Analysis Skills, Asset Management, Atlassian JIRA, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Certified Financial Planner (CFP), Cloud Computing, CompTIA Security+, Computer Science, Computer Security, Conferences, Customer Support/Service, Defense Information Systems Agency (DISA), Detail Oriented, Documentation, Enterprise Protection, GIAC - Global Information Assurance Certification, GNU C Compiler, Gap Analysis, Government Contracts, Hunting, ISO (International Organization for Standardization), IT Requirements, Incident Management, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Loss Prevention, Microsoft Product Family, Microsoft Windows Azure, Network Systems, Operational Support, Records Management, Regulations, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Root Cause Analysis, Secret Clearance, Security Analysis, Security Architecture, Security Information and Event Management (SIEM), Software Patches, Technical Writing, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Willing to Travel
Information Security Engineer
Full-time
Huntsville, Alabama
About Us
Trideum Corporation is a 100% employee-owned company, committed to embracing the worlds toughest challenges with a servants heart. Through dedicated hard work and commitment, we provide distinctive quality and unparalleled customer service in all aspects of our business. We also know that our employees are the key to our success, and it is our mission to take care of them so they can take care of our customers and communities where we live, work, and play.
Position Summary
Trideum is seeking a skilled and detail-oriented Information Security Engineer at our Huntsville, Alabama headquarters to plan, design, implement, and sustain enterprise-wide security solutions across our corporate environment in support of Trideum's Department of Defense and government contracting mission. This role is responsible for security architecture, compliance posture, information and data security, technical documentation, and classified system authorizationoperating as a key individual contributor within a small cyber team responsible for Trideum's entire enterprise security program. This is an onsite position at our headquarters office in Huntsville, AL.
What Youll Do
- Architect and maintain security hardened baselines and controls for systems, endpoints, networks, cloud workloads, and containers in alignment with Cybersecurity Maturity Model Certification (CMMC), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), ISO 27001, SOC 2, and Center for Internet Security (CIS) standards
- Design and maintain security architecture artifacts including network, system, component, and data flow diagrams aligned to the organization's compliance and operational requirements
- Design, configure, and maintain Microsoft Purview information protection solutions within Microsoft 365 GCC Highincluding sensitivity labels, Data Loss Prevention (DLP) policies, and custom Sensitive Information Types (SITs)to classify and protect Controlled Unclassified Information (CUI) across the enterprise
- Administer Purview risk and compliance capabilitiesInsider Risk Management, Communication Compliance, eDiscovery, Information Barriers, Records Management, and Compliance Managerto support governance, audit readiness, and regulatory obligations
- Support and execute the RMF authorization process for Trideum's corporate classified labincluding System Security Plan (SSP), Security Assessment Report (SAR), Authority to Operate (ATO) package, continuous monitoring, and artifact management in Enterprise Mission Assurance Support Service (eMASS)
- Sustain and mature Trideum's CMMC compliance posture through ongoing control monitoring, internal assessments, gap analyses, and audit readiness activities
- Contribute and maintain the full body of compliance documentationsecurity policies, standards, procedures, evidence packages, and assessment artifactsrequired to satisfy CMMC, RMF, and applicable regulatory frameworks and support internal reviews and third-party audits
- Maintain Plan of Action and Milestones (POA&M) and Organizational Plan of Action (OPA) records; actively track, coordinate, and drive remediation of security deficiencies across the enterprise
- Perform security impact analyses on change requestsassessing risk, documenting findings, and providing recommendations for approval or denialfor manager review and final determination
- Leverage the full Microsoft security stackDefender, Microsoft Sentinel, Entra ID, Intune, Purview, and Azure Log Analyticsto validate control coverage and inform architecture decisions
- Perform and coordinate vulnerability management using Tenable Security Center and Microsoft Defender Vulnerability Management; validate hardening posture with CIS-CAT Pro and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
- Conduct threat modeling of services, applications, and infrastructure tied to organizational risk and data classification; define how new systems and interfaces impact the current security posture
- Support Security Operations Center (SOC) functions through Security Information and Event Management (SIEM) rule development, threat hunting, incident triage, and root cause analysis alongside the Cybersecurity Analyst
- Coordinate security requirements across IT workflowschange, configuration, patch, and asset managementvia Jira
Travel: 0-10% - Occasional travel may be required to Trideum branch offices, customer sites, or professional development conferences
Requirements and Qualifications
- U.S. citizenship and must possess an Active Secret Clearance
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field preferred
- Relevant certifications desired: SC-400 (Microsoft Purview Information Protection), AZ-500 (Microsoft Azure Security Engineer), CompTIA Security+, GIAC Security Architect (GDSA), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)
- Commitment to professional growth and continuous learning
We Take Care of Our People
Whether youre looking to launch a new career or grow an existing one, Trideum is the type of company where you can balance great work with great life because we believe that taking care of our people is the right thing to do. Trideum offers:
- Competitive pay based on the work you do here and not your previous salary.
- Traditional benefits such as medical, dental, vision, life, disability, and 401k matching.
- Employee Stock Ownership Plan (ESOP).
- Paid leave and the ability to cash out leave.
- Free access to certified financial planners, wellness and support services, and discount programs.
- Education assistance and professional development opportunities.
- And much more.
Ready to Apply?
Start Your Application now!
Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. People with disabilities who need a reasonable accommodation to apply or compete for employment with Trideum may request such accommodation(s) by contacting Human Resources at 256.704.6123 or HR@trideum.com.