Purpose-Driven Careers

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking an Elasticsearch Engineer (TS/SCI Clearance) with expertise in designing, deploying and optimizing Elastic Stack solutions in federal environments. This role supports the delivery of Elastic-based solutions across cloud, on-prem and hybrid infrastructures to enable security operations and data-driven outcomes. The Elasticsearch Engineer will lead technical implementations, support migrations and contribute to scalable architectures while engaging directly with client stakeholders. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Architect, deploy and tune Elastic Stack solutions (Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), Elastic Cloud) across cloud, on-prem and hybrid environments.
• Execute legacy security platform migrations, including detection translation (e.g., Search Processing Language (SPL) → (ES|QL) Elasticsearch Query Language) and analyst workflow modernization.
• Design and implement data ingestion pipelines using Elastic Agent, Fleet, Logstash and Beats.
• Harden deployments for federal compliance, including Transport Layer Security (TLS), Personal Identity Verification/Common Access Card (PIV/CAC), Single Sign-On (SSO) / Security Assertion Markup Language (SSO/SAML), Security Technical Implementation Guide (STIG) and audit logging.
• Build outcome-driven dashboards and advanced Kibana visualizations.
• Develop automation using Infrastructure-as-Code (IaC) tools (Ansible, Terraform or equivalent).
• Communicate technical decisions and trade-offs directly to client stakeholders.
• Contribute to internal IP, including reusable templates, automation and reference architectures.

What you need to know:

• Understanding of Elastic Stack capabilities and use cases across deployment, security and operations.
• Knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.

Must have’s:

• 6+ years in systems engineering or infrastructure, including 2+ years of production Elastic Stack experience.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Strong problem-solving skills and a self-starter mentality.
• Solid written and verbal communication skills.
• Linux Command-Line Interface (CLI) fundamentals and basic networking knowledge.
• Hands-on experience with containerization and IaC tooling.
• Proficiency with at least one major cloud provider.
• Experience with federal security controls (TLS, SSO/SAML, PIV/CAC, STIG).
• Proven track record leading engagements from scoping through delivery.
• Deep knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.
• Ability to drive client relationships and identify expansion opportunities.
• Applicants must hold and maintain an active TS/SCI Clearance (Full Scope polygraph preferred).

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or a related field.
• Elastic certifications (ECE or being on a defined certification track).
• Elastic Security (SIEM, detection engineering, threat hunting and legacy migration).
• Detection translation experience (SPL → ES|QL or equivalent).
• Scripting proficiency (Python, Bash or PowerShell).
• Exposure to AI-augmented search, RAG or semantic search use cases.
• Prior professional services or consulting experience.

Where it’s done:

• Onsite (Herndon, VA).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking an Elasticsearch Engineer (Secret Clearance) with expertise in designing, deploying and optimizing Elastic Stack solutions in federal environments. This role supports the delivery of Elastic-based solutions across cloud, on-prem and hybrid infrastructures to enable security operations and data-driven outcomes. The Elasticsearch Engineer will lead technical implementations, support migrations and contribute to scalable architectures while engaging directly with client stakeholders. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Architect, deploy and tune Elastic Stack solutions (Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), Elastic Cloud) across cloud, on-prem and hybrid environments.
• Execute legacy security platform migrations, including detection translation (e.g., Search Processing Language (SPL) → (ES|QL) Elasticsearch Query Language) and analyst workflow modernization.
• Design and implement data ingestion pipelines using Elastic Agent, Fleet, Logstash and Beats.
• Harden deployments for federal compliance, including Transport Layer Security (TLS), Personal Identity Verification/Common Access Card (PIV/CAC), Single Sign-On (SSO) / Security Assertion Markup Language (SSO/SAML), Security Technical Implementation Guide (STIG) and audit logging.
• Build outcome-driven dashboards and advanced Kibana visualizations.
• Develop automation using Infrastructure-as-Code (IaC) tools (Ansible, Terraform or equivalent).
• Communicate technical decisions and trade-offs directly to client stakeholders.
• Contribute to internal IP, including reusable templates, automation and reference architectures.

What you need to know:

• Understanding of Elastic Stack capabilities and use cases across deployment, security and operations.
• Knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.

Must have’s:

• 6+ years in systems engineering or infrastructure, including 2+ years of production Elastic Stack experience.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Strong problem-solving skills and a self-starter mentality.
• Solid written and verbal communication skills.
• Linux Command-Line Interface (CLI) fundamentals and basic networking knowledge.
• Hands-on experience with containerization and IaC tooling.
• Proficiency with at least one major cloud provider.
• Experience with federal security controls (TLS, SSO/SAML, PIV/CAC, STIG).
• Proven track record leading engagements from scoping through delivery.
• Deep knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.
• Ability to drive client relationships and identify expansion opportunities.
• Applicants must hold and maintain an active TS/SCI Clearance (Full Scope polygraph preferred).

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or a related field.
• Elastic certifications (ECE or being on a defined certification track).
• Elastic Security (SIEM, detection engineering, threat hunting and legacy migration).
• Detection translation experience (SPL → ES|QL or equivalent).
• Scripting proficiency (Python, Bash or PowerShell).
• Exposure to AI-augmented search, RAG or semantic search use cases.
• Prior professional services or consulting experience.

Where it’s done:

• Onsite (Huntsville, AL or Colorado Springs, CO or Orlando, FL or Virginia Beach, VA).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a DOE Sector Growth and Capture Manager with experience supporting dynamic, fast-paced public sector environments. This role provides broad exposure to program strategy, partner engagement, business development and capture execution. The DOE Sector Growth and Capture Manager will play a key role in driving program success on the CIO Business Support Services (CBOSS) 2 Program by supporting development, execution and collaboration with partners as a prime contractor. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Program Strategy and Execution: Develop and execute a comprehensive DOE sector and CBOSS 2-specific program strategy aligned with company goals and objectives. Define the go-to-market strategy using market trends, corporate capabilities and customer priorities. Support program planning and execution activities that advance DOE sector objectives.
• Partner Relationship Management: Cultivate and maintain relationships with strategic partners to ensure alignment, communication and shared success. Collaborate with internal teams to manage partner expectations and support delivery commitments.
• Program Growth and Business Development: Support, identify and execute growth strategies for existing DOE programs within and outside of CBOSS 2. Identify, develop and pursue DOE Task Order opportunities that contribute to revenue growth and market expansion. Align pursuit activities with ShorePoint capabilities, go-to-market strategy and business objectives.
• Capture Management: Build, maintain and execute comprehensive Capture Plans for strategic pursuits. Coordinate capture activities using matrixed resources across internal and external team members. Support solution development, win strategy formulation, teaming and competitive positioning.
• Market Analysis and Insight Development: Stay informed about industry trends, market shifts and DOE strategic and priority initiatives to identify new opportunities and potential risks. Use market insights to refine business development and capture strategies.
• Matrixed Portfolio Leadership: Work collaboratively with ShorePoint Director of Business Development and Capture, Director of Proposal Operations and Executive Director of DOE and Federal Law Enforcement. Contribute to a collaborative, accountable and results-driven environment positioned for consistent growth.

What you need to know:

• Excellent leadership and creative problem-solving skills with the ability to understand customer priorities and drive program strategy and solution development.
• Effective approaches for identifying and executing growth strategies for existing and new business opportunities.
• Proficiency in ShorePoint’s CRM system (Salesforce) and the Microsoft Office Suite.

Must have’s:

• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Proven experience in Business Development and Capture Management, preferably in cybersecurity.
• Strong track record of driving customer engagement, growth and revenue generation.
• Exceptional interpersonal and communication skills with the ability to build and maintain relationships at all levels.
• Strategic thinker with demonstrated ability to develop and execute complex program strategies.
• Ability to contribute to solution development, content creation and quality reviews throughout the pre-proposal and proposal lifecycle.
• Ability and willingness to travel up to 25 percent for onsite meetings and events.
• Applicants must be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Beneficial to have:

• Demonstrated success growing DOE professional services revenue.
• Strong analytical skills.
• Experience supporting AI-driven use case implementation.

Where it’s done:

• Hybrid (must be local to Herndon, VA and attend in person meetings as needed).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance, reimbursement and more.

Who we’re looking for:

We are seeking an Application Security Engineer with expertise in Static and Dynamic Application Security Testing (SAST & DAST) methodologies and enterprise-level security controls. Your mission is to fortify our software supply chain by integrating rigorous security testing directly into the development lifecycle to preemptively neutralize vulnerabilities. The Application Security Engineer will be responsible for the end-to-end administration of Burp Suite and Veracode, managing Integrated Development Environment (IDE) plugins and ensuring all enterprise web applications align with federal compliance and OWASP standards. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Support and operate application security testing capabilities across SAST, DAST and IDE plug-in environments, with primary focus on Burp Suite and Veracode.
• Configure, maintain and troubleshoot Burp Suite and Veracode integrations to enable consistent application security testing workflows.
• Partner with development and engineering teams to identify, validate and remediate security vulnerabilities.
• Apply vulnerability standards and scoring methodologies to findings, including OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Navigate and troubleshoot within Linux or UNIX environments, including basic website connectivity issues.
• Support the design and implementation of enterprise-wide security controls that secure applications, systems, networks or infrastructure services.
• Use IDEs and development toolchains (Eclipse, JDeveloper, Visual Studio) to support developer workflows, including pipeline development activities where applicable.
• Support compliance-aligned security activities in federal environments leveraging NIST 800-53, FIPS and/or FedRAMP standards.

What you need to know:

• Strong understanding of application security testing concepts and operational support for SAST, DAST and IDE plug-in environments.
• Hands-on capability with enterprise web application security and common vulnerability classes.
• Familiarity with vulnerability scoring, classification and prioritization frameworks (OWASP Top 10, CVSS, CWE, WASC, SANS-25).
• Working knowledge of federal compliance standards (NIST 800-53, FIPS, FedRAMP).
• Ability to work effectively in Linux or UNIX environments for navigation and basic troubleshooting.
• Ability to communicate findings clearly and work cross-functionally to support remediation.

Must have’s:

• Bachelor’s degree in an IT-related field.
• 6+ years of Information Technology experience.
• 3+ years of experience supporting SAST, DAST and IDE plug-in environments using Burp Suite, including 3+ years of hands-on Burp Suite experience.
• 1+ year of experience supporting SAST, DAST and IDE plug-in environments using Veracode.
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, networks or infrastructure services.
• 2+ years of experience with Java, Python, .NET or C#.
• 2+ years of experience working in Linux-based environments, including navigating and troubleshooting basic website connectivity issues.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Experience with Eclipse, JDeveloper and/or Visual Studio, including pipeline development experience.
• Experience securing enterprise web applications, including familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Knowledge of federal compliance standards, including NIST 800-53, FIPS and/or FedRAMP.
• Applicants must be a U.S. citizen in compliance with federal contract requirements.

Beneficial to have:

• Industry recognized certifications.
• Experience with Interactive Application Security Testing (IAST) tools and capabilities.
• Experience with HackerOne.
• Experience with Selenium.
• Experience writing bash scripts.
• Experience with OWASP ZAP or Burp Proxy.

Where it’s done:

• Remote (Herndon, VA).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Systems Security Analyst with experience supporting the integration, testing, operations and maintenance of systems security. The ideal candidate has experience applying cybersecurity principles, assessing system security implementations, and supporting monitoring activities to identify vulnerabilities and security risks across systems and databases. The Systems Security Analyst role focuses on analyzing system and organizational security posture, evaluating security controls and supporting cybersecurity risk management activities across the system lifecycle. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Analyze and report organizational and system security posture trends, including monitoring activities related to database security risks.
• Apply security policies and cybersecurity principles to ensure systems meet defined security objectives and requirements.
• Assess access control implementations to ensure alignment with least privilege and need-to-know principles.
• Evaluate configuration management, change management and release management processes for security compliance.
• Assess and monitor cybersecurity practices associated with system implementation, testing and operational activities.
• Assess the effectiveness of implemented security controls, including controls protecting databases and data stores, and identify areas requiring improvement.
• Ensure systems security operations and maintenance activities are properly documented and kept current.
• Implement security measures to resolve vulnerabilities, mitigate risks and support system confidentiality, integrity, availability, authentication and non-repudiation.
• Support security testing of applications and systems, including identifying security deficiencies and supporting remediation or risk acceptance processes.
• Conduct security architecture reviews, identify gaps and contribute to the development of security risk management plans.
• Support Risk Management Framework (RMF) activities and related documentation, including lifecycle support plans, operational procedures and system documentation updates.
• Collaborate with stakeholders to resolve security incidents, address vulnerabilities and ensure minimum security requirements are implemented across applications.

What you need to know:

• Experience assessing security controls and security system designs using cybersecurity frameworks and principles (for example CIS Critical Security Controls, NIST SP 800 series or the Cybersecurity Framework).
• Understanding of vulnerability identification, security testing methods and vulnerability scanning practices and monitoring of systems and database environments.
• Knowledge of configuration management, operating systems and system security testing and evaluation methods.
• Knowledge of network security architecture, networking concepts and protocols and how traffic flows across networks.
• Knowledge of cybersecurity risk management processes, laws, policies and governance relevant to cybersecurity and privacy.
• Knowledge of cybersecurity threats, vulnerabilities, cryptography concepts, identity and access management principles and security practices protecting sensitive or regulated information.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or cyber-related field. Relevant certifications and/or additional years of relevant work experience may be accepted in lieu of degree.
• 4+ years of experience in cybersecurity, information security or a related field.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Hands on experience with Imperva on-prem PROD and Imperva Azure PROD.
• Applicants must be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Beneficial to have:

• Industry recognized certifications.

Where it’s done:

• Remote (Herndon, VA).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community. 

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals’ technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of premium insurance covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking an Incident Response Lead to serve as the Subject Matter Expert (SME) on all cybersecurity matters, including high-level analysis, design, integration and implementation of information assurance strategies. The ideal candidate brings deep technical expertise, a strategic mindset and hands-on leadership experience in incident response, security architecture and threat mitigation. The Incident Response Lead role offers the opportunity to shape cybersecurity posture by driving best practices and recommending emerging technologies and countermeasures. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Lead the development and implementation of information assurance solutions across systems and environments.
• Provide expert analysis and recommendations on new and emerging cybersecurity technologies, tools and methodologies.
• Coordinate and lead incident response efforts, ensuring rapid detection, containment and recovery from cyber events.
• Serve as the senior cybersecurity advisor, contributing to architecture, documentation and security strategy development.
• Analyze evolving threat landscapes and deliver countermeasure recommendations to proactively mitigate risks.
• Support the integration of information assurance requirements into system designs, architectures and operational workflows.
• Develop and maintain security documentation, reports, policies and procedures to align with industry best practices and client needs.

What you need to know:

• Strong understanding of information assurance principles, including confidentiality, integrity and availability.
• Demonstrated expertise in incident response lifecycle, including detection, containment, forensics, eradication and recovery.
• Experience designing and implementing security controls and countermeasures.
• Familiarity with cybersecurity frameworks (e.g., NIST, ISO, FISMA) and compliance requirements.
• Excellent communication skills with the ability to advise technical and non-technical stakeholders.
• Proven ability to deliver strategic security recommendations and guide cross-functional teams.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
• 5+ years of relevant experience.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Applicants must be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Beneficial to have:

• Industry recognized certifications.

Where it’s done:

• Onsite (Washington, DC).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Post-Quantum Cryptography (PQC) Security Engineer with deep subject matter expertise in cybersecurity and a demonstrated ability to operate effectively in a fully remote environment. The ideal candidate brings strong technical foundations, communicates with precision and reliability and drives work forward through independent research and sound judgment. The PQC Security Engineer will contribute meaningfully to large, complex deliverables across disciplines, collaborate well with distributed teams and senior stakeholders and maintain a consistent commitment to quality and accountability across all aspects of their work. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Serve as the technical SME on information systems and infrastructure security, designing and enforcing cryptographic-based security measures and policies.
• Lead engineering aspects of a Post-Quantum Cryptography (PQC) migration program, advising on emerging technologies and translating strategy into operational outcomes.
• Support modernization of cryptographic inventory from manual to fully automated processes using discovery and inventory tools.
• Design and execute test plans for cryptographic tools, products and services in controlled lab and pre-production environments, documenting results and configuration settings based on findings.
• Assess quantum vulnerabilities, conduct risk assessments and support migration to quantum-resistant encryption aligned to NIST FIPS 203, 204 and 205.
• Collaborate with ISOs and ISSOs to enforce security policies and maintain compliance with federal IT security requirements.
• Research evolving PQC standards, tools and methodologies and synthesize findings into actionable engineering guidance.
• Contribute to large deliverables across the full program, including areas adjacent to the primary expertise.
• Communicate proactively across a fully remote, distributed team; written and async communication is core to how this team operates.
• Support Agile ceremonies, sprint coordination, stakeholder engagement and meeting documentation.

What you need to know:

• Network security architecture and risk assessment across complex federal or enterprise environments.
• Cryptographic principles and standards, including public key infrastructure (PKI), transport layer security (TLS) and the implications of quantum computing on current encryption.
• PQC frameworks and NIST standardization efforts, including the drivers and timelines behind federal migration requirements.
• How to independently research an evolving technical domain and translate findings into recommendations others can act on.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or 4+ additional years of relevant experience in lieu of degree.
• 5+ years of experience in information security engineering, including network security, cryptographic systems and risk management.
• (ISC)2 Certified Information Security Professional (CISSP) or Certified Information Security Manager (CISM).
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Experience implementing security controls and policies in enterprise IT environments
• Hands-on experience with security tools and automation.
• Familiarity with NIST cryptographic standards, PKI, TLS and Zero Trust Architecture (ZTA) frameworks.
• Applicants must be a U.S. citizen in compliance with federal contract requirements.

Beneficial to have:

• Prior experience working directly with or in support of federal agency IT programs, including familiarity with federal governance structures, compliance frameworks and inter-agency coordination.
• ZTA principles and how they intersect with cryptographic security controls.
• Hands-on experience with PQC concepts or NIST PQC algorithms (FIPS 203, 204, 205).
• Familiarity with automated cryptographic discovery and inventory tools, DevSecOps pipelines or FedRAMP environments.

Where it’s done:

• Remote (Herndon, VA).

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community. 

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Threat Hunter to support and enhance our 24/7 Security Operations Center. This role combines advanced threat detection, incident investigation and threat hunting with hands-on development of SIEM use cases, automation and analytics to identify and respond to sophisticated threats, including lateral movement. The ideal Threat Hunter brings strong investigative expertise and a builder mindset to continuously improve detection capabilities and strengthen overall SOC effectiveness. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing: 

• Provide first-line SOC support, including alert monitoring, triage, routing, escalation and response across 24x7x365 operations.
• Monitor, analyze and investigate security events, network traffic and host-based detections, distinguishing malicious activity from false positives.
• Perform proactive and creative threat hunting and anomaly detection across SIEM and security tools, identifying patterns, lateral movement and emerging threats.
• Conduct incident investigation, Cyber Threat Assessment and Remediation Analysis, including processing and correlating incident indicators with threat intelligence.
• Tune and develop SIEM correlation rules and detection logic and rapidly build detection use cases in collaboration with incident response (IR) teams.
• Develop and maintain scripts and tools (Python, Bash) to automate SOC and IR functions, including Indicator of compromise (IoC) ingestion, log processing and SIEM integrations via APIs.
• Research, develop and maintain dashboards, visualizations and analytics to support detection, reporting and SOC performance monitoring.
• Produce, review and maintain documentation and reporting, including cybersecurity briefings, metrics, incident reports and deliverables for stakeholders at all levels, ensuring alignment with editorial standards and government specifications.
• Support threat intelligence operations, including reviewing and actioning IoCs and translating intelligence into actionable detections.
• Coordinate with internal teams and stakeholders to support engagements such as Insider Threat, Rule of Engagement (ROE), threat hunting, testing activities and after-action reporting.
• Support SOC operations processes, including ticket tracking, customer security assessments, ad hoc investigations, tabletop exercises and lessons learned activities.
• Contribute to continuous SOC improvement by enhancing detection capabilities, processes, communication and overall operational effectiveness; participate in on-call rotation.

What you need to know: 

• Deep understanding of cyber threat TTPs, threat hunting methodologies and application of the MITRE ATT&CK framework.
• Experience supporting 24x7x365 SOC operations, including alert monitoring, triage, analysis, response and review/action of threat intelligence and reported incidents.
• Ability to manage multiple alerts and tickets in parallel, perform end-to-end triage through resolution and appropriately prioritize response actions including coordination with end-users.
• Strong experience analyzing and correlating security events across multi-source ecosystem, including endpoint, network, email security tools, SIEM platforms and federal threat intelligence (e.g., CISA).
• Demonstrated proficiency with enterprise security tools and platforms, including but not limited to FireEye, Elastic, Sourcefire, Malwarebytes, Carbon Black/Bit9, Splunk, Prisma Cloud, Cisco IronPort, Bluecoat, Palo Alto, Cylance and OSSEC.
• Hands-on experience with enterprise SIEM or security analytics platforms (e.g., Elastic Stack, Splunk), including log analysis, event correlation and detection support.
• Experience with malware analysis and understanding of attack vectors involving malware, data exposure, phishing and social engineering techniques.
• Experience developing and maintaining SOPs, performing event timeline analysis and investigating logs across Windows/Linux environments and network security devices.

Must have’s: 

• 5+ years of technical experience.
• Ability to support working hours: 8:45 AM – 5:15 PM Eastern Time
• Ability to participate in a rotating SOC on-call; rotation is based on number of team members.
• Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, CrowdStrike, FireEye ETP, Elastic Kibana.
• Solid understanding and experience analyzing security events generated from security tools and devices such as: Carbon Black, CrowdStrike, FireEye, Palo Alto, Cylance and OSSEC.

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
• One or more of the following certifications: GIAC (GCIH, GCFE, GCFA, GREM, GNFA, GCTI, GPEN, GWAPT), CEPT, CASS, CWAPT or CREA.

Where it’s done: 

• Remote (Herndon, VA)

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking an Elasticsearch Engineer with expertise in designing, deploying and optimizing Elastic Stack solutions in federal environments. This role supports the delivery of Elastic-based solutions across cloud, on-prem and hybrid infrastructures to enable security operations and data-driven outcomes. The Elasticsearch Engineer will lead technical implementations, support migrations and contribute to scalable architectures while engaging directly with client stakeholders. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Architect, deploy and tune Elastic Stack solutions (Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), Elastic Cloud) across cloud, on-prem and hybrid environments.
• Execute legacy security platform migrations, including detection translation (e.g., Search Processing Language (SPL) → (ES|QL) Elasticsearch Query Language) and analyst workflow modernization.
• Design and implement data ingestion pipelines using Elastic Agent, Fleet, Logstash and Beats.
• Harden deployments for federal compliance, including Transport Layer Security (TLS), Personal Identity Verification/Common Access Card (PIV/CAC), Single Sign-On (SSO) / Security Assertion Markup Language (SSO/SAML), Security Technical Implementation Guide (STIG) and audit logging.
• Build outcome-driven dashboards and advanced Kibana visualizations.
• Develop automation using Infrastructure-as-Code (IaC) tools (Ansible, Terraform or equivalent).
• Communicate technical decisions and trade-offs directly to client stakeholders.
• Contribute to internal IP, including reusable templates, automation and reference architectures.

What you need to know:

• Understanding of Elastic Stack capabilities and use cases across deployment, security and operations.
• Knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.

Must have’s:

• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Strong problem-solving skills and a self-starter mentality.
• Solid written and verbal communication skills.
• Linux CLI fundamentals and basic networking knowledge.
• Familiarity with (or the drive to rapidly learn) the Elastic Stack.
• Applicants must be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Journeyman Level and Above

• 2+ years of production Elastic Stack experience.
• Hands-on experience with containerization and IaC tooling.
• Proficiency with at least one major cloud provider.
• Experience with federal security controls (TLS, SSO/SAML, PIV/CAC, STIG).
• Client-facing communication skills.

Senior

• 6+ years in systems engineering or infrastructure with deep Elastic expertise.
• Proven track record leading engagements from scoping through delivery.
• Deep knowledge of distributed cluster architecture at scale, including multi-tenant and CCS environments.
• Ability to drive client relationships and identify expansion opportunities.

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or a related field.
• Elastic certifications (ECE or being on a defined certification track).
• Elastic Security (SIEM, detection engineering, threat hunting and legacy migration).
• Detection translation experience (SPL → ES|QL or equivalent).
• Scripting proficiency (Python, Bash or PowerShell).
• Exposure to AI-augmented search, RAG or semantic search use cases.
• Prior professional services or consulting experience.

Where it’s done:

• Remote (Herndon, VA with up to 25% travel to client sites).