Security Engineer jobs at AmTrust Financial - 113 jobs

A major insurance company in Boston seeks a Senior Cybersecurity Engineer to develop security solutions and support risk mitigation. The ideal candidate has strong skills in Python programming, data analysis, and an understanding of cybersecurity concepts. This position offers a hybrid work model with comprehensive benefits, including 401(k) contributions and paid time off. Candidates should reside near Boston or Madison, with travel requirements up to 10%. #J-18808-Ljbffr

A leading software monitoring company is seeking a Senior Security Engineer in San Francisco to enhance its cloud security posture. In this role, you will lead security initiatives, collaborate with engineers, and identify vulnerabilities. Ideal candidates have extensive experience and a degree in Computer Science. The position offers a competitive salary range of $180,000 to $280,000 and a hybrid work model. #J-18808-Ljbffr

At Pave, we're building the industry's leading compensation platform, combining the world's largest real-time compensation dataset with deep expertise in AI and machine learning. Our platform is perfecting the art and science of pay to give 8,500+ companies unparalleled confidence in every compensation decision. Top tier companies like OpenAI, McDonald's, Instacart, Atlassian, Synopsys, Stripe, Databricks, and Waymo use Pave, transforming every pay decision into a competitive advantage. $190+ billion in total compensation spend is managed in our workflows, and 58% of Forbes AI 50 use Pave to benchmark compensation. The future of pay is real-time & predictive, and we're making it happen right now. We've raised $160M in funding from leading investors like Andreessen Horowitz, Index Ventures, Y Combinator, Bessemer Venture Partners, and Craft Ventures. Research & Design Org Pave's R&D pillar includes our data science, engineering, information technology, product design, product management, and security teams. This organization builds, maintains, and secures a platform used by more than 8,500+ client organizations. Our engineering team moves between ideation, scoping, and execution in a matter of days while closely iterating with cross-functional partners on requirements. At Pave, we use TypeScript, Node.js, and React, hosted on GCP. Compensation strategy is broken down into 3 pillars - compensation bands, planning workflows, and total rewards communication. We build products that make these processes seamless for customers. Over the next year, our roadmap is focused on enhancing the entire compensation lifecycle: from philosophy definition to market trend analysis, band adjustments, merit cycles, and employee communication. We're seeking passionate engineers who are excited about building robust, data-rich systems that simplify complex compensation processes at scale. Security Team @ Pave Security is part of everything we do at Pave. With amazing growth comes amazing engineering and security challenges. This is an opportunity to have a huge impact and run programs at a company that doesn't need to be convinced why security is important. Our customers count on us to secure some of their most sensitive data, and that trust is central to Pave. It's the only way we can unlock a labor market built on trust, and change the world of compensation. What You'll Bring 5+ years of application security experience as part of a blue team Expert knowledge of OWASP Top 10 and application security Security design review experience Experience in running bug bounty programs and pentesting Outstanding communication and partnership skills with software engineers Ideally, experience in Google Cloud Security best practices Compensation Salary is just one component of Pave's total compensation package for employees. Your total rewards package at Pave will include equity, top-notch medical, dental, and vision coverage, an unlimited PTO policy, and many other region-specific benefits. Your level is based on our assessment of your interview performance and experience, which you can always ask the hiring manager about to understand in more detail. The targeted cash compensation for this position is (level depends on experience and performance in the interview process): $205,700 - $278,300 Life @ Pave Since being founded in 2019, Pave has established a robust global footprint. Headquartered in San Francisco's Financial District, we operate strategic regional hubs across New York City's Flatiron District, Salt Lake City, and the United Kingdom. We cultivate a vibrant, collaborative workplace culture through our hybrid model, bringing teams together in-person on Mondays, Tuesdays, Thursdays, and Fridays to foster innovation and strengthen professional relationships. Benefits @ Pave At Pave, career advancement drives everything-roles expand, responsibilities deepen, and compensation rises alongside your professional growth. What we provide Complete Health Coverage: Comprehensive Medical, Dental and Vision coverage for you and your family, with plenty of options to suit your needs Time off & Flexibility: Flexible PTO and the ability to work from anywhere in the world for a month Meals & Snacks: Lunch & dinner stipends as well as fully stocked kitchens to fuel you Professional Development: Quarterly education stipend to continuously grow Family Support: Robust parental leave to bond with your new family Commuter Assistance: A commuter stipend to help you collaborate in person Vision Our vision is to unlock a labor market built on trust Mission Our team's mission is to build confidence in every compensation decision Are you ready to help our customers make smarter, more effective compensation decisions? Pave is an Equal Opportunity Employer. We value diversity and are committed to creating an inclusive environment for all employees. Contact If you're interested in future opportunities at Pave, you can inquire about roles or create a Job Alert through our channels. #J-18808-Ljbffr

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. The GenAI Security Program is dedicated to safeguarding data, mitigating risks, and promoting responsible AI usage across the enterprise. Our mission is to empower innovation through Generative AI while maintaining the highest standards of security, privacy, compliance, and ethical conduct. We ensure the secure deployment of Generative AI technologies by aligning with established security policies, regulatory requirements, and industry best practices. The program provides governance, oversight, and technical controls to support safe and effective AI adoption throughout the organization. To ensure the security and integrity of our company's data, employees must use only company-approved internet AI tools/service/models for evaluation or testing. Primary Responsibilities: Process secure access requests and ServiceNow tickets with accuracy and adherence to SLAs Host regular office hours to assist internal customers and respond to general inquiries Maintain, update, and organize documentation to ensure consistency and compliance with internal standards Create and manage change requests, ensuring correct configuration details, especially for proxy-related changes Meet with customers to clearly communicate program policies, processes, and expectations Coordinate with technical teams to ensure seamless execution of change requests and incident resolutions Maintain awareness of access management and security governance requirements Ensure change requests are properly categorized and documented for audit readiness Security Analyst Foundation Proven experience in cybersecurity, including threat detection, incident response, and vulnerability management Familiarity with frameworks like NIST AI RMF, OWASP AI Security, and MITRE ATLAS Certifications such as CISSP, CISA, or the new ISC2 Cybersecurity AI Certificate are highly recommended AI & Machine Learning Expertise Understanding of supervised, unsupervised, and reinforcement learning models Experience with tools like TensorFlow, PyTorch, HuggingFace Transformers, and scikit-learn Ability to assess AI model risks, bias, and explainability (XAI) AI Security Specialization Knowledge of adversarial AI threats, model inversion, data poisoning, and secure model lifecycle management Familiarity with AI-specific security tools and workflows (e.g., AI UEBA, threat triage bots, Graph API consent automation) Experience in red teaming and vulnerability testing for AI systems Fast Learning & Adaptability Ability to stay current with emerging threats and evolving AI technologies Participation in ongoing training programs like the ESRO AI Security curriculum and AI persona development tracks Communication & Collaboration Solid written and verbal communication skills to articulate risks, mitigation strategies, and technical concepts to diverse stakeholders Experience contributing to governance frameworks, OKRs, and cross-functional working sessions You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: 3+ years of experience delivering statistical models, machine learning (ML), or artificial intelligence (AI) solutions in a large organization 3+ years of real-world data science experience in or supporting a large organization 3+ years of real-world data engineering experience Experience with Generative AI (GenAI) Knowledge of adversarial AI threats, including model inversion, data poisoning, and secure model lifecycle management Familiarity with frameworks such as NIST AI Risk Management Framework (RMF), OWASP AI Security, or MITRE ATLAS Fluency in Python and SQL Proven ability to stay current with emerging threats and evolving AI technologies Preferred Qualifications: Experience in the cybersecurity domain, ideally as a Security Operations Center (SOC) analyst Customer-facing experience Broad knowledge of information technology, including hardware, networking, architecture, protocols, file systems, and operating systems Proficiency in data querying and reporting Proven solid written and verbal communication skills to clearly articulate risks, mitigation strategies, and technical concepts to diverse stakeholders Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $71,200 to $127,200 annually based on full-time employment. We comply with all minimum wage laws as applicable. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

Job Description For over a century, the Workers' Compensation Insurance Rating Bureau of California (WCIRB) has been California's trusted, objective provider of actuarially based information and research, advisory pure premium rates and educational services integral to a healthy workers' compensation system. The WCIRB is a California unincorporated, private, nonprofit association comprised of all companies licensed to transact workers' compensation insurance in California. The operations of the WCIRB are funded primarily by membership fees and assessments; no state money is used to fund its operations. The WCIRB is a stable company and a proven leader in the workers' compensation insurance industry nationwide. The WCIRB performs a number of functions to accurately measure the cost of providing workers' compensation benefits and ensure a healthy workers' compensation system. To learn more about our company, please visit About Us | WCIRB California. The WCIRB employs approximately 175 people with the average tenure of over 10 years. We are committed to fostering a healthy, safe and diverse work environment leading to a dedicated, collaborative and innovative workforce This is a hybrid position where approximately 40% of the work time is spent at the home office in San Francisco, California. Summary The IT Security Engineer performs core security functions for the enterprise. The primary function of the role is the day-to-day operations of the in-place security solutions and the identification, investigation, and resolution of security events detected by those systems. Additional tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The IT Security Engineer is expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals. Microsoft Defender experience is required. Essential Duties and Responsibilities Participate in the planning and design of enterprise security architecture, under the direction of the Director of Security, where appropriate. Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Director of Security, where appropriate. Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security. Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard operating procedures generically and the enterprise's security documents specifically. Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Maintain operational configurations of all in-place security solutions as per the established baselines. Monitor all in-place security solutions for efficient and appropriate operations. Deliver training and phishing simulations for the enterprise's security awareness training program. Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution. Participate in investigations into problematic activity, evaluate and assess trends Participate in the design and execution of vulnerability assessments, penetration tests, and security audits. Provide on-call support. Education & Experience Bachelor of Science Degree (including completed courses in relevant areas such as computer science, computer languages, etc.) or equivalent combination of education and progressive, related experience supplemented with courses and seminars in relevant subject matters. Certification in one or more of the following (Strong Plus): CompTIA Security+ CompTIA PenTest+ GIAC Security Certifications Microsoft Security Certifications (ISC)2 SSCP (ISC)2 CISSP 5+ years of extensive experience with threat hunting and security forensics. 3+ years of experience with Microsoft Defender Security Stack (XDR, MDR, Endpoint, Identity, Cloud Apps, Office 365, Sentinel) 3+ years of experience with Identity Management (Entra ID, Active Directory, Conditional Access) Working experience with Intune and Group Policies (GPO) configuration management Working experience with MFA infrastructure (Microsoft and Duo) Working technical knowledge of Windows OS hardening, perimeter security, firewall services, web application firewalls. PAN knowledge a plus Strong technical knowledge of cloud computing standards (Azure preferred) Strong understanding of IP, TCP/IP, and other network administration protocols. Strong understanding of security training needs Familiarity with NIST, CIS, PCI, DSS standards Perks & Benefits Our employees enjoy a state of the art, energy-efficient, open work environment that nurtures collaboration and creativity. At the WCIRB, we go the extra mile to keep our employees happy and healthy. Proud to be recognized as a Plan Sponsor of the Year finalist for our commitment to retirement readiness through strong 401k and pension offerings. Some of our perks include: Hybrid work environment (40% onsite 60% remote) Medical, dental and vision benefits Competitive PTO Program Wellness benefits 401K and pension plan Social activities Community volunteer involvement WCIRB is an equal opportunity employer committed to an inclusive workplace that fosters belonging. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, age, genetic information, or any other basis prohibited by law. We also consider qualified applicants with criminal histories consistent with applicable federal, state and local law. The successful candidate will reside in California and will work from our headquarters in San Francisco at least 40% of the time. We are NOT able to pay for relocation costs for candidates or to sponsor or take over sponsorship of an employment Visa at this time. Thank you for your interest in the WCIRB!

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers' expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That's why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. As a Staff Engineer of Offensive Security, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling organization to prevent, detect, and respond to cyber threats. Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness. We seek a hands-on offensive security engineer with deep technical expertise in penetration testing, real-world adversary tactics, and risk frameworks, capable of driving measurable improvements in our cyber resilience. Candidates are expected to have hands-on penetration testing experience while driving security and compliance initiatives to perform overall offensive security functions including red and purple teaming. The ideal candidate must possess a highly technical skillset and the ability to collaborate with stakeholders across the company to integrate penetration testing and other offensive security functions within company processes. You'll challenge the status quo, identifying opportunities to elevate our security engineering excellence through automation and innovative approaches. Your ability to think big, anticipate and adapt change, and address root causes will be key to delivering greater business value while proactively examining actions and refining approaches. In this high-stakes environment, you'll ensure implementation of industry best practices and execution of offensive security functions while meeting regulatory compliance requirements. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of offensive security in a fast-paced environment. Your impact will be felt across the organization as you strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses. Responsibilities: * Lead highly effective large-scale penetration testing initiatives. * Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming). * Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. * Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes. * Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors. * Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. * Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS. * Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Required Qualifications: * Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell). * Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development. * Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. * Relevant professional security certifications (e.g. from GIAC or others). * Proven experience in achieving results efficiently through automation and establishing best practices. * Proven track record to deliver business outcomes for meeting regulatory and compliance obligations. * Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming). Preferred Qualifications: * OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. * GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. * Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. * Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions) * Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections. Required Experience: * 8+ years in engineering focused role, preferably in the tech industry. * 5+ years of experience in offensive security (penetrating testing, red team, and purple team). * 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities. * 4+ years of experience with Azure, AWS, GCP or other cloud providers. * Senior role influencing team's direction on security. * Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX …). Education: * Bachelor's degree in Cybersecurity, Computer Science or a related field Annual Salary $115,000.00 - $230,000.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. The GEICO Pledge: Great Company: At GEICO, we help our customers through life's twists and turns. Our mission is to protect people when they need it most and we're constantly evolving to stay ahead of their needs. We're an iconic brand that thrives on innovation, exceeding our customers' expectations and enabling our collective success. From day one, you'll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people's lives. Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career - and your potential - in mind. You'll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels. Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose. As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers. Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future. * Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family's overall well-being. * Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance. * Access to additional benefits like mental healthcare as well as fertility and adoption assistance. * Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers' expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That's why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. As a Staff Engineer of Offensive Security, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling organization to prevent, detect, and respond to cyber threats. Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness. We seek a hands-on offensive security engineer with deep technical expertise in penetration testing, real-world adversary tactics, and risk frameworks, capable of driving measurable improvements in our cyber resilience. Candidates are expected to have hands-on penetration testing experience while driving security and compliance initiatives to perform overall offensive security functions including red and purple teaming. The ideal candidate must possess a highly technical skillset and the ability to collaborate with stakeholders across the company to integrate penetration testing and other offensive security functions within company processes. You'll challenge the status quo, identifying opportunities to elevate our security engineering excellence through automation and innovative approaches. Your ability to think big, anticipate and adapt change, and address root causes will be key to delivering greater business value while proactively examining actions and refining approaches. In this high-stakes environment, you'll ensure implementation of industry best practices and execution of offensive security functions while meeting regulatory compliance requirements. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of offensive security in a fast-paced environment. Your impact will be felt across the organization as you strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses. Responsibilities: Lead highly effective large-scale penetration testing initiatives. Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming). Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes. Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors. Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS. Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Required Qualifications: Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell). Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development. Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. Relevant professional security certifications (e.g. from GIAC or others). Proven experience in achieving results efficiently through automation and establishing best practices. Proven track record to deliver business outcomes for meeting regulatory and compliance obligations. Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming). Preferred Qualifications: OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions) Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections. Required Experience: 8+ years in engineering focused role, preferably in the tech industry. 5+ years of experience in offensive security (penetrating testing, red team, and purple team). 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities. 4+ years of experience with Azure, AWS, GCP or other cloud providers. Senior role influencing team's direction on security. Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX …). Education: Bachelor's degree in Cybersecurity, Computer Science or a related field Annual Salary $115,000.00 - $230,000.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. The GEICO Pledge: Great Company: At GEICO, we help our customers through life's twists and turns. Our mission is to protect people when they need it most and we're constantly evolving to stay ahead of their needs. We're an iconic brand that thrives on innovation, exceeding our customers' expectations and enabling our collective success. From day one, you'll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people's lives. Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career - and your potential - in mind. You'll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels. Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose. As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers. Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future. Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family's overall well-being. Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance. Access to additional benefits like mental healthcare as well as fertility and adoption assistance. Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers' expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That's why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. As a Staff Engineer of Offensive Security, you'll be at the forefront of our cybersecurity strategy for penetration testing, advanced attack simulations, and enabling organization to prevent, detect, and respond to cyber threats. Your role is pivotal in shaping our security posture, collaborating closely with senior leadership to influence risk decisions and ensure regulatory readiness. We seek a hands-on offensive security engineer with deep technical expertise in penetration testing, real-world adversary tactics, and risk frameworks, capable of driving measurable improvements in our cyber resilience. Candidates are expected to have hands-on penetration testing experience while driving security and compliance initiatives to perform overall offensive security functions including red and purple teaming. The ideal candidate must possess a highly technical skillset and the ability to collaborate with stakeholders across the company to integrate penetration testing and other offensive security functions within company processes. You'll challenge the status quo, identifying opportunities to elevate our security engineering excellence through automation and innovative approaches. Your ability to think big, anticipate and adapt change, and address root causes will be key to delivering greater business value while proactively examining actions and refining approaches. In this high-stakes environment, you'll ensure implementation of industry best practices and execution of offensive security functions while meeting regulatory compliance requirements. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of offensive security in a fast-paced environment. Your impact will be felt across the organization as you strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses. Responsibilities: * Lead highly effective large-scale penetration testing initiatives. * Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming). * Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. * Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes. * Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors. * Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops. * Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS. * Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies. Required Qualifications: * Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell). * Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development. * Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit. * Relevant professional security certifications (e.g. from GIAC or others). * Proven experience in achieving results efficiently through automation and establishing best practices. * Proven track record to deliver business outcomes for meeting regulatory and compliance obligations. * Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming). Preferred Qualifications: * OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. * GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. * Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. * Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions) * Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections. Required Experience: * 8+ years in engineering focused role, preferably in the tech industry. * 5+ years of experience in offensive security (penetrating testing, red team, and purple team). * 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities. * 4+ years of experience with Azure, AWS, GCP or other cloud providers. * Senior role influencing team's direction on security. * Experience applying security controls to exceed third party attestation requirements (PCI, NYDFS, SOX …). Education: * Bachelor's degree in Cybersecurity, Computer Science or a related field Annual Salary $115,000.00 - $230,000.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. The GEICO Pledge: Great Company: At GEICO, we help our customers through life's twists and turns. Our mission is to protect people when they need it most and we're constantly evolving to stay ahead of their needs. We're an iconic brand that thrives on innovation, exceeding our customers' expectations and enabling our collective success. From day one, you'll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people's lives. Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career - and your potential - in mind. You'll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels. Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose. As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers. Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future. * Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family's overall well-being. * Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance. * Access to additional benefits like mental healthcare as well as fertility and adoption assistance. * Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.

Pay Range: $120000 - $140000 / year Our Perks: Generous PTO plans, sick pay and health benefits Annual bonus based on employment standing* Work from home and hybrid model employment Confie Enablement Fund/ Scholarship Program I-Care Recognition Program Corporate Social Responsibility Program Diversity, Equity and Inclusion Initiatives Confie Hub and Discount Programs (Gym Membership) ****************** Position is not currently Sponsorship Eligible********************** Purpose Focus on identifying and mitigating security vulnerabilities in software applications throughout their lifecycle. Work closely with our development team to integrate security practices and ensure applications are designed, developed, and deployed securely Essential Duties & Responsibilities Play a crucial part in the security development life cycle from beginning to end Define and enforce security requirements and standards for application development, ensuring compliance with regulatory requirements as well as industry best practices Conduct regular security assessments and code reviews to identify potential vulnerabilities Conduct security reviews of applications and infrastructure to identify and address vulnerabilities Work with our developers to promote and implement secure coding best practices, providing guidance and training on security vulnerabilities Penetration testing of applications to identify any potential weaknesses and work with our developers to remediate them Identify potential security threats and vulnerabilities in applications Manage and address security incidents, including root cause analysis and remediations Stay up-to-date with the latest application security tools, technologies, and techniques Qualifications and Education Requirements Have an application development background Experience with Microsoft Azure and/or Amazon AWS Must understand and have worked with the SDLC framework Experience with both static and dynamic analysis tools, vulnerability scanners, and other PEN testing tools Strong understanding of security principles, cryptography, web application security, and common vulnerabilities Familiar with the various programming languages and frameworks used in application development Excellent communication and collaboration skills Preferred Skills Relevant industry certifications such as SANS, CASE, CSSLP Other Duties This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice As permitted by applicable law and from time-to-time, Confie may use a computer system that has elements of artificial intelligence to help make decisions about your employment, including recruitment, hiring, renewal of employment, or the terms and conditions of your employment. Employees with questions about Confie's use of these computer systems should contact Human Resources at ****************************

Location: Van Wert, OH; Dublin, OHWork Model: Hybrid Position type: Full time - salary We're a team of employees passionate about delivering best-in-class customer service and driving innovation in IT support. Integrity, relationships, and excellence are at the heart of everything we do. Our employees fully utilize their talents and bring their best selves to work. We believe who you are is just as important as what you do! Help shape the future of secure software at Central. We're looking for a detail-oriented, and innovative Application Security Engineer to join our cybersecurity team. In this role, you'll be responsible for embedding security into the software development lifecycle, identifying vulnerabilities, and collaborating with developers to build resilient applications. If you're passionate about threat modeling, testing, and hardening within the application environment including AI applications and driving a culture of security across engineering teams, we'd love to have you on board. Key Responsibilities of the Role Conduct secure code reviews, threat modeling, and vulnerability assessments. Collaborate with engineers to integrate security controls into CI / CD pipelines. Develops, maintains, and champions secure coding guidelines and training materials. Collaborates with DevOps and Software Engineering to integrate security into the SDLC process. Implements and manages application security tools (SAST, DAST, SCA, WAF, etc..) Assists with monitoring security events and contributes with the incident response. team Collaborates on data security to ensure secure data access configurations with Data Engineering and Infrastructure. Collaborates with Software Engineering to integrate security into AI/ML pipelines and governance frameworks. Responsible for scripting automation for integration of security tools and functions. Utilizes scripting for meta-data aggregation to allow for the creation of dashboards or other metrics for security analytics. Stay current with emerging threats, vulnerabilities, and security technologies. Required Qualifications Bachelor's degree in Computer Science or related field and 2 years related experience Or 4 years related experience Preferred Qualifications CISSP, CASE, GWAPT, or CSSLP certifications preferred Knowledge, Skills, and Abilities Creativity and passion for application security Curious mind and strong desire to constantly learn. Strong understanding of OWASP Top Ten, secure coding practices, and common attack vectors. Proven ability to apply secure design principles within application architecture. Strong analytical, research, and problem-solving skills Understanding of the software development life cycle. Understanding of security tools such as Burp Suite, Snyk, Rapid7, or similar tools. Familiarity with CI/CD tools such as Azure DevOps, GitLab, Jenkins or similar tools. Ability to work with product, software, data, and infrastructure engineering teams. Strong understanding of data protection principles and technologies (Encryption, DLP, IAM) Understanding of scripting automation using Python, PowerShell, Bash. Possess a positive, professional, cooperative, and quality-conscious attitude Possesses verbal and written communication skills, including negotiation, presentation, and influence skills Ability to understand Central Insurance's policies and processes Total Rewards Central establishes base pay based on several factors including labor market data and an evaluation of candidate qualifications relative to role requirements. Base pay is one component of a comprehensive total rewards package designed to support employees' financial, health, career, and retirement objectives. Central provides extensive health and wellness benefits to promote flexibility, work-life balance, and long-term financial security. For more information, see Central Insurance Benefits

Location: Van Wert, OH; Dublin, OHWork Model: Hybrid Position type: Full time - salary We're a team of employees passionate about delivering best-in-class customer service and driving innovation in IT support. Integrity, relationships, and excellence are at the heart of everything we do. Our employees fully utilize their talents and bring their best selves to work. We believe who you are is just as important as what you do! Looking to make a difference and apply your depth of cyber security knowledge in a variety of security solutions. Join Central's cyber security team. We seek curious and passionate individuals that enjoy being empowered and who can lead within their areas of expertise. The ideal candidate will be responsible for technical expertise and execution in the areas of end point protection, vulnerability management, web security, network security, email security, and penetration testing for Central. Key Responsibilities of the Role Develops and executes security controls, defense, and countermeasures to prevent attacks or attempts to infiltrate company devices. Utilizes digital forensics tools to investigate any possible incidents. Configures and validates any security tools (EDR, SIEM, etc..) to reduce false positives for intrusion and enable us to detect and respond quicker in case of a compromise. Provides expert technical advice within IT / Forensics cyber incident tabletop exercises. Performs root cause analysis, conducts threat analysis, and determines an action plan to remediate any risks identified. Performs security gap assessments and threat modeling for new and existing IT solutions. Provides technical advice and collaborates effectively with all IT groups. Manages and enhances security processes and tools involving email security, collaboration and file sharing, network security, cloud security, and vulnerability management. Conducts penetration testing for exploitable weaknesses within Central infrastructure and recommends remediations. Supports compliance initiatives (NIST CSF, PCI-DSS, MAR) and assists with audits. Stays current with emerging threats, vulnerabilities, and technology trends. Required Qualifications Bachelor's degree within Computer Science and 2 year of related experience Or 4 years of related experience Preferred Qualifications Cyber-security coursework or experience CISSP, CEH, OSCP certifications Knowledge, Skills, and Abilities Creativity and passion for cyber security Curious mind and strong desire to constantly learn. Excellent communication skills and ability to clearly explain security risks to any audience. Ability to weigh risks, calculate the costs on a course of action, and propose the optimal path toward mitigation. Capable of designing and maintaining security KPI metrics to prioritize activities Experience with security tools such as Defender, Rapid 7, Abnormal, CrowdStrike, Palo Alto. Experience with scripting languages such as Python, PowerShell, Bash. Strong knowledge of network protocols and design, operating systems (Windows, Linux, MacOS) and cloud platforms (Azure) and DLP techniques. Demonstrated ability to produce clear, concise, and technically accurate documentation including visual diagrams to communicate complex security concepts to any audience. Maximizes the use of AI, automation, computer forensics tools, workflows, and practices. Capable of participating within table top exercises at the IT or Corporate level. Knowledgeable with risk assessment methodology. Knowledgeable and experienced in penetration testing exercises. Total Rewards Central establishes base pay based on several factors including labor market data and an evaluation of candidate qualifications relative to role requirements. Base pay is one component of a comprehensive total rewards package designed to support employees' financial, health, career, and retirement objectives. Central provides extensive health and wellness benefits to promote flexibility, work-life balance, and long-term financial security. For more information, see Central Insurance Benefits

Bad software is everywhere, and we're tired of it. Sentry is on a mission to help developers write better software faster so we can get back to enjoying technology. With more than $217 million in funding and 100,000+ organizations that believe we're on to something, we're building performance and error monitoring tools that help companies like Disney, Microsoft, and Atlassian spend less time fixing bugs and more time building products. Sentry embraces a hybrid work model, with Mondays, Tuesdays, and Thursdays set as in-office anchor days to encourage meaningful collaboration. If you like to selfishly build things that make your digital life better, come help us build the next generation of software monitoring tools. About The Role The security team is responsible for and committed to securing all things Sentry. From our customers, to our code, and everything in between, the security team is involved in all aspects of the business in pursuit of that goal. Sentry is looking for a Senior Security Engineer to join our growing security team, working across application and platform security domains to drive security solutions for hardening our evolving cloud based application and Kubernetes platform. You will partner with engineering to mature Sentry's holistic cloud platform security posture through effective security architecture, project specific threat modeling, and occasional coding. In this role, you will * Lead highly impactful initiatives to solve critical security challenges, from idea formulation to design and implementation * Work on cross company objectives to influence and achieve security objectives * Research and evaluate new technologies to enhance the company's security posture with an eye towards scalability * Identify potential threats and vulnerabilities in our systems and data, as well as help develop and implement solutions to safeguard them * Enable cross-functional teams to implement security solutions aligned with Secure-by-Design concepts and standards You'll thrive in this role if you * Want to be an early member of an agile and engineering focused security team * Enjoy collaborating with passionate security, application, platform, and infrastructure engineers who are eager for ideas and action * Are passionate about creating and collaborating on technical designs and plans * Are motivated to continue developing and learning new skills Qualifications * 6+ years of industry experience designing, building, and supporting large-scale distributed systems in production * Strong fundamentals in computer science skills. * Experience in securing container based environments in cloud platforms (e.g., AWS, Azure, GCP) and their SDKs/APIs." * Degree in Computer Science or related field. * Experienced and comfortable programming in at least one language, with a strong preference for Python, Go, or Rust * Applied knowledge of cryptography, PKI, TLS, and practical implementations. * An up to date understanding of the threat landscape as it pertains to SaaS companies * Strong communication skills Not sure if you meet 100% of the qualifications? We encourage you to apply anyway. We're interested in people are excited about this opportunity and eager to grow. The base salary range (or hourly wage range, if applicable) that Sentry reasonably expects to pay for this position is $190,000 to $280,000 USD. A successful candidate's actual base salary (or hourly wage) amount will be determined by a variety of relevant factors including, without limitation, the candidate's work location, education, work and other relevant experience, skills, and job-related knowledge. A successful candidate will be eligible to participate in Sentry's employee benefit plans/programs applicable to the candidate's position (including incentive compensation, equity grants, paid time off, and group health insurance coverage). See Sentry Benefits for more details about the Company's benefit plans/programs. Equal Opportunity at Sentry Sentry is committed to providing equal employment opportunities to its employees and candidates for employment regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other legally-protected characteristic. This commitment includes the provision of reasonable accommodations to employees and candidates for employment with physical or mental disabilities who require such accommodations in order to (a) perform the essential functions of their jobs, or (b) seek employment with Sentry. We strive to build a diverse team, with an inclusive culture where every teammate can thrive. Sentry is an open-source company because we believe that everyone, everywhere, should have the ability and tools to make great software. Software should be accessible. That starts with making our industry accessible. If you need assistance or an accommodation due to a disability, you may contact us at accommodations@sentry.io. Want to learn more about how Sentry handles applicant data? Get the details in our Applicant Privacy Policy.

Zoro.com is a leading eCommerce platform offering nearly 12 million tools, parts and supplies for our business customers. Launched in 2011, we brought a B2C-like experience to the B2B industry, and continue to be at the forefront of digital innovation at the intersection of technology and distribution. We have rapidly grown to over $1 billion in annual revenue and we're just getting started! Primary Function: This individual will serve as a thought leader and security expert for Zoro and is responsible for evaluating, implementing, and managing security tools designed to identify, protect, detect, respond, and monitor the cloud infrastructure and SaaS applications Zoro utilizes. They will also assess, recommend, and develop security controls for existing systems and applications operating in our environment. As a Senior Cloud Security Engineer, it will also be their responsibility to help promote positive change and build a security-aware technology culture within the Cloud Operations and surrounding organizations. Duties and Responsibilities: * Design highly available, scalable, and resilient security solutions leveraging both cloud-agnostic and cloud-native tools within GCP and AWS. * Design and implement container security enhancements. * Design, implement and monitor solutions for network and landing zone security, server and container image hardening, identity and access management (IAM), data security, patch management, application security, secrets management. * Design and implement automated security processes and controls to increase operational effectiveness and reduce manual processes. * Lead collaborative design of solutions to meet remediation requirements from audits, security reviews, vulnerability scans, external regulatory changes, PEN Tests, and PCI changes. * Lead automation efforts to minimize manual work, ensure compliance goals, and support continuous delivery frameworks and tools. * Own, lead and manage the security vulnerability management program and remediation process across systems and component owners. * Assess and implement monitoring tools to support operational and security incident response processes. * Strengthen the data security approach by improving the preventative, detective, and corrective solutions. * Lead in selecting security vendors and tools and managing vendor relationships. * Research, analyze and assess threats and risks. * Interface with teams to provide high-quality and low-friction security operations services throughout the organization. * Serve as the hands-on subject matter expert for security operations. * Guide technical teams on architectural, procedural, and security best practices. * Communicate security risks and mitigation plans to business partners. * Create documentation for security tools and services. * Provide feedback on new and existing security policies. * Create and maintain security standards, guidelines, and procedures. * Stay abreast of security industry standards, technology changes, trends, and best practices. * Review and approve security infrastructure change requests. * Provide leadership, training, and mentoring to junior team members. Qualifications: * Education: * Bachelor's degree in Information Systems or related degree, or equivalent job experience. * Possess an ISACA and/or ISC2 certification, such as CISSP, CCSP, or CSX-P * Experience: * 5+ years cloud infrastructure operations or information security risk compliance experience. * 5+ years of experience in security engineering and operations. * Extensive experience with GCP and/or AWS. * Experience with SIEM tools. * Web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten. * Direct working experience in designing and implementing solutions to enforce security frameworks, controls, and benchmarks such as NIST Cyber Security Framework, CIS CSC, CIS Top 20, and ISO 27001. * Strong understanding of network attacks, DDoS, phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies. * Excellent organizational, communication, and interpersonal skills. * Innovative problem solving, research, and analytical skills. * Highly motivated self-starter. * Strong sense of ownership and driven to manage tasks to completion. * Preferred: * Certified Information Systems Security Professional (CISSP). * Google Professional Cloud Security Engineer. Total Rewards Zoro's total compensation plan includes our Zoro Incentive Plan (ZIP) that is designed to foster and reward our team members for strong performance. Total compensation will be highly competitive. In addition to competitive compensation, Zoro offers comprehensive benefits and perks including: * Medical, dental, vision, and life insurance plans with coverage starting on day one of employment * Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents. We also support growing your family through access to adoption assistance program * 6 free sessions each year with a licensed therapist and Wellhub portal membership to support your mental and emotional wellbeing * At least 18 paid time off days annually for full-time employees and 6 company holidays per year * 6% company contribution to a 401K Retirement Savings Plan each pay period, no employee contribution required * Tuition reimbursement, student loan refinancing and access to financial counseling, education, and tools * Charitable Gift Program - match gift to an eligible educational, cultural, community health, and human service organizations * Employee discounts and admission to various civic and cultural institutions around Chicago * Zoro office perks including coffee bar, beer on tap, unlimited snacks, access to the onsite gym, and incredible city skyline views For additional information and details regarding our benefits and our parent company, W. W. Grainger, please click on the link here. The pay range provided is not a guarantee of compensation. The range listed reflects the expected base pay for this position at the time of posting, based on the role's job grade. Actual compensation may vary depending on factors such as location, relevant experience and individual qualifications. Illinois $102,800-$171,300 USD Our Culture Zoro was founded in 2011 with a simple idea: make it easy for businesses to get the tools, parts, and supplies they need to keep things running. We've grown by staying curious, moving quickly, and solving everyday challenges in smart, practical ways. Backed by W.W. Grainger and inspired by our endless assortment business model, we're on a clear path toward our next big milestone: $2 billion in revenue-and beyond. At Zoro, we don't just follow a playbook-we help build it. You'll get to work on real problems with a supportive team that shares ideas freely, learns from each other, and celebrates wins together. Our culture is grounded in values that guide how we show up every day: Winning & Learning Together, Being Customer Obsessed, Being Transparent, and Taking Ownership. We don't have all the answers, but we're always asking good questions. Zoro's culture has been recognized by Fortune, Best Places to Work, and Built In Chicago-but the recognition we care about most comes from our team members, who make this place what it is. We also know that flexibility matters. Our hybrid work model gives you space to focus and the flexibility to live your life - asking team members to be onsite at least two days a week. Our Chicago HQ (right above Ogilvie Transportation Center in the Accenture Tower) is always open and ready for connection, collaboration, or just a good cup of coffee. At Zoro, we're growing fast toward big aspirations - and we're continuously excited about the new challenges we get to solve together. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status, or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace. We are also committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment. Should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview, or hiring process, please advise us so that we can provide appropriate assistance.

Information Security Threat, Vulnerability, and Risk Analyst

IAM Analyst

Purpose of Position: This position is responsible for maintaining and improving the security of the organization's information systems, networks and data. Key responsibilities include proactively identifying potential security risks, developing and implementing security measures to prevent data loss. Essential Functions: • Perform active threat hunting, looking for potential attacks rather than just passively waiting for attacks • Perform red team/blue team exercises to test defenses and improve security operations. • Assists with vulnerability assessments, using provided security tools to identify system vulnerabilities • Design and implement security controls across cloud and on-premises environments • Create and maintain security monitoring and alerting solutions • Data Loss Prevention (DLP): Monitor DLP alerts, investigate incidents, and recommend actions to relevant teams to mitigate data breaches. • Assists in the planning and deployment of the company's cloud information security strategies • Manage Infrastructure and application security monitoring tools to detect and respond to security incidents in real-time • Participate in the development and improvement of the company's SDLC processes, ensuring security practices are integrated into all stages of product development • Responsible for evaluating, influencing, and recommending technology and product direction • Stay informed on the latest cybersecurity trends, emerging threats, attack techniques, and zero-day vulnerabilities affecting Microsoft environments and other relevant technologies. • On-site or remote regular attendance and punctuality are essential functions of the job. • Perform other business tasks or functions as assigned. Qualifications Knowledge, Skills & Abilities Required: • Experience with Microsoft Defender, Sentinel, Azure Security Center, and Microsoft 365 security solutions, helping to identify vulnerabilities, mitigate threats, and enhance security postures. • Deep knowledge of Microsoft security solutions o Microsoft Defender for Endpoint o Microsoft Sentinel (SIEM/SOAR) o Azure Security Center & Microsoft Purview Compliance Manager o Microsoft Intune and Conditional Access Policies • Strong understanding of security principles and best practices • Strong knowledge and hands on experience with Data Loss Prevention • Hands-on experience in threat hunting • Certifications such as OSCP, OSWE, CISSP, CEH, GPEN, AZ-500 (Microsoft Azure Security Engineer), SC-200 (Microsoft Security Operations Analyst), or SC-300 (Microsoft Identity and Access Administrator) are a plus. • Proficiency in Microsoft security technologies and tools such as Purview Information Protection, Defender for Cloud and Sentinel • Experience with Managed Extended Detection and Response (MXDR) • Proficient in Microsoft Office programs, including Word, Excel, PowerPoint, as well as Outlook. • Adhere to all PHI (Protected Health Information) and HIPAA (Health Insurance Portability and Accountability Act) guidelines. Educational Requirements: • High School Diploma or equivalent required. • Bachelor's degree in Computer Science, Cyber Security or equivalent experience required. • Minimum of six (6) years of hands-on experience in IT with a focus on security. Physical Requirements: Must be able to sit for extended periods and occasionally stand and walk. Must have adequate hearing for phone work. Vision requirements include close vision and the ability to adjust focus. Must be able to communicate effectively in English. Must be able to use a keyboard and other office equipment. Ability to lift up to 10 pounds occasionally.

Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures. Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company - not just insurers. We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo. Unum is changing, and we're excited about what's next. Join us. General Summary: The Information Security Metrics and Quality Data Analyst is responsible for simple to moderately complex data profiling, analysis and mapping with little to no oversight and exhibits a mastery of the tools and technical skillset subject matter expertise with data organization and visualization supporting information security (cyber security) risks and operations. This candidate works closely with Security Analysts, Security Engineers, Project Managers, and Global Information Security leadership. They deliver to high quality KRI/KPI and are able to accurately estimate work required to deliver on their responsibilities. They use critical thinking skills applied to data analysis in order to advance the delivery and maintenance of information security KRI and KPI. Job Specifications * Bachelors Degree preferred, and/or equivalent experience * 4+ years experience with demonstrated success at the Data Analyst 1 level or equivalent experience * Mastery of data profiling and analysis concepts, including data anomalies, data mapping activities. * Mastery of data modeling concepts * Mastery of PowerBI data modeling and visualization development * Clearly demonstrates data analytical ability and critical thinking skills * Ability to manage multiple tasks by paying close attention to detail * Ability to work as part of a team and interact effectively with others * Ability to embrace change, adapt to the unexpected, and focus energies, people, and solutions on practical and positive results * Takes an innovative approach to problem solving * Strong communications skills * Strong team player; able to work effectively within a team and more broadly with people from a variety of backgrounds and areas across the organization. Principal Duties and Responsibilities * Responsible for data profiling and analysis to evaluate data sources to determine the best source for business information. * Responsible for source to target data mapping specifications (e.g. source to target can be from one DBMS table to another DBMS table, from a DBMS table into a canonical message structure, etc.) * Design simple to moderately complex, flexible data models (conceptual and logical) and visualizations through collaborations with analysts, engineers, and leadership. Leads sizing and estimation activities within the agile team. * Create/Capture documentation (metadata) that is up-to-date. * Collaborate with the test engineers to perform data validation and testing activities as appropriate. * Develop and maintain knowledge of information security practices and the insurance industry. * Develop and maintain knowledge of information security-owned and other relevant data sources. * Adhere to approved architectural standards. * Uses critical thinking skills to recommend and implement data management practices that advance business value. * Thinks with the mind of the end customer at all times, ensuring solutions seek to improve the customer experience and delight their customers. #LI-TO1 #LI-MULTI IN4 Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best - both inside and outside the office. Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status. The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience. $73,300.00-$150,500.00 Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans. Company: Unum

Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures. Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company - not just insurers. We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo. Unum is changing, and we're excited about what's next. Join us. **General Summary:** The Information Security Metrics and Quality Data Analyst is responsible for simple to moderately complex data profiling, analysis and mapping with little to no oversight and exhibits a mastery of the tools and technical skillset subject matter expertise with data organization and visualization supporting information security (cyber security) risks and operations. This candidate works closely with Security Analysts, Security Engineers, Project Managers, and Global Information Security leadership. They deliver to high quality KRI/KPI and are able to accurately estimate work required to deliver on their responsibilities. They use critical thinking skills applied to data analysis in order to advance the delivery and maintenance of information security KRI and KPI. **Job Specifications** + Bachelors Degree preferred, and/or equivalent experience + 4+ years experience with demonstrated success at the Data Analyst 1 level or equivalent experience + Mastery of data profiling and analysis concepts, including data anomalies, data mapping activities. + Mastery of data modeling concepts + Mastery of PowerBI data modeling and visualization development + Clearly demonstrates data analytical ability and critical thinking skills + Ability to manage multiple tasks by paying close attention to detail + Ability to work as part of a team and interact effectively with others + Ability to embrace change, adapt to the unexpected, and focus energies, people, and solutions on practical and positive results + Takes an innovative approach to problem solving + Strong communications skills + Strong team player; able to work effectively within a team and more broadly with people from a variety of backgrounds and areas across the organization. **Principal Duties and Responsibilities** + Responsible for data profiling and analysis to evaluate data sources to determine the best source for business information. + Responsible for source to target data mapping specifications (e.g. source to target can be from one DBMS table to another DBMS table, from a DBMS table into a canonical message structure, etc.) + Design simple to moderately complex, flexible data models (conceptual and logical) and visualizations through collaborations with analysts, engineers, and leadership. Leads sizing and estimation activities within the agile team. + Create/Capture documentation (metadata) that is up-to-date. + Collaborate with the test engineers to perform data validation and testing activities as appropriate. + Develop and maintain knowledge of information security practices and the insurance industry. + Develop and maintain knowledge of information security-owned and other relevant data sources. + Adhere to approved architectural standards. + Uses critical thinking skills to recommend and implement data management practices that advance business value. + Thinks with the mind of the end customer at all times, ensuring solutions seek to improve the customer experience and delight their customers. \#LI-TO1 \#LI-MULTI IN4 Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best - both inside and outside the office. Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status. The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience. $73,300.00-$150,500.00 Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans. Company: Unum

The Company At Utica National Insurance Group, 1,300 employees countrywide take our corporate promise to heart every day: To make people feel secure, appreciated, and respected. Utica National Insurance Group is an "A" rated $1.7B award-winning, nationally recognized property & casualty insurance carrier. Operating along the Eastern half of the United States, based in our Home Office in Central New York, with Regional Office locations including Boston, NYC, Atlanta, Dallas, Columbus, Richmond, Chicago. Location: This is a remote position, but incumbent must live within one hours drive from either New Hartford, NY or Charlotte, NC to attend periodic office meetings and events at least once per quarter. What will you do: We're seeking an experienced Senior Information Security Engineer to join our Cyber Security Operations team. In this role, you will design, implement, and maintain security solutions to protect enterprise environments, ensuring a layered security framework is in place. You'll play a critical role in defending the company from cyberattacks, safeguarding sensitive data, and ensuring compliance with regulatory requirements. You will lead incident response efforts, manage vulnerability and penetration testing programs, and evaluate emerging threats to maintain a strong security posture. This is a high-impact opportunity to influence security strategy, implement cutting-edge solutions, and collaborate across IT and business teams in a dynamic environment. Essential Functions: * Design, implement, configure, maintain, and support the end-to-end Security Framework including, but not limited to, IPS/IDS, endpoint protection, email and URL filtering (DMARC/DKIM/SPF), SIEM, vulnerability assessment/scanning, ATP solutions, DLP solutions, MFA and SSO solutions, cloud security, WAFs, and more. * Lead Security Operations - configure alerts to protect against cyber threats, review configurations, and tune systems as needed. * Respond to and investigate potential or actual security incidents. Lead all phases of Incident Response (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned). * Handle escalated security alerts and approve mitigation plans. * Research, evaluate, design, configure, and maintain security solutions. * Develop and manage the Vulnerability Management Program, review scan results, and approve mitigation plans. * Perform penetration testing and coordinate third-party testing; review results and remediation plans. * Conduct risk assessments, document threats and vulnerabilities, and develop mitigation strategies. * Evaluate current systems and recommend improvements. * Perform health checks and best practice reviews for security solutions. * Conduct threat modeling/hunting using industry frameworks. What you need: * Education: Bachelor's degree in Computer Science, Engineering, or related field preferred. Industry certifications such as CEH, CISSP, CCSK, CCSP, CISM, OSCP, PenTest+ are desirable. * Experience: 7-10 years of hands-on experience in Cybersecurity required. * Strong knowledge of security frameworks, IT infrastructure, cloud services, and regulatory requirements. * Ability to work after hours, nights, weekends, and holidays as needed for incident response. Salary Range: $110k - $150k The final salary to be paid and position within the internal salary range is reflective of the employee's work experience, geographic location, education, certification(s), scope and responsibilities in the role, and additional qualifications. Benefits: We believe strongly that talented people are core to our success and are attracted to companies that provide competitive pay, comprehensive benefits packages, career advancement and challenging work opportunities. We offer a Comprehensive Benefits Plan for full time employees that include the following: * Medical and Prescription Drug Benefit * Dental and Vision Benefits * Life Insurance and Disability Benefits * 401(k) Profit Sharing and Investment Plan * Health Savings Account (HSA) & Flexible Spending Accounts * Tuition Assistance, Training, and Professional Designations * Company-Paid Family Leave & Adoption/Surrogacy Assistance * Voluntary Benefits (Accident, Critical Illness, Legal, Pet Insurance, etc.) * Student Loan Refinancing Services * Care.com Membership with Back-up Care * Paid Volunteer Day & Matching Gifts Program * Wellness Programs and more Additional Information: This position is a full-time salaried, exempt (non-overtime eligible) position. Utica National is an Equal Opportunity Employer. Apply now and find out what it's like to be a part of an amazing team, thrive in an exciting environment, and work for a company you can be proud of. #LI-LH1