Build Your Career in Cybersecurity -
YOUR WAY

PURPOSE:

The role of the vCISO provides the expertise required to properly scope and deliver cybersecurity solutions and services to our clients. They work closely with our clients to deliver risk management services that align industry best practices and regulatory requirements. The vCISO will identify risks and compliance gaps and collaborate with clients to prioritize and execute cybersecurity initiatives.

• Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes
• Performs cybersecurity risk assessments to identify and document client risks in accordance with industry best practices and regulatory bodies to include CMMC,
• DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, PCIDSS, and MITRE ATT&CK
• Continually manages risk management plans, milestones, and quarterly objectives to track progress and anticipate/notify of potential issues
• Collaborates with IT resources and key stakeholders from other business units to assess impacts to business processes, consider compensating controls, and effectively communicate risk remediation initiatives
• Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, and senior management
• Leads cybersecurity engineering resources to deliver vulnerability management, endpoint protection, privilege and identity management, network security, etc.
• Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders
• Conducts vendor risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies
• Works closely with Ascend’s cybersecurity team to report issues, develop process improvement strategies, and ensure service success
• Writes and updates cybersecurity policies and procedures aligned with client requirements
• Leads cybersecurity training, tabletop exercises, and marketing events
• Other Responsibilities as assigned by management

MINIMUM SKILLS, EDUCATION AND EXPERIENCE

• 5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.)
• 5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices
• One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent
• Proven success managing business risk, conducting vendor risk assessments, and executing cybersecurity controls
• Working knowledge of Microsoft 365, Azure Active Directory/Active Directory, Security Awareness strategies, and Vulnerability Management practices
• Excellent analytic, problem-solving, active-listening and decision-making skills
• Excellent presentation, writing, interpersonal and communication skills
• Comfortable engaging at executive levels to influence and provide strategic insight
• Experience and/or strong desire to work in a fast-paced environment with evolving conditions

PREFERRED SKILLS, EDUCATION AND EXPERIENCE

• 5+ Years experience in Incident Response and Digital Forensics
• Industry Specialized Certifications for PCI DSS, HITRUST, etc.
• Working knowledge of PowerShell, Threat Hunting Techniques, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms
• Bachelor’s degree in computer science, management information systems, information Technology, engineering, mathematics, or a related field

At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.

CORE VALUES

We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:

• Committed to Client Success: Our actions and our words always align with the best interest of the client.
• One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
• Integrity: We are unquestionably committed to doing the right thing even when it is hard.
• Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
• Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.

PHYSICAL DEMANDS:

Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs., such as laptop, server equipment, and, driving to the work site to meet with client(s).

Starting Salary: $122,000/year

Summary

Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience.

Our mission is simple: End Cyber Risk. We’re looking for a Lead Application Security Engineer to be a part of making this happen.

About the Role

The Lead Application Security Engineer role is responsible for implementing measures to ensure the security of Arctic Wolf software systems, applications, code, and related components. This role will work within our Information Security Engineering team to deploy and operationalize technical security capabilities with open collaboration with the Research and Development Team.

About Arctic Wolf

At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named among the list of Top Workplaces in USA, Minnesota (2021-2024), and Texas (2023-2024), Best Places to Work San Antonio (2023, 2024) and Minneapolis/St. Paul (2022-2024), Great Place to Work - Canada (2021-2024), and on the list of Best Workplaces in Technology (2024) in Canada. As well as on Fortune’s Best Place to Work for Millennials (2023) and Top Technology Workplace (2023) lists.

• Develop secure coding & secure design principles.
• Train developers, architects, code reviewers, and others on secure coding practices.
• Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams.
• Develop standards and training for security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability management.
• Work with development teams throughout the entire SDLC to ensure code is secure by design, secure by default, secure in deployment and communication, and automated.
• Help software development teams to understand and remediate security findings within prescribed timelines.
• Research and review any reported or suspected application vulnerabilities from third party library and source code.
• Implement, configure, and train/document off-the-shelf application security technologies in the Arctic Wolf internal environment.
• Create technical approaches to implementing application security control technologies. Perform risk assessments of identified vulnerabilities and mitigations.
• Contribute to a world-class security program that supports Arctic Wolf’s tremendous growth.
• Mentor and coach team members to further develop competencies.
• Assist in developing security related libraries and tools to facilitate operations within our environment.
• Security metrics delivery and improvements.
• The ability to effectively partner and communicate with Engineering and Product teams.

Required Qualifications

• A bachelor's degree in computer science, Information Systems, Engineering, cybersecurity or related technical field; or equivalent experience.
• 7+ years of experience in security or infrastructure engineering Including assessing and escalating to vendors for troubleshooting purposes.
• Thorough understanding of modern software development practices.
• Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation.
• Experience in deploying application security technologies such as SAST, DAST, IAST, SCA, etc.

Preferred Qualifications

• Familiarity with cloud infrastructures, with Amazon Web Services (AWS) and/or Azure considered a strong plus.
• Familiarity with containerization technologies such as Docker and/or Kubernetes is a huge plus.
• Analytical and quantitative skills with proven experience in developing strategic solutions.
• Significant prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws.
• Experience working in regulated environments (SOX, ISO 27001, etc).
• One or more Industry Certifications – (CISSP, CCSP, CSLP, OSCP, OSWE, GPEN, GWAPT, CEH, etc).

Our Values

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.

All wolves receive compelling compensation and benefits packages, including:

• Equity for all employees
• Flexible time off, paid volunteer days, and paid parental leave
• 401k & RRSP matching program
• Enhanced maternity leave and fertility support services
• Robust Employee Assistance Program (EAP) for mental health services
• Training and career development programs

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.

Security Requirements

• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
• Background checks are required for this position.
• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.

Red Team Operations Lead

Key Role:

Operate as a Red Team Operations Lead conducting advanced adversary emulation operations against real-world targets in varying environments and active network defenders. Lead a small team through the design, development, and decision-making in the execution of red team operations. Ensure that operations complete objectives within the designated timeline and status is communicated to leadership on a regular basis and develop comprehensive and accurate reports and presentations for both technical and executive audiences. Ensure the post operations technical report and support activities are completed within the required timeline. Develop scenarios and artifacts that mimic real-world adversary groups for simulated testing. Improve team tradecraft, techniques, tactics, procedures, infrastructure, and tooling. Provide support and mentorship to other Red Team operators.

NA

Basic Qualifications:

• 10+ years of experience with cybersecurity
• 5+ years of experience with Red Teaming, Purple Teaming, Penetration Testing, or tool development
• Experience with hands-on keyboard during multiple Red Team engagements, and planning and leading Red Team engagements
• Experience with common Penetration testing and Red Team Tools, including Mythic Cobalt Strike, Sliver, Brute Ratel, or Nighthawk
• Experience with Command-and-Control channel frameworks, offensive infrastructure deployment, Cloud technologies, reverse engineering malware, data obfuscation or encryption, Active Directory, and authentication-type technologies
• Experience with OPSEC-focused infrastructure implementation, including Docker, Redirectors, or Mail Servers, and exploit development in Windows and Linux environments
• Knowledge of Red Teaming Methodology, including Recon, Exploitation, Persistence, Lateral Movement, Post Exploitation, and Exfiltration
• Ability to explain the tools and techniques to be used during each phase and their purpose with OPSEC considerations
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor's degree in CS, IT, or Engineering

Additional Qualifications:

• Experience with wireless and Radio Frequency technologies, including Bluetooth or 802.11
• Experience with scripting and editing existing code and programming, C#, C++, Python, or GO
• Experience with Rapid Development of offensive-focused tooling and tradecraft
• Experience with phishing and other social engineering tactics
• Experience with assembly languages, including x86 or reverse engineering
• CISSP, CEH, OSCP, CRTO, GPEN, GXPN, OSCE, OSWE, GCIH, or GWAPT certification

Vetting:

Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $84,600.00 to $193,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model

Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.