Role Description Senior hands-on technical lead for security assessment execution and for developing and validating the SCSEMs and automated evaluation files that drive every review. Distinct from the Computer & Information Systems Manager: this role is the deep technical author/assessor rather than the team manager. Key Responsibilities - Develop, update, and validate SCSEMs and automated evaluation files (Nessus audit / SCAP XCCDF), mapping to CIS Benchmarks, DISA STIGs, and applicable NIST controls. - Validate that automated checks accurately reflect required configurations and correctly evaluate both binary and non-binary conditions. - Lead hands-on system configuration checks and automated/manual compliance scanning during reviews. - Perform corrective actions and ad hoc fixes for identified issues, including logic errors in automated evaluation files. - Maintain configuration instructions and supporting documentation; ensure alignment between SCSEMs and automated files. Qualifications - Demonstrated experience identifying and applying information-security/cybersecurity requirements and ensuring they are addressed through development, implementation, and configuration. - Demonstrated experience implementing security controls, configuration changes, software/hardware updates, and vulnerability management within government organizations. - Hands-on experience securing configurations and authoring or tailoring SCSEM/STIG/CIS/Nessus content (preferred). Requirements - High School Diploma or higher. - Certifications / Licenses (minimum of ONE of the following): - CCNA Security - CySA+/CSA+ - GICSP - GSEC - Security+ CE - CND - SSCP - CASP+ CE - CCNP Security - CISA - CISSP (or Associate) - GCED - GCIH - CCSP - CAP - CISM - GSLC - CCISO - HCISPP - CEH - GSNA - CFR - PenTest+ - In lieu of a certification, graduation from a minimum 2-year IT/Cybersecurity program at an accredited college or university may be substituted. Preferred - Prior FTI/Safeguards review experience; demonstrated SCSEM/STIG/CIS/Nessus authoring. Commitment to Diversity eTelligent Group provides equal employment opportunities (EEO) to all applicants without regard to race, color, religion, gender, sexual orientation, gender identity, nations origin, age, disability, genetic information, marital status, amnesty, status as a covered veteran, and any other characteristic provided in accordance with applicable, federal, state and local laws.

• Evaluate, deploy, integrate, and optimize security tooling — including SAST, DAST, SCA, IAST, container scanning, SBOM generation, secrets detection, and API security testing — across CI/CD pipelines and developer workflows • Build automated workflows for vulnerability ingestion, prioritization, remediation tracking, and reporting, integrating with platforms such as GitHub Actions, Azure DevOps, Jenkins, Jira, and SIEM tools • Drive enterprise vulnerability management initiatives, including prioritization frameworks, SLA tracking, remediation velocity improvements, and security posture dashboards • Embed security-by-design principles into the SDLC, developing security guardrails and policy-as-code capabilities for cloud and application environments • Partner with DevOps and CI/CD teams to improve automated security validation, release governance, and software supply chain security • Serve as a senior technical advisor on application security, influencing engineering and product roadmaps to improve platform security and operational resilience • Mentor engineers and security practitioners on secure development and DevSecOps best practices

• Lead and execute the IT SOX program, including annual scoping, risk assessments, control design, testing strategy, and deficiency remediation • Own and continuously improve the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) ensuring alignment with SOX and COSO standards • Serve as the primary liaison to Internal and External Audit, driving efficient audit execution and high-quality outcomes • Partner closely with Finance and Internal Audit to co-develop control narratives, risk assessments, and audit committee materials • Drive the evolution of the Enterprise Risk Management (ERM) program for IT and Cybersecurity risks, including facilitating cross-functional risk workshops and maintaining the enterprise risk register • Translate technical risks into business-relevant insights and provide clear reporting to executive stakeholders, including the CIO and Audit Committee • Lead risk lifecycle activities including risk identification, assessment, mitigation planning, and ongoing monitoring • Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and inform decision-making • Author and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks • Evaluate and integrate GRC tools, automation, and analytics to enhance control monitoring and reporting capabilities • Review and assess third-party risk through SOC1/SOC2 and other service provider assurance reports • Lead and develop a small team (or provide functional leadership), fostering growth, accountability, and high performance • Drive cross-functional initiatives and special projects that strengthen governance, risk posture, and operational resilience

• Monitor, assess, and manage security risks related to open-source software dependencies, CVEs, and third-party components • Triage and validate vulnerabilities across applications, containers, infrastructure, and dependencies — prioritizing by exploitability, exposure, and business impact • Coordinate patch management initiatives and support automated patch deployment workflows with Release Engineering and DevOps teams • Support and expand the Security Champion program, partnering with developers to improve secure coding awareness and adoption • Integrate security controls into CI/CD pipelines and automate vulnerability scanning, dependency analysis, and security reporting • Develop playbooks, documentation, and educational materials that promote self-service security within engineering teams • Contribute to threat modeling, secure architecture discussions, and continuous improvement of secure SDLC processes