Cyber security analyst jobs in Bridgeport, CT - 28 jobs

Document and analyze Identity and Access Management (IAM) processes, procedures, and controls to ensure accuracy, consistency, and alignment with organizational standards. Troubleshoot and resolve identity-related issues identified through reports, alerts, or incident tickets. Create and maintain detailed IAM system and workflow documentation based on business and technical requirements. Collaborate with business stakeholders and IT leadership to design, develop, and enhance IAM operational workflows using existing technologies and services. Develop, execute, and document test cases to validate IAM workflow enhancements and system changes. Build and maintain business-facing reports and dashboards using Power BI, SQL queries, and LDAP queries across targeted identity repositories. Communicate effectively with team members, cross-functional partners, and business units to ensure consistent understanding of IAM processes and initiatives. Support the governance, maintenance, and execution of IAM operational workflows, including responding to and resolving team service requests and incidents. Conduct data analysis to identify, investigate, and remediate user data inconsistencies, anomalies, and policy deviations. Participate in on-call rotation as needed to support critical IAM functions and operational continuity. Highly Preferred Skills: 2-5 years of experience as an IAM Analyst, Business Analyst, or similar technical/functional role. Strong business analysis skills, including requirements gathering, process mapping, and workflow design. Experience writing and executing test cases, test scripts, and test plans. Familiarity with IAM systems and concepts such as identity lifecycle management, authentication, authorization, roles, and entitlements. Experience with IAM tools (e.g., Okta, SailPoint, Azure AD/Entra ID, Duo) is preferred but not required. Working knowledge of SQL, Power BI, or other reporting tools is a plus. Strong documentation skills using MS Word, Excel, Visio, or similar tools. Excellent verbal and written communication skills; able to translate between business and technical language. Detail-oriented, analytical thinker, and effective problem solver. Willingness to participate in testing activities and occasional on-call or after-hours support if needed. Job Description Protects the organization's digital assets from unauthorized access. This includes securing both online and on-premise infrastructures, responding to alerts, mitigating risks before breaches occur and guiding the efforts to contain, triage and recover from cyber incidents when they occur. Job Responsibility Works on moderately complex assignments to protect computer systems, networks, and data from loss and potential service interruptions due to cyber incidents. Analyzes and documents security risks, breaches, and incidents using independent judgment within defined procedures to determine appropriate actions and approaches. Analyzes, reports, and responds to detected cyber incidents. Uses cybersecurity tools to proactively search for and identify threats to systems and networks. Installs and operates security software and measures to protect systems and information infrastructure. Collaborates with the security team and peers to perform tests and find network weaknesses which could lead to a cyber security incident. Makes decisions based on precedent, previous experience and professional guidelines. Researches and recommends cyber security enhancements and tools. Works with management to develop and enhance cyber security best practices. Researches and keeps current on the latest cyber security intelligence technologies, trends, and standards. Trains junior level staff on network and cyber security technologies and procedures. Performs related duties as required. All responsibilities noted here are considered essential functions of the job under the Americans with Disabilities Act. Duties not mentioned here, but considered related are not essential functions. Job Qualification Bachelor's degree in Computer Science, Cyber Security or related field, required. Certifications including but not limited to Security+, CISSP, CISM, CEH, ISSAP, ISSEP, or GSEC, required. 2-4 years of related experience, required. *Additional Salary Detail The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future.When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all. The exceptional EY experience. It's yours to build. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. Today's world is fuelled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. **The opportunity** Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team responsible for security incident response for EY. The candidate will work as an escalation point for suspect or confirmed security incidents. Responsibilities include performing digital forensic analysis, following security incident response standard methodologies, malware analysis, identify indicators of compromise, support remediation or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. **Your key responsibilities** + Investigate, coordinate, bring to resolution, and report on security incidents as they are brought up or identified + Forensically analyze end user systems and servers found to have possible indicators of compromise + Analysis of artifacts collected during a security incident/forensic analysis + Identify security incidents through 'Hunting' operations within a SIEM and other relevant tools + Interface and connect with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions + Provide consultation and assessment on perceived security threats + Maintain, manage, improve and update security incident process and protocol documentation + Regularly provide reporting and metrics on case work + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact based reports + Be on-call to deliver global incident response **Skills and attributes for success** + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact-based reports + Proven integrity and judgment within a professional environment + Ability to appropriately balance work/personal priorities **To qualify for the role you must have** + Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field + 5+ years experience in incident response, computer forensics analysis and/or malware reverse engineering; + Understanding of security threats, vulnerabilities, and incident response; + Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis; + Be familiar with legalities surrounding electronic discovery and analysis; + Experience with SIEM technologies (i.e. Splunk); + Deep understanding of both Windows and Unix/Linux based operating systems; **Ideally, you'll also have** + Hold or be willing to pursue related professional certifications such as GCFE, GCFA or GCIH + Background in security incident response in Cloud-based environments, such as Azure + Programming skills in PowerShell, Python and/or C/C++ Understanding of the best security practices for network architecture and server configuration **What we look for** + Demonstrated integrity in a professional environment + Ability to work independently + Have a global mind-set for working with different cultures and backgrounds + Knowledgeable in business industry standard security incident response process, procedures, and life cycle + Excellent teaming skills + Excellent social, communication, and writing skills **What we offer you** The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary range/s. At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $87,700 to $164,000. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $105,200 to $186,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. **Are you ready to shape your future with confidence? Apply today.** EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. **EY | Building a better working world** EY is building a better working world by creating new value for clients, people, society, and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy, and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ************************** .

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As Senior Cybersecurity Engineer, you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. In this role you will: Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation Document analysis, findings, and actions for case management and metrics Support security incident response planning, procedure/playbook development and investigations Participate in on-call rotation for off-hours escalations Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). Assist with remediation of identified security risks Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred What you bring to BIC: Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred Prior experience interpreting or analyzing log data and working with log pipelines Triaging alerts from various sources, following playbooks, and escalating legitimate issues Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

Working at Yale means contributing to a better tomorrow. Whether you are a current resident of our New Haven-based community- eligible for opportunities through the New Haven Hiring Initiative or a newcomer, interested in exploring all that Yale has to offer, your talents and contributions are welcome. Discover your opportunities at Yale! Salary Range $90,000.00 - $135,000.00 Overview Conduct Incident Response Activities: Participates in security incident response efforts, managing assigned incidents through the full handling lifecycle including identification, containment, eradication, and recovery in coordination with other SOC and Security Engineering team members. Perform Detailed Incident Analysis: Analyzes host, network, and cloud telemetry to determine root cause, attack path, and impact of security events. Documents findings and maintains thorough incident records. Support Tier 2 SOC Operations: Responds to escalated alerts, security tickets, and service requests, ensuring timely investigation, documentation, and remediation of potential threats within established service levels. Develop and Maintain Response Playbooks: Contributes to the creation, refinement, and maintenance of incident response playbooks and procedures for various threat types to ensure consistent and effective handling of incidents. Enhance Detection and Response Capabilities: Collaborates with Security Engineering teams to identify detection gaps, improve alerting logic, and drive automation within response workflows.Participate in Post-Incident Reviews and Knowledge Sharing: Engages in lessons-learned activities, tracks remediation actions, and mentors SOC analysts to strengthen incident analysis and handling capabilities. Skills & Abilities 1.Developed analytical, critical thinking and problem-solving skills. 2.Developed interpersonal, written, communication, presentation, and organizational skills. 3.Familiarity with systems analysis methods and techniques. 4.Project management skills. Job Responsibilities 1.Responsible for routine to moderately complex event and incident monitoring, threat detection and data correlation. 2.Assist with collecting potential breach evidence, participate in network and host forensic analysis, participate with incident remediation activities. 3.Meet with stakeholders to assess departments security requirements. 4.Assist in the development of security standards and best practices. 5.Research the latest information security trends and emerging threats. Principal Responsibilities 1. Responsible for routine to moderately complex event and incident monitoring, threat detection and data correlation. 2. Assist with collecting potential breach evidence, participate in network and host forensic analysis, participate with incident remediation activities. 3. Meet with stakeholders to assess departments security requirements. 4. Assist in the development of security standards and best practices. 5. Research the latest information security trends and emerging threats. Required Education and Experience Bachelor's Degree and four years of experience or equivalent education and experience. Skills and Abilities Developed analytical, critical thinking and problem-solving skills. Developed interpersonal, written, communication, presentation, and organizational skills. Familiarity with systems analysis methods and techniques. Project management skills. Job Posting Date 01/15/2026 Job Category Professional Bargaining Unit NON Compensation Grade GS-3 Compensation Grade Profile GS-3h Time Type Full time Duration Type Staff Work Model Location 150 Munson Street, New Haven, Connecticut Background Check Requirements All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check. For additional information on the background check requirements and process visit "Learn about background checks" under the Applicant Support Resources section of Careers on the It's Your Yale website. Health Requirements Certain positions have associated health requirements based on specific job responsibilities. These may include vaccinations, tests, or examinations, as required by law, regulation, or university policy. Posting Disclaimer Salary offers are determined by a candidate's qualifications, experience, skills, and education in relation to the position requirements, along with the role's grade profile and current internal and external market conditions. The intent of this job description is to provide a representative summary of the essential functions that will be required of the position and should not be construed as a declaration of specific duties and responsibilities of the position. Employees will be assigned specific job-related duties through their hiring department. The University is committed to basing judgments concerning the admission, education, and employment of individuals upon their qualifications and abilities and seeks to attract to its faculty, staff, and student body qualified persons from a broad range of backgrounds and perspectives. In accordance with this policy and as delineated by federal and Connecticut law, Yale does not discriminate in admissions, educational programs, or employment against any individual on account of that individual's sex, sexual orientation, gender identity or expression, race, color, national or ethnic origin, religion, age, disability, status as a special disabled veteran, veteran of the Vietnam era or other covered veteran. Inquiries concerning Yale's Policy Against Discrimination and Harassment may be referred to the Office of Institutional Equity and Accessibility (OIEA). Note Yale University is a tobacco-free campus.

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory. KPMG is currently seeking a Specialist Director, MAST Application Penetration Testing Lead to join our Managed Services practice. Responsibilities: * Lead the strategic delivery of Managed Application Security Testing (MAST) services, ensuring alignment with client objectives and industry best practices * Execute go-to-market (GTM) strategies for MAST offerings, collaborating with cross-functional teams to drive market penetration and revenue growth * Oversee the design and implementation of scalable security testing frameworks across diverse application environments, including cloud-native and hybrid architectures * Provide subject matter expertise in application security, guiding clients through risk assessments, remediation planning, and secure development lifecycle integration * Build and maintain strong client relationships, serving as a trusted advisor and ensuring high levels of satisfaction and retention * Mentor and lead a team of security professionals, fostering a culture of innovation, accountability, and continuous improvement * Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications: * Minimum eight years of recent experience in application security, penetration testing, or related cybersecurity domains, with at least three years in a leadership or director-level role * Master's degree from an accredited college or university in cybersecurity, computer science, or related field is preferred; Bachelor's degree from an accredited college or university is required * Deep understanding of application security testing methodologies, tools (for example, DAST, SAST, IAST), and secure SDLC practices * Proven experience developing and executing GTM strategies for security services or technology solutions * Strong client-facing skills with the ability to communicate complex technical concepts to non-technical stakeholders * Excellent verbal/written communication, presentation, and analytical skills * Ability to travel as required * Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** California Salary Range: $153700 - $319000 KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

at Nuvance Health The Cyber Security Engineer will have responsibility for incident response along with a desire to relentlessly champion best practices. This role will perform all functions required to support day-to-day data security operations, supporting and maintaining a broad suite of cyber security operations infrastructure, serving as a tier 2 escalation point during incident response and investigations and monitoring compliance with IT security policy. Participate in the planning, design, installation, maintenance and tuning of security operations systems in support of security policies and best practice. Work with Information Technology staff and business units to assess risk and address security issues. Responsibilities: • Manage security responsibilities, including firewalls, proxy systems, SIEM, EDR and other security devices. 15% • Strong skills implementing and tuning security components. 15% • Server as an escalation point during incident response and investigations. 15% • Maintain cyber security operations tool to insure detection, response and remediation of latest security threats 15% • Create and review reports on event and incidents. 10% • Stay up to date with latest security threats and assist with developing defense strategy's to combat them. 10 % • Investigate and respond to security violations 10% • Ability to maintain in depth knowledge of security and networking infrastructure utilized by the company including the management and reporting of each. 10% Education Skills Experience • Bachelor's degree in computer science field required • 2 or more years Security Operations with a minimum of 4 years IT experience. • Demonstrated experience in Incident response investigations. • Working knowledge of EDR technologies. • Working knowledge of SIEM technologies. • Working knowledge of common vulnerability management tools. • Working knowledge of enterprise firewall technologies preferred. • Working knowledge of web filtering and proxies preferred. • Working knowledge of MDM solution preferred. • Experience with DLP and IPS/IDS systems preferred. • Working knowledge of email filtering product preferred. • Working knowledge of litigation hold processing and forensic investigations preferred. • Experience participating in Red/Blue/Purple team exercises. • Experience working with information security practices, networks, software, and hardware. Other Information: • CISSP, CEH, or other equivalent certification is a plus. • Disaster recovery and business continuity experience is a plus. • Working knowledge with HIPAA regulations as they pertain to the healthcare industry. Working Conditions: Manual: Some manual skills/motor coord & finger dexterity Occupational: Little or no potential for occupational risk Physical Effort: Sedentary/light effort. May exert up to 10 lbs. force Physical Environment: Generally pleasant working conditions Company: Nuvance Health Org Unit: 1795 Department: Information Security Exempt: Yes Salary Range: $40.43 - $75.10 Hourly

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

**Duration: 12 months contract (with possible extension)** ***Note: Open to candidates who are willing to relocate at their own expense.** + The Workday Application Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of data within the Workday system. + They design, implement, and maintain security configurations, including roles, permissions, and access controls, to protect organizational data and comply with company policies, industry standards, and regulatory requirements. **Job Functions & Responsibilities** + Develop and implement security roles, domain security policies, data and business process security within Workday + Ensure secure integration with other on‐premise and cloud applications like GRC tools + Configure and manage access permissions to ensure users have the appropriate level of access to data and functionality + Ensure compliance with company policies, industry standards (like SOC 2), and regulatory requirements (like GDPR) + Conduct regular security audits and assessments to identify vulnerabilities and areas for improvement + Assist in investigating and responding to security incidents, identifying root causes, and implementing preventive measures + Collaborate with IT, HR, and other stakeholders to align security efforts with business needs and ensure effective communication of security policies and procedures + Create and maintain documentation for security policies, procedures, and configurations, and provide training to users on security best practices + Stay abreast of Workday updates, industry trends, and emerging security threats to continuously improve security configurations and processes + Familiarity with other ERPs like SAP is preferred + Familiarity with GRC and Workday SoD (Segregation of Duties) management is desired **Skills** + SAP ERP (S/4 HANA is a plus) + Workday + Active Directory group management + GRC AC 10.1 and above + Microsoft Clienture + SuccessFactors + Applicable functional knowledge for SAP security areas like Finance, MM, ISU billing, etc. + SAP audit & compliance **Education & Certifications** + Bachelor's degree in engineering, IT, or related field + 7-10 years of hands‐on industry experience in Workday Security implementation and administration + Strong ITGC compliance knowledge for Workday + Familiarity with Workday risk management and GRC integration + Ability to identify, analyze, and resolve complex security and compliance issues + Strong interpersonal and communication skills, with the ability to effectively collaborate with diverse teams ** About US Tech Solutions:** US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit *********************** (*********************************** . US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

This role is Hybrid, 3 days a week to any local, US based UL Solutions Office. We are seeking a highly skilled Cloud Security Engineer with strong Application Security expertise to join our security architecture team. This role will be responsible for designing, implementing, and maintaining secure cloud environments and applications across multi-cloud platforms, with a focus on Azure. The ideal candidate will have hands-on experience with cloud-native security tools, DevSecOps practices, and compliance frameworks such as NIST 800-53, SOC 2, and CIS Controls. Cloud Security Engineering + Design and implement security controls for cloud infrastructure (Azure, AWS, GCP). + Develop and maintain security architecture patterns (e.g., hub-and-spoke, Zero Trust). + Integrate security tools such as Wiz, Microsoft Defender for Cloud, Silverfort, and Terraform. + Conduct threat modeling and risk assessments for cloud-native services. + Collaborate with IAM, SOC, and GRC teams to align cloud security with enterprise policies. Application Security + Perform secure code reviews, static/dynamic analysis, and vulnerability assessments. + Integrate security into CI/CD pipelines using tools like Snyk, Checkmarx, or Veracode. + Guide development teams on secure coding practices and OWASP Top 10. + Design and implement API security strategies including OAuth2, OpenID Connect, and mTLS. + Support remediation of application vulnerabilities and provide technical guidance. Compliance & Governance + Map cloud and application security controls to compliance frameworks (NIST 800-53, SOC 2, CIS). + Assist in audits and evidence collection for regulatory compliance. + Maintain documentation of security architecture, policies, and procedures. + Bachelor's degree in Computer Science, Cybersecurity, or related field. + 3-4 years of experience in cloud security engineering and application security. + Strong understanding of Azure security services and architecture. + Experience with infrastructure-as-code (Terraform, Bicep). + Familiarity with Snowflake security features and data protection strategies. + Knowledge of identity and access management (Azure AD, Conditional Access, MFA). + Hands-on experience with DevSecOps tools and practices. Preferred Qualifications + Certifications: Azure Security Engineer Associate, CISSP, CCSP, OSCP, or GIAC. + Experience with multi-subscription Azure environments. + Familiarity with Zero Trust architecture and implementation. + Experience with security automation and orchestration. Soft Skills + Strong analytical and problem-solving skills. + Excellent communication and collaboration abilities. + Ability to work independently and in cross-functional teams. + Passion for continuous learning and staying current with security trends. What you'll experience working for ULS UL Solutions has been pioneering change since 1894 and we're still leading the way. From day one, we've blazed a trail protecting the planet and everyone on it. Our teams have influenced billions of products, plus services, software offerings and more. We break things, burn things and blow things up. All in the name of safety science. That's where you come in - because none of it could happen without you. It takes passion to protect people, problem-solving to safeguard personal data and conviction to make the world a more sustainable place. It takes bold ideas and brilliant minds to build a better world for future generations across the globe. This is more than a job. It's a calling. A passion to use our expertise and play our part in creating a more secure, sustainable world today - and tomorrow. As a member of our safety science community, you'll use your ideas, your energy and your ambition to innovate, challenge and ultimately, help create a safer world. Everyone here is unique. But we're also a global community, working together to help create a safer world. Join UL Solutions and you can connect with the brightest minds in the business, all bringing their distinct perspectives and diverse backgrounds together to deliver real change. Empowering our customers to keep the world safe means thinking ahead. It means investing in training and empowering our people to learn and innovate. At UL Solutions, we help build a better future - one where everyone benefits. Join UL Solutions to be at the center of safety. To learn more about us and the work we do, visit UL.com Total Rewards: We understand compensation is an important factor as you consider the next step in your career. The estimated salary range for this position is $95,000 to $120,000 and is based on multiple factors, including job-related knowledge/skills, experience, geographical location, as well as other factors. This position is eligible for annual bonus compensation with a target payout of 10% of the base salary. This position also provides health benefits such as medical, dental and vision; wellness benefits such as mental and financial health; and retirement savings (401K) commensurate with the standard rewards offered in each individual location or country. We also provide full-time employees with paid time off including vacation (15 days), holiday including floating holidays (12 days) and sick time off (72 hours). #LI-SG2 #LI-Hybrid UL LLC has been and will continue to be an equal opportunity employer. To assure full implementation of this equal employment policy, we will take steps to assure that: Persons are recruited, hired, assigned and promoted without regard to race, color, age, sex or gender, sexual orientation, gender identity, gender expression, transgender status, religion, creed, national origin, ethnicity, citizenship, ancestry, disability, genetic information, military or veteran status, pregnancy, marital or familial status, or any other protected category under applicable law.

SonSoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. SonSoft Inc is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services. Job Description LENGTH: 12 MONTHS, OPTION TO HIRE JOB ID: 1912185274 JOB TITLE: ACTIVE DIRECTORY ENGINEER - SME GC/EAD OR CITIZEN - OPTION TO HIRE POSITION SUMMARY: MUST HAVE a Security Background. Responsible for supporting and maintaining Microsoft Active Directory. Familiar with the Microsoft Windows Server Operating system, , and VMWare Virtualization technologies in the environment. This includes planning for and responding to service outages and other problems, and being a Tier 3 escalation point for moderately complex Active Directory problems beyond the knowledge of other technical support staff. Ensures customer satisfaction by advising customers on preventative maintenance and configurations which may impact product performance. Takes responsibility for potential or desired follow-up services or problem escalation. Fully qualified server engineer. High degree of troubleshooting. Self-starter needing little to no guidance. Additional Information NOTE : ONLY GCEAD , GC AND CITIZEN

What we need… A Mobile Security Engineer to collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack. This role combines mobile application development with the integration of security practices throughout the development lifecycle. Responsibilities include incorporating security tools and frameworks, conducting hands-on security testing, developing automation to streamline security processes, promoting secure coding practices, and ensuring mobile security aligns with broader enterprise-wide security strategies. What's in it for you… COCC offers a unique and collaborative experience as you grow your career with us and all of the benefits you'd expect from an award-winning employer plus: Hybrid schedules and ample paid time off allowing you work/life balance and flexibility Customized training and onboarding to support you in your first year at COCC Robust employee development programs aligned with career pathing objectives Cutting-edge training and educational resources from vendors like SANS, PluralSight and CBTNuggets Generous PTO offerings, benefits and competitive compensation On-site fitness centers, wellness incentives, and lifestyle spending accounts Tuition Reimbursement One-on-one career coaching DEIB initiatives championing inclusion and encouraging you to bring your whole self to work Financial planning assistance with certified professionals Peer recognition programs What you'll do… Collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack Incorporate security tools and frameworks to enhance resilience against attacks Develop and maintain scripts, tools, and/or automation frameworks to streamline security testing and vulnerability detection within the development lifecycle Champion secure coding practices (OWASP Mobile Top 10, etc.) while working as part of the development team to architect and implement secure, scalable enhancements Leverage tools like Burp Suite, MobSF, Frida, or Drozer to perform mobile security testing Collaborate with Security Architecture & Engineering to integrate network security controls into the mobile stack Stay current with emerging threats, vulnerabilities, and security technologies relevant to mobile platforms What you'll bring… Bachelor's degree in Computer Science, Cybersecurity, IT, Software Development or related field (or equivalent experience) 4+ years of experience in mobile application security, including hands-on security and vulnerability testing 2+ years of experience in mobile application development (iOS and/or Android) with proficiency in Swift, Objective-C, Kotlin, and/or Java Experience with mobile security testing tools (DAST) such as MobSF, Burp Suite, Frida, or Postman Experience with mobile security testing tools (SAST) such as Checkmarx, Fortify, or SonarQube Familiarity with CI/CD pipelines and DevSecOps practices Strong communication to articulate technical security concepts to non-technical stakeholders Certifications such as GMOB, GSEC, OSCP or commensurate experience preferred

L3 Resource with good experience in handling end to end infrastructure security operations which includes o Perimeter security (Checkpoint & CISCO ASA Firewalls etc.) o Endpoint security (Sophos , Symantec etc.) o Web Gateways ( Sophos, Blucote) o Email Gateways ( Sophos, Symantec etc.) o Vulnerability Management (Qualys, DDI etc.) o Information security & Compliance ( IS Auditing, Policies & Procedure reviews) o Global Access Management o SIME (ArcSight etc.) · Should have hands on experience in troubleshooting issues · Should have good experience in ITIL Processes(Change management, Problem management, Incident Management etc. ) · Technically sound on the above listed technologies / tools · Good experience in performing Security incident analysis · Preferably the candidate should have certifications like CISSP, CISA, CISM · Should have good communication & presentation skills Additional Information All your information will be kept confidential according to EEO guidelines.

Current Saint Francis Employees - Please click HERE to login and apply. Full Time Days PLEASE NOTE: Due to the nature of this role, candidates must be either local to the area or willing to relocate, as this position requires full-time onsite presence. Job Summary: As a member of the Information Security team, responsibilities include manages and mitigates information security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides information security risk insight and guides management on information security risk issues and serves as advisor to peers, team members and management. Minimum Education: Bachelor's degree in Computer Science, MIS, Computer Engineering, Cyber Security or related discipline. Licensure, Registration and/or Certification: None. One or more of the following certifications are preferred: Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA). Work Experience: 3 - 4 years related experience inclusive of two years working directly in an Information Services department and previous experience with HIPAA/PHI compliance programs, policies, procedures, risk assessments and audits. Knowledge, Skills and Abilities: In-depth knowledge of cyber security methodology and security practices. Knowledge of HIPAA, PCI, SOX, ISO and NIST cybersecurity frameworks. Knowledge of intrusion detection and intrusion prevention systems, penetration and vulnerability testing. Knowledge of data loss prevention, anti-virus and anti-malware software tools. Knowledge of computer networking, TCP/IP, routing and switching, network protocols and packet analysis tools. Knowledge of Windows, UNIX and Linux operating systems. Excellent problem solving and analytical skills. Excellent written and oral communication skills. Excellent organizational and interpersonal skills. Ability to work independently as well as in a team setting. Essential Functions and Responsibilities: Define, implement, and enforce information security policies, strategies, and procedures that align with healthcare laws and regulations, such as HIPAA. Conduct and/or support targeted risk assessment. Determine significant risk points and exercise process for risk assessment and risk acceptance. Review assessment results for vulnerabilities, gaps, control deficiencies, and work with key stakeholders to establish plans for sustainable resolution. Maintain an effective information security awareness program and educate internal teams on best practices. Ensures that business and clinical software applications include adequate information and security controls. Establish and maintain metrics based on the information security framework used at SFHS. Decision Making: Independent judgment in making decisions from many diversified alternatives that are subject to general review in final stages only. Working Relationships: Works directly with patients and/or customers. Works with internal customers via telephone or face to face interaction. Works with external customers via telephone or face to face interaction. Works with other healthcare professionals and staff. Works frequently with individuals at Director level or above. Special Job Dimensions: None. Supplemental Information: This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties. Information Technology - Information Security - Yale Campus Location: Tulsa, Oklahoma 74136 EOE Protected Veterans/Disability

What you'll do • Design and implement comprehensive data security architectures, with particular focus on database platforms (primarily SQL Server) • Develop and maintain enterprise-wide encryption strategies for securing structured and unstructured data both in transit and at rest, both and both on-premise and in the cloud • Enhance logging, monitoring and SecOps capabilities of enterprise databases and other data stores • Configure and optimize Identity and Access Management (IAM) solutions across data platforms and repositories to align to least privilege principles • Implement Data Loss Prevention (DLP) strategies and controls • Implement and maintain Information Rights Management (IRM) and Digital Rights Management (DRM) solutions • Design and implement data tokenization strategies where appropriate • Secure data processing pipelines and ensure appropriate controls for data workflows • Create and maintain data security documentation, including policies, procedures, and standards • Collaborate with development teams to ensure security best practices in data handling • Conduct vulnerability assessments of the firm's database architecture and associated data storage and processing systems • Assist in monitoring and managing security patching and upgrade processes for database platforms What's required • Bachelor's degree in computer science, cybersecurity, or related technical field • 6+ years of experience in data/database security engineering and governance • Deep expertise in database security, particularly SQL Server • Comprehensive understanding of data warehouse/data lake architectures and tools, particularly Databricks (required) • Subject matter expertise in Object Storage (eg: S3, Azure Blob, etc) and related security • Understanding of Active Directory Delegation (constrained vs. unconstrained) and associated best practices • Experience with 3rd-party SQL Server security governance and monitoring products (eg: Idera, Solarwinds) • Extensive knowledge of encryption technologies for both structured and unstructured data • Broad knowledge of secure data/file sharing solutions and ETL workflows • Experience designing and implementing data tokenization solutions • Experience with data classification and DLP technologies • Scripting/automation capabilities (eg: SQL, PowerShell, Python) • Commitment to the highest ethical standards Qualifications Ivy league colleges education preferred or huge plus. Additional Information All your information will be kept confidential according to EEO guidelines.

Duration: 6+ Months Experienced Firewall administrator for operational implementation, maintenance and configuration of firewalls. Key Responsibilities: Performs maintenance and changes in firewalls as required. Implementation of new firewalls as required Assists with troubleshooting network connectivity as it relates to firewalls Utilizes change management, request, and ticketing systems, documents status updates and problem resolutions Complete All assignments in a timely manner with an acceptable level of quality Maintains documentation related to work area Completes network change requests Follows documented processes, procedures and policies Performs customer service duties and responds to customer and project requests as defined by management Other related duties assigned as needed. Qualifications/Requirements: Bachelor's degree and with 3 to 4 years of operational experience administering Firewalls 4 or more years networking/firewall background Must have networking TCP/IP routing protocol experience Desired Characteristics: In-depth experience in security aspects of multiple platforms, operating systems, software, communications and network protocols is desired Competency in verbal, written, and presentation communications and interpersonal understanding Ability to understand customer's business needs. Leadership of work teams/groups Ability to work with all levels of employees Highly motivated and able to work effectively under minimal supervision in a fast-paced environment Team-oriented, placing priority on quality and the successful completion of team goals Organization and planning skills that include: time management, project coordination and management, and the ability to handle multiple deadlines and associated pressures. Competency in developing effective solutions to business problems Ability to analyze problems and to make decisions REQUIRED SKILLS YEARS OF EXPERIENCE WHEN THE SKILL WAS LAST USED Expert knowledge of Cisco Security products, ASA and Firepower Expert knowledge of NSX Expert knowledge of Palo Alto systems Security Certifications a Plus Must have networking TCP/IP routing protocol experience Networking/firewall background Operational experience administering Firewalls Additional Information All your information will be kept confidential according to EEO guidelines.

This is a hybrid role with 1-3 days in the office in Irvington, NY. We are seeking candidates who will not require sponsorship now or in the future We are seeking a Security Engineer to join our team and protect the systems, networks, and data essential to our business. In this position, you will focus on securing our corporate IT infrastructure, maintaining regulatory compliance, and ensuring the safety of our e-commerce platforms. Dimensions and Contacts Internal Collaboration The Security Engineer collaborates extensively with various cross-functional teams within the organization. These include IT Operations, Network Engineering, Software Development, Cloud Infrastructure, and Governance, Risk, and Compliance (GRC). In this capacity, the Security Engineer offers technical security guidance, supports project teams during the solution design phase, and works directly with system owners to implement secure configurations and controls. Business Stakeholders This role involves frequent interaction with product managers, business analysts, and departmental leaders to fully understand business requirements. The Security Engineer assesses the potential security impacts of business initiatives and communicates related risks in clear and actionable terms, ensuring all stakeholders remain informed and engaged. Security and Incident Response The Security Engineer coordinates closely with the Cybersecurity team, Security Operations Center (SOC) analysts, and incident responders during threat investigations, vulnerability remediation, and security events. The individual may also serve as a technical escalation point for security-related issues, providing expertise and leadership during critical incidents. External Contacts Interaction with external parties is a key aspect of this role. The Security Engineer engages with vendors, managed service providers, penetration testers, and auditors to evaluate new technologies, validate security controls, and support both security assessments and compliance activities for the organization. Cross-Organizational Influence The Security Engineer plays an influential role across the enterprise by providing security training, raising awareness, and offering consultation to various teams. Additionally, the individual contributes to architectural decisions and participates in the development of security policies and standards. Summary of Responsibilities * Ensure that Eileen Fisher, Inc. consistently upholds PCI compliance across both retail and e-commerce channels. * Establish protection goals, objectives, and metrics in alignment with the corporate strategic plan and IT governance requirements. Lead the annual risk assessment and policy review processes. * Work with 3rd-party providers and vendors to configure, monitor, and optimize Web Application Firewalls (WAFs) to protect e-commerce and customer-facing websites. * Direct the development, implementation, and maintenance of IT security policies, standards, and procedures to support ongoing security efforts. * Provide day-to-day management for operational security responsibilities, including network, email, endpoint, application systems security, and system access controls. * Supervise incident response activities and investigations of security breaches, ensuring the appropriate dissemination of information related to such events. * Oversee patch management and additional security operations functions, including sensitive data handling and certificate management. * Review and analyze data from various security logging systems, scanners, and tools to identify potential threats and incidents. * Collaborate with IT infrastructure and application teams to embed security best practices within development and deployment workflows. * Maintain comprehensive security documentation, encompassing policies, standards, and procedures. * Design, implement, and sustain security technologies, tools, and processes (e.g., IDS/IPS, honeypot, SIEM, endpoint protection) PERFORMS OTHER RELATED DUTIES AND ASSIGNMENTS AS REQUIRED. Required Experience * Minimum of 3-5 years of experience with managing all aspects of PCI Compliance * Experience with e-commerce security, including securing payment gateways, APIs, and customer data * Knowledge of web application security (OWASP Top 10, WAF, bot mitigation) * Experience configuring and managing honeypots, IDS/IPS, and endpoint protection * Familiarity with cloud security (AWS IAM, Microsoft Defender, Azure Defender, GCP Security Command Center) * Conducting penetration testing, vulnerability management, and remediation. * Experience with identity and access management (IAM) and SSO/MFA integrations (Okta, Azure AD,) * Strong understanding of encryption, TLS/SSL, PKI, and key management. * Scripting/automation skills in Python, Bash, or PowerShell. * Hands-on experience with SIEM solutions * Experience with securing AWS and Linux environments, preferably in a regulated environment subject to HIPAA or PCI-DSS * An automation-first mindset * Preferred certifications include: o PCIP o Security+ or SSCP o Firewall/network o Cloud security certification Education: Bachelors degree or equivalent experience. The salary range for this position is $80,000 - 100,000/year depending on relevant experience. We offer a competitive total package, including health benefits, generous paid time off, wellness reimbursement, etc. EILEEN FISHER, Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As **Senior Cybersecurity Engineer,** you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. **In this role you will:** + Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation + Document analysis, findings, and actions for case management and metrics + Support security incident response planning, procedure/playbook development and investigations + Participate in on-call rotation for off-hours escalations + Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). + Assist with remediation of identified security risks + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred **What you bring to BIC:** + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred + Prior experience interpreting or analyzing log data and working with log pipelines + Triaging alerts from various sources, following playbooks, and escalating legitimate issues + Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) + Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. + In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.