Careers

A Company Built on Talent

Job Opportunities
Founded in 1998, Tangible Security develops and deploys cyber-security solutions to protect our clients’ sensitive data, infrastructure, and competitive advantage. We have served our nation’s most security conscious government organizations with military grade requirements as well as corporate clients demanding more agile and affordable results. The value we deliver stems from the expertise of our people. They write industry-leading books (Gray Hat Hacking), serve on classified government projects, and deliver presentations at major events on critical security practices. They are the architects, pioneers, and sustainers of systems that we can seldom discuss publicly. Our cybersecurity products and services span: public key infrastructure (PKI) authentication integration/operations; enterprise cybersecurity assessment & testing; enterprise security program development; Governance, Risk Management, & Compliance (GRC); embedded device cybersecurity assessments; and secure development life cycle (SDLC) services.

One of Tangible's greatest strengths is its people—diverse, motivated people with the expertise and insight to tackle the toughest client issues. We're looking for hardworking, roll-up-your-sleeves people who like to achieve results and are dedicated to helping our clients meet their commitments. In return, we'll provide you with a comprehensive benefits program and opportunities to build your skills.

If Tangible Security sounds like the right place for you to make the next step in your career, then check out our Current Job Openings link and apply for the position that is the right match for you

Current Openings

Senior Security Engineer - Penetration Testing

Location: This is a remote position, working from home

Tangible Security is looking for two Sr. Security Engineers with Penetration Testing, PCI and SIEM skills as well. These two positions will initially be part of a team performing Penetration Testing, PCI and SIEM work. As our team grows, these two positions will become managers as teams are built under them. This is a traveling position, with travel not to exceed 10 days a month.

Primary Duties and Responsibilities:

  • Team Management
  • Security Engineering
  • Penetration Testing
  • Forensics
  • Incident Response
  • PCI QSA (will provide training for certification if needed)
  • Other forms of Regulatory Compliance: SoX, HIPAA, etc.
  • Web Assessments
  • Wireless Assessments
  • Vulnerability Assessments
  • Security Information Event Management (SIEM)
Skills & Attributes Required:
  • Penetration Testing
  • Problem Solving
  • Independent Research
  • Adversarial mindset
  • Ability to learn new subjects quickly and without training
  • Self starter
  • Highly motivated
  • Independent
  • Team player, gets along well with others
  • Demonstrated leadership and management skills
Education Requirements/Work Experience:
  • 6 Years of technical security experience
  • BA/BS degree in IT related field preferred
  • CISSP, CEH, OSCP, GIAC/SANS or other security related certificate required
  • Strong references of demonstrated skills
  • Strong experience in Security Engineering (designing security solutions)
  • Enterprise Security Architecture and Design required
  • Strong experience in Unix/Linux/Windows system configuration and administration required
  • Strong experience using Metasploit and other Ethical Hacking tools required
  • SIEM experience required
  • PCI experience preferred
  • Scripting/programing skills preferred
Apply Now

Information Security Consultant

Location: This position is onsite client work located in Reno, NV.

Our client is a major chain of casinos, looking for this position to provide security consulting and security program development/management.

Primary Duties and Responsibilities:

  • Thought Leadership
  • Security Engineering and Design of Secure Network and Systems
  • Risk Management
  • GRC
  • Remediation of Security Findings
  • Incident Response
  • Intrusion Detection
  • SIEM installation and operation and tuning
  • Security Awareness Training
  • Security Program Development
  • PCI, SoX, HIPAA
Desired Skills & Experience:
  • 3+ Years of technical security experience
  • Strong references of demonstrated skills
  • Strong experience in Security Engineering (designing security solutions)
  • Strong experience remediating security findings from compliance assessments
  • Enterprise Security Architecture and Design
  • Strong experience in Unix/Linux/Windows system configuration and administration
  • Strong experience using security tools
  • Scripting/programing skills preferred
  • Self starter
  • Highly motivated
  • Independent
  • Team player, gets along well with others
  • Demonstrated leadership and management skills
Education Requirements & Certifications:
  • BA/BS degree in IT related field preferred
  • CISSP, CISA, CEH, GIAC/SANS or other security related certificate required
Apply Now

Information Assurance Specialist/ISSO

Location: Charleston, SC

The Information Assurance Specialist/ISSO supports the information assurance needs of a government entity in Charleston, SC. This Mid-level to Senior Information Assurance professional will be the day-to-day interface with various SPAWAR teams responsible for gathering information and documenting a wide range of IA activities and creating weekly and monthly reports.

Key Responsibilities and Accountabilities/Duties:

The Information Assurance Specialist/ISSO provides support that complies with the requirements listed for IAM Level II. The ISSO will coordinate and lead weekly DIACAP and RMF meetings, maintain close communication within customer teams, track status of action items and ensure they are closed out appropriately; and will prepare and submit a weekly status report.

The ISSO will coordinate, develop, test and maintain a baseline IA Contingency Plans (CP) for the C&A packages which will be updated annually. The ISSO will also coordinate, develop, test and maintain IA Continuity of Operations Plans (COOPs) for the C&A packages, initially and annually.

The ISSO will create a transition program from DoDD 8500.1, DoDI 8500.2 and DoDI 8510.01 DIACAP instructions to DoDI 8510.01 Risk Management Framework and ensure all required DIACAP/RMF documentation is generated. The IAO will apply risk management at each stage of development to determine level of IA involvement, coordinate and document mitigation plans for residual risks, and generate risk assessment documentation for the C&A package.

The IAO will ensure IA Registration and C&A package submission and maintenance in the Enterprise Mission Assurance Support Service (eMASS), Vulnerability Management System (VMS), Intelshare and other data repositories as required.

Skills Required:
  • Broad experience and demonstrate knowledge of Federal information assurance guidelines (DIACAP, NIST, RMF)
  • Experience with Registration and C&A packages
  • Experience creating POAM and tracking events in eMASS and VMS
  • Strong verbal and written communication skills
  • Attention to detail
Education Requirements & Work Experience:
  • BS degree in a relevant engineer or computer science curriculum
  • Ten (10) years’ of experience in relevant technical field
  • Level II IAT
Apply Now