Looking for challenging and rewarding work alongside some the best in the business? Energized by finding new solutions and technologies that benefit your clients, improve efficiency, and make buildings and the environment better? Eager to work in a setting where you can make a difference, be involved from strategy through implementation, and can see your ideas come to life? Do you thrive in an environment where initiative is rewarded with opportunity? If your answer to these questions was a “Yes” then our client may be the right fit for you.

And a few more things -- are you flexible in your work schedule and work location? Our work allows for some work from home, but it also requires us to be hands-on for our clients when and where they need us. Are you up for a little adventure? Our client performs work in some interesting places well worth visiting, and you might want in on that.

The Work:

The Cybersecurity Engineer is a Subject Matter Expert in applying the Risk Management Framework (RMF) and will be responsible for managerial direction and development of one or more projects under the supervision of the Cybersecurity Program Manager. The Project Manager will manage and interface with key clients and cultivate effective relationships with existing and potential stakeholders and partners to develop business, prepare proposals, negotiate contracts, and oversee the successful delivery of projects. This position works collaboratively with the Program Manager and other team members to support network discovery, developing hardware/software lists, and developing network diagrams. As part of a multi-disciplinary team the Project Manager will advise, implement, and manage cybersecurity and control system solutions for SCADA, HVAC, Fire Alarm/Life Safety Systems, and Electronic Security Systems and ensure projects are aligned, and closely with leadership in the successful growth and management of the program, ensuring that financial goals and objectives are maximized.

• Oversee the application of the RMF to client systems
• Provide project capabilities in design, network system documentation, and identification of FRCS and IT components
• Lead and perform logical scans to locate FRCS components and assess network architecture and connectivity
• Lead the completion of detailed network diagrams and network dataflow diagrams
• Implement risk management programs for our federal clients
• Enhance cyber awareness with clients and project teams
• Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response
• Establish security controls to ensure the protection of client systems
• Implement cutting edge security tools for our federal clients
• Create, implement, and maintain project plans for on-going and new initiatives
• Document meetings minutes and action items and disseminate to meeting participants
• Monitor status of action items through effective tracking tools and communication of progress and assist with closing of action items
• Create, draft, and review project documentation

Here's What You Need:

• 7+ years of experience performing network discovery, developing hardware/software lists, and developing network diagrams.
• Strong leadership skills with experience managing teams
• In-depth experience implementing the Risk Management framework
• IT/OT network design experience
• Experience designing and configuring servers, switches, workstations.
• Experience designing and programming control system devices.
• Experience working with RMF and NIST 800-53
• Experience working with UFGS 25 05 11
• Experience working with cyber security tools

• Bachelor’s Degree in computer science, cybersecurity, or related engineering field or equivalent combination of training and experience
• AT Level II Certification Required (CCNA-Security, GICSP, GSEC, Security+ CE, or SSCP certification), AT Level III Certification Preferred (CISSP)
• Certifications in Cisco, Juniper, Moxa, and/or other Network Switches Preferred
• Certifications in MS Windows Server, Active Directory, Enterprise OS Preferred
• Certifications in Linux Operating Systems Preferred
• Project Management Professional (PMP) Preferred
• Registered Communications Distribution Designer (RCDD) Preferred

Equal Employment Opportunity Statement

Talent Acquisition Concepts is an Equal Opportunity Employer. We do not discriminate against anyone because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion, or sexual orientation.

Talent Acquisition Concepts is committed to providing veteran employment opportunities to our service men and women.

Other Employment Statements

Applicants for employment must be US citizens and be able to pass security screens, up to Top Secret level, due to the nature of who we work for.

Applicants must be able to work a full day on a project site, combined sitting, standing, walking, and in front of the monitor. We can guarantee you won’t be bored!

Applicants must be able to stand, climb ladders, stairs, and get to wherever the problem is so you can see it for yourself.

The candidate must be proficient in:

• Understanding and background with Intrusion Detection Systems and SIEM products.
• Background in Incident Response.
• Understanding and background with Firewalls and Networking.
• Background in multiple Operating Systems and Cloud Environments. Linux, Windows, AWS, Azure.
• Excellent written and verbal communication skills in English.

Key Responsibilities

• Conduct or coordinate vulnerability scans, and penetration tests on systems, document findings, and recommend risk mitigation strategies.
• Operate, administer and monitor network and host-based intrusion detection/prevention systems.
• Assist other technical support staff in identifying and implementing appropriate security safeguards, including patch application and anti-malware strategies.
• Analyze network traffic, intrusion attempts, activity logs, and system alerts for trends, anomalies, and potential security breaches.
• Develop scripts, tools, and procedures to automate scans, assessments, and other monitoring and discovery activities.
• Perform other duties as assigned.

Arduino’s mission is to enable people to enhance their lives through accessible open-source electronics and digital technologies. Since 2005 millions of people from around the world starting from young kids to university students and on to people involved in every imaginable profession have been using Arduino to innovate in the fields of music, games and toys, smart homes, farming, autonomous vehicles and many more.

We are now looking for a Sr Cloud Security Engineer to join our team of expert professionals eager to share their knowledge and be part of this vibrant company’s journey towards the democratization of technology. You will be responsible for ensuring the security of Arduino Software and Cloud platforms and also for fostering awareness inside the company about security best practices.

Arduino is a technology-driven company, and you will have the opportunity to join a passionate and collaborative team, within a multinational and driven organization.

What We Offer

• A challenging career path in a rapidly growing company with a modern vision and talented teams.
• A competitive salary (and benefits) that values people's skills and experience.
• A young and inspiring work environment that encourages diversity and cultural exchange.
• Individual growth objectives with a dedicated budget for learning/training.
• Flexible working hours and working locations, we value work-life balance!
• A meaningful work opportunity in a mission-driven company committed to empowering people around the world.

And if you live near one of our offices…

• Ping pong and football tournaments (sport or gym benefit is also included for everyone!).
• Seasonal celebrations, happy hours, and everyday drinks and snacks at the office.
• Sunny rooftop lunch breaks and hamacas for relaxation and concentration.

What you'll work on

• Make sure that the data we are trusted to protect is secured to the highest standards;
• Guiding the Development and DevOps teams on Security Best Practices;
• Provide security guidance on a constant stream of new projects and technologies;
• Provide subject matter expertise on architecture, authentication and system security
  • Design, implement, and manage security solutions for AWS environment through IaC technologies;
  • Implement and manage standard AWS security tools including but not limited to AWS Security Hub, AWS GuardDuty, Inspector, CloudTrail, WAF, KMS, Config, IAM Access Analyzer.
• Building secure CI/CD pipelines adopting DevSecOps principles for our applications (Harness Drone, Jenkins, GitHub Actions);
• Developing internal tooling and systems that help daily work of our Development and DevOps teams, on top of Cloud services, Kubernetes, Terraform;
• Build internal tools for detecting and responding to security problems and incidents
  • Monitor cloud environments for security incidents and anomalies, and respond to suspected incidents in a timely manner;
  • Collaborate with Infrastructure and Application development teams to integrate security controls in the cloud using standardized configuration tools;
• Make intelligent decisions around prioritization of efforts based on risk;
• Ensure alignment and compliance with ISO 27001 and provide definition of Security policy for all the organization, including Training of company employees on security policy.

What you bring

• Bachelor or Master Degree in Computer Science or related field, or equivalent experience;
• 5+ years of experience in security engineering or comparable experience (DevOps, SRE);
• Experience in Containerisation / Orchestration with Docker and Kubernetes;
• Strong, well-rounded background in host, network, and cloud security;
• Experience in designing and definition of secure cloud native systems;
• Experience with applied cryptography including PKI, SSL, and key management;
• Expertise with modern programming languages and software versioning tools (GIT/GitHub);
• Knowledge of relevant security compliance, standards and regulations (e.g. ISO, NIST, GDPR, CIS);
• Knowledge of internet security issues and the threat landscape (e.g. MITRE ATT&CK, CVEs, CWE);
• Experience with security monitoring, incident detection and response to suspected incidents in a timely manner;
• Experience with Vulnerability Management, Threat modeling, Risk Assessment and Risk Mitigation;
• Good written and oral communication skills in English;
• Ability to work with cross-functional teams (including developers, engineers, and IT) and to explain technical concept to non-technical audience (eg training to employees);
• Skilled in problem-solving;
• Analytical skills; result oriented and continuous learning approach.

Bonus Points

• Previous experience working with Infrastructure and DevOps
• Working experience with cloud providers like AWS or GCP
• Working knowledge of Cloudflare, Auth0, Datadog
• Experience with Arduino or other microcontrollers
• Experience with hardware security
• Experience with the Go programming language

If you're excited about this role or about our company but your experience doesn't align perfectly with the points outlined above, we strongly encourage you to apply anyways. Show us the boards you designed! If in any case we feel you don’t fit for this job we may have something else for you!