Join Our Team of All Stars

Investing in our people is a priority.

We stake our reputation on their commitment to excellence and client satisfaction.

Open Positions

  • The PAM Engineer provides technical leadership for privileged access management, privileged account security, privileged session monitoring, access review support, and integration of privileged access events into enterprise monitoring and incident response workflows. The role supports the client’s identity, access, Zero Trust, compliance, and SOC/NOC operations by ensuring privileged access controls are implemented, monitored, documented, and continuously improved across enterprise systems, cloud services, administrative platforms, and high-risk accounts.

    Primary Responsibilities

    The PAM Engineer supports the administration, configuration, monitoring, and improvement of privileged access capabilities, including privileged credential vaulting, privileged session activity review, account onboarding, role validation, access policy enforcement, privileged access event analysis, and privileged account risk reporting. The Engineer works with security operations, SIEM/SOAR engineering, compliance, vulnerability management, architecture, and identity stakeholders to ensure privileged access activity is visible, controlled, auditable, and aligned with least-privilege principles.

    The PAM Engineer reviews privileged access alerts, suspicious administrative behavior, escalation attempts, service account anomalies, failed authentication patterns, privileged session activity, and emergency access events. The Engineer coordinates with the SOC/NOC Manager, Lead Cybersecurity Engineer, SIEM Engineer, SOAR Engineer, ISSO/ISCM Lead, Security Architect, and Reporting and Metrics Analyst to ensure privileged access risks are triaged, documented, escalated, and incorporated into compliance reporting, incident reviews, architecture planning, and Zero Trust maturity activities.

    Key Activities

    • Supporting privileged access management across enterprise systems, cloud services, administrative platforms, identity services, and high-risk accounts;

    • Reviewing privileged account inventories, onboarding status, vaulting coverage, account ownership, access justification, and recertification requirements;

    • Monitoring privileged access events, privileged session activity, administrative actions, service account behavior, authentication anomalies, and elevation requests;

    • Coordinating with SOC/NOC analysts to triage privileged access alerts and determine whether events require escalation, investigation, access review, containment, or compliance action;

    • Coordinating with SIEM Engineers to ensure privileged access events are ingested, parsed, correlated, and displayed in monitoring dashboards;

    • Coordinating with SOAR Engineers to support approved automation for privileged access alert enrichment, ticket creation, notification, escalation, and evidence collection;

    • Supporting least-privilege reviews, role validation, access recertification, break-glass account review, service account review, and privileged access policy tuning;

    • Providing privileged access context for incident response, threat hunting, vulnerability prioritization, control validation, audit response, and Security Impact Analyses;

    • Identifying privileged access control gaps, orphaned or excessive privileges, unmanaged privileged accounts, stale access, configuration drift, and monitoring blind spots;

    • Supporting documentation of privileged access controls, procedures, workflows, escalation paths, evidence, and operational guidance in approved repositories;

    • Supporting Zero Trust maturation by strengthening identity verification, privileged access governance, session visibility, policy enforcement, and administrative access accountability;

    • Providing PAM-related inputs to risk reviews, compliance reporting, operational summaries, control effectiveness reviews, and architecture modernization recommendations.

    Deliverables Supported

    The PAM Engineer supports privileged access inputs to the Weekly Operational Summary, Incident Reports and After Action Reports, Security Compliance Status Reports, Security Impact Analyses, Configuration Compliance and Deviation Reports, Control Effectiveness Review Reports, Monthly Security Control Gap and Recommendation Reports, Monthly Tool Tuning and Optimization Logs, KPI/SLA dashboard inputs, SOP/playbook/knowledge base updates, and Zero Trust architecture roadmap inputs.

    Required Qualifications

    The PAM Engineer should have experience implementing, administering, monitoring, or supporting privileged access management capabilities in enterprise, federal, regulated, or security-sensitive environments. 

    Experience with CyberArk, Microsoft Entra PIM, Okta, privileged account onboarding, credential vaulting, session monitoring, access recertification, break-glass account management, service account governance, identity security, SIEM integration, incident response support, and Zero Trust principles is preferred. Desired certifications include CyberArk certifications, Microsoft identity/security certifications, Okta certifications, Security+, CySA+, CISSP, CISM, CCSP, or comparable identity, privileged access, cloud security, or cybersecurity engineering credentials.

  • The Cybersecurity Engineer provides senior technical leadership across the client’s cybersecurity operations, security engineering, monitoring, compliance, and architecture functions. This role serves as the principal technical integrator across the Incident Response Management Team, Monitoring and Engineering Working Group, Security Compliance Working Group, and Security Architecture and Modernization Working Group. The Cybersecurity Engineer validates technical findings, coordinates engineering actions, reviews detection and automation changes, supports architecture modernization, and ensures operational, engineering, and compliance activities remain aligned with the client’s security objectives.

    Primary Responsibilities

    The Cybersecurity Engineer provides technical oversight for enterprise monitoring, SIEM and SOAR engineering, incident response coordination, vulnerability remediation, privileged access findings, configuration management, security architecture reviews, and Zero Trust modernization activities. The Engineer reviews escalated incidents, high-priority events, monitoring gaps, detection changes, security control issues, and architecture recommendations to determine operational impact, technical risk, and required corrective action.

    The Cybersecurity Engineer works with SOC/NOC personnel, SIEM Engineers, SOAR Engineers, PAM Engineers, Security Architects, RMF/ISSO staff, Vulnerability Management personnel, Threat Intelligence/Threat Hunting staff, and program leadership to ensure cybersecurity activities are technically sound, properly documented, and actionable. This role also supports change control by reviewing proposed engineering changes before they are submitted for client approval.

    Key Activities

    • Providing senior technical oversight across cybersecurity operations, monitoring engineering, architecture, and compliance support activities;

    • Reviewing and validating escalated security events, high-priority findings, incident trends, vulnerability issues, privileged access concerns, and monitoring gaps;

    • Chairing or supporting technical review activities within the Monitoring and Engineering Working Group and Security Architecture and Modernization Working Group;

    • Reviewing proposed SIEM detection logic, correlation searches, analytic rules, dashboard changes, automation workflows, and containment actions before submission through change control;

    • Coordinating with SIEM and SOAR Engineers to ensure alerts, playbooks, enrichment workflows, and notifications are technically accurate and operationally useful;

    • Coordinating with the SOC/NOC Manager on incident response, root cause analysis, escalation procedures, shift handoff issues, and operational process improvements;

    • Coordinating with the Vulnerability Management team to validate high-risk findings, remediation constraints, exposure risks, and prioritization recommendations;

    • Coordinating with the ISSO/ISCM Lead and RMF Analysts when technical findings require Security Impact Analysis, POA&M updates, control evidence, risk acceptance, or authorization documentation updates;

    • Supporting architecture reviews, Zero Trust implementation planning, security baseline development, configuration drift analysis, and modernization recommendations;

    • Reviewing endpoint, identity, cloud, privileged access, application, network, and data protection findings to identify enterprise security improvement opportunities;

    • Supporting annual tabletop exercise planning, incident response readiness, after-action reviews, and lessons learned;

    • Providing technical inputs to management briefings, status reports, performance dashboards, security control gap reports, architecture reviews, and operational improvement recommendations.

    Deliverables Supported

    The Cybersecurity Engineer supports Incident Reports and After Action Reports, Monthly Security Control Gap and Recommendation Reports, Quarterly Security Baseline Tuning and Optimization Logs, Monthly Tool Tuning and Optimization Logs, Security Impact Analyses, Configuration Management Risk and Decision Registers, architecture review findings, strategic roadmap inputs, control effectiveness review inputs, tabletop exercise plans and after-action reports, and technical inputs to status reports, KPI/SLA dashboards, and management briefings.

    Required Qualifications

    The Cybersecurity Engineer should have experience providing senior technical leadership in cybersecurity operations, security engineering, incident response, SIEM/SOAR engineering, vulnerability management, cloud security, identity and access management, privileged access management, configuration management, and security architecture support. 

    Experience with Splunk, Microsoft Sentinel, Microsoft Defender, cloud security services, identity platforms, PAM tools, vulnerability management platforms, Jira, Confluence, and federal or regulated cybersecurity frameworks is preferred. Desired certifications include CISSP, CISM, CCSP, CySA+, GCIH, GCIA, GMON, Security+, Microsoft security certifications, Splunk certifications, AWS/Azure/Oracle cloud security certifications, or comparable cybersecurity engineering credentials.

  • The NOC Operations Analyst supports continuous network, infrastructure, application availability, and service health monitoring for the client’s enterprise environment. Working as part of the integrated SOC/NOC operations team, the Analyst monitors operational dashboards, event queues, network telemetry, system alerts, infrastructure status indicators, and service-impacting conditions to identify outages, degradations, connectivity issues, anomalous behavior, and other operational events requiring triage, escalation, coordination, or documentation.

    Primary Responsibilities

    The NOC Operations Analyst performs intake, triage, documentation, escalation, and tracking of network and infrastructure events affecting enterprise systems, applications, endpoints, cloud services, identity services, databases, servers, network devices, and supporting platforms. The Analyst validates whether alerts indicate an outage, degradation, configuration issue, capacity concern, dependency failure, service disruption, or potential cybersecurity event requiring SOC coordination.

    The NOC Operations Analyst works closely with SOC Analysts, the SOC/NOC Manager, SIEM Engineers, SOAR Engineers, Lead Cybersecurity Engineer, Vulnerability Management personnel, PAM Engineer, and system support stakeholders to ensure network and infrastructure events are accurately classified, correlated, escalated, and tracked through closure or handoff. The Analyst helps maintain continuous operational awareness and supports timely communications during incidents, outages, and service-impacting events.

    Key Activities

    • Monitoring approved network, infrastructure, cloud, application, endpoint, and service health dashboards, alerts, and event queues;

    • Reviewing outages, degradations, latency issues, availability alerts, device status changes, connectivity anomalies, capacity concerns, and system health indicators;

    • Validating affected assets, applications, hosting locations, IP/subnet relationships, upstream/downstream dependencies, and business impact using approved inventory and monitoring tools;

    • Creating, updating, and tracking tickets with required event details, affected systems, impact, priority, triage notes, escalation actions, and closure or handoff status;

    • Correlating network and operational events with security alerts, identity activity, endpoint events, vulnerability context, privileged access events, and application logs when appropriate;

    • Coordinating with SOC Analysts when an operational event may indicate malicious activity, unauthorized access, suspicious behavior, denial of service, malware impact, or other cybersecurity concern;

    • Escalating Critical and High events in accordance with approved procedures and service-level expectations;

    • Supporting shift turnover by documenting open issues, aging tickets, current outages, pending escalations, and unresolved operational dependencies;

    • Participating in root cause analysis and post-event reviews for incidents, high-priority events, outages, and recurring operational issues;

    • Identifying recurring alerts, monitoring gaps, dependency issues, workflow delays, or documentation deficiencies requiring process improvement;

    • Supporting development and maintenance of NOC procedures, escalation matrices, operational runbooks, knowledge base articles, and shift handoff materials;

    • Providing operational inputs to daily standups, weekly summaries, performance dashboards, incident reports, after-action reviews, and service improvement recommendations.

    Deliverables Supported

    The NOC Operations Analyst supports the Weekly Operational Summary, operational logs, shift turnover records, incident and outage ticket documentation, Incident Reports and After Action Reports, Monthly Security Control Gap and Recommendation Report inputs, SOP/playbook/knowledge base maintenance, KPI/SLA dashboard inputs, Monthly Status Report inputs, and Quarterly Performance Review inputs.

    Required Qualifications

    The NOC Operations Analyst should have experience supporting enterprise network operations, infrastructure monitoring, service desk escalation, data center operations, cloud operations, or integrated SOC/NOC environments. 

    Experience with network monitoring tools, SIEM dashboards, ticketing systems, asset inventories, Jira, Confluence, cloud monitoring, endpoint monitoring, server monitoring, network devices, IP/subnet relationships, DNS, DHCP, VPN, firewalls, load balancers, routing/switching concepts, and incident escalation workflows is preferred. 

    Desired certifications include Network+, Security+, CCNA, ITIL, Microsoft fundamentals, cloud fundamentals, or comparable network operations, systems administration, service management, or cybersecurity credentials.

  • The Vulnerability Management Analyst supports enterprise vulnerability management activities across the client’s systems, applications, endpoints, cloud services, databases, network devices, and supporting infrastructure. Working under the direction of the Vulnerability Management Lead and as a standing member of the Security Compliance Working Group (SCWG), the Analyst reviews vulnerability findings, validates affected assets, supports remediation tracking, updates vulnerability records, collects closure evidence, and helps translate scan results into risk-based action.

    Primary Responsibilities

    The Vulnerability Management Analyst supports the full vulnerability lifecycle from discovery through remediation, closure, exception, risk acceptance, or POA&M tracking. The Analyst reviews infrastructure, application, cloud, endpoint, and configuration vulnerability data; confirms asset ownership and system context; identifies duplicate, recurring, aged, or high-risk findings; and documents remediation status in the client’s approved ticketing and reporting tools.

    The Analyst works with the Vulnerability Management Lead, Security Compliance/RMF Analysts, ISSO/ISCM Lead, Lead Cybersecurity Engineer, SIEM Engineer, PAM Engineer, SOC/NOC personnel, application teams, system owners, and infrastructure teams to ensure vulnerability findings are properly assigned, tracked, validated, and escalated. The Analyst also supports vulnerability reporting, audit response, authorization package updates, Security Impact Analysis inputs, and POA&M maintenance.

    Key Activities

    • Reviewing vulnerability scan results, application security findings, endpoint findings, cloud findings, database findings, and configuration compliance outputs;

    • Validating affected assets, system ownership, application dependencies, hosting environment, scan status, and vulnerability context;

    • Identifying Critical, High, aging, recurring, overdue, exploitable, externally exposed, or mission-impacting vulnerabilities;

    • Creating, updating, and tracking vulnerability tickets through approved workflows;

    • Coordinating with technical teams to obtain remediation plans, target dates, status updates, and closure evidence;

    • Supporting validation of remediation evidence, rescan results, compensating controls, false-positive claims, and exception requests;

    • Supporting preparation and maintenance of POA&M entries, milestones, remediation updates, closure justifications, and risk acceptance inputs;

    • Providing vulnerability context to SOC/NOC triage, threat hunting investigations, incident reviews, architecture reviews, and compliance discussions;

    • Supporting prioritization based on severity, exploitability, asset criticality, system tier, external exposure, known exploitation, business impact, age, and compensating controls;

    • Maintaining vulnerability records, aging reports, remediation trackers, exception notes, and supporting evidence in approved repositories;

    • Supporting weekly SCWG reviews by preparing vulnerability status summaries, aging trends, escalation items, closure evidence, and unresolved remediation dependencies.

    Deliverables Supported

    The Vulnerability Management Analyst supports the Vulnerability Management Report, Quarterly Vulnerability Review Report, POA&M Status Report, Security Compliance Status Report, vulnerability aging report, remediation tracker, audit artifact package inputs, Security Impact Analysis inputs, control effectiveness review inputs, Monthly Security Control Gap and Recommendation Report inputs, KPI/SLA dashboard inputs, and management briefing materials.

    Required Qualifications

    The Vulnerability Management Analyst should have experience supporting vulnerability management, remediation tracking, scan result analysis, POA&M support, audit response, continuous monitoring, and risk-based vulnerability prioritization in federal, regulated, or enterprise environments. 

    Experience with tools such as Rapid7 InsightVM, Tenable/ACAS/Nessus, Veracode SAST/DAST, Jira, Confluence, Device42, SIEM platforms, cloud security tools, and configuration compliance tools is preferred. Desired certifications include Security+, CySA+, GSEC, CEH, vulnerability management platform certifications, cloud security certifications, or comparable cybersecurity, vulnerability management, risk, or compliance credentials.

  • The Vulnerability Management Lead directs enterprise vulnerability management activities across the client’s systems, applications, endpoints, cloud services, databases, network devices, and supporting infrastructure. As co-chair of the Security Compliance Working Group (SCWG), the Vulnerability Management Lead is responsible for organizing vulnerability intake, prioritization, validation, remediation coordination, exception tracking, POA&M support, and vulnerability reporting. This role ensures vulnerability data is translated into risk-based action and supports continuous monitoring, audit readiness, authorization posture, and operational risk reduction.

    Primary Responsibilities

    The Vulnerability Management Lead manages the vulnerability lifecycle from discovery through closure, deferral, risk acceptance, or POA&M tracking. The Lead reviews infrastructure, application, cloud, endpoint, and configuration vulnerability findings; validates severity and affected assets; confirms ownership; assesses exploitability and business impact; and coordinates remediation activity with system owners, engineers, application teams, SOC/NOC personnel, compliance staff, and client stakeholders.

    The Lead works closely with Vulnerability Management Analysts, the ISSO/ISCM Lead, Security Compliance/RMF Analysts, Lead Cybersecurity Engineer, SIEM Engineer, PAM Engineer, SCRM/Emerging Technology Analyst, and Reporting and Metrics Analyst to ensure vulnerability findings are properly prioritized, tracked, escalated, and reflected in compliance and risk products. The Lead also provides vulnerability context to incident reviews, threat hunting, architecture reviews, control assessments, and authorization package updates.

    Key Activities

    • Leading vulnerability management activities across approved infrastructure, application, endpoint, cloud, database, and network scanning tools;

    • Reviewing vulnerability scan results, application security findings, configuration findings, and recurring or aging vulnerabilities;

    • Prioritizing vulnerabilities based on severity, exploitability, known exploitation, asset criticality, system tier, external exposure, business impact, age, and compensating controls;

    • Coordinating remediation actions with technical teams and tracks progress through approved ticketing and reporting workflows;

    • Validating remediation evidence and supports closure recommendations for resolved findings;

    • Identifying Critical, High, overdue, recurring, or mission-impacting vulnerabilities requiring escalation;

    • Supporting POA&M creation, milestone development, remediation tracking, risk acceptance recommendations, and closure evidence validation;

    • Coordinating with compliance personnel when vulnerabilities affect authorization status, control implementation, audit posture, or Security Impact Analysis determinations;

    • Providing vulnerability context to SOC/NOC incident triage, threat hunting investigations, root cause analyses, and operational risk reviews;

    • Working with SIEM and engineering personnel to ensure high-risk vulnerabilities inform monitoring priorities, detection development, and response procedures;

    • Reviewing exception requests, false-positive claims, compensating controls, remediation constraints, and technical limitation statements;

    • Supporting vulnerability trend analysis, aging analysis, remediation performance tracking, and management-level reporting;

    • Maintaining vulnerability management procedures, reporting inputs, escalation criteria, and remediation coordination guidance.

    Deliverables Supported

    The Vulnerability Management Lead supports the Vulnerability Management Report, Quarterly Vulnerability Review Report, POA&M Status Report, Security Compliance Status Report, vulnerability aging report, remediation tracker, control effectiveness review inputs, Security Impact Analysis inputs, audit artifact packages, Monthly Security Control Gap and Recommendation Report inputs, KPI/SLA dashboard inputs, and management briefings.

    Required Qualifications

    The Vulnerability Management Lead should have experience leading enterprise vulnerability management, remediation coordination, vulnerability reporting, POA&M support, continuous monitoring, and risk-based prioritization in federal, regulated, or enterprise environments. 

    Experience with tools such as Rapid7 InsightVM, Tenable/ACAS/Nessus, Veracode SAST/DAST, Jira, Confluence, Device42, SIEM platforms, cloud security tools, and configuration compliance tools is preferred. Desired certifications include Security+, CySA+, CISSP, CISM, GSEC, GCIA, GMON, CEH, cloud security certifications, vulnerability management platform certifications, or comparable cybersecurity, risk, or vulnerability management credentials.

  • The ISSO/ISCM Lead directs security compliance, authorization, and continuous monitoring activities for the client’s enterprise cybersecurity program. This role leads the Security Compliance Working Group (SCWG) in coordination with the Vulnerability Management Lead and serves as the primary compliance lead for maintaining authorization readiness, validating security controls, managing the body of evidence, tracking POA&Ms, supporting audits, and ensuring that system security documentation reflects the client’s current operational and technical environment.

    Primary Responsibilities

    The ISSO/ISCM Lead oversees implementation of the client’s Risk Management Framework, FISMA, NIST SP 800-53, and continuous monitoring activities across assigned systems, applications, cloud services, and supporting infrastructure. The Lead manages A&A package readiness, reviews security control implementation, validates evidence, tracks authorization milestones, coordinates audit response, and ensures compliance impacts are assessed when systems, architectures, tools, configurations, or operational processes change.

    The ISSO/ISCM Lead works closely with Security Compliance/RMF Analysts, the Vulnerability Management team, Lead Cybersecurity Engineer, Security Architect, PAM Engineer, SCRM/Emerging Technology Analysts, SOC/NOC Manager, and Reporting and Metrics Analyst to ensure compliance activities are informed by vulnerability data, incident trends, configuration changes, privileged access findings, supply chain reviews, monitoring gaps, and architecture modernization activities.

    Key Activities

    • Leading authorization readiness, continuous monitoring, and security compliance activities for assigned systems;

    • Maintaining and validating A&A artifacts, including System Security Plans, control implementation statements, inventories, contingency documentation, configuration management documentation, access evidence, POA&Ms, and supporting body-of-evidence materials;

    • Reviewing security controls for effectiveness, evidence sufficiency, inheritance applicability, and alignment with system architecture and operational practices;

    • Coordinating POA&M development, milestone tracking, remediation validation, risk acceptance recommendations, and closure evidence review;

    • Leading Security Impact Analysis activities for system changes, architecture updates, tool integrations, configuration deviations, emerging technology use cases, and material operational changes;

    • Coordinating with vulnerability management personnel to ensure scan results, remediation status, aging vulnerabilities, and risk exceptions are accurately reflected in compliance reporting;

    • Supporting control reciprocity and shared-control validation by confirming whether controls are fully inherited, partially inherited, hybrid, or system-specific;

    • Supporting audit readiness by coordinating evidence requests, preparing artifact packages, tracking open audit actions, and validating response completeness;

    • Reviewing privileged access, incident, threat hunting, configuration, and architecture findings to determine compliance impacts;

    • Supporting annual policy and procedure gap reviews, internal controls testing, SCA support, and control effectiveness reviews;

    • Providing compliance inputs to weekly status reports, monthly management reports, ATO readiness trackers, POA&M dashboards, audit status reports, risk decision logs, and executive briefings.

    Deliverables Supported

    The ISSO/ISCM Lead supports Security Compliance Status Reports, A&A Packages per System, POA&M Status Reports, Security Impact Analyses, Annual Enterprise Configuration Management Plan updates, Configuration Compliance and Deviation Reports, Control Effectiveness Review Reports, Audit Artifact Packages, Weekly Audit Status Reports, Internal Controls Testing/SCA Reports, Annual Policy and Procedure Gap Reviews, risk decision registers, ATO readiness trackers, and compliance-related inputs to management briefings and KPI/SLA dashboards.

    Required Qualifications

    The ISSO/ISCM Lead should have experience leading RMF, FISMA, NIST SP 800-53, continuous monitoring, POA&M management, A&A package development, control assessment support, audit readiness, risk reporting, and cybersecurity compliance activities in federal, regulated, or enterprise environments. 

    Experience with Xacta, eMASS, Jira, Confluence, vulnerability management platforms, ticketing systems, and evidence repositories is preferred. Desired certifications include CISSP, CISM, CGRC/CAP, Security+, CySA+, GSEC, or comparable cybersecurity, risk management, compliance, or assessment credentials.

  • The SOC/NOC Manager leads integrated Security Operations Center and Network Operations Center activities for the client’s enterprise cybersecurity and monitoring program. This role manages day-to-day monitoring operations, analyst coordination, shift coverage, escalation discipline, ticket quality, operational reporting, incident coordination, and service-level performance. The SOC/NOC Manager serves as the primary operational lead for the Incident Response Management Team and coordinates with security engineering, vulnerability management, privileged access, threat hunting, compliance, and program management personnel to maintain continuous operational awareness across the client’s environment.

    Primary Responsibilities

    The SOC/NOC Manager oversees continuous monitoring of security and network telemetry, alert queues, case queues, dashboards, tickets, and operational event sources. The Manager ensures SOC and NOC analysts perform timely intake, triage, prioritization, escalation, documentation, and handoff for cybersecurity and network events affecting enterprise systems, applications, cloud services, endpoints, identity platforms, privileged access platforms, and infrastructure.

    The SOC/NOC Manager coordinates operational response activities for security incidents, network outages, degraded services, suspicious activity, anomalous user behavior, malware detections, authentication events, privileged access events, endpoint alerts, cloud activity, and other conditions requiring action or escalation. The Manager ensures events are documented in the approved ticketing system with required information, including alert source, affected asset, user, business impact, priority, triage notes, escalation decision, response actions, closure status, and handoff owner.

    Key Activities

    • Managing integrated SOC/NOC operations, shift coordination, analyst assignments, escalation paths, and daily operational priorities;

    • Ensuring continuous monitoring coverage across approved security, network, endpoint, cloud, identity, privileged access, SIEM, and application monitoring tools;

    • Reviewing Critical and High events for timely triage, escalation, stakeholder notification, and coordination through closure or handoff;

    • Overseeing SOC/NOC analyst performance against required response timelines and service-level expectations;

    • Validating ticket quality, ownership, status, next steps, evidence, closure documentation, and SLA/KPI data;

    • Coordinating with SIEM, SOAR, PAM, Lead Cybersecurity, Vulnerability Management, and Threat Intelligence/Threat Hunting personnel when events require specialized review;

    • Supports root cause analysis and technical/procedural reviews for incidents, outages, and high-priority events;

    • Maintaining shift turnover procedures, escalation matrices, communications plans, operational logs, and daily status review processes;

    • Ensuring closed investigations and tickets are linked to or supported by appropriate knowledge base articles, playbooks, or analyst guidance;

    • Identifying workflow gaps, recurring issues, alert quality concerns, escalation delays, training needs, and process improvement opportunities;

    • Supporting incident response tabletop exercises, after-action reviews, lessons learned, and operational readiness activities;

    • Providing inputs to weekly operational summaries, incident reports, after-action reports, threat activity reports, KPI/SLA dashboards, monthly status reports, and performance reviews.

    Deliverables Supported

    The SOC/NOC Manager supports the Weekly Operational Summary, Incident Reports, After Action Reports, Monthly Security Control Gap and Recommendation Report inputs, SOP/playbook/knowledge base maintenance, operational logs, shift turnover records, KPI/SLA dashboard inputs, Monthly Status Report inputs, Quarterly Performance Review inputs, and Annual Tabletop Exercise planning and after-action reporting.

    Required Qualifications

    The SOC/NOC Manager should have experience leading security operations, network operations, enterprise monitoring, incident coordination, or managed operations teams in environments requiring continuous monitoring and structured escalation. 

    Experience with SIEM tools, endpoint security platforms, network monitoring, identity and privileged access monitoring, ticketing systems, operational dashboards, incident response processes, root cause analysis, SOP/playbook development, and SLA/KPI management is preferred. Desired certifications include CISSP, CISM, Security+, CySA+, GCIH, GCIA, ITIL, PMP, CCNA/CCNP, Microsoft security certifications, Splunk certifications, or comparable cybersecurity, network operations, or service management credentials.

  • The SOC Analyst performs front-line security monitoring, alert review, triage, documentation, and escalation for clients’ integrated SOC/NOC operations. This role supports the PWE IRM Team by reviewing security alerts, endpoint telemetry, identity activity, cloud events, privileged access indicators, application logs, and anomalous behavior across clients’ hybrid environment. The SOC Analyst works under the direction of the SOC/NOC Manager and coordinates with the SIEM Engineer, Security Orchestration Automation Response (SOAR) Engineer, Lead Cybersecurity Engineer, PAM Engineer, Threat Intelligence/Threat Hunting Analyst, Vulnerability Management Lead, and Reporting/Metrics Analyst to support continuous situational awareness, timely escalation, incident documentation, and SLA compliance.

    Primary Responsibilities

    The SOC Analyst monitors and triages alerts from Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint, Okta, CyberArk, Entra PIM, AWS CloudTrail, application logs, and M365 security telemetry. 

    The SOC Analyst supports the SOC/NOC team in reviewing active alert queues, validating Splunk and Sentinel alerts, investigating Defender endpoint events, reviewing authentication anomalies, evaluating suspicious privileged access activity, and documenting all triage steps in Jira. Each ticket includes the alert source, affected user, affected asset, Device42 asset context, Rapid7 vulnerability context, time of detection, assigned priority, triage notes, escalation decision, and closure or handoff action.

    For Critical and High events identified after hours through automated monitoring, the SOC Analyst supports the SOC/NOC team’s on-call review and escalation as required by the approved playbook. Automated workflows generate alerts, create Jira tickets, notify designated POCs, and provide initial enrichment; the SOC Analyst then validates severity, reviews evidence, confirms affected assets, and escalates to the SOC/NOC Manager and client contacts when human review is required.

    Key Activities

    The SOC Analyst performs the following operational activities:

    • Reviews and validates security alerts in Splunk and Microsoft Sentinel;

    • Investigates endpoint alerts in Microsoft Defender for Endpoint;

    • Reviews failed authentication bursts, impossible travel events, MFA anomalies, suspicious VPN activity, service account behavior using Okta, Entra ID, identity logs;

    • Reviews privileged access events using CyberArk, Entra PIM, and privileged session activity logs;

    • Uses Device42 to identify affected assets, business owners, system tier, IP/subnet relationship, hosting location, and application dependencies;

    • Checks Rapid7 InsightVM to determine whether affected assets have exploitable or overdue vulnerabilities;

    • Opens, updates, and closes incident and investigation tickets in Jira;

    • Links evidence, investigation notes, and reusable procedures in Confluence;

    • Escalates confirmed or suspected incidents to the SOC/NOC Manager, Lead Cybersecurity Engineer, PAM Engineer, Threat Hunter, or the client’s IRM contacts based on the escalation matrix;

    • Supports incident review, RCA, and lessons-learned activities by documenting event timelines, actions taken, evidence reviewed, and recommended detection or process improvements;

    • Supports Knowledge Base development by creating or linking Confluence articles for closed investigations and recurring alert patterns.

    Supported Threat Scenarios

    The SOC Analyst responds to alerts involving failed authentication bursts, suspicious privileged access, anomalous PowerShell execution, malware detection, endpoint isolation events, suspicious VPN activity, impossible travel, service account anomalies, unusual M365 activity, cloud access anomalies, and potential lateral movement. When alerts indicate a possible combined cyber/network event, the SOC Analyst coordinates with the NOC Analyst to determine whether the issue is an outage, security event, or hybrid incident.

    Deliverables Supported

    Weekly Operational Summary 

    Incident Reports 

    After-Action Reports

    Daily Threat Hunting Logs

    Bi-Weekly Threat Activity Report

    SOP/playbook updates

    Knowledge Base maintenance

    SLA/KPI dashboards

    Operational shift turnover notes

    Source data and ticket updates used by the Reporting/Metrics Analyst to track alert volume, incident trends, Mean Time to Acknowledge, Mean Time to Triage, escalation timeliness, closure status, and SLA performance.

    Required Qualifications

    The SOC Analyst should have experience supporting enterprise SOC operations, SIEM alert triage, endpoint security monitoring, identity-event review, incident documentation, and ticket-based escalation workflows. 

    Experience with Splunk, Microsoft Sentinel, Microsoft Defender, Jira, Confluence, Okta, CyberArk, Entra PIM, Rapid7 InsightVM, Device42, AWS logs, M365 security telemetry. 

    Role-appropriate certifications may include CompTIA Security+, CySA+, Network+, Microsoft SC-200, Splunk Core User/Power User, GIAC GCIH, or equivalent security operations certifications.

  • The Technical Writer/Documentation Specialist develops, maintains, edits, and organizes cybersecurity, operational, compliance, engineering, architecture, and program documentation for the client’s enterprise cybersecurity and monitoring program. This role supports the PMO and all working groups by ensuring required plans, reports, SOPs, playbooks, knowledge base articles, transition materials, meeting artifacts, audit evidence, and technical documentation are clear, accurate, consistent, version-controlled, and ready for client review.

    Primary Responsibilities

    The Technical Writer / Documentation Specialist works with program management, SOC/NOC operations, security engineering, compliance, vulnerability management, architecture, supply chain risk, and reporting personnel to convert technical inputs into polished client-facing documents. The role supports both recurring deliverables and operational documentation needed to maintain continuity of operations, audit readiness, knowledge transfer, and process consistency.

    The Technical Writer / Documentation Specialist maintains documentation standards, templates, version histories, review cycles, and approval workflows. The role ensures technical documentation is written in a clear and usable format for its intended audience, whether executive leadership, program management, auditors, assessors, engineers, SOC/NOC analysts, or operational stakeholders.

    Key Activities

    • Drafting, editing, formatting, and maintaining technical and program documentation, including plans, reports, briefings, SOPs, playbooks, knowledge base articles, meeting minutes, transition materials, and operational guides;

    • Supporting development and maintenance of incident response playbooks, SOC/NOC procedures, escalation matrices, shift turnover procedures, analyst guidance, and knowledge base content;

    • Supporting compliance documentation, including authorization package artifacts, body-of-evidence materials, audit responses, control narratives, policy/procedure gap reviews, and Security Impact Analysis documentation;

    • Supporting vulnerability management and security engineering documentation, including remediation guidance, tuning logs, monitoring procedures, detection documentation, baseline records, and configuration-related artifacts;

    • Supporting architecture and modernization documentation, including architecture review findings, roadmap materials, technology assessment summaries, implementation guidance, and decision records;

    • Coordinating with subject matter experts to validate technical accuracy, resolve inconsistencies, and ensure documentation reflects approved processes and current operating procedures;

    • Maintaining version control, document repositories, naming conventions, review status, approval history, and documentation traceability in approved collaboration tools;

    • Preparing meeting agendas, captures action items, records decisions, and supports follow-up tracking for working group and program management meetings;

    • Ensuring documentation is complete, accessible, professionally formatted, and aligned with applicable client templates, quality standards, and deliverable requirements;

    • Supporting transition-in and transition-out by organizing inventories, procedures, licensing information, training materials, system documentation, open action records, and knowledge transfer materials;

    • Supporting quality control reviews by checking deliverables for completeness, consistency, grammar, formatting, traceability, and readiness for submission.

    Deliverables Supported

    The Technical Writer / Documentation Specialist supports the Program Management Plan, Quality Control Plan, Staffing Plan inputs, Transition-In and Transition-Out Plans, Transition Support Packages, Bi-Weekly Planning Reports, Monthly Status Reports, Weekly Operational Summaries, SOP/playbook/knowledge base maintenance, Incident Reports and After Action Reports, audit artifact packages, policy and procedure gap reviews, architecture review documentation, tabletop exercise materials, lessons learned reports, and other client-required deliverables.

    Required Qualifications

    The Technical Writer / Documentation Specialist should have experience developing technical, cybersecurity, IT operations, compliance, program management, or federal contractor documentation. 

    Experience supporting cybersecurity operations, RMF/FISMA documentation, SOC/NOC procedures, incident response playbooks, vulnerability management documentation, architecture artifacts, SOPs, knowledge bases, and client-facing reports is preferred. Experience with Microsoft Office, SharePoint, Confluence, Jira, document repositories, version control practices, and government or regulated-environment documentation standards is preferred. 

    Desired certifications or training may include technical writing, project management, ITIL, Security+, or equivalent experience in cybersecurity, IT, compliance, or program documentation.

  • The SCRM / Emerging Technology Security Analyst supports the client’s supply chain risk management, third-party technology review, emerging technology assessment, and security compliance activities. Working as a member of the Security Architecture and Modernization Working Group and supporting the Security Compliance Working Group as needed, the Analyst evaluates vendors, products, services, cloud offerings, AI-enabled capabilities, software dependencies, and emerging cybersecurity technologies for security, privacy, operational, compliance, and supply chain risk.

    Primary Responsibilities

    The SCRM / Emerging Technology Security Analyst reviews proposed technologies, third-party services, software tools, cloud capabilities, AI-enabled functions, and modernization initiatives to identify supply chain concerns, data handling risks, foreign ownership or control issues, vendor security concerns, regulatory restrictions, covered technology prohibitions, and other conditions that may affect the client’s cybersecurity posture or authorization status.

    The Analyst supports security reviews before technologies are approved for use, integrated into the environment, added to an authorization boundary, connected to enterprise monitoring, or relied upon for mission support. The Analyst works with the Security Architect, Lead Cybersecurity Engineer, ISSO/ISCM Lead, Security Compliance/RMF Analysts, Vulnerability Management team, PAM Engineer, SIEM Engineer, SOAR Engineer, and program leadership to ensure technology risks are documented, mitigated, tracked, and incorporated into architecture, compliance, operational, and risk management processes.

    Key Activities

    • Conducting supply chain and third-party risk reviews for vendors, tools, cloud services, software products, AI-enabled technologies, managed services, and emerging cybersecurity capabilities;

    • Reviewing vendor documentation, security attestations, terms of use, data handling practices, hosting models, access requirements, subcontractor relationships, ownership information, and known adverse indicators;

    • Identifying risks related to foreign ownership, control, or influence; covered companies or restricted technologies; unsupported software; insecure dependencies; data residency; privileged access; integration risk; and sensitive data exposure;

    • Supporting evaluation of emerging technologies, including AI-enabled tools, automation platforms, cybersecurity products, cloud services, and modernization capabilities;

    • Coordinating with architecture personnel to assess whether proposed technologies align with current-state and target-state security architecture;

    • Coordinating with compliance personnel to determine whether technology adoption requires Security Impact Analysis, authorization package updates, POA&M tracking, control updates, or risk acceptance;

    • Coordinating with engineering and operations personnel to identify monitoring, logging, access control, vulnerability scanning, incident response, and supportability requirements for proposed technologies;

    • Supporting review of software bills of materials, dependency information, vulnerability exposure, licensing considerations, and product security posture when available;

    • Documenting findings, recommendations, risk ratings, mitigation actions, and approval conditions in approved repositories;

    • Tracking SCRM findings, emerging technology review actions, AI governance actions, and unresolved supply chain risks through closure or formal risk disposition;

    • Providing inputs to architecture roadmaps, technology assessment registers, risk registers, security compliance reports, modernization recommendations, and management briefings.

    Deliverables Supported

    The SCRM / Emerging Technology Security Analyst supports SCRM Status Reports, security architecture review findings, technology assessment inputs, emerging capability recommendations, Security Impact Analysis inputs, POA&M inputs, Monthly Security Control Gap and Recommendation Report inputs, policy and procedure gap review inputs, control effectiveness review inputs, architecture roadmap updates, AI/emerging technology governance documentation, and management briefings.

    Required Qualifications

    The SCRM / Emerging Technology Security Analyst should have experience supporting supply chain risk management, third-party risk assessment, cybersecurity compliance, emerging technology evaluation, cloud security review, software risk review, AI governance, or vendor security assessment in federal, regulated, or enterprise environments. 

    Experience with NIST SP 800-53, NIST SP 800-161, FISMA/RMF, Zero Trust, third-party risk frameworks, vendor risk assessments, cloud service reviews, cybersecurity architecture, privacy/security controls, and emerging technology governance is preferred. 

    Desired certifications include CISSP, CISM, CISA, CRISC, Security+, CGRC/CAP, CCSP, cloud security certifications, third-party risk management credentials, or comparable cybersecurity, risk, compliance, or architecture certifications.

  • The Threat Intelligence / Threat Hunting Analyst supports the client’s cybersecurity operations by identifying emerging threats, developing hunt hypotheses, conducting proactive searches across approved telemetry sources, documenting investigations, and escalating high-risk findings for operational response. Working as a member of the Incident Response Management Team and in coordination with the Monitoring and Engineering Working Group, the Analyst helps convert threat intelligence, vulnerability trends, incident patterns, and suspicious activity into actionable detections, investigations, and security improvement recommendations.

    Primary Responsibilities

    The Threat Intelligence / Threat Hunting Analyst conducts daily proactive threat hunting using approved SIEM, endpoint, identity, cloud, network, privileged access, vulnerability, and application telemetry sources. The Analyst reviews threat intelligence, vulnerability reports, advisories, known exploited vulnerability data, suspicious activity trends, incident history, and operational reporting to develop hunt hypotheses relevant to the client’s environment.

    The Analyst documents hunt activities, investigation results, indicators, affected assets, user context, supporting evidence, risk assessment, and recommended actions in approved repositories. High-risk findings are escalated immediately through established incident response and ticketing workflows. The Analyst coordinates with SOC/NOC personnel, SIEM Engineers, SOAR Engineers, the Lead Cybersecurity Engineer, PAM Engineer, Vulnerability Management team, and compliance personnel to ensure findings are triaged, tracked, and translated into detection improvements, response actions, POA&M inputs, or control gap recommendations when appropriate.

    Key Activities

    • Reviewing authoritative threat intelligence, security advisories, vulnerability reports, known exploited vulnerability data, incident trends, and relevant open-source or approved intelligence feeds;

    • Developing daily hunt hypotheses based on emerging tactics, techniques, and procedures, active exploitation trends, vulnerability exposure, identity anomalies, privileged access concerns, endpoint activity, cloud behavior, and prior incidents;

    • Conducting proactive searches across SIEM, endpoint, identity, privileged access, cloud, network, application, and vulnerability telemetry;

    • Investigating suspicious patterns such as anomalous authentication, impossible travel, failed authentication bursts, suspicious PowerShell execution, malware activity, endpoint isolation events, privilege escalation attempts, service account anomalies, VPN anomalies, and unusual administrative behavior;

    • Documenting all hunts, findings, negative results, evidence, affected assets, user context, queries used, conclusions, and recommended next steps;

    • Escalating high-risk findings immediately through approved ticketing, notification, and incident response workflows;

    • Coordinating with SOC/NOC analysts to validate findings, enrich tickets, support triage, and assist with incident handoff;

    • Coordinating with SIEM Engineers to convert validated hunt logic into candidate detections, correlation searches, dashboards, or alert tuning recommendations;

    • Coordinating with SOAR Engineers to identify opportunities for automated enrichment, ticketing, notification, and evidence collection;

    • Coordinating with Vulnerability Management personnel when hunt findings align with exposed vulnerabilities, known exploitation, aging findings, or remediation priorities;

    • Supporting post-incident analysis, root cause review, control gap identification, and development of actionable recommendations;

    • Maintaining threat hunting logs, threat activity summaries, investigation notes, and knowledge base inputs in approved repositories.

    Deliverables Supported

    The Threat Intelligence / Threat Hunting Analyst supports Daily Threat Hunting Logs, Bi-Weekly Threat Activity Reports, Weekly Operational Summary inputs, Incident Reports and After Action Reports, Monthly Security Control Gap and Recommendation Report inputs, SOP/playbook/knowledge base updates, KPI/SLA dashboard inputs, tabletop exercise scenario development, and lessons-learned reporting.

    Required Qualifications

    The Threat Intelligence / Threat Hunting Analyst should have experience supporting threat intelligence analysis, proactive threat hunting, SOC operations, incident investigation, SIEM search, endpoint investigation, identity monitoring, cloud security review, vulnerability-informed hunting, and detection improvement activities in enterprise, federal, or regulated environments. 

    Experience with Splunk, Microsoft Sentinel, Microsoft Defender, identity platforms, PAM tools, vulnerability management platforms, Jira, Confluence, MITRE ATT&CK, CISA Known Exploited Vulnerabilities, and government or open-source threat intelligence sources is preferred. 

    Desired certifications include Security+, CySA+, GCIH, GCIA, GCTI, GMON, CISSP, Microsoft security certifications, Splunk certifications, or comparable cybersecurity, SOC, incident response, or threat intelligence credentials.

  • The SOAR Engineer designs, configures, tests, maintains, and improves automation workflows that support the client’s security operations, incident response, monitoring, ticketing, notification, enrichment, and approved containment activities. Working as a member of the Monitoring and Engineering Working Group and in coordination with the Incident Response Management Team, the SOAR Engineer translates repeatable operational procedures into controlled automation that improves consistency, response speed, documentation quality, and escalation discipline.

    Primary Responsibilities

    The SOAR Engineer develops and maintains automation playbooks that support alert enrichment, event prioritization, ticket creation, responder notification, evidence collection, escalation routing, SLA tracking, and approved response actions. The Engineer works closely with the SOC/NOC Manager, SIEM Engineers, Lead Cybersecurity Engineer, PAM Engineer, Threat Intelligence/Threat Hunting Analyst, and compliance personnel to ensure automation supports operational requirements without bypassing required review, approval, or change control processes.

    The SOAR Engineer evaluates existing manual workflows and identifies steps that can be automated safely and repeatably. Candidate automation may include enrichment of alerts with asset, vulnerability, identity, endpoint, cloud, and privileged access context; creation or updating of tickets; routing of Critical and High events; generation of notification packages; attachment of supporting evidence; and execution of pre-approved containment actions. The SOAR Engineer validates each workflow before deployment and ensures automation outputs are understandable and usable by SOC/NOC analysts, incident responders, engineers, and management stakeholders.

    Key Activities

    • Designing, building, testing, and maintaining security automation workflows and incident response playbooks;

    • Configuring automation to enrich alerts with relevant asset, user, vulnerability, cloud, endpoint, network, and privileged access context;

    • Integrating SIEM alerts, ticketing workflows, notification services, endpoint actions, identity workflows, and approved response processes;

    • Supporting automated Jira ticket creation, ticket updates, evidence attachment, SLA tracking, routing, and escalation logic;

    • Coordinating with SIEM Engineers to ensure alerts contain the fields and event data required to trigger automation accurately;

    • Coordinating with SOC/NOC analysts to confirm automation outputs support triage, escalation, investigation, and shift turnover activities;

    • Coordinating with PAM and identity personnel when automation involves privileged access, suspicious authentication, account containment, or escalation of high-risk access events;

    • Reviewing automation runs to identify failed actions, duplicate tickets, routing errors, missing context, and playbook logic issues;

    • Maintaining playbook documentation, workflow diagrams, test results, implementation notes, and operational procedures in approved repositories;

    • Supporting change control by preparing technical descriptions, testing evidence, implementation steps, rollback procedures, and operational impacts for proposed automation changes;

    • Ensuring automation does not execute containment, isolation, access restriction, or other disruptive actions unless explicitly authorized through approved playbooks and client change control;

    • Providing automation metrics and improvement inputs for tool tuning logs, operational summaries, incident reviews, and performance reporting.

    Deliverables Supported

    The SOAR Engineer supports the Monthly Tool Tuning and Optimization Log, Quarterly Security Baseline Tuning and Optimization Log, SOP/playbook/knowledge base maintenance, incident response playbooks, automation workflow documentation, Monthly Security Control Gap and Recommendation Report inputs, Incident Report and After Action Report inputs, KPI/SLA dashboard inputs, Weekly Operational Summary inputs, and technical inputs to tabletop exercise planning and lessons learned.

    Required Qualifications

    The SOAR Engineer should have experience developing or maintaining security automation, incident response workflows, playbooks, ticketing integrations, alert enrichment, and operational escalation processes in enterprise security environments. 

    Experience with Microsoft Sentinel automation, Azure Logic Apps, Splunk automation or alert actions, Jira workflows, Microsoft Defender, identity platforms, PAM tools, cloud security logs, REST APIs, scripting, and security operations processes is preferred. Desired certifications include Security+, CySA+, Microsoft Security Operations Analyst, Microsoft Azure certifications, Splunk certifications, GCIH, GCIA, GMON, CISSP, or comparable cybersecurity, automation, cloud, or security engineering credentials.

  • The Security Compliance/RMF Analyst supports the client’s cybersecurity compliance, risk management, authorization, and continuous monitoring activities across enterprise systems, applications, cloud services, and supporting infrastructure. Working as a standing member of the Security Compliance Working Group (SCWG), the Analyst supports assessment and authorization activities, maintains RMF documentation, tracks POA&Ms, validates control evidence, supports audit readiness, and helps ensure that system security documentation accurately reflects the client’s operational environment and cybersecurity posture.

    Primary Responsibilities

    The Security Compliance/RMF Analyst supports the full RMF lifecycle by assisting with security categorization, control implementation documentation, security assessment preparation, continuous monitoring, POA&M management, Security Impact Analyses, audit artifact development, and authorization package maintenance. The Analyst reviews and updates system security documentation, validates body-of-evidence artifacts, tracks gaps and deficiencies, and coordinates with technical, operational, and compliance stakeholders to resolve open actions.

    The Analyst works closely with the ISSO/ISCM Lead, Vulnerability Management Lead, Lead Cybersecurity Engineer, Security Architect, PAM Engineer, SCRM/Emerging Technology Analyst, and Reporting and Metrics Analyst to ensure compliance activities are informed by operational findings, vulnerability data, configuration changes, incident trends, architecture updates, and supply chain or emerging technology risk. The Analyst helps translate technical findings into compliance actions, including POA&M updates, evidence requests, deviation documentation, risk acceptance recommendations, and authorization package updates.

    Key Activities

    • Maintaining and updating RMF and authorization artifacts, including System Security Plans, control implementation statements, inventories, contingency documentation, configuration management documentation, access evidence, and supporting body-of-evidence materials;

    • Supporting review and maintenance of A&A packages in the client’s approved governance, risk, and compliance platform; 

    • Mapping control implementation statements to supporting evidence maintained in approved repositories; 

    • Tracking POA&M items, milestones, remediation status, aging, closure evidence, and risk acceptance actions; 

    • Reviewing vulnerability, configuration, incident, privileged access, audit, and architecture inputs to identify compliance impacts; 

    • Supporting Security Impact Analyses for system changes, architecture updates, tool integrations, emerging technology use cases, configuration deviations, and material operational changes; 

    • Assisting with control inheritance, shared-control validation, reciprocity review, and documentation of system-specific exceptions;

    • Supporting audit readiness by preparing evidence packages, responding to evidence requests, tracking open audit actions, and validating closure documentation; 

    • Coordinating with technical teams to confirm whether findings are remediable, require technical exception, require POA&M tracking, require risk acceptance, or require escalation;

    • Supporting annual policy and procedure gap reviews, internal controls testing, SCA support, and control effectiveness reviews;

    • Providing compliance inputs to weekly status reports, monthly management reporting, ATO readiness trackers, POA&M dashboards, audit status reports, and decision logs.

    Deliverables Supported

    The Security Compliance/RMF Analyst supports A&A Packages per System, Security Compliance Status Reports, POA&M Status Reports, Security Impact Analyses, Configuration Management Risk and Decision Registers, Internal Controls Testing/SCA Reports, Control Effectiveness Review Reports, Audit Artifact Packages, Weekly Audit Status Reports, policy and procedure gap reviews, ATO readiness trackers, and compliance-related inputs to KPI/SLA dashboards and management briefings.

    Required Qualifications

    The Security Compliance/RMF Analyst should have experience supporting RMF, FISMA, NIST SP 800-53, NIST SP 800-53A, continuous monitoring, POA&M management, authorization package development, security control documentation, audit readiness, and cybersecurity risk reporting in federal, regulated, or enterprise environments. 

    Experience with tools such as Xacta, eMASS, Jira, Confluence, vulnerability management platforms, ticketing systems, and document repositories is preferred. Desired certifications include Security+, CAP/CGRC, CISSP, CISM, CySA+, GSEC, or comparable cybersecurity, risk management, compliance, or assessment credentials.

  • The Security Architect supports client’s Security Architecture and Modernization Working Group (SAMWG) by developing, reviewing, and improving cybersecurity architecture across THE CLIENT’s hybrid enterprise environment. The role provides architecture support for Zero Trust maturation, cloud and on-premises security design, identity and privileged access modernization, enterprise monitoring integration, emerging technology review, and security architecture documentation. The Security Architect works under the direction of the Lead Cybersecurity Engineer and in coordination with the ISSO/ISCM Lead, SIEM Engineer, SOAR Engineer, PAM Engineer, SCRM/Emerging Technology Analyst, and Vulnerability Management team.

    Primary Responsibilities

    The Security Architect develops and maintains current-state and target-state security architecture artifacts for THE CLIENT systems, services, and platforms. This includes documenting trust boundaries, identity flows, privileged access pathways, data protection considerations, cloud service integrations, shared services, monitoring requirements, and dependencies across Appian, AWS, Oracle, Microsoft 365, on-premises systems, enterprise applications, and supporting infrastructure.

    The Security Architect supports architecture reviews for new capabilities, modernization efforts, major system changes, technology refresh initiatives, cloud integrations, identity modernization, privileged access management, security service onboarding, and Zero Trust implementation activities. Reviews evaluate security design, operational impact, monitoring coverage, control inheritance, authorization boundary implications, configuration baselines, and integration with THE CLIENT’s existing technology environment.

    The Security Architect contributes to THE CLIENT’s Zero Trust Architecture roadmap by identifying gaps across identity, device, network, application, data, and visibility/control capabilities. The role develops practical recommendations that align with THE CLIENT’s existing tools, implementation sequencing, budget realities, and operational constraints. Recommendations are coordinated through the SAMWG and transitioned to the SCWG, M&E WG, and IRM Team when architecture changes affect authorization packages, control implementation, telemetry onboarding, incident response workflows, vulnerability exposure, or compliance documentation.

    Key Activities

    • Establishing and maintaining current-state and target-state security architecture baselines;

    • Supporting Zero Trust architecture planning, roadmap development, and implementation sequencing;

    • Reviewing proposed technologies, system changes, and modernization initiatives for security and operational impact; 

    • Developing reference architectures, architecture decision records, implementation guidance, and modernization recommendations;

    • Assessing identity, privileged access, cloud, application, endpoint, network, and data protection architecture considerations;

    • Identifying architecture gaps affecting monitoring, incident response, vulnerability management, compliance, and authorization readiness;

    • Coordinating with SIEM and SOAR engineers to ensure new architecture components generate actionable telemetry and can be supported by operational workflows;

    • Coordinating with the ISSO/ISCM Lead and RMF staff when architecture changes require updates to Xacta, Confluence evidence, system diagrams, control inheritance, Security Impact Analyses, POA&Ms, or risk acceptance documentation;

    • Supporting SCRM and emerging technology reviews, including AI-enabled capabilities, third-party services, cloud tools, and new cybersecurity technologies;

    • Providing architecture inputs to monthly roadmap products, strategic assessments, security architecture review findings, and management briefings.

    Deliverables Supported

    The Security Architect supports the Monthly Phase 2 Strategic Architecture Assessment, Monthly Phase 3 Strategic Roadmap, Routine Security Architecture Review Findings, Security Impact Analysis inputs, architecture baseline updates, modernization recommendations, Zero Trust status reporting, control inheritance documentation, and architecture-related inputs to A&A packages and management briefings.

    Required Qualifications

    The Security Architect should have experience designing, reviewing, or modernizing cybersecurity architecture in hybrid enterprise environments involving cloud services, identity platforms, privileged access, enterprise applications, monitoring platforms, and regulated systems. 

    Experience with Zero Trust principles, NIST SP 800-207, NIST SP 800-53, NIST Cybersecurity Framework, FISMA/RMF, cloud security, identity and access management, network segmentation, data protection, SIEM/monitoring integration, and federal cybersecurity documentation is preferred. 

    Desired certifications include CISSP, CCSP, CISM, cloud architecture/security certifications, SABSA, TOGAF, Microsoft/AWS/Oracle security credentials, or comparable architecture and cybersecurity credentials.

Let us know you’re interested in our open positions. Send resumés to info@pweconsultants.com

Apply