Information Security Consultant to leverage their understanding of IC/DOD Risk Management Frameworks (RMF), continuous monitoring, risk scoring, and risk management experience to lead our team of Assessors in conducting rigorous technical testing of security controls across various domains such as access control, cryptography, network security, and incident response for our Intelligence Community customer. Active Top Secret SCI with PolygraphWhat You Will Do:
Guidehouse has an opportunity for a cleared Sr.
p>","customFieldsAll":[{"abbrFname":"Trav","fvalue":"Domestic","custid":2105,"fname":"Travel Requirement"},{"abbrFname":"Comp","fvalue":"","custid":2116,"fname":"Compensation"},{"abbrFname":"CAP","fvalue":"Space","custid":2182,"fname":"Capabilities"}],"bugroupname":"","reqexp":"","travel":25,"jid":369019,"jobduration":"","zipcode":20171,"job_title":"Senior Security Consultant","customFields":[{"abbrFname":"Trav","fvalue":"Domestic","custid":2105,"fname":"Travel Requirement"},{"abbrFname":"Comp","fvalue":"","custid":2116,"fname":"Compensation"},{"abbrFname":"CAP","fvalue":"Space","custid":2182,"fname":"Capabilities"}],"BusinessUnitName":"KSTC","jobcurrency":"USD","jobtype":"Full-Time/Regular","city":"Herndon","joblevel":4,"companyname":"Kratos Defense","salarytype":0,"jobdescription":". Security Consultant of Commercial Cybersecurity Services for Kratos, you will be leading and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments.
By applying to this position you will have an opportunity to share your preferred working location from the following: Remote locations: Virginia, USA; Alabama, USA; Arkansas, USA; Connecticut, USA; Delaware, USA; Florida, USA; Georgia, USA; Iowa, USA; Illinois, USA; Indiana, USA; Kansas, USA; Kentucky, USA; Louisiana, USA; Massachusetts, USA; Maryland, USA; Maine, USA; Michigan, USA; Minnesota, USA; Missouri, USA; Mississippi, USA; North Carolina, USA; North Dakota, USA; Nebraska, USA; New Hampshire, USA; New Jersey, USA; New York, USA; Ohio, USA; Oklahoma, USA; Pennsylvania, USA; Rhode Island, USA; South Carolina, USA; South Dakota, USA; Tennessee, USA; Wisconsin, USA; West Virginia, USA. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry"s best security validation ensures that Mandiant knows more about today"s advanced threats than anyone.
p>Founded in 1986, OnTrac has evolved into the leading provider of same-day and next-day delivery services in the U.S. for premier e-commerce and product-supply businesses, including five of the largest retailers in the U.S. Location: Remote - This position may be performed remotely in states where the company is authorized to employ individuals.
- SOC + GRC enablement: Design and implement technical solutions that assist the SOC in alert orchestration (SOAR) and provide the GRC team with automated risk monitoring and evidence collection capabilities.
Washington, DC30+ days ago
p>Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services. As a Microsoft Security Engineer, you'll work with cutting-edge Microsoft tools, support high-impact compliance frameworks like FedRAMP and CMMC, and help shape the security posture of both public and private sector organizations.
Information Security Consultant to leverage their understanding of IC/DOD Risk Management Frameworks (RMF), continuous monitoring, risk scoring, and risk management experience to lead our team of Assessors in conducting rigorous technical testing of security controls across various domains such as access control, cryptography, network security, and incident response for our Intelligence Community customer. Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations through the development of POA&Ms.
p>As a Principal Security Consultant, you will function as a Security Advisory Services lead Security Consultant for ePlus service solutions, reporting to the Managing Security Consultant, to drive Advisory Services delivery/revenue growth and capture security program services within the customer account portfolio. • Conduct security and data governance program assessments and measure the effectiveness of client environments as it relates to: • Existing technical and administrative controls • Data classification and handling practices • Data lifecycle management • Privacy and regulatory compliance requirements • Alignment to industry security and governance frameworks.
p>· <\/span><\/span><\/span><\/span>Define and communicate security architecture strategies compatible with multi-tenant and hybrid cloud environments.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Evaluate vendor security postures and integration security impacts for connected applications.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Support internal and external audits, coordinating responses and remediation activities across functional teams.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Advise project managers and technical leads on secure configuration baselines and policy compliance.<\/span><\/span> <\/p> <\/div><\/span> Requirements<\/h3>Minimum Qualifications/Experience:<\/span> <\/h3> <\/span><\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Minimum 5 years of experience in federal cybersecurity, including at least 3 years in FedRAMP, FISMA, or related authorization frameworks.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Deep familiarity with NIST SP 800-53, 800-171, and 800-37 RMF.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Solid understanding of security architecture for cloud SaaS solutions (preferably SAP Concur, Mulesoft, or similar platforms).<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Experience with vulnerability management, incident response, and security operations.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Strong written and verbal communication skills for interfacing with Federal stakeholders.<\/span><\/span> <\/p> <\/span><\/span> <\/p>Preferred Qualifications:<\/span><\/b><\/span> <\/p>· <\/span><\/span><\/span><\/span>CISSP, CISM, or FedRAMP 3PAO experience.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Experience supporting GSA, DHS, or other civilian agencies in large-scale digital modernization projects.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Prior involvement in cloud migration or ERP cloud security initiatives.<\/span><\/span> <\/p> <\/span><\/span> <\/p>What You'll Deliver:<\/span><\/b><\/span> <\/p>· <\/span><\/span><\/span><\/span>Secure, compliant SAP Concur implementation aligned with GSA's Go.gov transformation milestones.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Comprehensive ATO documentation and control validation evidence.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>A sustainable framework for ongoing monitoring and risk management across participating agencies.<\/span><\/span> <\/p> <\/span><\/span> <\/p>Minimum Education:<\/span> <\/h3> <\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Bachelor's Degree in Information Security, Computer Science, or related field. <\/p>· <\/span><\/span><\/span><\/span>Develop, review, and maintain system security documentation including SSPs, POA&Ms, and related artifacts per NIST SP 800-53 and 800-37 guidelines.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Interface with GSA IT Security, agency ISSOs, and SAP Cloud Compliance teams to align controls, evidence, and risk assessments.<\/span><\/span> <\/p>· <\/span><\/span><\/span><\/span>Conduct continuous monitoring and controls assessment to sustain authorization.<\/span><\/span>
Washington D.C., DC30+ days ago
Desired experience includes hands‑on delivery and/or solution design in Microsoft Azure and one or more of the following Microsoft security areas: Identity & Access Security: Microsoft Entra ID (Azure AD), Conditional Access, Privileged Identity Management (PIM), Identity Governance, hybrid identity (Entra Connect), certificate‑based authentication (CBA), and integration with enterprise PKI or federal ICAM patterns. The ideal candidate will possess solid hands‑on technical and consultative expertise with Microsoft Security solutions and demonstrated experience contributing to the design, implementation, and operationalization of cybersecurity solutions within classified or mission‑sensitive federal environments - particularly those aligned to Zero Trust principles.
li>You have experience in securing large-scale e-commerce platforms, with deep understanding of payments systems, customer data protection across high transaction environments ensuring protection of user data across internal and partner ecosystems.
2+ years of experience evaluating AI technologies and integrations for security, privacy, and compliance risks, with knowledge of common AI attack vectors, model vulnerabilities, prompt injection, data leakage, model abuse, and supply chain risks.
Security Consultant of Commercial Cybersecurity Services for Kratos, you will be leading and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. Kratos Defense & Security Solutions develops and fields transformative, affordable technology, platforms, and systems for United States National Security related customers, allies, and commercial enterprises.
The consultant will play a key role in ensuring secure, compliant access to SAP Fiori applications while aligning with the principle of least privilege and supporting modern, role-based user experiences. Collaborate with Fiori and functional teams to align frontend (Fiori) and backend (PFCG) role structures, ensuring a secure and seamless “App-to-Action” authorization model.
Consultant - Infrastructure Management - USDomain|Network|Network Security Firewall & Policies Technology|Cloud Security|AWS - Infrastructure Security Technology|Cloud Security|Microsoft Azure - Data Security Technology|Cloud Platform|AWS Networking Services. 148125BRArizona, North Carolina, Texas, VirginiaUSAInfosys Limited Infrastructure Consultant 2ITL USA Plano, TX, Raleigh, NC, Reston, VA, Richardson, TX, Tempe, AZNetwork Security Consultant.
GHD will reimburse 50% of the cost of the following to maximum of $250.00 reimbursement annually for such items as: Health club membership fees, Home exercise equipment purchases, Bicycles, Race, run & marathon entrance fees, Smoking cessation programs, Weight loss programs (i.e.-Weight Watchers, Jenny Craig), Fitbits and Fitness Tracking devices. Our Property & Buildings business is looking for a Senior Security Consultant to lead and design cutting-edge Electronic Security Systems (ESS) including Access Control (ACS), Video Surveillance (VASS/CCTV), Intrusion Detection (IDS), vehicle barrier controls, and 2-way intercoms.
Security Consultant Identity & SecOps - Mid-Atlantic region Remote in NC, VA, MD, DC, DE, PA, or NJ Guidepoint Security LLC
Security Consultant Identity & SecOps - Mid-Atlantic region Remote in NC, VA, MD, DC, DE, PA, or NJBy taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nations top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk. Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family).
As a Cloud Security Consultant - Azure Infrastructure & AI on the Cloud Cyber Risk team, you will be responsible for: Supporting delivery of Azure cloud cyber risk engagements across governance, identity, application security, platform as a service security, infrastructure security, AI security, security monitoring, resilience, and data protection. Cybersecurity certification such as Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), or Cisco Certified Network Associate (CCNA).
Your work will involve having a deep technical knowledge of cloud security and you will work with one or more Cloud Service Providers (CSP) to implement security protocols, monitor for potential security breaches, conduct risk assessments and vulnerability testing of cloud-based systems, and stay up to date with the latest security threats and trends in cloud technology. Demonstrates extensive abilities and/or a proven record of success as a team leader in the following areas:
Define and drive enterprise cloud security strategies by aligning security architecture, governance, and risk management to business objectives and regulatory requirements, enabling secure and scalable adoption of multi-cloud platforms.
Arlington, VA30+ days ago
The ideal candidate is a highly skilled technical security professional with the ability to coach and guide executive security and cloud leaders in their journey, addressing topics such as security strategy and optimizing cloud security operations while being able to dive deep into AWS security technology. As a Senior Security Consultant, you'll work closely with customers to design, implement, and automate solutions in AWS to protect customer assets, enable customer security teams to operate more effectively, and ensure customers don't accept unnecessary risk.
The consultant will be required to develop integrated security solutions for a wide cross section of clients utilizing security solutions such as surveillance systems, access control, intrusion detection, visitor management, voice communication systems as well as integrated collaborative systems used in the security and control operation center environment. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $123,500 - $206,400 per year. These requirements include, but are not limited to the following specialized security screenings:
Kingstowne, VA18 days ago
div>The pay range for the states of California, Colorado, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, New Jersey, New York, Vermont, Virginia, Washington, and the District of Columbia, and the city of Cleveland is:
$116,900—$243,100 USD
What We Believe
As a company wholly dedicated to serving the US federal government, we bring together the best talent to help reinvent how federal agencies operate and deliver greater value for their mission and the American people. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you are being considered for employment opportunities with Accenture Federal Services and need an accommodation for a disability or religious observance during the interview process or for the job you are interviewing for, please speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture Federal Services or an affiliated Accenture business may not be eligible for consideration.
Arlington, VA30+ days ago
p>We Are: Platform Security professionals develop and deliver solutions - including the design and implementation of SAP application Security Roles, implementation of SAP Access and Process Control, Segregation of Duties Analysis Rules, Security Role Provisioning solutions, Security Analytics, Automated External Application Scanning, and Automated Source Code Analysis - that minimize the impact of internal and external manipulation of applications to access, steal, modify, or delete sensitive data. SAP Platform Security professionals develop and deliver solutions - including design and implementation of SAP Security Roles, Segregation of Duties Analysis Rules, Security Role Provisioning solutions, Security Workflow, Business Process Controls, Security Analytics, Enterprise GRC Solutions, Automated External Application Scanning, and Automated Source Code Analysis.
p>Although no two days at Accenture are the same, your duties as Identity & Access Management (I&AM) Security Manager likely will include: Working directly with clients and Accenture teams leading multi-disciplined global teams to design, implement and operate I&AM solutions. Whether we're defending against known cyberattacks, detecting and responding to the unknown, or running an entire security operations center, we will help companies build cyber resilience to grow with confidence.
Washington, DC30+ days ago
Your work will involve having a deep technical knowledge of cloud security and you will work with one or more Cloud Service Providers (CSP) to implement security protocols, monitor for potential security breaches, conduct risk assessments and vulnerability testing of cloud-based systems, and stay up to date with the latest security threats and trends in cloud technology. Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Craft and convey clear, impactful and engaging messages that tell a holistic story.
In this role, you will support Oracle Cloud security engagements focused on application security, governance, risk, and compliance across Enterprise Resource Planning (ERP), Human Capital Management (HCM), and Supply Chain Management (SCM) environments. Required:
- Bachelor of Arts or Bachelor of Science degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology, Management Information Systems, Finance, Accounting and Technology, or Business.
As trusted advisors to our customers, providing guidance on industry trends, emerging technologies, and innovative solutions, you will be responsible for leading the implementation process, ensuring adherence to best practices, optimizing performance, and managing risks throughout the project. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Washington, District of Columbia30+ days ago
div>Job Description:
Key Responsibilities:
- Strategic Planning and Advisory:
o Develop and refine the organization’s cybersecurity strategy, ensuring alignment with overall business goals. We are currently working on Various projects such as media entertainment, ERP Solutions, data warehousing, Web Applications, Telecommunications and medical to our clients all over the world.
If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com. Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security - Experience with defining operational models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls.
Arlington, VA30+ days ago
Role: RCSO''s are cyber security consultants and experts whose core function is to support and implement the cyber security policies to secure the Department''s critical information infrastructure by ensuring that classified and unclassified networks are installed, maintained, operated, and secured in accordance with the current department and U.S. Government regulations. Maintain security tools, Source NG assessment checklists, and related servers to include research, testing, and secure configuration of new hardware/software to meet constantly evolving cyber assessment needs.
li>Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP), SaaS Security Posture Management (SSPM)Partner with TPRM to ensure SaaS onboarding includes security requirements, SaaS security assessments to include AI security requirements and evidence that controls are functioning. Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack of all major cloud architectures, to include IaaS, PaaS, and SaaS.
Platform DIGITAL®, the company's global data center platform, provides customers with a secure data meeting place and a proven Pervasive Datacenter Architecture (PDx®) solution methodology for powering innovation and efficiently managing Data Gravity challenges. Digital Realty gives its customers access to the connected data communities that matter to them with a global data center footprint of 300+ facilities in 50+ metros across 25+ countries on six continents.
Arlington, VA30+ days ago
p>All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and.
Mastercard is developing the next generation of applications and services to enable consumers and businesses to securely, efficiently, and intelligently conduct payment transactions, and is leveraging state-of-the-art cryptographic practices to protect its assets.
p>Preferred Qualifications: - Service in Military Occupational Specialty related to law enforcement, security (such as Military Police, Elite Military Forces, combat arms) or any support role in a Combat Zone. Explore key roles, such as executive protection agents, intelligence analysts, armed security operatives, x-ray screeners, and security consultants.
n \nPlease note that any violation of these guidelines may result in disqualification from the hiring process.\n \nRequisition ID: 449330 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid\n \nRequisition ID: 449330\n \nPosted Date: Mar 13, 2026\n \nWork Area: Information Technology\n \nCareer Status: Professional\n \nEmployment Type: Regular Full Time\n \nExpected Travel: 0 - 10%\n \nLocation:\n \nHerndon, VA, US, 20171 \n \nJob alert\n \nshare\n \nNearest Major Market: Washington DC \n \nJob Segment: Cloud, ERP, SAP, Cyber Security, Computer Science, Technology, Security \n\n. Intel Application Security-TS/SCI+poly-Onsite - Chantilly, VA \n \nNS2 COMPANY DESCRIPTION \n \nSAP is the global market leader for business software and related services.\u202fSAP National Security Services Inc. (SAP NS2) is an independent U.S. subsidiary\u202fof SAP.\u202f\u202fAt SAP NS2, we leverage best-in-breed technologies engineered by SAP to protect the lives, assets and information of Americans.\u202f\u202fWe\u202foffer
Candidates should have knowledge or previous work experience in managing SAP applications in a cloud environment, understanding the complexities that come with cloud, and can effectively communicate cloud security design/architecture ideas to technical as well as non-technical client stakeholders. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management.
p>This role plays a critical part in influencing project specifications, identifying early-stage opportunities, and executing coordinated sales strategies in partnership with GSAM leaders to accelerate growth within key accounts and priority verticals. This position focuses on strengthening and expanding relationships with General Contractors (GCs), Electrical Contractors (ECs), system integrators, and key end-user (owner-direct) customers.
Participate in conference calls, onsite meetings and roundtables with customers, sales, internal product development and support to gather data, scope new and existing work, evaluate or suggest new product features and assist in resolving existing product issues. The company's comprehensive, open, and native cybersecurity platform helps organizations confronted by today's most advanced threats gain confidence in the protection and resilience of their operations.
Washington, District of Columbia30+ days ago
div>Complete Description:
Role Overview:
We are seeking a highly experienced Cybersecurity Architect / Strategic Consultant to lead and guide the development, implementation, and evolution of customer cybersecurity strategy.
Job Description:
Short Description: Cloud Solutions Architect
Hybrid position - required to report on-site at least once bi-weekly and as needed depending on project needs.
Gaithersburg, MD8 days ago
li>Demonstrated ability to apply LLMs and agentic automation to improve cybersecurity and business outcomes, translating use cases into measurable gains (for example faster risk triage, better control evidence, improved detection and response) while protecting sensitive data.
Deep experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, CIS Controls, and related cybersecurity control frameworks, and demonstrating measurable maturity improvement at enterprise scale.
Lead and update physical security design portion of programs including, data center cross-discipline value engineering, fast paced building changes, security device optimization, blast analysis, quantitative threat assessments, and structural vulnerability evaluations, across global data center locations. As a Physical Security Engineer - Resilience & Protection, you will be leading teams to engineer and implement protective solutions for our data center infrastructure to meet ever-evolving security threats as we continue expanding our data center fleet to hyper-scale.
The AI Sr Security Staff Engineer is a subject matter expert in defining the AI security strategy for GEICO as well as security requirements for AI and agentic applications, defining secure application design, performing security assessments, threat modeling, and providing developers with remediation guidance and solutions. Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities.
ISSO Graham Technologies LLC
ISSOHerndon, VA1 day ago
The successful candidate will support Risk Management Framework (RMF) activities, security authorization packages, continuous monitoring, vulnerability management, and security compliance efforts across multi-domain AWS environments supporting DoD missions. At Graham Technologies, we''ve built a family-oriented environment where team members are encouraged to maintain a healthy work-life balance, pursue their passions, and grow professionally through flexible schedules, continued education, and a strong sense of community.
Washington, DC18 days ago
Through its design-once, build-many approach and coalition building across communities, regulators, and financial stakeholders, The Nuclear Company is committed to delivering safe and reliable electricity at the lowest cost, while catalyzing the nuclear industry toward rapid development in America and globally. The ideal candidate brings strong experience in nuclear security, critical national infrastructure (CNI) protection, and operational resilience, with a proven track record of enabling complex, high-value programs to progress safely within highly regulated environments.
p>Employees who transfer to TSA from an agency that allows employees to maintain an annual leave balance higher than the maximum accumulation for the appointed position will have their leave ceiling set to the maximum accumulation for the appointed position (e.g., United States duty location - 240 hours, foreign duty location - 360 hours, or TSES position - 720 hours). Combining of Education and Experience: Combinations of successfully completed post-high school education and experience may be used to meet total qualification requirements and may be computed by first determining the total qualifying experience as a percentage of the experience required for the position; then determining the education as a percentage of the education required for the position; and then adding the two percentages.