Summary

The Information Security Risk Lead is responsible for the oversight and execution of the company’s Information Security function, as it relates to the design, development, implementation, and monitoring of the Information Security Risk Management program. Additionally, this role will lead the maturation and evolution of the risk management tools and methods, as well as ensuring comprehensive reporting of all security risks. The Information Security Risk Lead will work across the security team to promote awareness of the risk management program and desired risk culture. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.

• Lead the execution and maturation of the information security risk management program
• Perform targeted risk assessments to identify and report on strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks
• Manage and oversee the implementation and maintenance of an Enterprise GRC tool
• Work effectively with leads across the Information Security team to assist with identifying, measuring, and planning remedial action plans for information security risks
• Document and maintain workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls
• Create and present risk posture and recommendations to Information Security leadership
• Perform ad-hoc assessments, analysis, and reports as needed to support the team’s needs
• Foster and maintain good relationships with business partners and colleagues to meet expected service levels.
• Research and recommend new tools and technologies to gain efficiencies and enable functionalities.
• Deliver schedule milestones on-time to ensure project/program objectives are met.
• Performs other duties as assigned.

Required Qualifications

• Bachelor's degree required in Information Security, Information Technology, Management Information Systems
• Seven (7) years or more experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs
• Seven (7) years or more experience with cybersecurity and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.)
• Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate
• Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate
• Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process intermediate
• Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ) intermediate

​

Preferred Qualifications

• Master's degree preferred Information Security, Information Technology, Management Information Systems
• Knowledge of Common Controls Hub - Unified Compliance Framework (UCF) intermediate
• Knowledge of Standardized Information Gathering (SIG) Questionnaire intermediate
• Knowledge of AICPA SOC for Service Organizations intermediate
• Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) or Certified Cloud Security Professional (CCSP) credentials or International Association of Privacy Professionals (IAPP)

NA

Network Security Engineer Unlimited PTO & Bonus! - mid-level

​

Are you looking for an exciting opportunity to advance your career in a dynamic and supportive work environment? Join our team as a Network Security Engineer, where you'll have the chance to work on cutting-edge technologies, enjoy unlimited paid time off, and earn performance-based bonuses!

​

Mid-Level Engineer:

• Comfortable working onsite with customers
• Ability to migrate from Cisco / Checkpoint or Fortinet firewalls to Palo Alto or Cisco Firewalls
• Strong knowledge of security policies, NAT, VPNs, and advanced threat prevention.
• Solid understanding and hands-on experience with enterprise-grade routing and switching.
• BGP experience is essential
• EIGRP, OSPF, and VLAN implementation
• Should have Cisco CCNA or higher and or Palo Certs or have had at one point
• Some experience with cloud (Azure/AWS/GCP) networking
• Consistent work history is required; frequent job changes (annually) are not acceptable.

• Participate in professional service projects for configuring, implementing, and migrating various network technologies (routers, switches, firewalls, WLAN controllers) while delivering a superior customer experience.
• Serve as an escalation point for critical or advanced issues within our Managed Services team.
• Implement and support network and security appliances for customers both on-premises and in the cloud, managing network and firewall migrations for multiple clients.
• Troubleshoot complex network and security issues, ensuring smooth and secure operations.
• Interpret and apply compliance and security standards (SOX, SOC2, PCI), creating reliable, repeatable controls for customers.
• Perform network assessments, providing actionable recommendations to enhance security and performance.
• Collaborate with clients to implement security policies that meet their unique needs.
• Provide network hardware/software support, including maintaining documentation and diagrams for multiple customers.
• Resolve customer and network issues efficiently via phone or email, while offering exceptional service.

Required Qualifications:

• A college degree in Engineering or 7+ years of technical experience as a Network/Security Engineer.
• Expertise in implementing solutions for large data centers and inter-office routing and switching.
• In-depth knowledge of networking protocols such as EIGRP, OSPF, BGP, SD-WAN.
• Hands-on experience with Cisco Nexus (7K, 5K, 2K), Cisco Enterprise Networking, Cisco Firepower Threat Defense Appliances, and Palo Alto Firewalls.
• Excellent troubleshooting, verbal, and written communication skills.
• Ability to juggle multiple projects and escalated issues with a positive, team-building attitude.
• Flexibility to participate in an on-call schedule for after-hours support as needed.

​

Preferred Qualifications:

• Preferred certifications (but not required) include Cisco CCNP (Routing and Switching, Enterprise), Cisco CCDP, Palo Alto PCNSA, or PCNSE.

Why You'll Love Working Here:

• Unlimited PTO because we value work-life balance and know you'll work better when rested.
• Performance-Based Bonuses your hard work and dedication won’t go unnoticed.
• A supportive team that values collaboration, continuous learning, and professional growth.
• The chance to work with cutting-edge technologies and make a real impact on securing networks.

​

If you're ready to take the next step in your career and work in a place that rewards innovation and teamwork, we'd love to hear from you! Apply today and be part of a growing team that prioritizes both personal and professional success.

​

_Laurie Roth

President/Sr. Consultant

DSN-IT

561-923-9505

lr@dsn-it.com

www.dsn-it.com

https://www.linkedin.com/in/laurie-jane-roth-084769/_

Red Team Operations Lead

​

Key Role:

​

Operate as a Red Team Operations Lead conducting advanced adversary emulation operations against real-world targets in varying environments and active network defenders. Lead a small team through the design, development, and decision-making in the execution of red team operations. Ensure that operations complete objectives within the designated timeline and status is communicated to leadership on a regular basis and develop comprehensive and accurate reports and presentations for both technical and executive audiences. Ensure the post operations technical report and support activities are completed within the required timeline. Develop scenarios and artifacts that mimic real-world adversary groups for simulated testing. Improve team tradecraft, techniques, tactics, procedures, infrastructure, and tooling. Provide support and mentorship to other Red Team operators.

NA

Basic Qualifications:

​

• 10+ years of experience with cybersecurity
• 5+ years of experience with Red Teaming, Purple Teaming, Penetration Testing, or tool development
• Experience with hands-on keyboard during multiple Red Team engagements, and planning and leading Red Team engagements
• Experience with common Penetration testing and Red Team Tools, including Mythic Cobalt Strike, Sliver, Brute Ratel, or Nighthawk
• Experience with Command-and-Control channel frameworks, offensive infrastructure deployment, Cloud technologies, reverse engineering malware, data obfuscation or encryption, Active Directory, and authentication-type technologies
• Experience with OPSEC-focused infrastructure implementation, including Docker, Redirectors, or Mail Servers, and exploit development in Windows and Linux environments
• Knowledge of Red Teaming Methodology, including Recon, Exploitation, Persistence, Lateral Movement, Post Exploitation, and Exfiltration
• Ability to explain the tools and techniques to be used during each phase and their purpose with OPSEC considerations
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor's degree in CS, IT, or Engineering

​

Additional Qualifications:

​

• Experience with wireless and Radio Frequency technologies, including Bluetooth or 802.11
• Experience with scripting and editing existing code and programming, C#, C++, Python, or GO
• Experience with Rapid Development of offensive-focused tooling and tradecraft
• Experience with phishing and other social engineering tactics
• Experience with assembly languages, including x86 or reverse engineering
• CISSP, CEH, OSCP, CRTO, GPEN, GXPN, OSCE, OSWE, GCIH, or GWAPT certification

Vetting:

Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.

​

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

​

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $84,600.00 to $193,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

​

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

​

Work Model

Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

​

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.