IT Solutions Security Engineer

That's where you come in. We're looking for a mid-level technical lead to be responsible for safeguarding the organization's digital infrastructure while ensuring strict adherence to industry and federal compliance standards. This role focuses on the intersection of security operations and regulatory governance, specifically managing CMMC and ISO compliance frameworks.

The ideal candidate will bridge the gap between high-level security strategy and hands-on technical execution. They will be responsible for active threat hunting, vulnerability management, and the rigorous review and approval of OS updates to maintain a secure and stable environment. As a key member of the security team, you will leverage enterprise tools like SentinelOne to detect, respond to, and mitigate advanced threats across our global footprint.

This is a hybrid role, requiring at least two days per week on site at Reingold's headquarters in Alexandria, VA., * Compliance Management: Lead the internal auditing, documentation, and continuous monitoring required to maintain CMMC and ISO certifications.

• Threat Hunting & Incident Response: Proactively identify hidden threats and vulnerabilities within the network using SentinelOne and other SIEM/EDR platforms; lead remediation efforts for security incidents.
• DevSecOps Integration: Integrate security controls and automated testing into the software development lifecycle (SDLC); collaborate with development teams to ensure secure coding practices and "shifting left" security.
• Automated Security Pipeline: Maintain and optimize automated security scanning tools (SAST/DAST) within CI/CD pipelines to identify vulnerabilities early in the deployment process.
• Patch & Lifecycle Governance: Conduct technical reviews and risk assessments for OS updates and software patches, serving as the final approval authority before deployment to production environments.
• Security Architecture: Design and implement scalable security solutions for cloud and on-premises environments, ensuring "security by design" in all IT projects.
• Vulnerability Management: Perform regular scans and penetration testing simulations; prioritize and coordinate the mitigation of identified risks.
• Policy Development: Draft and update System Security Plans (SSP), Incident Response Plans, and standard operating procedures (SOPs) to align with evolving regulatory requirements.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change, or new ones may be assigned at any time.

• Experience: 4-6 years of experience in cybersecurity, system administration, or a related IT field.
• Technical Proficiency: Deep hands-on experience with SentinelOne (or similar EDR tools), Microsoft 365 Security Center, and network security monitoring tools.
• DevSecOps Proficiency: Proven experience with CI/CD tools (e.g., GitLab, Jenkins, or GitHub Actions) and integrating security tooling like SonarQube, Snyk, or Aqua.
• Compliance Knowledge: Proven track record managing CMMC (Level 2+) and ISO 27001 frameworks, including audit preparation and control implementation.
• Infrastructure as Code (IaC): Familiarity with securing IaC templates (Terraform, CloudFormation, or Ansible) and container security (Docker/Kubernetes).
• Systems Expertise: Strong understanding of Windows and macOS security hardening, as well as Linux server environments.
• Certifications: (Preferred) CISSP, CISA, Security+, or specialized DevSecOps certifications (e.g., Certified DevSecOps Professional).

Required:

• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related technical field., Applicants must have authorization to work for any employer in the United States. We are currently unable to sponsor or to take over sponsorship of an employment visa. U.S. citizenship may be required for future project assignments that involve access to classified information. Candidates must be able to obtain and maintain a U.S. government security clearance if required.

When you work at Reingold, you get more than a job, you get a community. We offer competitive salaries, a comprehensive benefits package, a dynamic hybrid work environment, a vibrant workplace and growth opportunities in a variety of specialty areas. That means when we find great people (and they find us), they stick around for the long term.

Reingold is a full-service marketing and creative firm in Alexandria, VA. For more than 40 years, we've been driven by a simple mission: to help organizations - whether in the government, nonprofit, or business sector - as they strive to make the world a better place. We hire top-notch talent to develop and launch compelling, inventive communications campaigns, leveraging the latest technology and digital media strategies that enable our clients to meet their audiences where they are. We're proud to say we've built a team of curious, passionate pros - from marketers and tech wizards to designers and strategists - who love what they do and bring their A-game every day. We take our work seriously, but not ourselves. We believe great ideas come from collaboration, humor, and a little bit of fun along the way., Reingold has a policy of maintaining a workplace free of drugs and alcohol. For access to the full policy, which is part of the Reingold Employee Handbook, email [emailprotected]. Reingold ensures a safe, healthy, and productive work environment for its employees and others. All applicants are advised that full compliance with this policy is a condition of employment at Reingold.