize FedRAMP experience • Collaborate with U.S. Government and Commercial environments • Produce assessments related to security controls and prepare reports • Coordinate with multi-agency or cross-organizational IT teams

• Simulate real-world adversaries and exploit vulnerabilities across applications and AI/ML systems • Design and execute adversarial attacks against LLM-powered products • Test RAG pipelines for data exfiltration and unauthorized knowledge extraction • Conduct penetration tests across various environments • Perform red team exercises simulating APT actors • Use AI models and tools to accelerate vulnerability discovery and exploit development

• We are looking for someone passionate about technology and information security, with a technical, investigative profile and a strong desire to learn. • This opportunity is ideal for students interested in working in a **Blue Team** environment, with exposure to both offensive and defensive security topics, as well as activities involving **Linux, development, automation and environment monitoring**. • We seek a curious person who likes to understand how things work, get hands-on, study security, and develop technical solutions. **Main responsibilities** • Support activities related to **Information Security**; • Assist with security analyses in Linux environments; • Support investigations, troubleshooting and log analysis; • Assist with activities related to **security monitoring (SOC)**; • Support **offensive security** initiatives, such as research, validation and security testing; • Develop or support automations, scripts and technical improvements; • Assist with integrations and analyses in security tools; • Participate in studies, tests and continuous improvements of the environments.