Cyber security analyst jobs in Bethel, CT

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory. KPMG is currently seeking a Specialist Director, MAST Application Penetration Testing Lead to join our Managed Services practice. Responsibilities: * Lead the strategic delivery of Managed Application Security Testing (MAST) services, ensuring alignment with client objectives and industry best practices * Execute go-to-market (GTM) strategies for MAST offerings, collaborating with cross-functional teams to drive market penetration and revenue growth * Oversee the design and implementation of scalable security testing frameworks across diverse application environments, including cloud-native and hybrid architectures * Provide subject matter expertise in application security, guiding clients through risk assessments, remediation planning, and secure development lifecycle integration * Build and maintain strong client relationships, serving as a trusted advisor and ensuring high levels of satisfaction and retention * Mentor and lead a team of security professionals, fostering a culture of innovation, accountability, and continuous improvement * Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications: * Minimum eight years of recent experience in application security, penetration testing, or related cybersecurity domains, with at least three years in a leadership or director-level role * Master's degree from an accredited college or university in cybersecurity, computer science, or related field is preferred; Bachelor's degree from an accredited college or university is required * Deep understanding of application security testing methodologies, tools (for example, DAST, SAST, IAST), and secure SDLC practices * Proven experience developing and executing GTM strategies for security services or technology solutions * Strong client-facing skills with the ability to communicate complex technical concepts to non-technical stakeholders * Excellent verbal/written communication, presentation, and analytical skills * Ability to travel as required * Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** California Salary Range: $153700 - $319000 KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As Senior Cybersecurity Engineer, you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. In this role you will: Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation Document analysis, findings, and actions for case management and metrics Support security incident response planning, procedure/playbook development and investigations Participate in on-call rotation for off-hours escalations Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). Assist with remediation of identified security risks Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred What you bring to BIC: Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred Prior experience interpreting or analyzing log data and working with log pipelines Triaging alerts from various sources, following playbooks, and escalating legitimate issues Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

at Nuvance Health The Cyber Security Engineer will have responsibility for incident response along with a desire to relentlessly champion best practices. This role will perform all functions required to support day-to-day data security operations, supporting and maintaining a broad suite of cyber security operations infrastructure, serving as a tier 2 escalation point during incident response and investigations and monitoring compliance with IT security policy. Participate in the planning, design, installation, maintenance and tuning of security operations systems in support of security policies and best practice. Work with Information Technology staff and business units to assess risk and address security issues. Responsibilities: • Manage security responsibilities, including firewalls, proxy systems, SIEM, EDR and other security devices. 15% • Strong skills implementing and tuning security components. 15% • Server as an escalation point during incident response and investigations. 15% • Maintain cyber security operations tool to insure detection, response and remediation of latest security threats 15% • Create and review reports on event and incidents. 10% • Stay up to date with latest security threats and assist with developing defense strategy's to combat them. 10 % • Investigate and respond to security violations 10% • Ability to maintain in depth knowledge of security and networking infrastructure utilized by the company including the management and reporting of each. 10% Education Skills Experience • Bachelor's degree in computer science field required • 2 or more years Security Operations with a minimum of 4 years IT experience. • Demonstrated experience in Incident response investigations. • Working knowledge of EDR technologies. • Working knowledge of SIEM technologies. • Working knowledge of common vulnerability management tools. • Working knowledge of enterprise firewall technologies preferred. • Working knowledge of web filtering and proxies preferred. • Working knowledge of MDM solution preferred. • Experience with DLP and IPS/IDS systems preferred. • Working knowledge of email filtering product preferred. • Working knowledge of litigation hold processing and forensic investigations preferred. • Experience participating in Red/Blue/Purple team exercises. • Experience working with information security practices, networks, software, and hardware. Other Information: • CISSP, CEH, or other equivalent certification is a plus. • Disaster recovery and business continuity experience is a plus. • Working knowledge with HIPAA regulations as they pertain to the healthcare industry. Working Conditions: Manual: Some manual skills/motor coord & finger dexterity Occupational: Little or no potential for occupational risk Physical Effort: Sedentary/light effort. May exert up to 10 lbs. force Physical Environment: Generally pleasant working conditions Company: Nuvance Health Org Unit: 1795 Department: Information Security Exempt: Yes Salary Range: $40.43 - $75.10 Hourly

About the Team At DoorDash we're building the industry's most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is integral to the success of the business, as we secure the data and protect the privacy of our business and various stakeholders. The Security Operations team spans several capabilities, to include Threat Response, Threat Hunt, Threat Intelligence, Detection Engineering, Corporate Security, and Security Platform Engineering. Our Mission is to create a secure DoorDash environment through proactive threat preparation and rapid response. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance. About the Role The Insider Threat Investigator will be a foundational member of the Internal Investigations team, Security Operations. This role will be responsible for monitoring, detecting, investigating, and responding to anomalous events and behaviors that may pose risk to the company. This is a critical role that will analyze threat intelligence, develop use cases, conduct data analysis, execute complex investigations, drive detection engineering, write reports, advise on preventative controls, and collaborate with multiple internal teams to ensure coordinated investigation and response efforts. You will report into the Director, Security Operations under the Chief Information Security Officer. You're excited about this opportunity because you will… Use monitoring and detection platforms to investigate anomalous activity for potential insider risk Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures Create standard operating procedures and cross-functional processes to govern investigation and response collaboration between teams Prepare investigative reports and briefings for leadership Maintain chain-of-evidence and engage with External Law Enforcement, when required Lead training or other education and awareness opportunities for the enterprise as required We're excited about you because… 7+ years of experience in federal law enforcement, incident response, or insider threat investigations. Experience with a broad range of technologies including endpoint detection and network technologies, SOAR/SIEM platforms, User Entity Behavior Analytics (UEBA) platforms, and User Activity Monitoring (UAM), and Data Loss Prevention (DLP) tools Deep experience in conducting ethical, legal, complex investigations Understanding of cloud and distributed IT environments Familiarity with log sources, forwarders, parsing, and data pipelines Experience partnering with cross functional teams to support an investigation Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck and NIST) Excellent verbal and written communication, presentation, and stakeholder management skills Relevant certifications (e.g. CDITR, SEI certs, ACFE, ATAP) Must be comfortable regularly exercising discretion and independent judgment in performing job duties, including evaluating options, making informed decisions, and determining appropriate courses of action within the scope of assigned responsibilities. We expect this position to be filled by 9/9/25. Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024. The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey Compensation The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee's work location. Ranges are market-dependent and may be modified in the future. In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information. DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others. To learn more about our benefits, visit our careers page here. See below for paid time off details: For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year. For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week). The national base pay range for this position within the United States, including Illinois and Colorado. $159,800 - $235,000 USD About DoorDash At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users-from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees' happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more. Our Commitment to Diversity and Inclusion We're committed to growing and empowering a more inclusive community within our company, industry, and cities. That's why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel. Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on “protected categories,” we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce - people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination. Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation. If you need any accommodations, please inform your recruiting contact upon initial connection.

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

**Duration: 12 months contract (with possible extension)** ***Note: Open to candidates who are willing to relocate at their own expense.** + The Workday Application Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of data within the Workday system. + They design, implement, and maintain security configurations, including roles, permissions, and access controls, to protect organizational data and comply with company policies, industry standards, and regulatory requirements. **Job Functions & Responsibilities** + Develop and implement security roles, domain security policies, data and business process security within Workday + Ensure secure integration with other on‐premise and cloud applications like GRC tools + Configure and manage access permissions to ensure users have the appropriate level of access to data and functionality + Ensure compliance with company policies, industry standards (like SOC 2), and regulatory requirements (like GDPR) + Conduct regular security audits and assessments to identify vulnerabilities and areas for improvement + Assist in investigating and responding to security incidents, identifying root causes, and implementing preventive measures + Collaborate with IT, HR, and other stakeholders to align security efforts with business needs and ensure effective communication of security policies and procedures + Create and maintain documentation for security policies, procedures, and configurations, and provide training to users on security best practices + Stay abreast of Workday updates, industry trends, and emerging security threats to continuously improve security configurations and processes + Familiarity with other ERPs like SAP is preferred + Familiarity with GRC and Workday SoD (Segregation of Duties) management is desired **Skills** + SAP ERP (S/4 HANA is a plus) + Workday + Active Directory group management + GRC AC 10.1 and above + Microsoft Clienture + SuccessFactors + Applicable functional knowledge for SAP security areas like Finance, MM, ISU billing, etc. + SAP audit & compliance **Education & Certifications** + Bachelor's degree in engineering, IT, or related field + 7-10 years of hands‐on industry experience in Workday Security implementation and administration + Strong ITGC compliance knowledge for Workday + Familiarity with Workday risk management and GRC integration + Ability to identify, analyze, and resolve complex security and compliance issues + Strong interpersonal and communication skills, with the ability to effectively collaborate with diverse teams ** About US Tech Solutions:** US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit *********************** (*********************************** . US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages. This is a hybrid position requiring being on-site as needed. ________________________________________ We are seeking a skilled and detail-oriented CMDB Engineer to join our IT team. This role will be responsible for developing, managing, and optimizing our ServiceNow Configuration Management Database (CMDB), supporting Discovery, service graph connectors, third-party data integrations, and IRE configuration. This role is critical to ensuring visibility, accuracy, and reliability of Configuration Items (CIs) throughout their lifecycle using the ServiceNow platform. ________________________________________ Responsibilities include: • Manage and enhance the ServiceNow CMDB, ensuring accuracy, completeness, and alignment with ITIL standards. • Configure and extend ServiceNow Patterns to improve data ingestion and normalization. • Deep knowledge of how to troubleshoot ServiceNow Discovery-related issues. • Maintain and enhance the ServiceNow CMDB following the Common Service Data Model (CSDM) framework. • Collaborate with infrastructure, network, and application teams to ensure proper CI identification and relationships. • Manage integration with other technologies (e.g., SCCM, vCenter, SolarWinds, etc.) feeding the CMDB. • Create and maintain CMDB documentation, architecture diagrams, and training materials. • Manage and maintain the Identification and Reconciliation Engine (IRE) rules. • Monitor and improve the CMDB Health Dashboard, ensuring ongoing health and governance of the “3 C's” - Completeness, Correctness, and Compliance. • Audit and validate CI data regularly to ensure appropriate CI class assignments, relationships, and attributes. • Oversee and optimize MID server health and ensure discovery schedules are accurate and up to date by liaising with the Network team. • Support audits, compliance, and risk initiatives by ensuring the integrity and traceability of CMDB data. Requirements include: • 7+ years of experience in an enterprise IT organization • Minimum of 3-5 years of hands-on experience with ServiceNow CMDB and Discovery • ServiceNow Certified System Administrator (CSA) certification is required to be eligible for this role. • Strong knowledge and practical experience with ServiceNow CSDM framework and the IRE configuration. • Experience with CI data normalization, reconciliation, and health reporting • Experience with third-party integrations like AWS, SCCM and JAMF • Proficiency in CMDB data modeling, CI class categorization, and relationship mapping. • Strong analytical and troubleshooting skills to manage data quality and Discovery issues. • Experience configuring and maintaining MID Servers and Discovery Schedules. • Bachelor's degree or equivalent experience. Preferred: • Other ServiceNow certifications such as Certified Implementation Specialist - CMDB, Discovery Fundamentals, is a plus. Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS Employment Status: Regular Full-Time Address: 3 Odell Plaza, Yonkers Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 224883 Salary Range/Pay Rate: $112,500.00 - $150,000.00 For positions that have only a rate listed, the displayed rate is the hiring rate but could be subject to change based on shift differential, experience, education or other relevant factors. To learn more about the “Montefiore Difference” - who we are at Montefiore and all that we have to offer our associates, please click here. Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law. SF-DICE-MIT; LI-SC1-REDIRECT

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success. Recruiting for this role ends on 12/31/25 The team Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions. Work You'll Do + Lead the design and deployment of Next-Generation SOC platforms, like Cortex XSIAM, including advanced detection rules and SOAR playbooks, and SIEM ingestion. + Integrate diverse log and telemetry sources, ensuring data quality and normalization. + Develop and optimize automated response workflows for incident containment and remediation. + Advise clients on advanced use cases, threat detection, and automation strategies. + Collaborate with cross-functional teams for solution enhancements and threat intelligence integration. + Present technical findings and recommendations to stakeholders. Required Qualifications + BA/BS degree in a technical field (e.g., Computer Science, Cyber Security) + 4-6 years of progressively responsible experience in cloud, network, or identity security domains, demonstrating increasing levels of responsibility, technical depth, and leadership over time + 3-4 years of experience with Security Operations tools and platforms including Cortex XSIAM, Cortex XDR, Splunk, or similar SIEM technologies + 3-4 years of Security Operations Center experience demonstrating expertise in detection engineering, automation and playbook development, or SOC maturity methodologies + 3-4 years of experience with one or more cloud service providers (AWS, GCP, Azure) and native security tools + 3-4 years of experience with management of log sources, data normalization, ingestion and manipulation of data + 3-4 years of experience working with detection and response platforms (EDR) like Microsoft Defender, Cortex XDR, CrowdStrike + 3-4 years of experience with governance, risk, or compliance initiatives involving common frameworks + Certifications including Palo Alto Networks' PCNSE or Certified Cybersecurity Associate or equivalent and/or similar cybersecurity certifications + Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve. + Limited immigration sponsorship may be available Preferred Qualifications + Experience with Palo Alto Networks' platform of solutions including, but not limited to, next-generation firewalls, Cortex & Prisma Cloud, and Prisma Access, XDR, etc. + Strong understanding of vendor competitive analysis within Security Operations (e.g., competitive differences between competing SIEM solutions) + Proficiency with advanced scripting, playbook development within a SIEM, SOAR or Security platform + Basic proficiency with network routing protocols (e.g., BGP, ECMP) and network architecture concepts (e.g., network segmentation), in support of on-premise and secure cloud infrastructure use cases + Ability to communicate and advise on solution design based on client use-cases, requirements, or other success criteria + Previous consulting or "Big 4" experience + Relevant advanced cybersecurity or related network engineering certifications (e.g., CISSP, CEH, CCSP) Information for applicants with a need for accommodation: ************************************************************************************************************ The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,500 - $188,900. You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

The Information Security Analyst plays a key role in advancing the company's Governance, Risk & Compliance (GRC) program by protecting enterprise information assets and ensuring compliance with regulatory, contractual, and ethical standards. This position offers hands-on experience across multiple security domains including policy governance, risk management, AI governance, and data security, making it an excellent opportunity for early career professionals or recent graduates passionate about cybersecurity and emerging technology risks. In this role, you will collaborate with teams across Information Security, IT, and Legal to drive initiatives that safeguard sensitive data, maintain compliance obligations, and promote responsible use of artificial intelligence and other advanced technologies. Responsibilities Governance & Policy Management Assist in developing, maintaining, and aligning information security policies with frameworks such as NIST CSF, ISO 27001, SOC 2, CIS, and the NIST AI RMF. Contribute to documentation and control mapping for new or updated regulations related to AI, privacy, and data protection (e.g., GDPR, CCPA, NIST 800-53 Rev 5). Support internal policy review cycles, ensuring consistent version control and executive approval. Risk Management Participate in enterprise risk assessments, including third-party, application, and AI model risk reviews. Help identify, document, and track remediation of security and privacy risks within the GRC platform (e.g., Drata, ServiceNow GRC, OneTrust, Vanta, etc.). Support the development of risk metrics and dashboards for leadership reporting. Learn to evaluate AI-related risks such as model bias, data leakage, data lineage, model transparency, and unintended data exposure. Data Governance & Data Security Assist with data classification, retention, and handling standards, ensuring sensitive data is appropriately protected. Support data inventory and mapping efforts to improve visibility where critical data resides. Help review access controls, encryption standards, and secure data transfer processes in coordination with IT teams. Collaborate with the IT team to ensure alignment between data quality, privacy, and security controls. Compliance & Audit Support Gather and organize evidence for internal and external audits (ISO 27001, PCI, HIPAA, etc.). Maintain control documentation and track audit remediation activities. Support continuous monitoring of compliance requirements and updates to regulatory obligations, including emerging AI governance and data-related laws. AI Governance Support Contribute to inventories of AI tools and use cases across the enterprise. Assist in risk assessments for AI systems, ensuring they align with responsible AI principles such as fairness, accountability, and transparency. Collaborate with IT and legal teams to ensure that AI use complies with company policies. Security Awareness & Communication Help design and distribute training materials related to cybersecurity, data protection, and responsible AI practices. Support internal campaigns promoting secure data handling and ethical technology usage. Prepare metrics, dashboards, and presentations for leadership briefings. Continuous Improvement Participate in projects that automate or streamline GRC processes, such as policy lifecycle management or risk scoring. Stay informed about new threats, regulatory trends, and AI governance frameworks. Engage in ongoing professional development and certification opportunities. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Data Science, or a related field is preferred 0-2 years of experience in cybersecurity, risk management, compliance, or data governance (internship or coursework acceptable). Understanding of cybersecurity principles, risk management, and data privacy fundamentals. Basic familiarity with AI systems, data governance concepts, or information security practices. Strong analytical, communication, and documentation skills. Ability to manage multiple priorities in a fast-paced environment. Proficient in Microsoft Excel, PowerPoint, and data analysis or GRC tools. Exposure to frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, or COBIT. Must be able to work in the U.S. without sponsorship Per applicable state requirements, the annual pay range for this position ($60,500 - $84,000) which consists of base salary (subject to performance), reflects the hiring range for candidates. Also note, an individual's offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors.

SonSoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. SonSoft Inc is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services. Job Description LENGTH: 12 MONTHS, OPTION TO HIRE JOB ID: 1912185274 JOB TITLE: ACTIVE DIRECTORY ENGINEER - SME GC/EAD OR CITIZEN - OPTION TO HIRE POSITION SUMMARY: MUST HAVE a Security Background. Responsible for supporting and maintaining Microsoft Active Directory. Familiar with the Microsoft Windows Server Operating system, , and VMWare Virtualization technologies in the environment. This includes planning for and responding to service outages and other problems, and being a Tier 3 escalation point for moderately complex Active Directory problems beyond the knowledge of other technical support staff. Ensures customer satisfaction by advising customers on preventative maintenance and configurations which may impact product performance. Takes responsibility for potential or desired follow-up services or problem escalation. Fully qualified server engineer. High degree of troubleshooting. Self-starter needing little to no guidance. Additional Information NOTE : ONLY GCEAD , GC AND CITIZEN

Current Saint Francis Employees - Please click HERE to login and apply. Full Time Days PLEASE NOTE: Due to the nature of this role, candidates must be either local to the area or willing to relocate, as this position requires full-time onsite presence. Job Summary: As a member of the Information Security team, responsibilities include manages and mitigates information security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides information security risk insight and guides management on information security risk issues and serves as advisor to peers, team members and management. Minimum Education: Bachelor's degree in Computer Science, MIS, Computer Engineering, Cyber Security or related discipline. Licensure, Registration and/or Certification: None. One or more of the following certifications are preferred: Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA). Work Experience: 3 - 4 years related experience inclusive of two years working directly in an Information Services department and previous experience with HIPAA/PHI compliance programs, policies, procedures, risk assessments and audits. Knowledge, Skills and Abilities: In-depth knowledge of cyber security methodology and security practices. Knowledge of HIPAA, PCI, SOX, ISO and NIST cybersecurity frameworks. Knowledge of intrusion detection and intrusion prevention systems, penetration and vulnerability testing. Knowledge of data loss prevention, anti-virus and anti-malware software tools. Knowledge of computer networking, TCP/IP, routing and switching, network protocols and packet analysis tools. Knowledge of Windows, UNIX and Linux operating systems. Excellent problem solving and analytical skills. Excellent written and oral communication skills. Excellent organizational and interpersonal skills. Ability to work independently as well as in a team setting. Essential Functions and Responsibilities: Define, implement, and enforce information security policies, strategies, and procedures that align with healthcare laws and regulations, such as HIPAA. Conduct and/or support targeted risk assessment. Determine significant risk points and exercise process for risk assessment and risk acceptance. Review assessment results for vulnerabilities, gaps, control deficiencies, and work with key stakeholders to establish plans for sustainable resolution. Maintain an effective information security awareness program and educate internal teams on best practices. Ensures that business and clinical software applications include adequate information and security controls. Establish and maintain metrics based on the information security framework used at SFHS. Decision Making: Independent judgment in making decisions from many diversified alternatives that are subject to general review in final stages only. Working Relationships: Works directly with patients and/or customers. Works with internal customers via telephone or face to face interaction. Works with external customers via telephone or face to face interaction. Works with other healthcare professionals and staff. Works frequently with individuals at Director level or above. Special Job Dimensions: None. Supplemental Information: This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties. Information Technology - Information Security - Yale Campus Location: Tulsa, Oklahoma 74136 EOE Protected Veterans/Disability

Thanks & Regards Rajesh KRG Technologies, Inc., ************ Ext :514 Job description: L3 Resource with good experience in handling end to end infrastructure security operations which includes o Perimeter security (Checkpoint & CISCO ASA Firewalls etc.) o Endpoint security (Sophos , Symantec etc.) o Web Gateways ( Sophos, Blucote) o Email Gateways ( Sophos, Symantec etc.) o Vulnerability Management (Qualys, DDI etc.) o Information security & Compliance ( IS Auditing, Policies & Procedure reviews) o Global Access Management o SIME (ArcSight etc.) · Should have hands on experience in troubleshooting issues · Should have good experience in ITIL Processes(Change management, Problem management, Incident Management etc. ) · Technically sound on the above listed technologies / tools · Good experience in performing Security incident analysis · Preferably the candidate should have certifications like CISSP, CISA, CISM · Should have good communication & presentation skills Additional Information All your information will be kept confidential according to EEO guidelines.

What you'll do • Design and implement comprehensive data security architectures, with particular focus on database platforms (primarily SQL Server) • Develop and maintain enterprise-wide encryption strategies for securing structured and unstructured data both in transit and at rest, both and both on-premise and in the cloud • Enhance logging, monitoring and SecOps capabilities of enterprise databases and other data stores • Configure and optimize Identity and Access Management (IAM) solutions across data platforms and repositories to align to least privilege principles • Implement Data Loss Prevention (DLP) strategies and controls • Implement and maintain Information Rights Management (IRM) and Digital Rights Management (DRM) solutions • Design and implement data tokenization strategies where appropriate • Secure data processing pipelines and ensure appropriate controls for data workflows • Create and maintain data security documentation, including policies, procedures, and standards • Collaborate with development teams to ensure security best practices in data handling • Conduct vulnerability assessments of the firm's database architecture and associated data storage and processing systems • Assist in monitoring and managing security patching and upgrade processes for database platforms What's required • Bachelor's degree in computer science, cybersecurity, or related technical field • 6+ years of experience in data/database security engineering and governance • Deep expertise in database security, particularly SQL Server • Comprehensive understanding of data warehouse/data lake architectures and tools, particularly Databricks (required) • Subject matter expertise in Object Storage (eg: S3, Azure Blob, etc) and related security • Understanding of Active Directory Delegation (constrained vs. unconstrained) and associated best practices • Experience with 3rd-party SQL Server security governance and monitoring products (eg: Idera, Solarwinds) • Extensive knowledge of encryption technologies for both structured and unstructured data • Broad knowledge of secure data/file sharing solutions and ETL workflows • Experience designing and implementing data tokenization solutions • Experience with data classification and DLP technologies • Scripting/automation capabilities (eg: SQL, PowerShell, Python) • Commitment to the highest ethical standards Qualifications Ivy league colleges education preferred or huge plus. Additional Information All your information will be kept confidential according to EEO guidelines.

Duration: 6+ Months Experienced Firewall administrator for operational implementation, maintenance and configuration of firewalls. Key Responsibilities: Performs maintenance and changes in firewalls as required. Implementation of new firewalls as required Assists with troubleshooting network connectivity as it relates to firewalls Utilizes change management, request, and ticketing systems, documents status updates and problem resolutions Complete All assignments in a timely manner with an acceptable level of quality Maintains documentation related to work area Completes network change requests Follows documented processes, procedures and policies Performs customer service duties and responds to customer and project requests as defined by management Other related duties assigned as needed. Qualifications/Requirements: Bachelor's degree and with 3 to 4 years of operational experience administering Firewalls 4 or more years networking/firewall background Must have networking TCP/IP routing protocol experience Desired Characteristics: In-depth experience in security aspects of multiple platforms, operating systems, software, communications and network protocols is desired Competency in verbal, written, and presentation communications and interpersonal understanding Ability to understand customer's business needs. Leadership of work teams/groups Ability to work with all levels of employees Highly motivated and able to work effectively under minimal supervision in a fast-paced environment Team-oriented, placing priority on quality and the successful completion of team goals Organization and planning skills that include: time management, project coordination and management, and the ability to handle multiple deadlines and associated pressures. Competency in developing effective solutions to business problems Ability to analyze problems and to make decisions REQUIRED SKILLS YEARS OF EXPERIENCE WHEN THE SKILL WAS LAST USED Expert knowledge of Cisco Security products, ASA and Firepower Expert knowledge of NSX Expert knowledge of Palo Alto systems Security Certifications a Plus Must have networking TCP/IP routing protocol experience Networking/firewall background Operational experience administering Firewalls Additional Information All your information will be kept confidential according to EEO guidelines.

**About Us** EMCOR Construction Services, Inc. (ECS) is a division of EMCOR Group, Inc. ECS focuses on three core competencies: electrical construction, mechanical construction, and fire protection. Our nationwide group of mechanical and electrical companies have decades of experience in virtually all U.S. markets. **Job Summary** **About Us:** EMCOR Group, Inc. (NYSE: EME) is a Fortune 500 company and a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services. A provider of critical infrastructure systems. EMCOR gives life to new structures and sustains life in existing ones by it planning, installing, operating, maintaining, and protecting the sophisticated and dynamic systems that create facility environments. This includes electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems--in virtually every sector of the economy and for a diverse range of businesses, organizations and government. EMCOR represents a rare combination of broad reach with local execution, combining the strength of an industry leader with the knowledge and care of 170 locations. **Job Title:** -- Security Analyst - Identity and Access Management **Job Summary:** -- The Security Analyst for Identity and Access Management (IAM) is responsible for supporting EMCOR's Security Program with a focus on identity systems, single sign-on (SSO), and user lifecycle management. This role also plays a key part in administering Microsoft Sentinel and Defender, using Kusto Query Language (KQL) to enhance threat detection, automate response, and strengthen the organization's overall security posture. **Essential Duties and Responsibilities:** -- + Support and monitor the enterprise information security system as directed by management. + Manage daily operations and support for IAM products, including incident and ticket resolution. + Administer Entra ID, with expertise in SSO, Conditional Access, and modern authentication methods. + Deploy and maintain IAM systems for user life-cycle, access governance, and PAM. + Investigate and resolve IAM security incidents using established tools and procedures. + Provide expertise during incidents, document findings, and help improve protocols. + Help design, implement, and maintain Microsoft Sentinel and Defender security monitoring, including custom KQL queries and automation. + Collaborate with security and IT teams to enhance IAM maturity and awareness. + Maintain and upgrade servers and applications supporting security tools. + Monitor emerging threats and advise stakeholders on responses. + Perform special projects as needed. **Qualifications:** -- + A minimum of five years' experience with Microsoft Active Directory, preferably within a multi-domain environment. + At least three years' experience working with Microsoft Entra ID. + A minimum of two years' experience utilizing the Microsoft Defender Platform and/or Microsoft Sentinel. + At least one year's experience with Privileged Access Management systems. + Demonstrated proficiency in using PowerShell for administration and automation purposes. + Practical experience and/or comprehensive understanding of one or more of the following technologies: MFA, SSO, SAML, OAuth, OpenID, SCIM, and REST API. + Proven ability to communicate effectively and interact professionally with personnel at all organizational levels. + Strong project management capabilities. + Ability to consistently deliver an exceptional standard of customer service. Notice to prospective employees: There have been fraudulent postings and emails regarding job openings. EMCOR Group and its companieslist open positions here (****************************************************************************************************** DateDesc&w=&wc=&we=&wpst=) . Please check our available positions to confirm that a post or email is genuine. EMCOR Group and its companies do not reach out to individuals to help with marketing or other similar services. If an individual is contacted for services outside of EMCOR's normal application process - it is probably fraudulent. **As a leading provider of mechanical and electrical construction, facilities services, and energy infrastructure, we** **offer employees a competitive salary and benefits package and we are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer/Veterans/Disabled** **Benefits: We are** **committed to providing employees a comprehensive benefits package which includes medical, dental, and vision coverage, along with health savings and flexible spending accounts, life insurance, disability, a 401(k) Savings Plan, College Coach and employee assistance program.** **\#emcor** **\#LI-MJ1** **Equal Opportunity Employer** As a leading provider of mechanical and electrical construction, facilities services, and energy infrastructure, we offer employees a competitive salary and benefits package and we are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer/Veterans/Disabled **Notice to Prospective Employees** Notice to prospective employees: There have been fraudulent postings and emails regarding job openings. EMCOR Group and its companieslist open positions here (************************************** . Please check our available positions to confirm that a post or email is genuine. EMCOR Group and its companies do not reach out to individuals to help with marketing or other similar services. If an individual is contacted for services outside of EMCOR's normal application process - it is probably fraudulent. Email a Friend Email a Friend **ID** _2025-2663_ **Company** _EMCOR Construction Services, Inc._ **Category** _Information Technology_ **Position Type** _Full-Time_ **Posted Date** _2 months ago_ _(10/14/2025 1:00 PM)_

The OT Security Engineer, Global Information Security (GIS) will have primary responsibility for Crane's Operational Technology security solutions that protect Crane's manufacturing environments. You will implement OT and IoT security solutions throughout the enterprise and ensure that OT/IoT security solutions identify threats, uncover vulnerabilities, and measure risks of operational equipment. Coordinating with both IT and OT teams at all manufacturing sites, you will define and develop security standards and technical solutions. As a subject matter expert in the hardening and defense of OT, you will work with business units to implement security standards, securely modify systems, and implement secure network architectures during implementations of OT related projects to ensure secure system deployments. You will work closely with other GIS functional areas, supporting security engineering, administration, operations, and incident response. You will integrate the OT/IoT security solutions with other GIS and business unit tools such as SIEM, SOAR, AD, and other tools to gain a unified view of security events and respond more effectively to security incidents both for OT and IT. Responsibilities and Duties: * Support and maintain OT/IoT security tool set and associated integrations with other systems * Collaborate with the manufacturing function across lines of business to develop and define security requirements * Design OT security controls for architectures, systems and networks ensuring that alerting to threats is efficient and effective. * Identify and implement supporting security technologies for the identification of threats and defense of OT systems and provide secure methods for remote access. * Work directly with plant leaders, process engineers, and support/system vendors to ensure OT security controls are implemented * Develop and implement standard work supporting the Global OT security function and supporting solutions * Develop and maintain security models, templates, standards and procedures that can be used to leverage security capabilities in projects and operations * Assist in the identification, response, investigation, and remediation of OT security events and incidents as needed * Ensure security best practices are identified and integrated into all approaches and methodologies. * Define requirements and design standards to protect Crane's OT solutions from security threats and for mitigating the impacts of these threats. * Define reference network architectures based on industry best practices and work with business units to implement for OT solutions * Consult on business unit OT projects and provide cybersecurity expertise Qualifications and Competencies: * 2yrs experience with securing Operational Technology and related systems environments * Strong understanding and prior experience with the application of securing OT and related systems * Current deep technical understanding of common OT systems such as PCS, SCADA, PLCs, RTUs, HMIs, CNC * Deep technical understanding of TCP/IP Networking and Firewalls * Deep technical understanding of system integration methods including API's and authentication methods * Knowledgeable in NIST CSF, NIST 800-82, Purdue Model, IEC 62443 standards * Solid foundation cybersecurity domains such as network security, EDR, anomaly detection * Understanding of common OT communications protocols such as MQTT, MODBUS, DNP3, S7, G-code * Comfortable with designing and overseeing the implementation of secure OT architectures * Prior experience in the direct remediation of vulnerabilities or compensating controls within OT environments * Commitment to security training and earning corresponding certifications * Highly motivated with passion for solving complex problems * Excellent verbal and written communication skills, comfortable with presenting to Operational Teams * Flexibility to work outside regularly scheduled/normal business hours as required * Ability and desire to travel both domestically and internationally * Required: Degree in a related field or at least 4 years relevant professional experience * Required: Mobility and ability to be on your feet for long periods in a manufacturing setting * Required: Technical professional security certification such as GICSP, GRID, OSCP, CEH or similar * US Person as defined under EAR PART 772 AND ITAR 120.15 This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.

Title - Chief Information Security Officer Region: Shelton, CT Ready for a fresh, new career? Look no further because one of the world's most iconic brands can help you get there. Why Join Us? At Subway, "better" is baked into our DNA. We are a brand that believes in continued improvement … in our lives, our businesses, and our planet. From the handshake that started our very first sandwich shop to earning our position as one of the world's leading restaurant brands, we've always embraced change and the path ahead. And today, we're making better living way easier. Our purpose is more than the food we serve in our restaurants. It's centered on fueling healthy businesses and healthier lives. It is one of the most exciting times to join the Subway team and contribute to our transformational journey. About the Role: The Chief Information Security Officer is responsible for leading the organization's cybersecurity strategy and operations. This role is focused on protecting company data, systems, and networks from cyber threats, ensuring the confidentiality, integrity, and availability of critical information assets. The CISO develops and implements cybersecurity policies, technologies, and incident response plans to defend against evolving threats and vulnerabilities and drives continuous improvement in the organization's cyber defense posture. Responsibilities: Develop and implement a comprehensive cybersecurity strategy aligned with the organization's business goals, focusing on the protection of data, systems, and networks. Establish and enforce information security policies, standards, and procedures to ensure compliance with relevant laws, regulations, and industry best practices. Develop and oversee incident response plans for operational risks. Oversee incident response plans to effectively address and mitigate the impact of security incidents. Oversee the monitoring of networks and systems for security breaches, vulnerabilities, and suspicious activity; coordinate rapid response to cyber incidents. Continuously assess and prioritize cybersecurity risks, considering emerging threats, vulnerabilities, and technology trends. Select and implement appropriate security controls and technologies to defend against cyber threats. Regularly report on the organization's information security risk posture to executive leadership and relevant stakeholders. Collaborate with IT and business leaders to integrate cybersecurity considerations into technology projects and business processes Manage third-party risk as it relates to cybersecurity, ensuring vendors and partners adhere to company security standards. Foster an information security aware culture by promoting best practices and proactive security/risk management behaviors. Develop and deliver training programs to enhance operational information security awareness across the organization. Implement programs to raise awareness of information security risks among employees and stakeholders. Ability to align cybersecurity with business objectives. Deep expertise in cybersecurity technologies, threat intelligence, and incident response. Strong understanding of network, system, and application security Experience with security operations centers (SOC), vulnerability management, and penetration testing. Leadership and team management skills. In-depth knowledge of cybersecurity technologies and trends. Leadership and team management capabilities. Knowledge of relevant regulatory requirements and industry best practices. (e.g., NIST, ISO 27001, GDPR). Strong knowledge of industry regulations, standards, and best practices. Qualifications: Bachelor's Degree Business, Finance, Risk Management, Information Security, Computer Science, or a related field. 15 or more Extensive experience in cybersecurity, information security, or related technical fields, with a proven track record in leadership roles. Demonstrated experience in designing and managing enterprise cybersecurity programs, incident response, and security operations What do we Offer? Insurance Plans (Medical/Life) Pension/401K/RSP (country specific) Competitive Bonus Mobility Allowance Tuition Reimbursement Company Holidays Volunteering time And Many More….. Actual pay is determined based on several job-related factors including skills, education, training, credentials, qualifications, scope and complexity of role responsibilities, geographic location, performance, and working conditions.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As **Senior Cybersecurity Engineer,** you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. **In this role you will:** + Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation + Document analysis, findings, and actions for case management and metrics + Support security incident response planning, procedure/playbook development and investigations + Participate in on-call rotation for off-hours escalations + Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). + Assist with remediation of identified security risks + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred **What you bring to BIC:** + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred + Prior experience interpreting or analyzing log data and working with log pipelines + Triaging alerts from various sources, following playbooks, and escalating legitimate issues + Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) + Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. + In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.