Cyber security analyst jobs in Albany, NY - 40 jobs

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to grow and scale security compliance engines and create positive change across the business, we'd like to speak with you about joining our team. Coinbase is looking for a Security Compliance Senior Analyst to drive the second line of defense IT SOX initiatives and help mature the IT SOX program. *What you'll be doing (ie. job duties):* * Lead Security and IT initiatives to support the SOX roadmap and advance program maturity * Assist with SOX planning activities, including scoping of IT systems and creating training material to owners in preparation for SOX audit * Lead security control gap assessments over SOX control environment, recommend remediation plans and track through completion * Assess SOX implications of new products, update relevant controls, and communicate requirements to product organization and other stakeholders * Provide ongoing reporting to stakeholders and leadership on above responsibilities and communicate progress and escalations management * Perform SOX audit and control impact analysis as a result of security and technology incidents and partner with owning teams on control uplift activities * Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership * Create and improve SOX procedural documentation, including process documentation, data flow diagrams, and uplifting templates * Work closely with internal and external auditors to educate them about a complex technology control environment * Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members * Develop creative solutions to prove risk mitigation and solve for complex audit problems faced by the crypto industry * Identify opportunities to address systemic program challenges, recommend solutions and drive efficiency through AI and automation *What we look for in you (ie. job requirements):* * Minimum of 5+ years of security/IT compliance or equivalent experience * Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance * Prior experience at a big 4 accounting firm * Experience leading compliance initiatives from start to finish * Proven understanding and audit experience of cloud technologies, AWS preferred * Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision * Strong oral and written communication skills * Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment * Ability to communicate with technical / non-technical stakeholders to align on shared outcomes * Experience in Financial services, Big Tech, or FinTech *Nice to haves:* * BA or BS in a technical field or equivalent experience * Security certifications e.g. CISA, CISSP, CISM or other relevant certifications * Experience auditing in Crypto space Position ID: P73675 \#LI-Remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $167,280-$196,800 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

About Us: The people of Memorial Sloan Kettering Cancer Center (MSK) are united by a singular mission: ending cancer for life. Our specialized care teams provide personalized, compassionate, expert care to patients of all ages. Informed by basic research done at our Sloan Kettering Institute, scientists across MSK collaborate to conduct innovative translational and clinical research that is driving a revolution in our understanding of cancer as a disease and improving the ability to prevent, diagnose, and treat it. MSK is dedicated to training the next generation of scientists and clinicians, who go on to pursue our mission at MSK and around the globe. Exciting Opportunity at MSK: Cyber Security Engineer - Access Management Administration (AMA) Do you want to join an innovative team and contribute to cancer research? Are you creative and want to tackle meaningful problems? Then join us here at MSK, where we can provide you with the opportunity to do all of those things! We are seeking a Cyber Security Engineer to join our team. We are searching for someone who has the right skills, who is eager to be part of a dynamic team and wants to be involved with the newest technologies. If you're ready to take your career to the next level and be part of a dynamic team at the forefront of authentication and federation technology, we want to hear from you! Role Overview: Design, develop, and maintain authentication systems using industry-standard protocols such as OAuth, SAML, and OpenID Connect using PingFederate platform or equivalent technology. Strong knowledge and understanding of Multi-Factor Authentication using PingID, Identity Proofing using PingOne Verify, PingOne Davinci, Risk-Based Authentication using PingOne Protect. Implement federated identity solutions for seamless single sign-on (SSO) experiences across multiple applications and platforms. Collaborate with cross-functional teams to integrate authentication and federation components into existing systems and applications. Conduct performance optimization and troubleshooting to ensure the reliability and scalability of authentication and federation systems. Provide Identity & Access Management engineering services, sophisticated technical support, troubleshooting, and monitoring of the enterprise systems. Implement IAM security-centric and security-related information technology products and projects to support the organization. Collaborate with stakeholders to analyze business requirements and translate them into technical solutions for Identity Governance & Administration. Provide support to end-users and administrators on authentication and federation tools and processes. Stay up-to-date with emerging technologies and best practices in Identity & Access Management to drive continuous improvement and innovation. Key Qualifications: Strong knowledge and proven experience in designing, implementing, and maintaining authentication and federation systems using PingFederate, PingID, PingOne Verify, PingOne Davinci, and PingOne Protect platforms. Proficiency in authentication protocols such as OAuth, SAML, and OpenID Connect. Experience and knowledge of Java, C#, SQL, APIs/Web Services, Windows Servers, Linux Servers, PowerShell, Active Directory. Experience using SIEM products like Splunk and tools such as Postman are an added benefit. Having knowledge of Identity & Governance Administration using Sailpoint IdentityIQ; Privileged Account Management: Delinea (Secret Server) would be an added benefit. Strong verbal and written communication skills; technical writing or desktop/web publishing skills. Ability to work effectively in a team-oriented environment. Outstanding ability to analyze security data. Desired 2 - 5 years security related experience or equivalent Core Skills: A strong, confident communicator who can work with and provide security communications to our organization across departments and at all levels in addition to our external partners. Remaining active in the security and technology industry with creative ideas for organizational solutions. A good decision-maker, with proven success at making timely decisions that keep the organization moving forward. Additional Information: Schedule: 9:00 AM - 5:00 PM EST, Monday - Friday with Flexible to work after hours, weekends and holidays when required. Must be available to provide 3rd level 24 x 7 support on a rotating schedule. Location: Hybrid position with flexibility to work and/or attend meetings in New York City, Middletown NJ, regional sites, or vendor sites as needed. Reporting to Associate Director, Identity & Access Management Helpful Links: Compensation Philosophy Benefits Pay Range: $90,700.00 - $145,300.00FSLA Status: Exempt Closing: At MSK, we believe in fair, competitive pay that reflects your job, experience, and skills. MSK is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sexual orientation, national origin, age, religion, creed, disability, veteran status or any other factor which cannot lawfully be used as a basis for an employment decision. Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Our mission at Duolingo is to develop the best education in the world and make it universally available. It's a big mission, and that's where you come in! At Duolingo, you'll join a team that cares about finding innovative solutions to complex technical problems, running countless experiments (300+ at a time!) with our massive user base to make data-driven decisions, and educating our users and employees alike. You'll have limitless learning opportunities, mentorship and collaboration with world-class minds, and a variety of projects with large scopes - while doing work that's both fun and meaningful. Join our life-changing mission to develop education for our half a billion (and growing!) learners around the world. About the role Join Duolingo as a Security Engineer and play a pivotal role in safeguarding our systems, employees, learner data, and services across our rapidly growing language learning platform. With over 800 employees and 21 million daily active users, your expertise will be critical in maintaining the highest security standards while continuously enhancing our infrastructure security and ensuring compliance. You will... Design and develop scalable monitoring and response systems for security alerts to proactively mitigate risks Continuously evaluate Duolingo's security posture, anticipating future threats and devising appropriate countermeasures Collaborate with development teams to conduct threat modeling, identify risks, and provide guidance on mitigations Be a partner to our security champions, organizing and growing the program across Duolingo to ensure the efficient distribution of security knowledge Implement dependency checks for open-source software within applications Participate in regular product security tabletops with organizational partners Work on deploying early alerting systems throughout our environment and the responsive automations that trigger when they alert Develop a continuous verification and testing system for security controls and critical features Work with our partners in finance to ensure we maintain compliance with our regulatory obligations Collaborate with IT to improve the security of our offboarding processes by introducing automation and well documented procedures You have... Experience deploying, managing, and troubleshooting security scanning tools in the CI/CD pipeline Familiarity with Linux system administration, automation, and Python programming A desire to learn more about security and develop the foundational building blocks of the program Strong collaboration, emotional intelligence, and communication skills A Bachelor's degree in Computer Science or a related technical field Proven experience developing and maintaining microservices Experience in product, application, or cloud security Willingness to work in both backend engineering and operational engineering dependent on the needs of the organization Ability to relocate to New York, NY Exceptional candidates will have... Familiarity with containerization runtimes (Docker, rkt) Experience securing a large infrastructure on AWS Threat modeling experience across various architectures and understand how to align those with business goals Demonstrable experience in designing and managing multi-account cloud environments Experience communicating sophisticated technical requirements to audiences of variable technical sophistication Experience working in Terraform, developing modules, and creating secure by default configurations Familiarity with security scanning tools such as SemGrep, Nuclei, Trufflehog, and Checkov We post a multi-level salary range for all of our roles. This is not inclusive of the rest of our awesome portfolio that includes equity compensation and world-class benefits. Our salary ranges are the same for all US locations. Your recruiter can share more details about the range for a specific level during the hiring process. The actual salary within the range is determined by many factors including but not limited to, skills, experience, education, and internal equity. Salary Range: $177,700-$240,400 USD Take a peek at how we care for our employees' holistic well-being with our benefits here. We will do everything we can within reason to make sure that your interview takes place in an environment that fairly and accurately assesses your skills. If you need assistance or accommodation, please contact accommodations@duolingo.com. Duolingo is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. By applying for this position your data will be processed as per the Duolingo Applicant Privacy Notice. Sign up for job alerts here.

RiverTech is seeking a skilled Information Security (INFOSEC) Specialist to support the Joint Staff Security Office (JSSO) at the Pentagon in providing comprehensive security services. The ideal candidate will be responsible for ensuring that classified information, SCI, and controlled unclassified information (CUI), under the control of the JS, is protected in accordance with authoritative policies. To join our team of outstanding professionals, apply today! Responsibilities + Ensures classified information, SCI, and controlled unclassified information (CUI), under the control of the Joint Staff is protected in accordance DoDM 5200.01, DoDD 5205.21, and DoDI 5200.48. + Develops INFOSEC standard operating procedures (SOPs) and policies for the Joint Staff Security Office (JSSO). + Conducts security incident inquiries addressing security incidents involving non-compliance with security procedures for classified information, from initiation to completion. + Maintains a tracking system of all security incidents and conducts an analysis of the information compiled to identify areas of concern to address trending security issues. + Maintains repository of all Joint Staff security classification guides (SCGs) and reviews SCGs as prescribed by the Information Security Oversight Office (ISOO). + Manages the Joint Staff and combatant commands original classification authorities (OCAs) lists. + Conducts security classification reviews for Joint Staff products containing classified national security information and provides recommendations to align with policies. + Develops, implements, and conducts specialized training programs for security personnel, including annual and refresher training, while tracking completion status. + Collaborates with other security disciplines such as Physical Security, Personnel Security, Insider Threat Hub and Foreign Disclosure Office during security incidents, classification reviews and to ensure security measures and training align with organizational goals. + Manages and Implements the Joint Staff courier program. Qualifications + Minimum of six (6) years of direct relevant experience. + Top Secret Clearance with SCI eligibility. + Must possess a working knowledge of the U.S. Government Security Programs and skills in planning, developing, implementing, and evaluating security programs to meet mission requirements for which they support. + Excellent written and oral communication and problem-solving skills and the ability to review, analyze, and resolve complex issues. Desired Qualifications: + Working in Department of Defense (DoD). + Working in a Sensitive Compartmented Information Facility (SCIF) and on classified networks (SIPRnet and Joint Worldwide Intelligence Communications System (JWICS). + Familiarity with Enterprise Task Management Software Solutions (ETMS2) tasking system, Correspondence and Task Management System (CATMS) or other DoD Task Management Tools (TMT) or applications. + Sharepoint Management. + Utilizing Microsoft Office products (Word, Excel, Powerpoint). Job ID 2025-20040 Work Type On-Site Pay Range $110,000 - $120,000 Benefits Regular - The company offers a comprehensive benefits program, including medical, dental, vision, life insurance, 401(k) and a range of other voluntary benefits. Paid Time Off (PTO) is offered to regular full-time and part-time employees. Company Description Work Where it Matters RiverTech, an Akima company, is not just another federal professional solutions contractor. As an Alaska Native Corporation (ANC), our mission and purpose extend beyond our exciting federal projects as we support our shareholder communities in Alaska. At RiverTech, the work you do every day makes a difference in the lives of our 15,000 Iñupiat shareholders, a group of Alaska natives from one of the most remote and harshest environments in the United States. For our shareholders, RiverTech provides support and employment opportunities and contributes to the survival of a culture that has thrived above the Arctic Circle for more than 10,000 years. For our government customers, RiverTech provides innovative solutions to complex engineering and operational challenges and delivers wide-ranging services for mission support, systems engineering, and IT. As a RiverTech employee, you will be surrounded by a challenging, yet supportive work environment that is committed to innovation and diversity, two of our most important values. You will also have access to our comprehensive benefits and competitive pay in addition to growth opportunities and excellent retirement options. We are an equal opportunity employer and comply with all applicable federal, state, and local fair employment practices laws. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law. If you are an individual with a disability, or have known limitations related to pregnancy, childbirth, or related medical conditions, and would like to request a reasonable accommodation for any part of the employment process, please contact us at ******************** or ************ (information about job applications status is not available at this contact information).

Hudson River Trading (HRT) is looking for a curious and innovative cybersecurity engineer who is excited about modern cloud, infrastructure, and AI security practices. Our Enterprise Security team is responsible for safeguarding the infrastructure behind one of the most technically demanding trading environments in the world. From securing cloud and computing platforms to strengthening IAM practices and advancing AI security, your work will be central to how we protect and scale HRT's technology. In this role, you'll have the autonomy to shape HRT's global cybersecurity systems while developing high-impact solutions built for both performance and resilience. We're looking for someone who thrives in DevSecOps, values defense in depth without adding developer friction, and approaches challenges with both rigor and creativity. Responsibilities Architect and implement security controls that encourage secure design patterns in the public and hybrid cloud, and our AI ecosystem Manage and secure a wide variety of systems (including conventional compute and AI workloads) spanning public cloud (AWS/GCP/Azure) and hybrid cloud platforms Instrumenting observability for the cloud and AI systems where there are unique high performance requirements Engineer, implement, and maintain IAM solutions for infrastructure components and enterprise tools in a cloud-native manner Design, implement, and manage a comprehensive vulnerability management program using industry-standard tools to effectively prioritize and remediate security risks Detecting configuration drift or malicious activity as a signal for Security Operations Collaborating with Security Operations and engineering teams to write runbooks for handling incidents/issues around secure cloud and AI/LLM usage Identify security threats and vulnerabilities to cloud and AI systems currently in use at HRT, as well as evaluate security needs for any future solutions Qualifications 5+ years of experience in a security engineering role 5+ years of software development experience, preferably in Python Experience developing and operating in a DevSecOps lifecycle to implement automated controls for Kubernetes, containers, public cloud deployments and AI workloads Experience working with and securing Linux systems (Debian is a huge plus!) Experience securing SaaS platforms is a plus The estimated base salary range for this position is $150,000 - $250,000 per year, based on job-related skills and experience. This role will also be eligible for discretionary performance-based bonuses and a competitive benefits package. Culture Hudson River Trading (HRT) brings a scientific approach to trading financial products. We have built one of the world's most sophisticated computing environments for research and development. Our researchers are at the forefront of innovation in the world of algorithmic trading. At HRT we welcome a variety of expertise: mathematics and computer science, physics and engineering, media and tech. We're a community of self-starters who are motivated by the excitement of being at the cutting edge of automation in every part of our organization-from trading, to business operations, to recruiting and beyond. We value openness and transparency, and celebrate great ideas from HRT veterans and new hires alike. At HRT we're friends and colleagues - whether we are sharing a meal, playing the latest board game, or writing elegant code. We embrace a culture of togetherness that extends far beyond the walls of our office. Feel like you belong at HRT? Our goal is to find the best people and bring them together to do great work in a place where everyone is valued. HRT is proud of our diverse staff; we have offices all over the globe and benefit from our varied and unique perspectives. HRT is an equal opportunity employer; so whoever you are we'd love to get to know you. Please be advised: Use of AI tools during interviews or assessments is strictly prohibited, unless otherwise instructed or agreed upon. We employ various methods to evaluate the authenticity of candidate responses. If we determine that AI assistance was used during any stage of the hiring process, we reserve the right to immediately disqualify your candidacy or rescind any job offers extended.

We are seeking a highly technical Security Engineer to join our Product Security team. This role is integral to ensuring the security and integrity of our products and services. You will conduct in-depth code reviews, implement security best practices, and influence the overall security strategy. Your expertise in TypeScript, Python, Kubernetes, CI/CD, SAST, DAST, and terraform orchestration will be crucial in identifying and mitigating potential security vulnerabilities. You will also structure complex problems, diagnose root causes independently, and clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact. You will: Conduct in-depth code reviews to identify and remediate security vulnerabilities. Evaluate and enhance the security of our product offerings, through RFC and service review. Implement and maintain CI/CD pipelines with a strong focus on security. Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code. Utilize terraform orchestration to ensure secure and efficient infrastructure management. Guide engineering teams to build robust long-term solutions that consider security and privacy. Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact. Influence the security strategy and direction of the team, advocating for best practices and continuous improvement. Ideally, you'd have: Proven experience as a Security Engineer with a focus on product security. Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes. Strong understanding of modern Javascript application design. Production experience with Kubernetes backed services Hands-on experience with SAST and DAST tools and methodologies. Familiarity with terraform orchestration for infrastructure management. You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input. Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders. Demonstrated ability to influence security strategies and drive improvements within a team. Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus. Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You'll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend. Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is:$189,200-$236,500 USD PLEASE NOTE: Our policy requires a 90-day waiting period before reconsidering candidates for the same role. This allows us to ensure a fair and thorough evaluation of all applicants. About Us: At Scale, our mission is to develop reliable AI systems for the world's most important decisions. Our products provide the high-quality data and full-stack technologies that power the world's leading models, and help enterprises and governments build, deploy, and oversee AI applications that deliver real impact. We work closely with industry leaders like Meta, Cisco, DLA Piper, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force. We are expanding our team to accelerate the development of AI applications. We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status. We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at accommodations@scale.com. Please see the United States Department of Labor's Know Your Rights poster for additional information. We comply with the United States Department of Labor's Pay Transparency provision . PLEASE NOTE: We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services, and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.

About Us Navan is a modern, dynamic SaaS company revolutionizing the way businesses manage travel and expenses. With offices around the world, we are committed to creating seamless and innovative solutions for our clients. Our team is dedicated to fostering a collaborative and inclusive environment where everyone's contributions are valued. Role Overview We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting-edge security solutions, and collaborating with various teams to enhance our overall security posture. What You'll Do Manage Workforce IAM and Identity Governance: Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands-on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero-trust security posture for all corporate resources. Federate and Configure Application Access: Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra ID, for single sign-on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning. Secure Devices and Endpoints: Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, mac OS devices with Jamf, and ChromeOS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats. Manage Endpoint Detection and Response (EDR): Lead the deployment, administration, and tuning of our EDR platform, specifically the CrowdStrike Falcon suite. Your responsibilities will include leveraging products like Falcon Insight for incident investigation, Falcon Prevent for next-gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints. Implement Zero Trust Network Access: Design and deploy Zero Trust security models to enhance network security and safeguard company resources. Deploy Data Loss Prevention Solutions: Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box. Enable Large-Scale Endpoint Management: Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, mac OS, ChromeOS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface. Orchestrate Security Posture Checks: Automate security checks for all new infrastructure deployments to ensure compliance with security standards. Implement Endpoint State Attestation: Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints. Scale Proactive Security Controls: Extend security measures to new environments, including those acquired through mergers or acquisitions. Stay Current with Industry Trends: Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities. Develop Custom Security Solutions: Contribute to the development of custom and open-source security tools tailored to our needs. What We're Looking For Experience: Minimum of 5 years of experience in corporate security engineering within a SaaS or similar environment. Technical Expertise: Expert-level proficiency with the Okta platform for workforce Identity and Access Management (SSO, MFA, IGA) Okta Certification is a strong plus. Demonstrated experience designing and implementing complex access management automation and workflows, with a strong preference for candidates skilled in Okta Access Requests and Okta Workflows. Strong knowledge of securing devices and endpoints, including hands-on experience with Mobile Device Management platforms like Microsoft Intune. Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments. Experience with securing Google Workspace and Microsoft 365/Enterprise Suite. Hands-on experience implementing an enterprise zero trust network access solution such as ZScaler is a strong plus. Understanding of Zero Trust Network Access models. Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform). Knowledge of Data Loss Prevention strategies in SaaS applications. Experience with vulnerability management tools and methodologies. Automation Mindset: Passion for automating processes to improve efficiency and scalability. Communication Skills: Ability to effectively communicate complex security concepts to technical and non-technical stakeholders, including collaboration with the physical security team. Problem-Solving Abilities: Demonstrated ability to identify security risks and develop effective mitigation strategies. Certifications: Highly Desirable: Okta Certified Professional or Higher, Microsoft Security Certifications Nice to Have: CISSP, CISM, or similar security certifications. Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred. Why Navan? Innovative Environment: Be part of a team that's shaping the future of business travel and expense management. Global Impact: Work on projects that have a worldwide reach and influence. Collaborative Culture: Join a diverse team where your ideas and contributions make a difference. Professional Growth: Opportunities for learning and development to advance your career. Comprehensive Benefits: Competitive salary, health benefits, and other perks. The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate's starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate's skills and experience, market demands, and internal parity. For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.Pay Range$127,500-$230,000 USD

About the Role: Grade Level (for internal use): 11 S&P Global Corporate Segment: S&P Global Energy The Role: Cloud & Application Security Engineer The Team: Part of the SPGE Technology Security team accountable for the overall cyber security of the division. This role would instill values of enablement, accountability, and shared responsibility throughout the division. The Impact: The Cloud & Application Security role will be a resource building and expanding our security champions program across Commodity Insights Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with the various GE towers to help remediate application and cloud vulnerabilities. He/She will coordinate with security champions leaders in other divisions and the corporate Information Security team to build a community of champions that share information and work collaboratively on common application security challenges. What's in it for you: The role engages with a broad range of technologists and business professionals allowing you to develop an experience with emerging cloud-native technology and Sustainable technology roadmap As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm. This role will provide the ability to demonstrate leadership in both the security and developer communities as you'll be helping shape the security champions program. Responsibilities: Work closely with GE towers to help remediate Cloud and Application vulnerabilities Conduct regular security audits, risk assessments, and vulnerability scans. Develop and maintain security policies, procedures, and best practices. Ensure compliance with industry regulations (e.g., DORA, ISO 27001). Assist with the development of security awareness training programs. Work with IT teams to design secure systems and networks. Stay up-to-date with current security threats, trends, and technologies. Monitor systems and networks for security breaches or intrusions. Investigate and respond to security incidents and alerts. Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle Drive behavioral change and inspire a security culture through advocacy and awareness campaigns targeting the engineering teams Assist the Head of DevOps and SRE with continuous refinement and implementation of the division's cyber security strategy by providing feedback gathered from the engineering teams via the security champions Produce periodic, high-quality reports illustrating program status, areas for improvement, and success attributes aligning to the business Remain current with new security threats and DevSecOps best practices Demonstrate security expertise both within the firm and in the industry at large Perform other duties related as assigned. What We're Looking For: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field 6+ years of experience in IT security or a related field. Python programming skills Familiarity with threat modeling, risk assessment, and incident response. Experience with firewalls, IDS/IPS systems, SIEM, endpoint protection, and vulnerability scanning tools. Knowledge of network protocols, operating systems (Windows, Linux), and cloud platforms (e.g., AWS, Azure, GCP). Demonstrated skill in application security and/or software development with a focus on secure design and coding practices Exhibit detailed understanding of security threats especially within a cloud-native environment Proven capability to advocate for security best practices in terms of business value and enablement Established experience successfully leading large-scale projects across global functions Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure Strong project management and personal organizational skills Ability to work in a constantly changing environment under tight deadlines Ability to work independently Working knowledge of CI/CD tools and cloud-native development practices Right to work requirements: This role is open only for candidates with indefinite right to work within the USA. Compensation/Benefits Information (US Applicants Only): S&P Global states that the anticipated base salary range for this position is $120,000 - $170,000. Final base salary for this role will be based on the individual's geographical location as well as experience and qualifications for the role. In addition to base compensation, this role is eligible for an annual incentive plan. This role is not eligible for additional compensation such as an annual incentive bonus or sales commission plan. This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here . About S&P Global Commodity Insights At S&P Global Commodity Insights, our complete view of global energy and commodities markets enables our customers to make decisions with conviction and create long-term, sustainable value. We're a trusted connector that brings together thought leaders, market participants, governments, and regulators to co-create solutions that lead to progress. Vital to navigating Energy Transition, S&P Global Commodity Insights' coverage includes oil and gas, power, chemicals, metals, agriculture and shipping. S&P Global Commodity Insights is a division of S&P Global (NYSE: SPGI). S&P Global is the world's foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the world's leading organizations navigate the economic landscape so they can plan for tomorrow, today. For more information, visit ******************************************* What's In It For You? Our Mission: Advancing Essential Intelligence. Our People: We're more than 35,000 strong worldwide-so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We're committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That's why we provide everything you-and your career-need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It's not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards-small perks can make a big difference. For more information on benefits by country visit: ***************************************** Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to ************************. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: *************************** and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster **************************************************************** describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - ******************************************************************************************** ----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group)

NetBox Labs is seeking a Senior Security Engineer with a strong DevSecOps mindset to lead the technical backbone of our security program - bringing together automation, infrastructure security, and proactive threat detection. This hands-on role will architect and operate systems that secure our code, cloud, supply chain, and collaboration environments, driving visibility, resilience, and trust across everything we build. Reporting to the CTO within the IT/Infosec organization, this role serves as the technical counterpart to the IT/Infosec Manager. You'll work closely with our engineering leadership (Directors and Principals) to embed security practices into development and operations workflows - helping teams build, deploy, and maintain secure systems without being directly involved in product building. You'll design and automate identity and access systems, manage integrations across key platforms, and lead the operation of company logging, detection, and data protection systems - including SIEM, DLP, and audit pipelines-to ensure visibility, resilience, and fast incident response. Responsibilities Enable and guide teams to adopt DevSecOps practices, ensuring security is built into CI/CD and infrastructure pipelines through shared standards, tooling, and best practices. Work with IT Manager on company identity and access management: IdP configuration, user/group organization, and automation via cross-platform synchronization and SAML. Administer and automate GitHub Enterprise and JFrog management (users, teams, org policies, and compliance) using IaC. Operate and tune SIEM, DLP, and centralized logging systems; define and maintain detection and alerting rules. Review audit logs and security telemetry across cloud, SaaS, and developer systems for anomalies and compliance issues. Work with IT Manager to build automated onboarding/offboarding and access reviews aligned with least-privilege principles. Collaborate with platform, product, and engineering teams to design secure-by-default workflows, infrastructure, and deployment practices, ensuring consistent security controls across products. Conduct risk assessments, tabletop exercises, and threat simulations in concert with engineering and operations teams, ensuring security readiness is collaborative and integrated. Lead and coordinate penetration testing efforts, including scoping, vendor engagement, and remediation tracking. Support SOC 2 and related compliance efforts through control validation and evidence collection. Help respond to and complete customer and vendor security questionnaires, collaborating with compliance and engineering teams to ensure accurate and timely answers Requirements 5+ years in security, IT, DevSecOps, or platform engineering roles. Deep understanding of identity management, SSO, and federation (Google Workspace, Okta, Auth0, OIDC/SAML). Experience managing and automating users, groups, org policies, and compliance controls on systems like AWS, GCP, GitHub Enterprise, and JFrog. Experience implementing and improving software supply chain security, including integrating security into CI/CD pipelines (e.g., GitHub Actions). Experience managing SIEM/DLP platforms (e.g., Datadog, Splunk) and writing detection rules. Strong automation skills (Python, Go) and proficiency with infrastructure-as-code (Terraform). Familiarity with SOC 2 and security frameworks (NIST, CIS, OWASP). Excellent communication and documentation skills. Nice to Have Experience integrating audit logs and SaaS data sources into SIEM/DLP pipelines. Knowledge of secure AWS architecture and best practices for identity, networking, and workload protection. Background in threat detection engineering or security observability. Open-source or community security contributions. Experience with AI-assisted security tools (Copilot, ChatGPT, Cursor). Our culture and values: We own and solve problems with high attention to detail. Our open source contributors, users, customers & team are all part of our community. When our community wins, we win. We prioritize simplicity and think twice before adding complexity Clear communication helps keep our team aligned and collaborating smoothly. About NetBox Labs: NetBox Labs helps companies build and manage complex networks. We help customers accelerate network automation by delivering open, composable products and supporting the network automation community. NetBox Labs is the commercial steward of open source NetBox, the world's most popular network source of truth, and Orb, the next-generation open source network observability platform. Our products include NetBox Enterprise, a fully supported self-managed NetBox with advanced features, and NetBox Cloud, a secure, scalable, and reliable SaaS edition of NetBox. NetBox powers thousands of companies, and NetBox Labs is backed by investment from Notable Capital (formerly GGV), Grafana Labs CEO Raj Dutt, Flybridge, IBM, Salesforce Ventures, and Mango Capital.

Who we are We help enterprises unlock the future of AI, and realize untapped potential through a thoughtful approach to access, security, and scalability. We're a growing startup at the forefront of enterprise GenAI infrastructure. We are building a next-generation platform that empowers enterprises to securely adopt and manage advanced AI workflows. We know that successful technology adoption hinges on secure and appropriate access. Our founding team helped shape past technology revolutions - from pioneering secure API Management during the rise of mobile apps to driving enterprise AI adoption across Fortune 100 enterprises. At the core of all we do is our team. We're made up of builders, creators, and curious minds, on a mission to make AI safer, more responsible. Just as we are thoughtful about our products, we're thoughtful about how we build teams and our culture. We believe with each addition to the team, culture can be enhanced. Take a look at what we value in our About Barndoor page. If this speaks to you, we'd love to hear from you! How you'll make an impact Security is foundational to everything we build. As our core Security Engineer, you will directly continue to shape the architecture, policies, and culture that scale our secure software. The systems you design will enable our customers-enterprises with complex regulatory and operational needs-to safely deploy AI-powered agents at scale. Your work won't just prevent breaches-it will enable trust, unlock innovation, and differentiate our platform in the market. What You'll Be Working OnWhile all roles have fluidity, here's a sense of some of what you might work on at any given time. Core responsibilities and role responsibilities include: Responsibilities Audit and strengthen OAuth 2.0 and OIDC token flows across internal proxies, the control plane, and third-party integrations Identify and mitigate common and emerging threats in delegated authentication workflows Review and co-design REST, WebSocket, and streaming APIs with strong boundaries, secure defaults, and least-privilege access models Help define system boundaries for multi-agent, multi-tenant orchestration Integrate and tune automated CVE, SCA, and IaC scanning tools into CI/CD pipelines Convert security findings into high-signal engineering tickets with practical remediation paths Lead lightweight, iterative threat models for new features and services Define internal security baselines and policies, and mentor others to promote a strong security culture Favor automation-friendly controls over burdensome manual security processes Contribute to compliance initiatives such as SOC 2 and ISO 27001, supporting scalable security programs Leverage deep expertise in OAuth 2.0/OIDC with real-world experience securing authentication flows in production systems Design secure APIs, review system architectures, and implement scalable authentication and authorization models Apply hands-on experience with supply chain and container security tools such as Trivy, Snyk, Grype, and Terraform scanning Demonstrate familiarity with modern identity platforms like Auth0, Okta, and Keycloak, and with Zero Trust models Requirements 5+ years in application or platform security roles, ideally in high-growth SaaS or cloud-native environments. Deep expertise in OAuth 2.0/OIDC, including real-world experience securing auth flows in production systems. Strong track record designing secure APIs, reviewing system architectures, and implementing scalable authN/authZ models. Hands-on experience with supply chain and container security tools (e.g., Trivy, Snyk, Grype, Terraform scanning). Familiarity with modern identity platforms (Auth0, Okta, Keycloak) or Zero Trust models. Proven success contributing to SOC 2, ISO 27001, and overall compliance programs. Experience working with AI/ML platforms or agent-based architectures. Comfortable collaborating with infrastructure, product, and legal teams to align security priorities with company goals. Passion for mentorship, documentation, and building a strong security culture without over-engineering. Soft Skills That Matter Here Startup Agility: You thrive in fast-paced, evolving environments and are quick to take initiative without waiting for perfect clarity. Ownership Mentality: You see a gap and step in-you don't wait to be told what needs securing, you go find it. Collaborative Spirit: You work well across functions-engineering, product, sales, and beyond-to elevate the entire team's security awareness. Pragmatic Mindset: You balance ideal security outcomes with real-world constraints, always looking for simple, sustainable solutions. Mentorship and Influence: You uplift teammates by sharing knowledge and helping others build security into their everyday thinking. Travel RequirementsTeam connection is an important part of our culture. With a remote-friendly structure, we do require that our team be available to travel for in-person collaboration sessions and meetings. Some roles may have more travel than others. Typical team meetups are every 6-8 weeks, however, this may vary depending on team and business needs. We work to plan out our travel schedules in advance to give as much notice as possible. Equal Opportunity EmployerWe celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, ancestry, national origin, citizenship, religion or creed, sex (including pregnancy, childbirth, and related conditions), sexual orientation, gender identity or expression, age, marital status, veteran status, disability, genetic information, or any other legally protected status. We believe that diverse teams build better products, and we strive to ensure that our hiring, development, and advancement practices are fair, equitable, and welcoming for everyone.

Nominal is building the software infrastructure powering the world's most advanced hardware systems - from spacecraft and autonomous vehicles to next-generation industrial machines. Our platform ingests high-rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. We're a small, fast-moving team of engineers and operators who own problems end-to-end, work across disciplines, and thrive on challenges at the intersection of hardware and software. As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you'll be responsible for working across the organization, developing and maturing various Security and GRC controls. You'll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal's software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal's network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.🚀 About the role Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal's success due to our product and industry. You'll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner. Detect and Respond: Strengthen Nominal's operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences. Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments. Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries. Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal's technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices. 🔍 We're looking for someone with 4+ years of experience working as a Security Engineer/Security Analyst. Hands-on expertise in endpoint protection, event monitoring and logging (EDR & SIEM).Incident handlining experience including incident preparation, detection, analysis, containment & eradication, and post-mortem. Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls. Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC).Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002. Experience with federal contracting and data protection requirements, whether in government or industry settings. Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement. General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements. Strong organizational & writing skills, and attention to detail, commensurate to build out policy, procedure, plan, and standards documentation for customer, government, and auditor audiences. Strong project management, collaboration, and relational skills to work with cross-functional stakeholders across Nominal to ensure ongoing delivery of our Security and GRC posture. ✨ Benefits 🏥 100% coverage of medical, dental, and vision insurance 🏖️ Unlimited PTO and sick leave 🍽️ Free lunch, snacks, and coffee 🚀 Professional development stipend ✈️ Annual company retreat To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State.Please note that Nominal is unable to sponsor employment visas (H-1B, F-1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

At Scale, our Security Architecture team builds the foundations that allow engineers to ship fast without compromising security. From securing modern TypeScript services and cloud infrastructure to enabling safe adoption of AI-driven systems, our work shapes how products are designed, deployed, and operated across the company. We are looking for a Staff Security Engineer to help define and build the “paved road” for secure development at Scale. As a Staff Security Engineer, you will operate as a builder first - roughly 60% software engineering and 40% security. You'll partner deeply with product, platform, and infrastructure teams to design secure architectures, build shared primitives, and influence how engineering teams work end-to-end. This role requires strong production software engineering DNA, architectural judgment, and the ability to lead through influence in a fast-moving, high-impact environment. You will: Design and build secure application and infrastructure foundations that engineering teams use by default. Partner with product and engineering teams across the full SDLC, from RFC and architecture reviews through implementation, launch, and long-term maintenance. Conduct deep architecture, design, and code reviews, identifying systemic risks beyond individual vulnerabilities. Build and maintain secure cloud and CI/CD foundations using Infrastructure as Code. Act as a technical advisor to engineering teams, helping them ship secure, maintainable, production-grade systems. Serve as a technical point of contact during high-impact security events, contributing engineering and operational leadership. Influence security strategy and technical direction through tooling, standards, and clear technical guidance. Mentor engineers and help raise the overall security and engineering maturity of the organization. Ideally you'd have: Staff-level experience in 3+ of the areas below (Senior at a minimum): Deep, production-level expertise in TypeScript and the Node.js ecosystem, including frameworks such as Next.js and modern tooling. A strong track record of shipping and owning production software, including experience with testing, deployment, and on-call operations. Experience conducting security, architecture, and design reviews, not just code-level audits. Deep familiarity with AWS cloud primitives, including IAM, and experience designing systems for multiple environments. Hands-on experience with Infrastructure as Code (Terraform, CDK, or similar), treating infrastructure as software. Strong ability to structure ambiguous problems, diagnose root causes independently, and propose pragmatic solutions. Excellent communication skills, with the ability to explain complex security and architectural tradeoffs to technical and non-technical stakeholders. A proven ability to influence cross-functional teams and drive adoption of secure patterns without blocking velocity. Nice to haves: Experience with Kubernetes and container security, including network policies and workload isolation. Background in Platform Engineering or Developer Productivity, such as building shared tooling, CLIs, frameworks, or base images. Proficiency in Python, particularly in environments supporting AI/ML workloads. Familiarity with AI / LLM systems, agentic workflows, and emerging AI security concerns. Experience working in large-scale monorepos or with modern build systems (e.g., Bazel). Exposure to data security, data pipelines, or compliance-driven systems (e.g., GDPR). Willingness to learn and build automation around compliance environments (e.g., FedRAMP, GovCloud). Interest in emerging infrastructure challenges such as GPU or HPC cluster security. Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You'll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend. Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is:$264,000-$330,000 USD PLEASE NOTE: Our policy requires a 90-day waiting period before reconsidering candidates for the same role. This allows us to ensure a fair and thorough evaluation of all applicants. About Us: At Scale, our mission is to develop reliable AI systems for the world's most important decisions. Our products provide the high-quality data and full-stack technologies that power the world's leading models, and help enterprises and governments build, deploy, and oversee AI applications that deliver real impact. We work closely with industry leaders like Meta, Cisco, DLA Piper, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force. We are expanding our team to accelerate the development of AI applications. We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status. We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at accommodations@scale.com. Please see the United States Department of Labor's Know Your Rights poster for additional information. We comply with the United States Department of Labor's Pay Transparency provision . PLEASE NOTE: We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services, and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.