Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
Peraton is a next-generation national security company that drives missions of consequence across land, sea, space, air, and cyberspace. As a leading mission capability integrator and enterprise IT provider, we deliver trusted solutions to protect our nation and allies, supporting essential government agencies and every branch of the U.S. armed forces.
Collaborate with cross-functional teams to apply cybersecurity best practices across systems, applications, and cloud environments.
Lead portions of cybersecurity assessments across the technology stack, identifying vulnerabilities and recommending remediation strategies.
Assist in shaping cybersecurity risk management activities, helping prioritize and guide security initiatives to protect critical assets.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. Certified as a Great Place to Work® with 100% of employees saying they love working here, Rise8 offers a culture rooted in kindness, candor, and continuous learning.
Design, deploy, and maintain secure cloud environments in AWS and Azure with compliance to DoD frameworks.
Configure IAM, RBAC, and cloud networking like VPC peering and VPNs for secure operations.
Support Infrastructure-as-Code using Terraform, CloudFormation, and optimize cloud resources for cost and security.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. They deliver tailored solutions and trusted results to enable national security missions worldwide.
Oversee implementation of technologies to protect systems and data from cyber threats.
Synthesize data into actionable intelligence for incident response and situational awareness.
Provide expert insight and strategic recommendations for cybersecurity program direction.
LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Headquartered in Tysons, Virginia, LMI serves the defense, space, healthcare, and energy sectors with a focus on agility and collaboration.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Lead the design of secure, scalable, multi-tenant architectures for federal cloud and enterprise programs.
Align system architecture with federal security frameworks and translate policy into implementable design.
Serve as a technical authority on security architecture, guiding engineering teams and government stakeholders.
Aquia is a Veteran-founded digital services firm that helps the government modernize and secure its systems and processes. It is a certified Great Place to Work and a small business recognized as HHS Service-Disabled Veteran-Owned Small Business of the Year in 2024.
Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.
PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.
Perform detailed architecture and technical design reviews on the full stack for vendor solutions.
Conduct architecture reviews of Cloud Service Providers authorization packages to validate secure design and compliance.
Lead and conduct architecture interviews with CSPs to ensure critical control areas are designed to meet program requirements.
Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, the company prides itself on providing employees with great benefits and career development opportunities.
Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
Build the automation, logging, and evidence collection required for continuous compliance
Zafran's mission is to stop the exploitation of vulnerabilities everywhere, using an Exposure Graph that maps and neutralizes real attack paths. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, they are one of the fastest-growing companies in cybersecurity, with a culture of meaningful work and challenging teammates.
Work collaboratively with a team of assessors as a federal compliance specialist, planning and executing assessments for clients.
Draft audit observations, lead interview walkthroughs, and assess security vulnerabilities against appropriate frameworks.
Prepare and review assessment reports, educate clients on compliance activities, and manage priorities to achieve delivery targets.
Coalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. They are thought leaders, consultants, and cybersecurity experts, and a team of passionate problem-solvers with offices across the U.S. and U.K.
Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.
Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.
Design, deploy, and manage cloud infrastructure on FedRAMP-authorized platforms (AWS GovCloud, Azure Government, Google Cloud for Government) supporting Army workloads.
Lead technical execution of cloud migration efforts including workload assessment, lift-and-shift, re-platforming, and cloud-native refactoring.
Implement Infrastructure as Code (IaC) using Terraform, AWS CloudFormation, Azure Bicep, or equivalent tools to automate provisioning and configuration management.
Empower AI provides AI solutions for government agencies, helping federal leaders enhance workforce potential through practical transformation. Headquartered in Reston, VA, the company leverages over 30 years of experience in Health, Defense, and Civilian missions, and is recognized as a 2024 Military Friendly Employer.
Design and manage scalable AWS cloud infrastructure with automation and IaC.
Develop CI/CD pipelines and ensure security, performance, and cost efficiency.
Collaborate with development teams to tailor AWS solutions for application needs.
Mind Computing seeks a full-time DevOps Engineer for a project with the Department of Veterans Affairs. The company offers remote work options and benefits like 401(k) with employer match.
Conduct IT and cybersecurity risk assessments across systems, applications, and business processes.
Lead audit readiness activities for frameworks like SOC 2, HIPAA, and NYDFS.
Manage security policies, third-party vendor assessments, and develop risk dashboards.
Jobgether uses an AI-powered matching process to connect candidates with hiring companies. They focus on efficient, objective application review and are a remote-first organization.
Design and implement security best practices for application modernization and cloud migration initiatives.
Secure ASP.NET Core applications using modern authentication and authorization frameworks.
Configure and manage AWS security services including IAM, Secrets Manager, KMS, WAF, GuardDuty, and CloudTrail.
Fastwater Staffing is a staffing firm connecting talent with contract opportunities. They focus on matching skilled professionals with government and enterprise clients.
Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.
Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.
Champion a security-first mindset within Engineering to set the security posture of platform infrastructure.
Design and build automation that makes compliance evidence continuous and translates HITRUST controls into tests.
Embed security into the platform by default through guardrails, policy-as-code, and well-documented patterns.
Redox accelerates healthcare transformation with useful data via its interoperability platform. The fully remote US-based team operates with radical transparency and ownership.
Design, deploy, and operate secure cloud infrastructure across AWS and AWS GovCloud to support regulated deployments.
Drive platform reliability, release operations, and incident response for production and customer-facing systems.
Translate compliance obligations into practical engineering work, including access controls, monitoring, and documentation.
Arch Systems empowers discrete manufacturing facilities with deep data insights for optimal efficiency and proactive decision-making. As a remote-first company with a passionate, multidisciplinary team, they foster innovation and collaboration among employees.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Own the end-to-end software delivery lifecycle, designing and operating the DevSecOps pipeline from code intake to secure production deployment.
Define and scale hosting architecture in DoD IL-5/IL-6 environments, integrating security and compliance directly into the delivery process.
Lead transition from existing government-furnished environments to a scalable, long-term production system with zero-downtime deployments.
Red Cell Partners is an incubation firm building and investing in rapidly scalable technology-led companies in healthcare, cyber, and national security. DEFCON AI, a portfolio company, leverages AI and optimization for resilient complex systems; the overall firm culture is mission-driven and fast-paced.