Cyber Security Analyst III
Cyber Security Analyst Job 17 miles from Fullerton
Security Operations Architecture:
7 years' experience as a Lead in a Security Operations Center, provide proactive and reactive defense against evolving cyber threats. This is an exciting opportunity to help shape the future of our security operations as part of a dynamic cybersecurity team.
Design and Implement Security Architecture: Develop and implement scalable and integrated security infrastructures, including SIEM, threat detection systems, and incident response mechanisms.
Optimize SOC Processes: Collaborate with teams to enhance incident detection, investigation, and response workflows, including automation and orchestration for efficiency.
Tool Evaluation and Integration: Evaluate, recommend, and integrate new security technologies and tools that align with the organization's security needs. Strong knowledge of SOAR, network security, and cloud security solutions.
Incident Response:
10 years IR experience, respond to and triage security incidents, leveraging various tools, and other monitoring tools to identify, contain, and eradicate threats in healthcare and biomedical systems.
Escalate critical incidents to senior team members or management for further analysis and response, especially those involving biomedical equipment or patient data breaches.
Document and follow through on incident handling processes, including containment, eradication, and recovery, ensuring compliance with HIPAA and PCI-DSS regulations during the entire process.
Conduct post-incident analysis to identify root causes, implement corrective measures, and improve the organization's incident response capabilities, particularly in relation to biomedical and patient care systems.
SIEM Monitoring and Detection:
7 years SIEM experience, continuously monitor security alerts from various security tools, including SIEM experience to identify potential security incidents affecting sensitive healthcare data, biomedical systems, and connected medical devices.
Monitor for incoming threats, phishing attempts, or suspicious emails, ensuring timely identification and response, particularly around threats targeting biomedical systems or patient data.
Analyze network traffic, logs, and endpoints for signs of compromise or malicious activity using and other tools, ensuring that biomedical systems, medical records, and connected devices remain secure.
Investigate alerts to determine the severity and impact of potential threats (e.g., ransomware, malware, insider threats) that may compromise healthcare, biomedical systems, or violate HIPAA or PCI-DSS compliance requirements.
Application Security & Vulnerability Management:
10 years AppSec experience, Application Security Design, and Integration: Collaborate with development teams to design and implement security measures throughout the software development lifecycle (SDLC) to ensure secure application architectures.
10 years' Vulnerability Management experience, Vulnerability Identification and Assessment: Lead efforts to identify, assess, and prioritize vulnerabilities in applications, using tools like static and dynamic analysis, penetration testing, and vulnerability scanners.
Remediation and Risk Mitigation: Work with development and operations teams to remediate identified vulnerabilities and mitigate risks through patching, secure coding practices, and implementing security controls.
Threat Vulnerability Management:
Proactively identify, track, and manage emerging threats and vulnerabilities, ensuring IT is performing timely patching and response to critical vulnerabilities to reduce risk.
Continuous Improvement and Monitoring: Establish ongoing monitoring, vulnerability scanning, and security assessments to maintain a secure environment and proactively address emerging threats. Provide metrics to leadership.
Reporting and Documentation:
Maintain detailed and accurate records of security incidents, including actions taken, timeline of events, and outcomes, ensuring documentation aligns with HIPAA, PCI-DSS, and biomedical security standards.
Generate regular security reports and metrics to help management understand security posture, trends, and compliance with healthcare-specific regulatory standards.
Provide insights and recommendations to improve security policies, procedures, and controls based on analysis of incidents and vulnerabilities, with a particular focus on safeguarding patient data, biomedical systems, and medical records.
Collaboration and Communication:
Collaborate with IT, network operations, biomedical engineering teams, compliance, legal, and healthcare staff to ensure a coordinated response to security incidents, particularly those affecting biomedical equipment or patient data.
Communicate effectively with both technical and non-technical stakeholders regarding security events, incidents, and healthcare-specific risks, ensuring the protection of sensitive medical information and biomedical systems.
Assist in security awareness training for employees, with an emphasis on safeguarding patient data, understanding HIPAA and PCI-DSS compliance, and recognizing social engineering tactics targeting healthcare systems and biomedical devices.
Contribute to risk assessments and vulnerability management programs using various tools like, to identify and address security weaknesses within healthcare and biomedical systems.
Key Skills and Qualifications:
Technical Skills:
Strong understanding of network protocols, firewall configurations, IDS/IPS, and VPN technologies, cloud security.
Experience with SIEM tools, for security event management and log analysis, and EDR. for endpoint protection and security management in a healthcare and biomedical context.
Knowledge and experience with various Vulnerability Management tools for identifying and managing vulnerabilities across healthcare networks, biomedical devices, and medical record systems.
Expertise in managing security risks associated with MiOT devices, connected medical devices, and biomedical technologies within healthcare environments.
Experience with email security tools for protecting against email-borne threats such as phishing and malware, which could impact patient data or biomedical systems.
Experience with ticketing systems for incident and ticket management, helping streamline the security incident response process.
In-depth knowledge of HIPAA, PCI-DSS, and other healthcare-specific regulations, ensuring compliance in protecting sensitive data and biomedical systems.
Penetration testing (pentesting) experience, including the ability to conduct security assessments and simulate real-world cyberattacks to identify weaknesses in biomedical systems and healthcare infrastructure.
Cybersecurity Knowledge:
In-depth understanding of cybersecurity concepts, including attack vectors, malware types, vulnerabilities, and exploits, with a focus on healthcare and biomedical security.
Familiarity with HIPAA, PCI-DSS, and other healthcare-specific regulatory frameworks for protecting sensitive data and biomedical equipment.
Experience with threat intelligence sources, indicators of compromise (IOCs), and vulnerability management, specifically within healthcare and biomedical environments.
Strong understanding and practical experience with NIST Cybersecurity Framework (CSF) and CIS Controls, utilizing these frameworks to assess, manage, and improve the organization's security posture in protecting sensitive healthcare data, biomedical devices, and patient records.
Ability to implement and monitor CIS Critical Security Controls to address high-priority cybersecurity risks and enhance overall system resilience, ensuring compliance with regulatory standards like HIPAA and PCI-DSS.
We are seeking local candidates in California who are eligible to work on W2 basis.
Lead Cyber Security Engineer
Cyber Security Analyst Job 31 miles from Fullerton
Seeking a senior level cybersecurity engineer to work onsite at the client's Los Angeles facility to provide technical guidance, actively engage in the implementation, and oversee the management of security enhancements and incident response to raise the security posture of the organization.
Required Skills -Cyber security
security risk management plan
firewall
security architecture design
Job Duties -Provide technical guidance, actively engage in the implementation, and oversee the management of security enhancements and incident response.
• Understand, capture, and document the terminals information security, cybersecurity architecture, and systems security engineering requirements
• Conduct thorough security reviews to pinpoint deficiencies in the security architecture, and in conjunction with the central cyber teams produce a comprehensive security risk management plan to address and mitigate potential vulnerabilities.
• Ensure acquired or developed systems and architectures align seamlessly with Maersk's cybersecurity architecture guidelines, ensuring a cohesive and secure technological landscape.
• Facilitate the practical application of Cyber Standards and security patterns (OT) within the organization, employing a structured and future-proof framework that you actively help shape and refine.
• Collaborate with the outsourced service provider to strategize, ensure quality, and execute a tactical enhancement aimed at enabling network segmentation within the terminal.
• Take on a central role in driving initiatives focused on heightening awareness and enriching understanding of cybersecurity best practices and Maersk standards. Your contributions are instrumental in bolstering the collective cyber comprehension, resilience, and preparedness of the terminals.
• Contribute innovative ideas and expert technical guidance to enhance the security posture of the terminal.
Job Requirements -Strong Cyber SME with a Degree in Computer Science, Computer Engineering or related field, or 8+ years relevant work experience
• Strong knowledge and hands-on experience of IT (also OT beneficial) technologies and applications.
• Strong network engineering experience (switches & firewalls), with the ability to architect and configure
• Experience with design and assessment of secure IT, data flows and their security requirements
• Ability to serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.
• Ability to design security architectures.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Knowledge of Business Continuity and Disaster Recovery of operation plans.
• Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, SSL security).
• Knowledge of Industrial control systems used for port operations.
• Knowledge of industry-standard and organizationally accepted analysis principles and methods (ISC-62443 certification is preferred).
• Knowledge of the enterprise Information Technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures).
• Knowledge of remote access technology concepts.
• Knowledge of communication methods, principles, and concepts that support the network infrastructure
Excellent stakeholder management and interpersonal skills at both a technical and non-technical level with an ability to influence
• Ability to manage conflicting priorities and multiple tasks
• Strong self-starting and can-do attitude
• Able to create a collaborative environment
• Excellent written and verbal communication skills for both technical and non-technical audiences, with ability to articulate complex ideas in a concise manner
• High attention to detail
• Ability to drive process teams to understand reporting situation, explores options and come to consensus on preferred solution
Classification: Internal
• Ability to work with offshore stakeholders
Desired Skills & Experience -(ISC-62443 certification is preferred).
CompTIA Security +
Additional security certifications
Cyber Security Engineer
Cyber Security Analyst Job 16 miles from Fullerton
This role is responsible for enhancing the cybersecurity incident response capabilities, focusing on proactive threat detection, swift response, and minimizing downtime and impact. This individual will act as an Incident Commander, ensuring that security incidents are managed efficiently, resources are optimized, and communication remains clear. The Incident Response Commander will develop and refine processes, automation, and integrations to strengthen the security posture and ensure robust incident response capabilities.
Responsibilities:
Lead Incident Response Efforts: Act as the Incident Commander during cybersecurity incidents, assessing the scope, impact, and containment strategies. Coordinate resources across to maximize incident detection and response efforts.
Develop and Implement Incident Response Processes: Design, integrate, and execute detailed incident response processes, including configuring and integrating threat detection tools, establishing automated response mechanisms, and defining clear escalation paths.
Manage Communication and Escalation Channels: Serve as the primary point of contact for incident response activities, facilitating communication between stakeholders. Establish robust communication channels and ensure effective escalation paths are in place.
Configure and Automate Security Tools: Set up, integrate, and maintain security monitoring and response tools. Focus on automating repetitive tasks and response actions to enhance efficiency and reduce response time.
Continuous Improvement and Process Testing: Conduct regular incident response exercises and post-incident reviews to identify gaps, improve response capabilities, and refine processes.
Availability for On-Call Duty: Be prepared for on-call availability, responding to incidents as they arise, including outside normal business hours, to ensure continuous protection.
Job Requirements
Qualifications:
Strong incident command experience, with a proven ability to manage and prioritize incidents, optimize resources, and make rapid, high-impact decisions under pressure.
Experience configuring and automating security tools (e.g., SIEM, SOAR, EDR), with a focus on enhancing detection and response capabilities through automation.
Excellent communication and stakeholder management skills, capable of coordinating across technical teams, executive leadership, and external partners.
Strong analytical and problem-solving abilities, with experience in threat analysis, forensic investigation, and incident response strategy development.
Comprehensive knowledge of RESTful APIs and data integration techniques to enable efficient, secure, and scalable data flow and communication between security systems and user-facing platforms.
Strong familiarity with infrastructure-as-code tools such as Terraform or Ansible to automate and standardize security configurations across diverse environments.
Hands-on experience with CI/CD pipelines, version control systems (e.g., Git), and modern software development practices to ensure high standards of consistency, quality, and automation in deploying and updating security tools.
Cyber Security Engineer
Cyber Security Analyst Job 31 miles from Fullerton
Job Title: Lead OT Cyber Engineer - IT Cyber Program
Contract to hire
Lead OT Cyber Engineer - IT Cyber Program
Job Requirements -
IT Cyber Program
PURPOSE:
Responsible for the working hands on and shaping of the terminal Cyber Security demands in implementing, maintaining, executing the Cyber Program
Works closely with the local terminal IT teams, Global Cyber program management and stakeholders, vendors to implement the Cyber Security program.
Actively collaborate with his business stakeholders to identify opportunities to improve efficiency and in adopting new practices that support the Cyber Program capabilities.
PRINCIPAL ACCOUNTABILITIES:
Overall responsibilities are the following:
Execution and implementation of the Cyber Security program for facility.
Work on improvement opportunities, analysis, prepares recommendations and facilitates Cyber Security enhancements. Develops business requirement documents and specifications.
Review and understand implemented systems and technology ecosystem at the terminal. Control cyber design and rollout process, optimization/continuous improvement.
Ensure vulnerabilities management for all terminal infrastructure, systems, and technology assets.
Works as directed by management team to implement and document issues, involving gaps, lack of procedures and processes.
Analyze data and work with management to develop Cyber solutions.
Works closely with the terminal operational and functional teams.
Ensure proper integration of vendor provided solutions into the overall ecosystem of Cyber Security implementation for the terminal.
Ensure SLAs are met and daily KPIs are tracked and documented.
Collaborate with the regional teams, to identify opportunities to modernize, streamline and standardize the Cyber Security portfolio.
Critical Qualifications/Skills/Experience
Necessary to perform the requirements of the position:
Education - University or higher vocational degree and certification in Cyber Security & industrial IT systems.
Experience -
Minimum five (5) years of implementation experience in Cyber Program, industrial automation experience.
Collaboration - Able to build strong working relationships with stakeholders.
Must possess empathy, personal tact, cultural understanding, and well-developed communication skills (cross functional as well as on different levels).
Must haves - The candidate must have experience in all or most of the following areas for successful implementation of the Cyber Program.
Experience with Cyber policies, making IT hardening policy
Experience with OT hardening policies, documenting & implementing IT hardening policy
Experience with making Purdue visualization
Defining the cyber requirement of BCP plans
Experience with development and implementation of critical incident response plan (CIRP)
Experience in definition & implementation of cyber policy on backup & recovery policy
Conducting cyber awareness training
Validation & cyber exposure on physical layer, access control
Definition and hands-on in implementation of physical layer, perimeter control
Definition and hands-on in implementation of cyber isolation of edge equipment
Definition and hands-on in implementation of perimeter security for WAN equipment
Definition and hands-on in implementation of reverse proxy controls
Defining and hands-on in implementing network layer security NAC, ACL
Security Engineer - Embedded Systems
Cyber Security Analyst Job 6 miles from Fullerton
Role: Security Engineer - Embedded Systems
Compensation: $140,000-190,000 base
The client is one of the world's largest manufacturers of network products and IoT/smart home devices.
Job Title: Security Engineer - Embedded Systems
As a Security Engineer specializing in Embedded Devices, you will play a crucial role in safeguarding advanced embedded systems by identifying vulnerabilities and mitigating security risks. Your primary responsibilities will include conducting penetration testing, performing threat modeling, and leading security risk assessments to ensure the highest level of protection. You'll also be responsible for managing incident response, guiding product cybersecurity certifications, and developing custom security tools to optimize testing processes. This role requires strong collaboration with cross-functional teams, integrating security best practices throughout the Software Development Life Cycle (SDLC). Additionally, you will deliver security training, stay abreast of global cybersecurity standards, and conduct audits to maintain compliance with industry regulations.
Key Responsibilities:
Penetration Testing: Conduct penetration testing on embedded devices to uncover vulnerabilities. Provide detailed remediation advice and create comprehensive test reports.
Threat Modeling & Security Assessment: Identify and assess potential risks through threat modeling. Perform in-depth security assessments at both the architecture and functional levels to detect security gaps.
Incident Response & Vulnerability Management: Lead incident response efforts, including investigation, containment, remediation, and post-incident reviews. Collaborate with internal teams to ensure effective resolution.
Cybersecurity Certification: Assess product security certification requirements and collaborate with teams to achieve and maintain compliance with relevant standards.
Security Tool Development: Create and enhance penetration testing tools, automated testing platforms, and scripts to streamline testing processes and increase accuracy.
SDLC Integration: Contribute to the enhancement of the company's SDLC processes by ensuring security is integrated into every stage of product development.
Global Standards & Regulations Compliance: Stay informed on global cybersecurity standards and regulatory requirements, and help implement security baselines across embedded devices.
Security Training: Partner with product, R&D, and QA teams to create and deliver training on security best practices aimed at mitigating insider threats.
Security Auditing: Perform security audits to ensure compliance with cybersecurity standards (e.g., ISO 27001, NIST, GDPR) and relevant regulatory frameworks.
Requirements:
Required Qualifications:
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
Proven experience in a Security Engineer role focused on Embedded Devices, or a similar position.
In-depth understanding of protocol security design, cryptography, security frameworks, and common vulnerabilities.
Familiarity with security tools such as Burp Suite, Nmap, Kali Linux, Nessus, Metasploit, IDA, Ghidra, etc.
Ability to independently develop and customize penetration testing tools and fuzzing techniques.
Skilled in performing code audits and reverse engineering.
Proficiency in at least one programming language (e.g., C/C++, Python, Bash, or PowerShell).
Security certifications such as CISSP, OSED, OSWP are highly desirable.
Soft Skills:
Strong communication and interpersonal skills.
Ability to work autonomously and collaborate effectively with cross-functional teams.
Attention to detail and a strong commitment to maintaining high-security standards.
Benefits:
Competitive salary range: $140,000 - $190,000
Free snacks and drinks, with lunch provided on Fridays.
Comprehensive medical, dental, and vision insurance (partial coverage for dependents).
401(k) contribution.
Bi-annual performance reviews and annual salary increases.
Health and wellness benefits, including a free gym membership.
Quarterly team-building events.
Senior Information Security Analyst
Cyber Security Analyst Job 17 miles from Fullerton
SOC Cybersecurity Analyst III
Type: 6-Month Contract-to-Hire (24/7 Operations)
Goodman Masson is working with a leading Managed Services Provider (MSP) looking for a SOC Cybersecurity Analyst III to join their security operations team. This is an exciting opportunity for an experienced cybersecurity professional to lead incident response, threat detection, and security operations in a fast-paced, highly regulated environment.
The Role:
As a SOC Cybersecurity Analyst III, you will be responsible for proactive and reactive defense against evolving cyber threats. You'll work in a 24/7 Security Operations Center (SOC), responding to security incidents, improving security processes, and ensuring compliance with HIPAA, PCI-DSS, and industry standards.
Key Responsibilities:
Lead SOC operations by designing and optimizing security architectures, workflows, and processes
Monitor and investigate threats using SIEM, EDR, SOAR, and network security tools
Respond to and triage incidents, containing, eradicating, and recovering from security threats
Assess and remediate vulnerabilities across enterprise systems, cloud environments, and applications
Collaborate with cross-functional teams (IT, compliance, biomedical engineering) to ensure security best practices
Ensure compliance with healthcare security regulations (HIPAA, PCI-DSS)
Document incidents, root causes, and remediation efforts to improve overall security posture
Key Requirements:
Minimum 4 years of experience in a SOC environment, with lead-level expertise
Incident Response experience, particularly in healthcare or highly regulated industries
Strong SIEM & security monitoring experience
Expertise in threat detection, forensic analysis, and vulnerability management
Hands-on experience with SOAR, network security, EDR, and cloud security solutions
Knowledge of HIPAA, PCI-DSS, and cybersecurity frameworks (NIST CSF, CIS Controls)
Certifications preferred: Security+, CISSP, GSEC, GCIH, CSA, OSCP (or equivalent)
On-site role in a 24/7 SOC environment - requires availability for shifts, weekends, and on-call support
Why Join?
Work in a mission-critical cybersecurity role within a leading MSP
Take ownership of SOC strategy, automation, and security architecture
Ensure the security of highly sensitive data and biomedical systems
Competitive compensation with the opportunity for full-time conversion
If you're a seasoned SOC Analyst with a passion for security leadership, I'd love to hear from you! Please apply below.
Security Engineer
Cyber Security Analyst Job 16 miles from Fullerton
Salary Range:$125,000.00 To 155,000.00 Annually
Reporting to the Director of Information Security Operations, the Security Engineer is responsible for the day-to-day administration and SME of our security tooling, including utilizing one or more of these tools to ensure we comply with policies, regulations, and security best practices. The Security Engineer will also collaborate with our IT Engineering Team to remediate any insecure system/network/cloud architecture design, application/security control exceptions, vulnerabilities, and misconfigurations identified by our security tooling.
In addition, the Security Engineer will primarily support the Security Operation with data loss prevention, privilege access management, SIEM, firewall configuration, content filtering, file integrity monitoring, secure e-mail platform, and security tool deployment. The security Engineer will also be backup to our security monitoring functions, including assisting the Team in investigating potential security incidents, including containment and evidence gathering. As such, the Engineer will need to keep current not only on the latest threats and emerging cybersecurity risks but also assist in designing security controls and/or mitigation to reduce the likelihood and impact of a materialized attack.
The ideal candidate must possess at least five years as a security engineer, be meticulous and conscientious, and have strong technical skills in system, network, and cloud security while working in a heavily regulatory environment. The candidate should be a self-starter with great prioritization, consistent drive, and an innate ability to work in a fast-paced environment. Strong written and oral communication skills, the ability to work in a team environment, and a collaborative attitude are required.
Note: Please list the security stacks/tools you have worked with as part of your resume.
PRIMARY FUNCTIONS (Other Duties May Be Assigned)
Primary administrator to our data classification policies, data loss prevention, privilege access management, password management system, network/web application/API firewall administration, log management/SIEM, content filtering, file integrity monitoring, and secure e-mail systems
Periodically review host/network/cloud firewall rules and review all configuration changes.
Assists the Security Operations Team in performing security monitoring and gathering threat intelligence on our application, network, system, database, virtualization, and cloud security.
Conducts periodic compliance scans and reviews to ensure we comply with regulatory guidelines and security best practices
Assists the Director of Security Operations with investigating potential security incidents, including containment and evidence gathering.
Keeps current with emerging security issues, trends, and tools.
Assists the Director of Security Operations with various information security self-assessments, audits, and regulatory examinations.
Supervisory Responsibilities: This position does not include supervisory responsibilities
QUALIFICATIONS:
Education and/or Experience
Bachelor's degree or higher from an accredited college or university in a technical field (Computer Science, Management Information Systems, Engineering) and/or equivalent experience.
Security certifications required (e.g., CISSP, CISA, CISM, CEH, Security+)
Minimum five+ years of hands-on experience in IT and or Security Engineering in a regulated environment (FDIC, NACHA, and PCI)
Working knowledge of CI/CD pipeline, container orchestration and security, application security, and DevOps processes
Strong IaaS, PaaS, and networking background desired
Abilities:
Strong analytical, critical thinking, and problem-solving abilities
Ability to set priorities, meet deadlines, and multi-task with minimal supervision
Ability to respond to escalated supported cases with a sense of urgency
Ability to quickly learn technologies using documentation and internet resources
Ability to effectively communicate with employees, executives, and vendors in a wide range of situations
Great interpersonal and communication skills
Excellent analytical, decision-making, problem-solving, and conceptual skills
Sr. Security Engineer
Cyber Security Analyst Job 10 miles from Fullerton
Position: Sr. Security Engineer (Network/Palo Alto, Azure/Cloud, CrowdStrike/IDS, Arctic Wolf/Monitoring)
Duration: Direct Hire Full Time
Salary: 130k to 150k + 10% Bonus + Excellent Benefits Program
Must Haves: Palo Alto firewall (rules, security policies etc.) and Azure cloud (configurations etc.)
What You Will Do:
Review and identify any gap in Palo Alto Firewall rules, security policy and Implementation.
Assists in the planning and deployment of the Company's cloud information security strategies.
Implement security controls and solutions in cloud environments (Azure) to protect against threats, including control tower, Guard rails, service control policies, identity and access management, VPC flow logs and subnet security, data encryption, web application firewall and application security.
Manage Infrastructure and application security monitoring tools to detect and respond to security incidents in real-time.
Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the infrastructure and applications.
Develops and maintain an incident response plan, and coordinate responses to security incidents, ensuring timely resolution.
Ensure compliance with industry specific security standards (e.g. SOX, PCI) and assist in audits and compliance assessments.
Create and maintain documentation related to security policies, procedures, and configurations.
Maintain training and awareness programs to educate employees and cloud and devops teams on security best practices.
Uses penetration testing tools to perform regular vulnerability assessments of internal, DMZ, and external devices, and Cloud resources.
Work with Infrastructure team to Prioritize risk and guidance for quick remediation.
Designs, tests, and implements security protection measures intended to protect cloud-based applications and data.
Coordinates assigned security projects during implementation phase and ensures timely completion.
Assists in the day-to-day security team functions (i.e., response, monitoring, and support)
Communicate and relate complex business requirements and associated risks to technology.
Collaborate with cross functional teams, including DevOps, development, and IT, to integrate security into software development and deployment lifecycle using SASE framework.
Researches, evaluates, designs, tests, recommends, and plans implementation of new or improved information security software or devices.
Reviews computer logs and messages to identify and report on possible violations of security.
Assists in development of disaster or emergency recovery procedures for information systems and computer environment.
Provides leadership in understanding and responding to security audit failures reported by internal and external auditing.
What Gets You The Job:
Bachelor's degree in Computer Science, Computer Engineering or related Information Technology field.
Minimum three (3) years of experience in information security or information technology.
Proven experience in firewall security, cloud security and devsecops, including best practices, risk assessment and compliance requirements.
Experience with security tools and technologies such as web application firewall management, and evaluate vulnerability associated risk.
Working experience with below technologies are highly desirable but not required:
Paloalto Firewall
Crowdstrike EDR, IDP, Filevantage
ArcticWolf
Delinea
Checkpoint Harmoney
Automox
Please send your resume to Dave Lim, Senior Technical Recruiter for immediate consideration.
Irvine Technology Corporation (ITC) is a leading provider of technology and staffing solutions for IT, Security, Engineering, and Interactive Design disciplines servicing startups to enterprise clients, nationally. We pride ourselves in the ability to introduce you to our intimate network of business and technology leaders - bringing you opportunity coupled with personal growth, and professional development! Join us. Let us catapult your career!
Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Avionics Security Engineer
Cyber Security Analyst Job 30 miles from Fullerton
Do you love taking on challenges that create a positive impact? Are you passionate about empowering the future of aviation? Join our team of dynamic, intelligent, and creative engineers working across multiple functions to further the cybersecurity of wireless airborne communication systems. We are seeking a senior-level Avionics Security Systems Engineer with extensive experience in Cybersecurity, established industry and national standards, and RTCA DO guidance material. The ideal candidate is a versatile leader with the initiative to take on new problems and challenges.
This position can be onsite in El Segundo, Thousand Oaks, or Eagan, MN.
As the Avionics Security Systems Engineer, you will manage and deploy new developments in commercial aviation data security for Teledyne Controls' airborne and ground-based products. You will serve as a Security Subject Matter Expert (SME), regularly communicating with a variety of engineering, program, and customer stakeholders. Your leadership will guide our team in designing and building hardware and software technologies that enhance the safety and security of commercial aircraft globally. This role offers autonomy and the opportunity to shape the foundational components of next-generation avionics. Imagine what you could achieve!
Essential Duties and Responsibilities include the following. Other duties may be assigned.
Develop and implement security protocols, policies, and procedures specific to avionics systems.
Ensure compliance with relevant industry standards and follow RTCA guidelines (e.g., DO-326A, DO-355A, DO-356A), particularly related to airworthiness security.
Collaborate with the FAA and other relevant certification or standards bodies.
Prepare documentation for certification processes, including compliance reports and safety assessments.
Develop and coordinate incident response plans for avionics security breaches, ensuring timely recovery.
Train engineering teams on security best practices and foster a security-aware culture within the organization.
Liaise with avionics committees, industry working groups, and regulatory bodies.
Attend industry events, conferences, and workshops to stay informed about the latest security trends and share insights.
Lead development of security architectures, requirements, and test/analysis procedures.
Create threat models to analyze potential security weaknesses in embedded devices and cloud-based products.
Build the infrastructure for internal/external penetration tests and vulnerability assessments.
Develop and implement tailored security architectures and infrastructures across multiple projects.
Identify, test, and deploy new security technology.
Provides input into systems definition, technical design, and costs for proposal preparation on new products.
Provides technical input for customer attended design review presentations.
Provides estimates and input into scheduling for system security statement of work.
Supervisory Responsibilities
Provides direct oversight to a team of Security engineers, from entry level personnel to senior level engineers. Responsibilities include:
Coordinates assignment of Security personnel including assignment of duties, responsibilities, and scope of authority based on individual skill sets and availability.
Monitors employee hours and program charging.
Reviews trip reports and travel summaries.
Ensures training requirements for company processes and required Security Engineering skill sets.
Mentors Security Engineers at all levels and encourages job specific classes and training.
Conducts Performance Reviews based on input received from the Program Managers and engineering leads where the direct reports are assigned.
Periodically keeps employees informed of their performance and assists them in setting work goals that will increase their capabilities.
Promotes employee development by encouraging and supporting their advancement.
Rewarding and disciplining direct reports; addressing complaints and resolving problems.
Requirements:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed herein represent the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience
Bachelor's degree in Engineering (Computer Science, Computer Engineering, Cyber-Security, or similar technical field preferred) plus a minimum of 10 years of security-related experience.
Alternatively, a minimum of 13 years of demonstrated cybersecurity experience may suffice in lieu of a technical degree
Computer Skills
Proficient with industry security tools: Vulnerability scanners, Security event logging & Monitoring Analyzers, Intrusion Detection/Prevention System (IDS/IPS) and firewall logs, System and network security audits, Anti-virus products and Central Console.
Certificates, Licenses, Registrations
Security certifications such as the Certified Information Systems Security Professional (CISSP) certification, OEM certifications like Cisco's Cisco Certified Security Professional (CCSP) certification or Cisco's Certified Design Expert CCDE, Linux certifications like Red Hat's RHCE and Microsoft's MCSE Security are preferred but not required. Certifications such as Security+ are also useful.
Other Skills and Abilities
Strong knowledge in systems architecture as it pertains to cybersecurity.
Experience with auditing, risk and threat analysis, contingency planning, creating security standards, and using various security tools.
Understanding of TCP/IP, Linux, network/system intrusion techniques, firewalls and VPNs.
Working knowledge of connected systems, security concerns and supporting infrastructures.
Strong knowledge of network concepts including design and troubleshooting.
Good knowledge of system design concepts and application development.
Working knowledge of Docker security and application containerization.
Working knowledge of security implementations in cloud environments such as AWS.
Focused knowledge in areas of virtualization, identity and access management, Public Key Infrastructures (PKI), mutual authentication using digital certificates, and code signing and verification.
Required - Familiarity with NIST and ISO27001 standards. Preferred - Understanding of aviation security standards and guidance.
Extensive experience performing security and vulnerability analyses for aircraft systems in conjunction with ARINC 842 /ATA Spec 42 and RTCA DO-326A/355/356A is required.
Travel
This position may require 10% domestic and international travel.
US Person Statement
Due to the type of work at the facility and certain access restrictions, successful applicants must be a "US Person" (US Citizens, US Nationals, lawful permanent residents, asylees or refugees).
*Please note the salary range posted below is a general guideline for this job level and location. When extending an offer, a variety of factors are considered such as responsibilities of the position, relevant education and experience, certifications, knowledge and skills.
Cyber Security Analyst
Cyber Security Analyst Job 19 miles from Fullerton
**Cyber Security Analyst** Job Location **Long Beach, CA** Location Type **Onsite** ID **8921** The primary purpose of this position is to provide the maintenance, upkeep and provide front line support of our cyber-security program. · Measure and analyze cyber security posture across the organization and recommend improvements and solutions to current cyber security issues and risks + Conduct regular vulnerability assessments using tools like Qualys to identify potential weaknesses in network and server environments.
+ Work with red and blue teams to perform penetration testing and evaluate network and server defenses.
+ Ensure vulnerabilities are remediated in a timely manner through patches or configuration changes.
· Coordinates the implementation of cyber security solutions (new/modifications) to reduce risk while enabling business efficiency and productivity · Assists in cyber security incident response across the enterprise · Experience with virtualization and public cloud providers · Familiarity with ITIL processes · Strong oral and written communication & demonstrated team-work and collaboration skills **Desired Skills:** · Previous experience with IoT and safeguarding OT equipment in an industrial setting. · Experience in a maritime/transportation logistics environment **Education/Experience:** · BA/BS degree Computer Science, Engineering, Information Systems, or equivalent experience · Minimum 5 years in Information Technology including at least 3-5 years' experience in an Information Security Engineering or similar capacity *At Milestone we strive to create a workplace that reflects the communities we serve and work with, where we all feel empowered to bring our full, authentic selves to work. We know creating a diverse and inclusive culture that champions equity and belonging is not only the right thing to do for our employees but is also critical to our continued success.*
*Milestone Technologies provides equal employment opportunity for all applicants and employees. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, gender identity, marital status, age, disability, veteran status, sexual orientation, national origin, or any other category protected by applicable federal and state law, or local ordinance. Milestone also makes reasonable accommodations for disabled applicants and employees.*
*We welcome the unique background, culture, experiences, knowledge, innovation, self-expression and perspectives you can bring to our global community. Our recruitment team is looking forward to meeting you.*
*This position may be assigned to a client that requires all individuals on-site to have the COVID-19 vaccination. The individual must be fully vaccinated before starting work at such a client site.*
Cyber Security Analyst
Cyber Security Analyst Job 31 miles from Fullerton
Requirements
Skill
Required / Desired
Experience
Experience of incident handling, security architecture, malware analysis, or similar
Preferred
2 Years
Have at least one of the following certifications (should be current): Security+, GSEC, GCIA, GCIH, CISSP or equivalent but is not required to college graduate with a computer science, computer engineering, forensic degree may be considered
Preferred
-
Cyber Security Analyst
Cyber Security Analyst Job 16 miles from Fullerton
Monitor and investigate suspicious activity in SIEMs
Perform user and system access reviews
Help develop cybersecurity policies and procedures
Evaluate, develop and implement security controls across infrastructure, systems, application and data.
Maintain and administer email security systems
Collaborate with team members to implement security controls
Review Azure resources for secure configurations
Assist with incident response by gathering and investigating information
Assist with cybersecurity audits and penetration testing
Maintain and administer Microsoft network security
Maintain and administer Microsoft endpoint security
Document and review secure configurations for unauthorized changes and compliance
Help develop and maintain disaster recovery, business continuity and incident response procedures
Assist with company-wide cybersecurity training and awareness
POSITION PREREQUISITES:
Education and Experience:
Undergraduate degree in an applicable professional, business, or technical discipline preferred
CISSP certification preferred
Three to five years of experience administering Microsoft cloud technologies (M365, Azure, Server and Storage, Exchange, SharePoint)
Three to five years of experience working in a cybersecurity role
Three to five years of experience in administering cybersecurity systems:
Email security
Endpoint security
Network security
Security Appliances
Enterprise Mobility
Patch Management
SIEM
Skills and Abilities:
Strong organization and process-oriented skills
Strong project management
Attention to detail and excellence
Demonstrated ability to multi-task in a high-paced environment
Strong written and verbal communication skills
Strong Help Desk customer service skills
Ability to logically and methodically breakdown and resolve complex issues
Ability to work independently on aggressive schedules
Must work well in a remote team environment
Strong Microsoft cloud technologies experience required
Physical Requirements:
Moderate lifting of computers and IT related equipment
Ability to work nights and weekends as needed
Travel to locations across the US as needed
At LEAPROS™, we are committed to our core values and guiding ethical principles, to conducting business in a non-discriminatory manner, and to operating in strict compliance with applicable federal and state laws pertaining to Equal Employment Opportunity. This commitment enhances our ability to conduct business with the highest level of integrity, solidifying our position as the most trusted workforce solutions partner. To learn more about LEAPROS™ or to speak with one of our recruitment partners, call 866-920-LEAP or visit our website at ****************
Cyber Security Analyst III
Cyber Security Analyst Job 30 miles from Fullerton
**You can make a difference** At KARL STORZ, we take pride in helping patients through some of the toughest journeys of their lives. We are making contributions that matter. Regardless of your role, YOU improve patients' lives every day.
Work Location (for field-based positions):
At KARL STORZ, we're pioneering medical technology that transforms lives. Our commitment to innovation demands a robust defense against evolving cyber threats. We're seeking a talented Cyber Security Analyst to join our team of security experts.
**Your Mission:**
* Safeguard our global network infrastructure
* Detect and respond to advanced threats, staying ahead of malicious code activity
* Develop and implement proactive security measures, ensuring the integrity of our systems
* Collaborate with internal stakeholders and external partners to drive cybersecurity excellence
**Key Responsibilities:**
* Monitor and analyze security events, alerts, and threats from SIEM, NDR, EDR, and ITDR systems, with an emphasis on identifying new attack vectors
* Conduct advanced monitoring and lead the analysis of malware, phishing, application, and network-based attacks, developing proactive mitigation strategies
* Respond to and investigate advanced/targeted attacks, coordinating efforts with incident response teams and senior management.
* Document all actions, decisions, and outcomes throughout the duration of a cybersecurity incident, ensuring comprehensive reporting and knowledge sharing.
* Develop and maintain incident response playbooks, security protocols, and procedures
* Lead Blue/Red Team exercises to identify vulnerabilities and strengthen our defenses
* Stay abreast of emerging threats, technologies, and trends in cybersecurity
**Requirements:**
* 4+ years of experience in Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team
* Undergraduate degree in Cybersecurity, Computer Science, or equivalent technical discipline
* Certification: SANS Sec 4xx, GIAC Security Essentials (GSEC), or equivalent
* Intermediate knowledge of:
+ Malware families and network attack vectors
+ Operating system internals and security mechanisms
+ Web applications and APIs
+ System security architecture and security solutions
+ Network infrastructure devices and protocols
+ Attack activities such as network scanning, DDOS, malicious code activity
+ Network infrastructure devices such as routers and switches
+ Networking protocols such as TCP/IP, DNS, HTTP/S
**Preferred Qualifications:**
* 5-6 years of experience in cybersecurity
* Master's degree in Cybersecurity, Computer Science, or equivalent
* Certification: CISSP or equivalent
* Intermediate knowledge of:
+ Scripting (Python, YARA, RegEx)
+ Data analysis tools (Excel, SQL, Splunk, PowerBI)
+ Forensics tools and malware analysis
+ Security technologies (SIEM, IDS/IPS, DLP, WAF, NDR, EDR, ITDR, SOAR)
+ ITIL processes and framework
If you're a motivated and talented cybersecurity professional looking to make a meaningful impact, we'd like to hear from you!
**Who we are:**
KARL STORZ is an independent, family-owned company headquartered in Germany's renowned MedTech manufacturing region. For 80 years, we've pioneered the most groundbreaking innovations in endoscopic surgery, video imaging, and operating room integration to benefit patients and healthcare providers alike.
With more than 9,000 associates worldwide and 2,600 in the US, we pride ourselves on harnessing cutting-edge technology, precise workmanship, and unrivaled customer support to help healthcare facilities succeed. With onsite locations and field opportunities across the country, we attract a diverse and talented staff. It's not just about the tools we create-it's about the lives we change, together.
#LI-CW1
**Eligible Employee Benefits**
* Medical / Dental / Vision including a state-of-the-art wellness program and pet insurance, too!
* 3 weeks vacation, 11 holidays plus paid sick time
* Up to 8 weeks of 100% paid company parental leave; includes maternal/ paternal leave, adoption, and fostering of a child.
* 401(k) retirement savings plan providing a match of 60% of the employee's first 6% contribution (up to IRS limits)
* Section 125 Flexible Spending Accounts
* Life, STD, LTD & LTC Insurance
* We prepay your tuition up to $5,250 per year! - Tuition pre-imbursement
* Fitness reimbursement of up to $200 annually
* And much more!
KARL STORZ reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. Additionally, KARL STORZ, through its supervisors, may require an employee to perform duties outside their normal description within the sole discretion of the supervisor. Employees must comply will all applicable KARL STORZ policies and procedures.
KARL STORZ is committed to maintaining a safe work environment for our employees and customers. Most field-based roles at KARL STORZ require hospital credentialing/health screens as a condition of employment. Credentialing can include required vaccinations, health screens & other requirements as outlined by our customers. During the interview process, we encourage you to ask how credentialing/health screens may impact the role you are seeking and if you require any reasonable accommodations regarding these requirements.
The pay range and/or hourly pay rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job posting and may be modified in the future. When determining a specific team member's base salary and/or hourly pay rate, several factors will be considered including such things as location, specialty, service line, years of relevant experience, education, professional credentials, internal equity, and the amount budgeted for the role.
KARL STORZ is committed to creating an inclusive space where employees are valued for their skills and unique experiences. To achieve this goal, we are committed to diverse voices, and all applicants will receive consideration without regard to race, color, sex, national origin, disability, veteran status, or any other protected characteristic. KARL STORZ is also committed to providing reasonable accommodations during our recruitment process. Should you need assistance or accommodation please email us at **************************.
Provider Description Enabled SAP as service provider
* "route" is used for session stickiness
* "career SiteCompanyId" is used to send the request to the correct data center
* "JSESSIONID" is placed on the visitor's device during the session so the server can identify the visitor
* "Load balancer cookie" (actual cookie name may vary) prevents a visitor from bouncing from one instance to another
Provider Description Enabled LinkedIn
Cyber Security Analyst
Cyber Security Analyst Job 17 miles from Fullerton
The Orange County Department of Education (OCDE) serves some of Orange County's most vulnerable student populations and provides support and mandated fiscal oversight to 28 school districts serving more than 600 schools and approximately 475,000 students. In addition to providing direct instruction to students through its own alternative and special education programs, OCDE administers an array of programs and services that are critical to the operations of local school districts and community colleges, facilitating professional development, legal guidance, payroll, career and technical education support, high-speed internet access, Local Control and Accountability Plan assistance and approval, resources for families, and student enrichment. OCDE's vision is that "Orange County students will lead the nation in college and career readiness and success." Department staff are working to achieve this goal in collaboration with educators at all levels of student development, from early childhood through higher education, and in partnership with families, businesses and community organizations.
Education and Experience: Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be:• Bachelor's degree or equivalent from an accredited college or university with major course work in information security, or a related field.•One (1) to Two (2) years or equivalent of experience in information security technology, specifically with penetration testing, intrusion, incident response, or digital forensics.
There are supplemental questions in the application. Please note that the EdJoin system will time-out after a 20-minute period of perceived inactivity. To assist you in the preparation of your application, the supplemental questions are listed here. Your responses should be thoughtful and thorough, and within the limit of 5,000 characters or less. We recommend that you prepare your responses in advance of beginning the application. 1. Explain a cybersecurity framework or methodology you know and how you have applied it in a previous role or project. 2. Describe your approach to investigating and assessing cybersecurity events and incidents. How do you prioritize incidents, and what criteria do you use to determine severity and impact? 3. Why are you passionate about pursuing a career in cybersecurity, and how do you stay current with the latest trends and developments in the field? Notice to Applicants: If you require accommodations in the application process, please inform us.
Education and Experience: Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be: • Bachelor's degree or equivalent from an accredited college or university with major course work in information security, or a related field. •One (1) to Two (2) years or equivalent of experience in information security technology, specifically with penetration testing, intrusion, incident response, or digital forensics.
There are supplemental questions in the application. Please note that the EdJoin system will time-out after a 20-minute period of perceived inactivity. To assist you in the preparation of your application, the supplemental questions are listed here. Your responses should be thoughtful and thorough, and within the limit of 5,000 characters or less. We recommend that you prepare your responses in advance of beginning the application. 1. Explain a cybersecurity framework or methodology you know and how you have applied it in a previous role or project. 2. Describe your approach to investigating and assessing cybersecurity events and incidents. How do you prioritize incidents, and what criteria do you use to determine severity and impact? 3. Why are you passionate about pursuing a career in cybersecurity, and how do you stay current with the latest trends and developments in the field? Notice to Applicants: If you require accommodations in the application process, please inform us.
Comments and Other Information
Resumes will not be accepted in lieu of the completed online application. Before receiving authorization to work in this position, the individual selected will be required to provide a current negative TB authorization, within the last 60 days, and submit fingerprints for the purpose of conducting a confidential background investigation and record check. The tests are arranged and paid for by OCDE. The Immigration Reform and Control Act of 1986 requires employers to verify the employability of all new employees. Before the Department will finalize an offer of employment, the candidate selected will be required to show original documents which establish both the individual's identity and employment authorization. The candidate must also sign a statement under penalty of perjury regarding his/her employability. We reserve the right to reopen, readvertise, or delay filling this position. AA/EOE/ADA
Technical Information Security Specialist - GRC
Cyber Security Analyst Job 16 miles from Fullerton
* Full-time * Job Type (exemption status): Exempt position - Please see related compensation & benefits details below * Salary Range: 135,660.00-192,100.00 * Business Function: IT Security
**Company Description**
At Western Digital, we are on a mission to unlock the potential of data so people, companies and organizations everywhere can create what's next. To fulfill our vision, we are always on the lookout for potential team members who share our passion for solving problems to empower others.
When you join Western Digital, you join a legacy more than 50 years in the making. Across our Western Digital , SanDisk , SanDisk Professional, WD and WD\_BLACK™ brands, we have brought some of the most storied advancements in memory and data storage technology to market-and our best, most innovative work is yet to come.
From energizing gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world's biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.
Here's how you can help.
**Job Description**
This is a Hybrid role with 2 days in office per week and can be located in either Irvine or San Jose.
As an Information Security GRC Specialist, you will play a critical role in Western Digital's information security risk management program.
You will lead Western Digital's technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives. You will lead technical risk assessments, develop robust risk management strategies, and develop insightful metrics and dashboard. You will collaborate with cross-functional teams, providing expert technology risk guidance and analysis to enhance our information security posture and ensure compliance with industry standards and regulations.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
* Lead technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives.
* Lead technical assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets.
* Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
* Develop comprehensive metrics and dashboards to communicate the status of information security risks to stakeholders and leadership.
* Analyze security data to identify trends, vulnerabilities, and areas for improvement.
* Collaborate with internal and external auditors to facilitate security audits and assessments.
* Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
* Stay current with industry trends, emerging threats, and best practices for information security and risk management.
* Provide expert technical guidance and support in developing and maintaining information security policies, standards, and procedures.
* Implement enterprise-wide risk management frameworks that aligns with industry standards (e.g. ISO27001, NIST, etc).
**Qualifications**
REQUIRED:
* Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
* 8+ years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, and hands-on with at least one of the following: security engineering, network security, identity and access management, security operations, and/or software development security.
* Proficiency in risk assessment methodologies, tools, and techniques.
* Experience in conducting risk assessments, vulnerability assessments, and compliance audits.
* Strong understanding of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR).
* Experience in generating and interpreting information security metrics and reports.
* Experience in building and maturing information security risk management practices.
PREFERRED:
* Relevant certifications such as CISSP, CISM, CRISC, GSNA or similar are highly desirable.
* Technical certifications such as GCIH, GPEN, CEH, OSCP or similar are highly desirable.
SKILLS:
* Excellent analytical and problem-solving skills with attention to detail.
* Strong communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
* Ability to work independently and collaboratively in a fast-paced environment.
55G
**Additional Information**
Western Digital is committed to providing equal opportunities to all applicants and employees and will not discriminate against any applicant or employee based on their race, color, ancestry, religion (including religious dress and grooming standards), sex (including pregnancy, childbirth or related medical conditions, breastfeeding or related medical conditions), gender (including a person's gender identity, gender expression, and gender-related appearance and behavior, whether or not stereotypically associated with the person's assigned sex at birth), age, national origin, sexual orientation, medical condition, marital status (including domestic partnership status), physical disability, mental disability, medical condition, genetic information, protected medical and family care leave, Civil Air Patrol status, military and veteran status, or other legally protected characteristics. We also prohibit harassment of any individual on any of the characteristics listed above. Our non-discrimination policy applies to all aspects of employment. We comply with the laws and regulations set forth in the “” poster. Our pay transparency policy is available here:
Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.
Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.
Based on our experience, we anticipate that the application deadline will be **01/08/2025** (3 months from posting), although we reserve the right to close the application process sooner if we hire an applicant for this position before the application deadline. If we are not able to hire someone from this role before the application deadline, we will update this posting with a new anticipated application deadline.
#LI-AS1
**Compensation & Benefits Details**
* An employee's pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
* The salary range is what we believe to be the range of possible compensation for this role at the time of this posti
Cyber security specialist
Cyber Security Analyst Job In Fullerton, CA
Full-time Description
**Must work onsite 5 days a week**
Mullen is a diverse group of people, partners and organizations committed to the development, sustainability, and affordability of clean energy.
We are seeking a highly motivated and talented Cyber Security Specialist to join our rapidly growing cyber security department here at Mullen Automotive. As a Cyber Security Specialist, you will play a critical role in safeguarding our organization's systems, networks, and data from potential cyber threats. You will be responsible for analyzing and responding to security incidents, monitoring the effectiveness of security controls, and providing recommendations for enhancing the overall security posture of the organization.
Responsibilities (Included but not limited to):
· Monitor alerts and events generated by security appliances, triage potential security incidents, and conduct thorough investigations to determine the nature and extent of the incident.
· Stay up to date with the latest threat intelligence and security trends relevant to the automotive industry. Analyze threat data, conduct research on emerging threats, and proactively identify potential risks or vulnerabilities within the organization's environment.
· Collaborate with the IT and operations teams to identify vulnerabilities within systems and applications. Work closely with the team to remediate vulnerabilities, apply security patches, and conduct periodic vulnerability scans to ensure a secure infrastructure.
· Assist in the development and delivery of cybersecurity awareness and training programs to educate employees about potential cyber threats, best practices, and the proper use of company assets.
Requirements
Requirements/ Qualifications (included but not limited to):
· Bachelor's degree in Computer Science, Information Security, or 1-3 years' experience in a SOC or relevant security position.
· Relevant certifications (e.g., Security+, CySa+, CEH, GSEC) are highly desirable.
· Strong experience in cyber security analysis, incident response, and threat intelligence.
· Familiarity with Microsoft security tools and technologies, such as Microsoft Defender for Endpoint and Microsoft Cloud App Security, is a plus.
· Solid understanding of network protocols, operating systems, and common security technologies (firewalls, IDS/IPS, SIEM).
· Proficient in analyzing security event logs and performing log correlation.
· Excellent problem-solving and analytical skills, with the ability to think critically and make informed decisions under pressure.
· Effective communication and collaboration skills to work with cross-functional teams and stakeholders.
· Self-motivated, proactive, and able to work independently as well as in a team environment.
· High ethical standards and a commitment to maintaining confidentiality and data integrity.
Physical Requirements:
Mobility: Will frequently remain in a stationary position - to include standing, or sitting for prolonged periods, and communicate frequently with others to exchange information.
Lifting: Occasional work that includes moving or transporting small parcels, packages, and other items up to 20 pounds for various needs.
Vision: Must have the ability to observe details at a close range (clear vision at 20 inches or less), a distance range (clear vision at 20 feet or more), a variation of colors (ability to identify and distinguish colors), a peripheral range (ability to observe an area that can be seen up and down or to the left and right while eyes are fixed on a given point), depth perception (three-dimensional vision, ability to judge distances and spatial relationships), and the ability to adjust focus (ability to adjust the eye to bring an object into sharp focus).
Dexterity: Frequently repetitive and substantial movements (motions) of the wrists, hands, and/or fingers.
Environmental: Rare exposure to low and/or high temperatures, outdoor elements such as precipitation and wind, noisy environments, machinery, enclosed spaces, and hazardous conditions.
Mullen Automotive is an Equal Opportunity/Affirmative Action Employer dedicated to a policy of compliance with all federal, state, and local laws regarding nondiscrimination in employment. Consistent with the provisions of the Americans with Disabilities Act (ADA), applicants may request accommodations needed to participate in the application process.
Reports To: VP of IT & Business Systems Status: Salary
The employee signature below constitutes the employee's understanding of the requirements, essential functions, and duties of the position.
Salary Description 130,000 to 150,000
Information Security Analyst/ Intermediate (Cybersecurity) CA
Cyber Security Analyst Job 30 miles from Fullerton
Job Details El Segundo, CA $115,869.00 - $150,945.00 SalaryDescription
Information Security Analyst - Intermediate (Cybersecurity)
Clearance Level Required: Top Secret
Responsibilities will include, but are not limited to:
Keep up to date at all times all applicable Risk Management Framework (RMF) controls, System Security Plan (SSP), Plan of Action and Milestones (POA&M), and related RMF artifacts in order to maintain Authorization to Operate (ATO) for the LAAFB NIPRNet and SIPRNet enclaves.
Ensure continuous security, operational availability, and reliability of IT systems and equipment supporting the LAAFB mission.
Develop and conduct mandatory briefings, reports, and studies on current cybersecurity threats to LAAFB and current cybersecurity posture.
Conduct Assured Compliance Assessment Solution (ACAS) scans weekly to ensure vulnerabilities identified by AF and DoD are mitigated.
Qualifications
BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution.
Certification: CGRC/CAP or CASP+ or CCSP or Cloud+ or SSCP or Security+ or GSEC.
Information Security Analyst
Cyber Security Analyst Job 23 miles from Fullerton
People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities.
Apply today!
What our team members are saying:
Video Clip 1
Video Clip 2
Video Clip 3
Learn more about us at cathaybank.com
GENERAL SUMMARY
This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices.
Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation.
ESSENTIAL FUNCTIONS
* Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk.
* Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation.
* Periodically assesses the information security controls design and execution applied by vendors for completeness and efficacy.
* Identifies control gaps for remediation.
* Assesses vendor security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others.
* Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments.
* Reports information security risks and follows-up remediations.
* Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management.
QUALIFICATIONS
Education:
* College degree in Information Technology or Information Security or equivalent;
Security+, SSCP, CISSP, CISM or similar information security certifications preferred.
Experience:
* Minimum of 2 years experience in Information Security Risk, Information Security Operations or Security Auditing.
* Proven experience on third-party risk management and vendor security assessments.
* Experience working with Vendor Risk Management (VRM) applications preferred.
* Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required.
Skills/Ability:
* Proven ability to initiate and manage projects.
* Excellent communication and problem-solving skills.
* Strong inter-personal communication and collaboration skills.
* Self-starter, highly motivated, and able to work with general supervision.
OTHER DETAILS
$29.81 - $42.07 / hour
Pay determined based on job-related knowledge, skills, experience, and location.
This position may be eligible for a discretionary bonus.
Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k).
Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy.
Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We believe in diversity, equity, and inclusion in the workplace. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law.
Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster:
Poster- English
Poster- Spanish
Poster- Chinese Traditional
Poster- Chinese Simplified
Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at ************** or *************************. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
Apply Now
Cloud Security Engineer
Cyber Security Analyst Job 6 miles from Fullerton
Role: Cloud Security Engineer
Compensation: $140,000-190,000 base
The client is one of the world's largest manufacturers of network products and IoT/smart home devices.
Position: Cloud Security Engineer
The Cloud Security Engineer is responsible for securing web applications, cloud services, and their associated infrastructure. This role involves conducting penetration tests, managing security incidents, and performing regular AWS security audits to ensure compliance with best practices and industry standards. The engineer will also address customer-reported vulnerabilities, create security policies, and assess threats and risks to effectively mitigate potential security issues. A key part of this role is working closely with development teams to integrate security measures into DevOps workflows. Additionally, the Security Engineer will play a vital role in promoting security awareness throughout the organization.
Key Responsibilities:
Penetration Testing: Conduct penetration tests on web applications and cloud services to evaluate and improve security measures.
Incident Response: Take immediate action in response to security incidents, leading investigations, implementing containment and remediation, and performing post-incident analysis.
Cloud Security Auditing: Perform routine AWS security audits to ensure adherence to best practices and compliance with relevant security standards.
Customer Vulnerability Management: Manage vulnerabilities reported by customers, providing remediation advice, and tracking the progress of fixes with the R&D team.
Security Policy and Documentation: Develop and maintain comprehensive security policies and procedures. Document security incidents and the corresponding mitigation steps.
Threat and Vulnerability Assessment: Conduct ongoing evaluations to identify, analyze, and mitigate risks and vulnerabilities across systems, networks, and applications.
Collaboration with Development Teams: Work closely with development and operations teams to embed security into DevOps practices, automate security testing, and conduct vulnerability scans.
Security Awareness Training: Collaborate with teams to design and deliver security awareness training, ensuring adherence to best practices and reducing the likelihood of insider threats.
Required Qualifications:
Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
Experience: Proven experience in a Security Engineer role or a similar position.
Penetration Testing Expertise: Extensive experience in cloud penetration testing, particularly within AWS environments, and proficiency with penetration tools like Burp Suite, Kali Linux, and Metasploit.
AWS Knowledge: Strong understanding of AWS, including security management, configuration, and best practices for daily security management and audits.
Cloud Auditing: Hands-on experience in auditing cloud environments and optimizing security frameworks.
Scripting Skills: Proficiency in scripting or programming languages such as Python, with the ability to write Proof of Concept (PoC) or exploit scripts to validate vulnerabilities.
Certifications: Possession of security certifications such as CISSP, CEH, or OSCP is preferred. Cloud security certifications like AWS Certified Security - Specialty or Google Cloud Certified - Professional Cloud Security Engineer are a plus.
Communication Skills: Ability to communicate technical concepts effectively to both technical and non-technical stakeholders.
Collaboration: Capability to work independently while maintaining close collaboration with security and development teams.
Attention to Detail: Strong focus on accuracy in security testing and remediation, ensuring thorough addressing of vulnerabilities.
Soft Skills:
Strong communication and interpersonal skills.
Ability to work both independently and as part of a cross-functional team.
High attention to detail with a commitment to upholding security standards.
Benefits:
Salary Range: $140,000 - $190,000
Perks: Free snacks, drinks, and lunch on Fridays
Healthcare: Fully paid medical, dental, and vision insurance (partial coverage for dependents)
Retirement: Contributions to 401k plans
Compensation: Bi-annual performance reviews and annual pay increases
Wellness: Health and wellness benefits, including a free gym membership
Team Building: Quarterly team-building events
Information Security Analyst/Intermediate CA
Cyber Security Analyst Job 30 miles from Fullerton
Job Details El Segundo, CADescription
Information Security Analyst - Intermediate
Clearance Level Required: Secret
Responsibilities will include, but are not limited to:
Manage and maintain Communications and Information Systems Installation Records (CSIRs) and CIPS Visualization Component (CVC) records for all supported communications and IT systems and cabling IAW TO 00-33A-1001.
Manage, update, and maintain CVC with the outside telecommunications coaxial, fiber and copper cabling infrastructure information for LAAFB and Fort MacArthur.
Review and Quality Control (QC) changes in CVC and notify the Work Center Manager of each feature that was rejected during the QC approval process.
Review CSIRs and CVC information annually in coordination with Work center Managers. Maintain a list of all work centers to include but not limited to, e.g., names of appointed Work Center Managers, scheduled date of review, and actual date of review.
Qualifications
BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution.