Security Engineer Remote Jobs in North Carolina (US)
This page tracks remote security engineer openings that are location-eligible for North Carolina.
This page tracks remote security engineer openings that are location-eligible for North Carolina.
Open jobs
3,910
Hiring companies this week
10
Salary sample
$127 - $176,400
Jobs added last hour
0
3910 Jobs
1987 Companies
Reinsurance Group of America, Incorporated (RGA), a Fortune 500 company, is among the leading global providers of life reinsurance and financial solutions, with approximately $3.5 trillion of life reinsurance in force and assets of $92.2 billion as of December 31, 2021. Founded in 1973, RGA today is recognized for its deep technical expertise in risk and capital management, innovative solutions, and commitment to serving its clients. With headquarters in St. Louis, Missouri, and operations around the world, RGA delivers expert solutions in individual life reinsurance, individual living benefits reinsurance, group reinsurance, health reinsurance, facultative underwriting, product development, and financial solutions. To learn more about RGA and its businesses, visit our website at www.rgare.com.
Role Description Under limited supervision, this role acts as a strategic bridge between technical security controls and enterprise compliance and risk requirements as part of a ServiceNow IRM/GRC implementation team supporting the Global Security Office (GSO) and Enterprise Risk initiatives; with primary accountability for automating, designing, configuring, and sustaining scalable IRM capabilities while adhering to security frameworks within the ServiceNow platform. The position requires practical experience translating regulatory, risk, audit, and compliance requirements into production-ready platform configurations, mappings, workflows, data models, and reporting analytics, not just advisory guidance, including requirements validation against user stories, UAT coordination, agile testing support, and release readiness. The role requires a strong analytical and problem-solving approach to operationalize GRC lifecycles—including policy, compliance, risk, audit, and regulatory change management—and to clearly communicate complex IRM concepts and design decisions to both technical teams and business stakeholders, supported by stakeholder enablement through role-based training, job aids, and awareness communications. Responsibilities include monitoring and evaluation of control, regulatory, and security processes to ensure assurance over global systems and data, leveraging advanced understanding of ServiceNow IRM/Audit functionality, CMDB and entity modeling fundamentals, and an in-depth understanding of ServiceNow platform dependencies and integrations. Principal Duties - Work with functional and technical requirements to design and implement within ServiceNow Enterprise IRM Application and automate where possible. - Support and maintain ongoing processes for Enterprise IRM Application with scope, product, and operational changes/maintenance. - Capture, support, and validate requirements to technical developers and move along deployment lifecycle including user acceptance testing and agile testing, assuring alignment between stories and stakeholders and taking processes into features/requirements for implementations. - Understand dependencies as aligned to ServiceNow architectural requirements. - Collaborate with compliance, security, and risk professionals on projects related to compliance with regards to Security Frameworks (NIST CSF/SOX/DORA) and other regulations. - Develop and administer just-in-time training and awareness campaigns for various IRM/GRC groups within the company. - Provide process improvement recommendations to mitigate risk, meet business obligations, and regulatory requirements. - Facilitate incoming audits and assessments, coordinate discussions with appropriate owners and business stakeholders, and follow up on any remediation activities identified to meet associated due dates to ensure timely completion. - Participate in the development of policies, standards, controls, procedures, and security and privacy audits and assessments. - Ability to structure, scope, and compile data to support reporting. - Perform other duties as assigned. Qualifications - Bachelor’s degree or equivalent experience - Required - Master's degree or professional industry certification - Preferred - 4+ years' relevant experience in IT security, privacy, audit, controls and regulatory compliance, or related experience - Required - Deep understanding of ServiceNow platform and its capabilities, dependencies with proficiency in ServiceNow administration and development and architectural requirements with experience in Version(s) after Yokohama - Required - ServiceNow GRC framework and process administration (Regulatory Change Management a plus) - Required - General knowledge of business and technology operations; ability to work well within a team setting and maintain a high level of confidentiality - Required - Intermediate knowledge of global standards and regulations regarding security, privacy, and fraud - Required - Demonstrated ability to learn and stay current on data privacy, data security, and fraud threats and vulnerabilities - Required - Intermediate organizational, planning and task management skills with high attention to detail; ability to adjust to changing priorities and work under tight timelines - Required - Intermediate level of investigative, analytical and problem-solving skills; ability to set goals, communicate expected outcomes and liaise with individuals across a variety of functions and levels - Required - Excellent customer service skills; ability to balance multiple priorities, deadlines and deliverables while maintaining a positive attitude - Required - Intermediate oral and written communication skills; ability to convey information in a clear and concise manner and provide regular proactive updates to team members, key stakeholders, and mid-level management - Required - Quick to adapt to new methods; ability to be flexible when needed, take initiative and demonstrate accountability - Required - Insurance/Reinsurance industry experience or certifications - Preferred - Information security, privacy, compliance, risk or audit professional certifications, such as: SSCP, CIPP, CISA and Security+ - Preferred - Intermediate understanding of domestic and global security & regulations - Preferred Requirements - ServiceNow Expertise as GRC Admin or GRC/IRM implementation analyst OR ServiceNow University GRC: Integrated Risk Management (IRM) Implementer - Required - Strong understanding of GRC Lifecycles management (Policy, Controls, Audit, Risk, Regulatory Change Management, Advance Risk and Advance Audit) - Required - Strong understanding of Reporting, Dashboards, and workspace within ServiceNow - Required - Understanding of Regulatory tool integrations with ServiceNow - Strong understanding of Entities/CMDB within ServiceNow - Required - Microsoft Office application experience (Excel, Word, Visio, Teams, SharePoint) - Required - Familiarity with IT and security systems - Required - Knowledge of applicable regulations such as Sarbanes-Oxley, DORA, NY DFS, GLBA, GDPR etc. - Required - IT Control Frameworks including NIST CSF/P, NIST AI, COBIT, ITIL, ISO 27001/27002, CIS, etc. - Preferred - Knowledge of risk assessment methods - Preferred - Experience reviewing SOC1 and SOC2 attestations - Preferred - Project management skills/experience - Preferred - Power-BI Experience for reporting, queries and creating dashboards - Preferred Benefits - Gain valuable knowledge from and experience with diverse, caring colleagues around the world. - Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought. - Join the bright and creative minds of RGA, and experience vast, endless career potential. Compensation Range $89,310.00 - $134,870.00 Annual. Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits. Company Description RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions.
We are not a typical consulting firm and our people are not typical consultants.
Role Description Please note: This role is contingent upon a contract award. While it is not an immediate opening, we are actively conducting interviews and extending offers in anticipation of the award. ICF is seeking a Senior Cyber Security Specialist to support a secure federal ServiceNow program with multiple mission workstreams. This role is responsible for helping maintain the security posture of the platform and supporting the security activities that keep development, testing, release, and sustainment efforts aligned to federal cybersecurity requirements. The ideal candidate is an experienced security professional who can work across infrastructure, application, data, and development teams to support: - Vulnerability management - Access control - System authorization - Continuous monitoring You will help ensure security is built into the lifecycle of the solution, not added after the fact, while also supporting operational workflows, release readiness, and compliance tracking in a fast-paced Agile environment. Job Location: - Remote work is authorized. - Must support US Eastern time zone working hours. - Preference to candidates who live in the Washington DC metro area. *If you accept this position, you should note that ICF does monitor employee work locations, blocks access from foreign locations/foreign IP addresses, and prohibits personal VPN connections. Qualifications - Must be a U.S. citizen and possess an active Top Secret security clearance, as required by the federal contract. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field. - 6+ years of relevant experience in information security, cybersecurity, or system security roles. - 6+ years of experience supporting federal security frameworks such as FISMA, NIST RMF, or similar. Requirements - Support the security posture of enterprise ServiceNow systems and related applications. - Assist with security governance, system authorization, and continuous monitoring activities. - Develop, maintain, and update security documentation and artifacts such as SSPs, POA&Ms, risk registers, and related compliance materials. - Support ATO efforts, security assessments, evidence gathering, and control validation. - Track and remediate vulnerabilities, scan findings, and security issues through closure. - Coordinate with developers, administrators, testers, and program stakeholders to ensure security findings are understood and addressed. - Support access control reviews, role-based permissions, least-privilege practices, and secure user administration. - Help evaluate security implications of workflow changes, data integrations, releases, and configuration updates. - Support audit preparation, findings response, and ongoing compliance reporting. - Monitor and document security process changes, configuration updates, and remediation actions. - Contribute to secure release practices, including validation of fixes and scan remediation before deployment. - Support incident and issue triage from a security perspective when needed. Benefits - Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. - All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Company Description ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. - We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. - We are an equal opportunity employer. - Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals.
• Maintain, mature, and take ownership of our program that ensures conformance to security standards. This includes but is not limited to conformance with ISO 27001, ISO 27018, ISO 42001, Privacy laws, ISO 9001, GovRAMP, FedRAMP, NIST 800, SOC, and CIS Top Controls. • Facilitate annual independent audits of our organization by third-party security and privacy experts. Create audit plan, co-ordinate with stakeholders, review reports and remediate audit findings. • Responsible for planning and managing multiple security improvement projects from requirements phase through deployment/implementation. • Managing document and record control processes and procedures, including maintaining accurate inventories and records of compliance/conformance artifacts • Responsible for our Security Awareness and related training programs. Maintains and improves processes, platforms and systems that support our training campaigns and content. Creates, monitors and reports on campaigns. • Supports business development by responding to requests for security and privacy information that is included in proposals for new business. • Performs security risk assessments of software acquisitions, technical services, business systems and new technologies. • Owns and administers a GRC tool to track security controls and current conformance status. Ensures that relevant security artifacts are recorded and updated. • Conducts enterprise risk assessment reviews and report out to senior management regarding security issues and metrics – both as an ongoing process and on an as-needed basis. • Assists in continual improvement by examining our current security posture and security practices, identifying risks or gaps, and recommending programs to address them. • Manages privacy risks including exposures created by cookies and APIs. Maintains Privacy policies and ensures compliance.
Access coaching, courses, and content powered by 1,000+ career and admissions experts.
• Work with clients looking to break into or grow within cybersecurity roles • Teach core cyber security strategy, network security, and incident response skills • Help clients build strong risk assessment, security auditing, and vulnerability management practices • Support clients on the career side, offering resume review, LinkedIn review, and cover letter guidance • Provide behavioral and technical interview prep tailored to cybersecurity roles • Additional support includes networking strategy, salary negotiation, promotion strategy, broader skill building, and guidance for freelancing opportunities
• Advance the frontier of AI Reinforcement Learning development and delivery • Build the infrastructure and tooling that transforms real-world vulnerability research into large-scale reinforcement learning environments • Create training environments that teach AI systems how to hack and defend software • Work at the intersection of AI, security research, and systems engineering
• Administer, configure, deploy, and maintain Cisco FirePower Threat Defense (FTD) and SkyHigh Web Gateway appliances across the authorization boundary and enterprise-level environments • Implement advanced intrusion prevention systems (IPS) using CISCO FirePower to identify and block malicious traffic • Implement CISCO routers (CSRs) to do Policy Based Routing (PBR) on all network traffic from the Virtual Private Clouds (VPC) • Design and optimize Security Rule Sets (SRUs) and tailor policies to meet organizational and mission-critical security requirements • Perform threat analysis, event correlation, and deep packet inspection to mitigate emerging cyber threats • Configure and manage Cisco FireSight/FirePower Management Center (FMC) for centralized policy management, event monitoring, and system reporting • Integrate FirePower NGIPS with other security solutions such as SIEM or SOAR platforms to enable automated threat response capabilities • Conduct regular audits and vulnerability assessments within FirePower systems to identify gaps in coverage • Troubleshoot Cisco FirePower appliances for performance issues, ensuring high availability and resilience across the network • Collaborate with cross-functional IT and security teams to optimize firewall configurations and enforce Zero Trust principles • Create and maintain detailed documentation for system configurations, policies, procedures, and operational tasks • Provide technical expertise, guidance, and training to internal teams on Cisco FirePower operations and best practices
Molina Healthcare is a Fortune 500 managed care company with a storied history that dates back to 1980 and the opening of a medical clinic by Dr. C. David Molin
Role Description Builds company specific systems and technology expertise across multiple infrastructure and development disciplines. - Responsible for task management and adherence to process controls. - Responsible for troubleshooting and incident resolution for support functions. - Contributes to on-call rotation schedules and off-hour support activities. - Contributes to organize, manage and lead cross-team project tasks and deliverables. - Contributes to the Infrastructure Solution Architect project design function. - Contributes to solution architecture delivery within project management methodologies and timelines. - Contributes to root cause analysis and problem solving. - Contributes to tactical build and configuration activities. - Provides cross-organization teamwork, collaboration, communication and leadership. - Provides constructive feedback on people, process and technology for continuous improvement. Qualifications - Bachelor's Degree. Requirements - 1-4 years of IT technical experience with IT enterprise infrastructure. - Industry certifications preferred. Benefits - Molina Healthcare offers a competitive benefits and compensation package. Company Description - Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V.
Role Description We are looking for a highly technical Security Engineer with deep experience across application security, AWS cloud security, offensive security, secure SDLC, threat modeling and AI security. This role is suited for someone who can operate at both the engineering and adversarial levels by reviewing architecture, testing applications, identifying exploitable weaknesses, automating security workflows, securing AWS infrastructure and helping product teams build resilient systems. The ideal candidate has hands-on experience with SAST, DAST, SCA, manual application security testing, AWS security reviews, red teaming, SIEM-driven detection workflows, infrastructure-as-code security and security automation. They should be comfortable working directly with engineering teams while also thinking like an attacker to uncover realistic abuse paths across applications, APIs, AWS services, CI/CD pipelines and AI-enabled systems. Key Responsibilities - Lead security reviews for web applications, APIs, microservices, AWS workloads, internal platforms and AI-enabled products. - Perform advanced application security testing using SAST, DAST, SCA, manual code review, API testing and business logic testing. - Identify vulnerabilities across authentication, authorization, session management, access control, injection, SSRF, deserialization, insecure file handling, data exposure and insecure API design. - Conduct threat modeling for new products, critical features, AWS architectures, AI workflows, identity systems and high-risk data flows. - Build and improve secure SDLC processes, including security requirements, code scanning, dependency review, CI/CD security gates and release risk assessments. - Review infrastructure-as-code templates such as Terraform, CloudFormation, AWS CDK, Helm charts and Kubernetes manifests for security misconfigurations. - Assess AWS environments for IAM weaknesses, exposed services, insecure networking, public S3 buckets, secrets leakage, logging gaps, encryption issues, workload risks and privilege escalation paths. - Review AWS IAM policies, roles, trust relationships, permission boundaries, service control policies, identity federation and cross-account access patterns. - Assess AWS services such as EC2, S3, Lambda, ECS, EKS, RDS, API Gateway, CloudFront, WAF, KMS, Secrets Manager, Systems Manager, ECR, VPC, Route 53 and IAM Identity Center. - Conduct red team exercises, adversary simulations, attack path analysis and controlled exploitation to validate real-world risk. - Develop proof-of-concept exploits, custom scripts and automation to reproduce vulnerabilities and demonstrate business impact. - Evaluate containerized and Kubernetes environments, including EKS, for workload isolation, RBAC issues, exposed services, image risks, secrets handling and runtime security gaps. - Assess CI/CD pipelines for insecure workflows, overprivileged tokens, secrets exposure, supply chain risks, artifact integrity and deployment abuse paths. - Perform software composition analysis to identify vulnerable dependencies, license risks, malicious packages, transitive dependency exposure and supply chain weaknesses. - Use SIEM and security telemetry to support investigations, validate attack paths, improve detections and measure control effectiveness. - Build detection logic, threat hunting queries, dashboards and alerting workflows using SIEM platforms such as Splunk, Microsoft Sentinel, Elastic, Chronicle or AWS-native telemetry. - Use AWS security services such as GuardDuty, Security Hub, CloudTrail, AWS Config, Inspector, Detective, Macie, IAM Access Analyzer, Security Lake and CloudWatch to improve visibility and detection coverage. - Automate security workflows using Python, Bash, PowerShell, Go or similar scripting languages. - Develop threat automation for vulnerability enrichment, alert triage, AWS posture checks, attack simulation, evidence collection and remediation tracking. - Partner with DevOps and platform teams to improve secrets management, identity controls, network segmentation, logging, monitoring and secure deployment patterns. - Assess AI and LLM-based systems for risks such as prompt injection, indirect prompt injection, data leakage, insecure tool use, excessive agency, jailbreaks, model abuse, retrieval poisoning and unsafe agent behavior. - Review AI workloads using AWS services such as Amazon Bedrock, SageMaker, Lambda, API Gateway, S3, KMS and IAM for secure design, data protection and access control. - Produce clear technical reports with evidence, exploitability, impact, likelihood, risk rating and actionable remediation guidance. - Mentor engineers and security team members on secure coding, AWS security, offensive testing, threat modeling and AI security risks. Qualifications - Strong hands-on experience in application security, product security, AWS cloud security, offensive security or security engineering. - Deep understanding of secure SDLC practices and experience embedding security into engineering workflows. - Practical experience with SAST, DAST, SCA, manual penetration testing, code review and vulnerability validation. - Strong knowledge of OWASP Top 10, OWASP API Security Top 10, OWASP ASVS, common CWE classes and real-world application attack techniques. - Experience testing web applications, APIs, microservices, cloud services, containers and distributed systems. - Strong understanding of authentication, authorization, identity federation, OAuth, OIDC, SAML, JWT, session security and access control design. - Hands-on experience securing AWS environments in production. - Strong knowledge of AWS IAM, VPC networking, encryption, KMS, Secrets Manager, S3 security, CloudTrail, GuardDuty, Security Hub, AWS Config and workload hardening. - Experience reviewing infrastructure-as-code and identifying security issues in Terraform, CloudFormation, AWS CDK, Kubernetes YAML, Helm, Dockerfiles or similar technologies. - Experience with CI/CD security across tools such as bitbucket pipelines, Jenkins, AWS CodePipeline, or similar platforms. - Experience with red teaming, adversary emulation, penetration testing, exploit development, attack path mapping or offensive security assessments. - Familiarity with SIEM platforms and the ability to write detection or hunting queries using SPL, KQL, SQL, Lucene, YARA, Sigma or similar languages. - Strong scripting ability in Python, Bash, PowerShell, JavaScript or similar languages. - Ability to automate repetitive security tasks and build internal tools that improve security testing, visibility and response. - Familiarity with container and Kubernetes security, including ECS, EKS, RBAC, admission controls, image scanning, runtime controls, network policies and secrets handling. - Ability to review code in languages such as Python, JavaScript, TypeScript, Java, Go, Kotlin, C# or similar. - Strong written and verbal communication skills, with the ability to explain complex technical risks to engineering and leadership teams. Preferred Qualifications - Experience securing AI-enabled applications, LLM products, autonomous agents, RAG pipelines, AI plugins or ML infrastructure. - Experience performing AI red teaming, prompt injection testing, jailbreak testing, model abuse testing or evaluation of agentic workflows. - Experience with AWS Organizations, Control Tower, service control policies, multi-account security patterns and centralized logging. - Experience with threat modeling methodologies such as STRIDE, PASTA, attack trees, abuse cases, data flow diagrams or architecture risk reviews. - Experience with security automation, SOAR workflows, detection-as-code, policy-as-code or cloud security posture automation. - Experience with tools such as Burp Suite Pro, OWASP ZAP, Semgrep, CodeQL, Checkmarx, Fortify, Veracode, Snyk, Dependabot, Trivy, Grype, Syft, Gitleaks, Checkov, tfsec, Prowler, ScoutSuite, Wiz, Prisma Cloud or similar. - Experience building custom security tooling, scanners, exploit harnesses, detection rules, cloud guardrails or CI/CD security integrations. - Experience with MITRE ATT&CK, MITRE ATLAS, CIS Benchmarks, AWS Well-Architected Security Pillar, NIST, ISO 27001, SOC 2, PCI DSS or similar frameworks. - Experience with bug bounty programs, coordinated vulnerability disclosure, internal red team programs or external penetration testing engagements. - Relevant certifications such as OSCP, OSWE, OSEP, GWAPT, AWS Certified Security Specialty, AWS Solutions Architect, CISSP or equivalent practical experience. What Success Looks Like - Security is embedded into design, development, testing and deployment workflows. - SAST, DAST, SCA, secrets scanning, IaC scanning and AWS posture checks are implemented with practical tuning and low operational noise. - High-risk application and AWS vulnerabilities are identified early, validated accurately and remediated with engineering partnership. - Threat models are used to influence architecture decisions before systems reach production. - Red team findings translate into improved controls, stronger detections and reduced attack paths. - SIEM, AWS logs and security telemetry are used to validate security controls and detect realistic abuse scenarios. - Security automation reduces manual review effort and accelerates vulnerability management, investigation and remediation. - AI-enabled systems are reviewed for emerging threats before they are released or scaled. - Engineering teams view security as a technical partner that helps them ship resilient products.
Headquartered in Plantation, Florida; Tradestation is an online brokerage company dedicated to making money work harder. Established in 1982, Tradestation has g
Role Description We are looking for a Security Engineer who will be responsible for the engineering, design, implementation, maintenance, monitoring, analysis, and administration of TradeStation’s security solutions and security information. The Security Engineer will also establish procedures, and, wherever possible, automate tasks to reduce operational overhead. The role will also act as a security project lead and subject matter expert in the Information Security domain. - Design, implement, configure, and troubleshoot enterprise security technologies and infrastructure - Perform vulnerability assessments, validate security controls, and drive remediation efforts across on-premises and cloud environments - Partner with infrastructure, development, and project teams to integrate security controls throughout the system development lifecycle - Secure and continuously improve public cloud environments by implementing security best practices and monitoring controls - Collaborate with Network and Systems Engineering teams to design, document, and maintain network security architectures and firewall configurations - Lead and participate in security incident response, including technical analysis, containment, eradication, and post-incident reviews - Develop and maintain security documentation, including SOPs, technical standards, runbooks, and response playbooks - Evaluate and implement security technologies and automation to improve security posture and operational efficiency - Support security operations through on-call rotation and after-hours incident response as needed - Support security assessments, audits, and compliance/risk management initiatives with technical expertise - Automate repetitive security tasks using AI or orchestration tools - Research emerging threats and attack techniques to proactively strengthen defensive capabilities Qualifications - Hands-on experience designing, implementing, administering, and supporting enterprise security technologies, including firewalls, IDS/IPS, EDR, authentication and identity solutions, SIEM platforms, vulnerability management tools, email security, NDR, deception technologies, AI usage filtering, and web/content filtering solutions - Experience implementing and supporting Privileged Access Management (PAM) solutions, preferably CyberArk - Strong understanding of security architecture principles, including secure network, infrastructure, and application design - Experience securing public cloud environments, with a solid understanding of cloud security principles, cloud-native security services, SaaS platforms, and third-party security tools; experience with AWS and Azure strongly preferred - Experience performing vulnerability assessments, validating security controls, and partnering with system owners to prioritize and remediate risk - Experience investigating security incidents, including log analysis, endpoint investigations, network forensics, and malware analysis - Working knowledge of networking concepts, common protocols, web technologies, APIs, and modern application architectures - Experience with security analysis and troubleshooting tools such as Wireshark, endpoint forensic utilities, email analysis tools, and virtualization platforms (VMware, VirtualBox) - Experience developing and maintaining security policies, standards, procedures, and operational runbooks - Experience providing support and escalation services to a Security Operations Center - Understanding of security frameworks and regulatory requirements such as NIST, CIS Controls, ISO 27001, or similar - Experience collaborating with infrastructure, cloud, development, and engineering teams to integrate security into enterprise technologies and business initiatives - Strong organizational and time-management skills, with the ability to manage multiple priorities, adapt to changing business needs, and drive initiatives from planning through implementation - Strong analytical, troubleshooting, and problem-solving skills, with the ability to evaluate complex technical issues and recommend effective solutions - Excellent verbal and written communication skills, with the ability to explain technical security concepts to both technical and non-technical audiences - Self-motivated and proactive, with a demonstrated passion for cybersecurity and a commitment to continuously learning about emerging threats, technologies, and best practices Requirements - Bachelor’s degree in Information Security, Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience - Minimum of five (5) years of progressive experience in Information Security, Cybersecurity, or a related technical discipline - 3+ years of experience as an Information Security Engineer, Security Engineer, Systems Security Engineer, or in a similar cybersecurity role - Ability to travel occasionally to domestic and international company offices or other business locations for meetings, training, project work, or other business needs Desired Qualifications - One or more of the following certifications strongly preferred: - CISSP (and/or other ISC2 certifications) - SANS GIAC certifications - CEH, OSCP, or other penetration testing certifications - Other industry recognized certifications or accreditations Benefits - Collaborative work environment - Competitive Salaries - Yearly bonus - Comprehensive benefits for you and your family starting Day 1 - Unlimited Paid Time Off - Flexible working environment - TradeStation Account employee benefits, as well as full access to trading education materials - Pay Range (US) $127-150K (Countries outside of the US have differing ranges in accordance with local labor markets)
Role Description AGE Solutions is looking for a Security Control Assessor, Senior to join our team in support of a cybersecurity risk management and assessment program with our DoD customer. The Assessors will be part of a project team responsible for Cybersecurity Assessments and Authorization (A&A), Risk Management, Information Assurance (IA) Support, and Risk Adjudication and Connection services. - Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN. - Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing. - Adhere to policies and processes for each assessment type. - Support assessment development and execution to ensure security expertise is properly applied. - Coordinate logistics, test plans, and scope with the SCA Team Lead. - Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS. - Analyze security gaps and provide mitigation recommendations. - Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines. - Provide risk analysis and assessment results for authorization recommendations. - Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R. - Mentor and guide personnel by providing technical expertise, best practices, and professional development support to enhance team capabilities and knowledge. Qualifications - Bachelor's degree (IT-related field preferred). - Eight (8) years of overall experience in cybersecurity or network security position. - Five (5) years of experience in a Certification and Accreditation/A&A role. - Have an active DoD Top Secret clearance with SCI eligibility. - DoD 8570 IAM/IA Technical (IAT) Level II certification. - Demonstrated experience with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices. - Advanced understanding of the RMF process, NIST SP 800-37, NIST SP 800-53, CNSSI 1253. - Demonstrated experience with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS. - Advanced understanding of key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications. - Strong written and verbal communication skills for reporting assessment findings. Requirements - This is a remote role requiring approximately 85% travel, Local, CONUS and OCONUS. - Candidates must possess a valid U.S. Passport or have the ability to obtain one in a timely manner. - Strong preference will be given to candidates who currently reside in the DMV (Washington, DC, Maryland, Virginia) region or Pennsylvania, or who are willing to relocate to one of these areas to support customer requirements and team collaboration activities. Benefits - 26 Days Paid Leave: Includes vacation, sick, personal time, and holidays. You choose how to use it. - Performance Bonuses: Performance bonuses are awarded based on individual contributions and company-wide results, aligning recognition with impact. - 401(k) with Match: We match 3% of your contributions with immediate vesting. - Financial Protection: Company-paid life insurance up to $300K and options for additional coverage for you and your dependents. - Health Benefits: Multiple medical plans, dental, vision, FSA and HSA options to fit your needs. - Parental Leave: 15 days of fully paid leave for new parents, because family matters. - Military Differential Pay: We bridge the gap for employees on active duty, so they don’t take a financial hit while serving. - Professional Growth: Paid training and certifications, tuition reimbursement, and the tools and tech to get the job done right. - Shared Success: In the event of a company sale, our CEO has committed to returning 80% of net proceeds to employees. This ensures our team shares in the long term value they help create.
3,900more opportunities are still waiting for you.Log in now and take your next shot before someone else does.
Observability/Monitoring, AWS, AI, ServiceNow, Cyber Security, Python