Cyber security analyst jobs in Irvington, NJ

Job Title: Cyber Security Risk Analyst. Job Type: Contract. IS NOT OPEN TO AGENCIES. The Cyber Security Risk Analyst supports enterprise governance, risk, and compliance (GRC) initiatives by strengthening cyber risk management practices, enhancing third-party risk oversight, and contributing to cybersecurity governance across a complex organizational environment. This role works closely with cybersecurity leadership, internal stakeholders, and partner teams to mature risk assessment processes and ensure consistent, well-documented risk management activities. Key Responsibilities Design, develop, and enhance cybersecurity risk management processes and supporting frameworks Support enterprise cyber risk governance, including risk identification, evaluation, and remediation tracking Perform cybersecurity risk assessments in collaboration with business and IT stakeholders Evaluate and manage third-party and vendor cybersecurity risk throughout the vendor lifecycle Contribute to the development and maintenance of a third-party risk register Review and analyze cybersecurity risk cases, exceptions, and justifications Document risks, mitigations, and remediation actions within a centralized risk register Assist in developing risk assessment procedures, methodologies, and testing approaches aligned with industry frameworks Collaborate with cross-functional teams and subject matter experts to gather risk intelligence Support remediation efforts by helping initiate corrective actions where vulnerabilities or weaknesses are identified Participate in special cybersecurity initiatives and projects as assigned Required Qualifications Minimum of 4 years of experience in one or more of the following areas: Cybersecurity risk management Cybersecurity risk assessment Third-party or vendor risk management within a cybersecurity function Strong understanding of GRC concepts and the cyber risk lifecycle Experience working in large, complex, multi-stakeholder environments Strong analytical, investigative, and documentation skills Excellent written and verbal communication skills Preferred Qualifications Bachelor's degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field Familiarity with one or more cybersecurity frameworks or standards, including: NIST ISO/IEC 27001 / 27002 CIS SANS PCI Relevant certifications are a plus, including but not limited to: CISSP, CISM, CRISC, CISA CompTIA Security+, CySA+, Network+ GIAC certifications Knowledge of cybersecurity laws, regulations, and data privacy principles Ability to work independently in a self-directed and organized manner About Buchanan Technologies Since Buchanan's inception over 30 years ago, we have operated on 5 core values - People Matter, Customers Matter, Principles Matter, Community Matters, and Every Interaction Matters. These values are represented across each facet of the company, from employee relations to client service delivery to corporate social responsibility initiatives and beyond. Why Work at Buchanan? At Buchanan Technologies, we offer a great employment experience with a fun but professional work environment, competitive salary, and various employee career advancement programs that add value to your skills and daily life. If you are excited about being part of an energetic team where your contributions are appreciated and hard work is recognized, Buchanan is the place for you. Things We Are Passionate About We are passionate about providing top-tier technology services to our customers and clients and fostering a culture of continuous learning for our employees. We are a people- centric company, focused on growth and diversity for our workforce. Come join us and let's build something amazing together. Follow Us: LinkedIn: ******************************************************* Website: **************** Buchanan Technologies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, protected veteran status, or genetics. In addition to federal law requirements, Buchanan Technologies complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

JOB FUNCTION The Cybersecurity Engineer will be responsible for implementing and maintaining the firm's cybersecurity technology solutions, monitoring for security incidents and vulnerabilities, coordinating end user activities, and participating in the investigation and response of any breaches or attacks. The ideal candidate will be a self-starter who can work both independently and collaboratively with diverse technical and business teams. He or she will report to the Chief Information Security Officer. Additional responsibilities include: Managing the vulnerability management program, including internal and external scanning, monitoring threat feeds, news sources, and vendor bulletins for risks and tracking remediation Maintaining and monitoring control baselines, hardening standards, asset/coverage metrics, and configuration compliance Monitoring and documenting key performance indicators (KPIs) and governance, risk, and compliance (GRC) evidence Suggesting and evaluating new technologies Educating employees on security best practices to reduce the risk of human error Collaborating with the Cloud, Systems, Network, Database, Desktop, and Development engineering teams on risk identification, analysis, and remediation Assisting with vendor due diligence Assisting with physical security infrastructure projects, maintenance, and updates QUALIFICATIONS The ideal candidate should have the following experience: 3+ years of experience in a Security Engineer role Proficiency with managing EDR solutions, SIEM, network security, cloud security, mobile security, vulnerability management, identity and access management, encryption, and a solid understanding of operating systems like Windows and Linux Strong ability to analyze security data, identify threats, and create effective solutions Ability to document and communicate technical information clearly to both technical and non-technical audiences Scripting/automation experience a plus The ideal candidate possesses the following traits: Creativity: the ability to deploy different approaches and be resourceful. Intellectual curiosity: passion for learning and investigating a broad range of subject matter; satisfaction derived from the consumption and understanding of information and increasing knowledge base. Accountability: ownership of individual responsibilities and work product. Strong people skills: ability to build relationships internally and externally and to be versatile in engaging with different constituents.

Job information: Functional title - Application Security Specialist Department - IT Security Corporate level - Vice President Report to - Director, Application Security Expected full-time salary range between $ 140,000- $180,000 + variable compensation + 401(k) match + benefits. What you will be doing: Perform Application Security scans (e.g. DAST and SCA) on applications and APIs to identify security vulnerabilities and weaknesses, Triage security findings and collaborate with development teams to prioritize and remediate identified vulnerabilities. Drive threat modelling as a standard part of the SDLC, and develop and maintain threat models for critical applications, identifying potential security risks and proposing mitigations. Drive the Security Champions program, and define and promote secure coding practices, patterns, and standards across development teams. Conduct security reviews and provide guidance on security requirements for new features and projects. Assist in the analysis, selection and rollout of new application security tools, processes, and standards. Stay up to date with the latest security threats, vulnerabilities, and industry best practices. What we're looking for: Proven experience in application security with a focus on application security testing and vulnerability management. Hands-on experience with Application Security tools. Strong understanding of common application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques. Experience with threat modelling methodologies and tools. Proficiency in at least one programming language (e.g., Java, Python, JavaScript). Excellent communication and collaboration skills, with the ability to work effectively in cross functional teams. Strong understanding of risk management. Professional qualifications / certifications Degree in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). Relevant security certifications (e.g. CISSP, CEH, CSSLP) or equivalent is preferred.

We are seeking a highly skilled and motivated CyberArk PAM Administrator to support the deployment, configuration, and ongoing management of privileged access management (PAM) and cybersecurity technologies. This role is ideal for a cybersecurity professional who enjoys working in collaborative environments, driving secure system design, and supporting enterprise-scale security initiatives. The successful candidate will play a key role in implementing new cybersecurity solutions, supporting infrastructure upgrades, and ensuring systems are secure, reliable, and well-documented. This position offers the opportunity to work with modern security platforms while contributing to the organization's overall cyber maturity and growth. Key Responsibilities Implement and support new deployments of cybersecurity technologies, including CyberArk PAM and related security products. Assist with infrastructure upgrades to support application growth and evolving cybersecurity requirements. Configure, deploy, and maintain systems in accordance with security best practices and architectural standards. Troubleshoot and support all aspects of CyberArk Privileged Access Management, including onboarding, vault management, and access controls. Develop and maintain technical documentation, procedures, and runbooks for daily operations and major initiatives. Propose and document system architectures for secure and scalable deployments. Collaborate with internal teams, vendors, and stakeholders to ensure successful technology implementations. Patch, maintain, and monitor security platforms to ensure system stability and compliance. Train team members and end users on new systems and security processes as needed. Follow up promptly with stakeholders to address issues, changes, and enhancements. Required Skills / Education Proven experience as a CyberArk Administrator or in a similar Privileged Access Management role. Hands-on experience troubleshooting and supporting CyberArk PAM components. Strong understanding of cybersecurity principles, access control, and secure system administration. Ability to create clear, detailed technical documentation and operational procedures. Excellent written and verbal communication skills, with the ability to work effectively across technical and non-technical teams. Preferred Qualifications Experience with scripting or programming languages. Hands-on experience with PowerShell. Familiarity with enterprise infrastructure environments and security integrations. Strong interpersonal skills and the ability to collaborate with stakeholders at all organizational levels. About Seneca Resources At Seneca Resources, we are more than just a staffing and consulting firm-we are a trusted career partner. With offices across the U.S. and clients ranging from Fortune 500 companies to government organizations, we provide opportunities that help professionals grow their careers while making an impact. When you work with Seneca, you're choosing a company that invests in your success, celebrates your achievements, and connects you to meaningful work with leading organizations nationwide. We take the time to understand your goals and match you with roles that align with your skills and career path. Our consultants and contractors enjoy competitive pay, comprehensive health, dental, and vision coverage, 401(k) retirement plans, and the support of a dedicated team who will advocate for you every step of the way. Seneca Resources is proud to be an Equal Opportunity Employer and is committed to fostering a diverse and inclusive workplace where all qualified individuals are encouraged to apply.

Client: Metropolitan Transportation Authority Job Title: IGA/Security Analyst Duration: 12+Months Contract Number of Hours: 37.50 Hrs/Week Interview Type: Either Webcam Interview or In Person Ceipal ID: MTA_SECU154_MA Requirement ID: 5154-1 **PLEASE NOTE THIS POITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE. UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME** Overview: The IGA Analyst will play a critical role in strengthening the organization's identity security posture across corporate, frontline, and operational technology (OT) environments. This role will focus on onboarding applications into the enterprise IGA platform, modernizing authentication through FIDO2 and passwordless technologies, and reducing technical debt through effective governance and lifecycle management controls. The ideal candidate has hands-on experience with major IGA, PAM, and MFA platforms, possesses a strong understanding of Active Directory and Entra ID, and can collaborate with cross-functional teams to implement scalable identity controls that align with Zero Trust principles. KEY RESPONSIBILITIES: **Application Onboarding & Integration** * Partner with application owners to onboard and certify applications within the IGA platform (e.g., SailPoint, Saviynt, or Oracle). * Define and enforce access models, entitlements, and approval workflows for new and existing applications. * Establish least-privilege and segregation-of-duties (SoD) controls within IGA. **Identity Security Posture & Technical Debt Reduction** * Identify and remediate identity risks such as orphaned accounts, excessive entitlements, and privileged access sprawl. * Contribute to ongoing cleanup initiatives for AD, Entra ID, and connected systems to align with modern identity hygiene standards. * Support implementation of risk-based access policies and automated lifecycle management processes. **Authentication Modernization** * Support the adoption of phishing-resistant authentication methods, including FIDO2 security keys and passwordless sign-ins. * Collaborate with MFA and SSO platform teams to migrate legacy authentication flows to modern protocols (e.g., WebAuthn, OIDC, SAML). * Evaluate user experience, security impact, and deployment readiness across diverse user populations (corporate, frontline, OT). **Federation & Access Management** * Configure and manage federated SSO integrations via Entra ID and other IdPs. * Apply conditional access and adaptive authentication policies based on user risk, device health, and context. * Coordinate with PAM teams to align privileged session management with federated access controls. **Cross-Domain Collaboration** * Partner with security architecture, IAM engineering, and compliance teams to ensure IGA controls meet enterprise and regulatory standards. * Document and report on metrics related to access certifications, compliance posture, and identity lifecycle performance. * Provide operational support for IGA platform maintenance, upgrades, and new integrations. QUALIFICATIONS * Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience). * 3-5 years of hands-on experience in Identity Governance & Administration (IGA). * Strong knowledge of Active Directory, Entra ID, and federated authentication protocols (SAML, OIDC, OAuth2). * Familiarity with one or more of the following platforms: * IGA: SailPoint, Saviynt, Oracle IDCS * PAM: BeyondTrust, CyberArk, ManageEngine PAM360 * MFA/SSO: Microsoft Entra ID, Duo, Okta, Ping Identity * Working knowledge of Zero Trust, FIDO2, passwordless, and phishing-resistant MFA concepts. * Experience applying IGA controls for diverse user types (corporate, frontline, OT). * Strong analytical, documentation, and communication skills; ability to collaborate across technical and business teams. Additional Skills and Information: * Experience with identity lifecycle automation and role-based access control (RBAC) modeling. * Understanding of privilege escalation risks, identity threat detection, and compliance frameworks (NIST 800-63B, CIS, TSA, etc.). * Scripting knowledge (PowerShell, Python, or SQL) for data analysis or automation. * Familiarity with cloud identity models (Azure, AWS, GCP). V Group Inc. is a NJ based IT Services and Products Company with its business strategically categorized in various Business Units including Public Sector, Enterprise Solutions, Professional Services, Ecommerce, Projects, and Products. Within Public Sector business unit, we cater IT Professional Services to Federal, State and Local. We have multiple awards/ contracts with 30+ states, including but not limited to NY, CA, FL, GA, MD, MI, NC, OH, OR, CO, CT, TN, PA, TX, VA, NM, VT, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant. Please share my contact information with others working in Information Technology. Website: ************************************** LinkedIn: ***************************************** Facebook: ********************************* Twitter: *********************************

You will provide guidance and technical support to clients deploying security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Your thorough understanding of our product integrations contributes to the development of new principles and concepts - providing detailed analysis around what's working, what's not, and what could be better. You enjoy implementation work, are proactive about resolving potential concerns, and operate well around strict best practices that enable our clients on their road to a more secure digital world. You're creative, innovative, and you love a challenge - learning how integrations might work better around new products and technologies. Responsibilities Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution Configure, implement, and maintain Security Operating Platform Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall Test and validate the migration environment Coordinate and execute cutover to production Provide guidance on code upgrades Facilitate the development of new application and threat signatures Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases Some travel may be required, dependent on customer request You work with the customer's security & network teams to build confidence across the business units impacted by the change Experience High level of experience with Panorama and log collectors NGFW Global Protect BS in Computer Science, MIS, business, or equivalent education/training/experience Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching) Minimum of 3 years' experience leading security solutions in large environments) Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products You're experienced in internetworking, LAN, and WAN technologies You have a good understanding of Internet protocols and applications Any of the following industry certifications or equivalent experience is a plus: CISSP, CCNA, PCNSE, JNCIE-SEC You effectively handle multiple projects and work calmly in high pressure You're an excellent writer, with strong verbal communication skills, with demonstrable ability to communicate to senior leaders and technical peers

Sr. Technical Security Engineer, W2 remote Minimum Requirements 5+ years of experience in application or product security, with a track record of securing desktop and mobile applications. Strong understanding of secure architecture for thick clients, including local storage protection, inter-process communication, JavaScript engines, OS-level security features, and web security standards (CSP, same-origin policy, TLS/HTTPS). Experience with mobile (iOS/Android) and desktop (Windows/mac OS/Linux) application security models. Proficiency in GenAI security, modern cryptography, certificate management, secure authentication (OAuth, WebAuthn, FIDO2), and secure session handling. Knowledge of OS-level hardening techniques, sandboxing, privilege separation, and secure use of platform APIs. Hands-on experience with secure coding practices in at least one systems language (C++, Rust, Go) and one application language (Kotlin, Swift, C#). Familiarity with static/dynamic analysis tools, fuzzing, penetration testing, and reverse engineering for client applications. Experience embedding security into the software development lifecycle (threat modeling, code reviews, secure design patterns). Ability to manage incident response and vulnerability remediation for thick client environments. Strong cross-team communication skills and ability to write clear developer-facing security guidelines.

This young and agile company, providing identity risk solutions is currently seeking a Senior Cloud Security Engineer with a focus on Infrastructure and Security to join their growing team. You will assist with the continuous maturation of their Cloud Security services within the Security division. This is an excellent opportunity for an experienced Cloud Security Engineer with experience in both Infrastructure and Security to take the next step into a challenging position with a company offering significant growth potential. About the Company: Founded in the last 10 years, they are one the fastest growing companies in their space. They are a fast-growing company that have built a platform that allows finance organisations and fintechs to strengthen their security defences. Their mission is to allow companies to manage their identity and fraud risk. Everything they do is entrenched in achieving engineering excellence. Their culture is not corporate, and they like to trust their employees to take on a lot of responsibility and have input into the shape of growth of the organisation. About the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: What you will be doing: • Serve as a cloud security subject matter expert, advise on and implementing best practices • Respond to security incidents and provide timely and appropriate solutions • Conduct cloud security risk assessments and audits • Conduct investigations into security incidents and potential threats • Take part in on call rotations for incident response and remediation • Assist with policy management, security audits, and due diligence for cloud security concerns • Advise on, configuring, and managing a variety of security tools • Keep informed about and respond to emerging security threats and vulnerabilities • Assist with cloud security reviews of potential vendors Ideal Requirements for the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: • Several years of experience working in a similar role with a focus on Cloud Security in AWS • Experience provisioning infrastructure in AWS using Terraform, CloudFormation, CDK, or similar tools • Experience configuring VPCs, route tables, NACLs, Security Groups, iptables, Web Application Firewall, Config, GuardDuty, Inspector, KMS, IAM, etc. • In depth knowledge of AWS security best practices around systems hardening, monitoring, and incident response • Experience taking part in an on-call rotation • You are passionate about securing infrastructure, reducing risk, and protecting data! • You are a subject matter expert on cloud security in AWS • You have a solid understanding of network architecture and protocols • You can advise on cloud security policies and procedures Apply to the Role: Roles like these are snapped up very quickly, so act now if you do not want to miss out! Reply to this advert or email your CV to **********************

Type : Contract f2f Interview is must We are seeking an experienced AWS Security Engineer to design, implement, and manage security controls across Snowflake and Databricks environments. The ideal candidate will have strong expertise in AWS security, data platform governance, and Python-based automation to ensure secure, compliant, and efficient operations within our cloud ecosystem. Key Responsibilities: Implement, monitor, and enhance security controls across network, application, and data layers for Snowflake and Databricks environments. Manage user access, roles, and permissions in Snowflake or Databricks to ensure compliance with least privilege and governance policies. Configure and manage AWS security components, including IAM roles/policies, S3 bucket policies, EC2, Lambda, and CloudWatch for monitoring and event response. Collaborate with data engineering and platform teams to ensure secure data ingestion, storage, and access controls. Automate security monitoring and configuration management using Python scripting and AWS SDKs. Identify and remediate security vulnerabilities, ensuring continuous compliance with internal and external standards. Contribute to security documentation, audits, and process improvements for data platform security posture.

We are seeking a high-judgment, detail-oriented operator to lead our Threat Modeling Program Operations. This individual will be responsible for orchestrating workflows, triaging intake, designing key metrics, and eliminating process inefficiencies. The role demands an expert in building executive-ready reports and dashboards to track throughput, cycle times, and model quality, ensuring optimal outcomes for complex, multifaceted initiatives in Information Security Engineering. This is a contingent resource assignment, and the candidate may: Consult on complex, large-scale initiatives in Information Security Engineering. Review and analyze intricate, long-term security challenges, considering multiple factors including intangible or unprecedented elements. Contribute to resolving complex issues requiring deep understanding of security policies, procedures, and compliance requirements. Strategically collaborate with client personnel to ensure project success. Key Responsibilities: Lead and optimize workflow orchestration for the Threat Modeling Program. Develop and manage reports and dashboards to monitor program effectiveness (throughput, cycle time, model quality). Analyze and address complex security engineering issues, guiding teams to resolution. Collaborate cross-functionally with stakeholders, delivering executive communication and reporting. Continuously improve processes to eliminate inefficiencies and ensure scalability. Required Qualifications: 5+ years of experience in Information Security Engineering or equivalent (consulting, training, military, education). Proven ability to take initiative, work independently, and drive results. Strong attention to detail and ability to handle ad hoc reporting. Advanced skills in Microsoft Excel (VLookups & Pivot Tables) and PowerPoint. Proficient with Agile methodologies and project management tools like Atlassian JIRA and Confluence. Experience in analytical

This role is for a mid-to-senior Security Engineer who thrives in a lean, high-performance environment and takes a hands-on, engineering-first approach to security. You will operate as a generalist within a small security team, owning the design, build, and evolution of security systems that protect a highly technical organization with many proprietary platforms. This is not an analyst role; the focus is on building, integrating, and improving security capabilities end to end, with a strong emphasis on problem solving, automation, and how systems work together. You will design and implement enterprise-grade security monitoring, detection, and response solutions, integrating commercial tools and developing custom capabilities tailored to the environment. While the role includes reviewing and triaging alerts from detection and response platforms, the core responsibility is continuously improving detection quality, response workflows, and overall security posture. You will engineer and tune detections using structured data and JSON-based queries, develop automated response and orchestration workflows, and drive improvements across the full incident lifecycle. The position requires close collaboration with teams across the organization, translating security risks and technical concepts into clear, practical language for non-security stakeholders. You will partner with engineering, infrastructure, and product teams to embed security into systems and workflows, applying strong security principles that are portable across technologies rather than tied to a single toolset. The environment is fast-moving and production-heavy, with ongoing adoption of AI-driven technologies and modern development practices. The ideal candidate has several years of experience in security engineering, preferably in a fintech, startup, or similarly high-tech environment, and is accustomed to operating outside of large, siloed security teams. You bring strong hands-on experience with cloud and endpoint security platforms such as Azure, Microsoft Defender, and Elastic, with exposure to tools like Zscaler and Purview considered a plus. You are comfortable coding and scripting, particularly in Python, working with Git-based workflows, and applying infrastructure-as-code concepts. Experience building and operating detection and response systems, security orchestration and automation platforms, and threat-informed defenses is essential. They'll need someone who's fully authorized to work in the US without any sponsorship / visa (cannot support H1B).

Lead Security Engineer - Hands-On Role with Leadership Opportunity We're looking to hire a senior-level Security Engineer who's ready to step up and take the lead. Someone who's still very hands-on technically but also enjoys mentoring others, setting direction, and building scalable solutions that make a real difference. Title: Lead Security Engineer Salary: $160,000 to 190,000 +Bonus Location: Queens, NY (Hybrid) This role sits at the center of engineering, operations, and security-you'll be working directly with software and infrastructure teams to make sure security is embedded into everything we do. You won't just be managing tools; you'll help shape how security is done across the company. If you're based in the NYC area and looking for the next serious step in your career-where your ideas are heard and your work actually drives change-this is worth a conversation. What the Role Looks Like: You'll lead and mentor a small but growing team of security engineers, helping them grow while staying deep in the tech yourself. Work with internal teams to design and implement security solutions-cloud security, PAM, app and system hardening, etc. You'll be the one connecting the dots between development, infrastructure, and security-building relationships across teams and making sure security is part of the process from the start. Help optimize and improve the tools we already have, and figure out what's missing. What We're Hoping You Bring: A few years of experience leading or mentoring other security engineers-you don't need to have managed huge teams, but you've helped others level up. Solid technical background (5+ years in security engineering) and experience with on-prem and cloud security solutions (AWS or Azure). Hands-on knowledge of privileged access, identity management, system hardening, and network security. Strong instincts for risk, practical problem-solving, and keeping systems both secure and usable. Someone who communicates clearly, doesn't get lost in buzzwords, and works well with people across teams. Nice to Have, But Not Dealbreakers: Certifications like CISSP, CEH, CISM Experience with Linux security or scripting Familiarity with CI/CD pipelines and how security fits into DevOps Why This Role Might Be Right for You: You're ready for more responsibility and leadership, but don't want to give up the technical side of the work. You want to be part of a stable company with real backing and complex challenges to work on.

Job Posting Title: Cloud Security Engineer - SRE Job Profile: Technical Project Management - Advisor II We are seeking a skilled and motivated Cloud Security Engineer - SRE to join our dynamic team. The ideal candidate will possess a strong technical background in systems administration, cloud computing, and infrastructure as code, with a particular focus on solution engineering/site reliability. This role will involve collaborating with cross-functional teams to enhance our security posture and streamline processes through automation. Technical Skills • Programming and Scripting: Strong proficiency in languages like Python, Go, Bash, or Ruby. SREs often need to write automation scripts and build tooling. • Systems Administration: Deep understanding of operating systems (Linux/Unix), file systems, processes, and system configurations. • Infrastructure as Code (IaC): Experience with IaC tools like Terraform, Ansible, or Chef to manage infrastructure. • Cloud Computing: Knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform, including services like EC2, S3, Kubernetes, and serverless functions. • Containers and Orchestration: Expertise in containerization (Docker) and container orchestration (Kubernetes, OpenShift). • Networking: Understanding of networking concepts, including DNS, firewalls, load balancing, and VPNs. • Monitoring and Observability: Experience with monitoring and observability tools like Prometheus, Grafana, Datadog, or New Relic. Ability to set up and maintain monitoring dashboards, alerts, and logs. • Continuous Integration/Continuous Deployment (CI/CD): Familiarity with CI/CD tools like Jenkins, GitLab CI, GitHub Actions, or CircleCI. • A strong understanding of HashiCorp Vault and Terraform will make you stand out. 2. Problem-Solving and Troubleshooting • Incident Management: Ability to manage and respond to incidents, perform root cause analysis, and implement post-mortem reviews. • Automation: Focus on automating repetitive tasks to improve efficiency and reduce human error. • Performance Tuning: Skills in identifying and resolving performance bottlenecks in systems and applications. 3. Collaboration and Communication • Teamwork: Ability to work closely with cross-functional teams, including software engineers, product managers, and DevOps teams. • Documentation: Skill in creating clear and comprehensive documentation for systems, processes, and incident reports. • Communication: Effective communication skills for interacting with stakeholders and explaining technical concepts to non-technical audiences. 4. Reliability and Scalability • Service-Level Objectives (SLOs) and Service-Level Agreements (SLAs): Understanding of setting, monitoring, and maintaining SLOs and SLAs for system reliability. • Scalability: Knowledge of best practices for designing and scaling systems to handle increased loads and demands. • Redundancy and Resilience: Experience in designing systems with redundancy and fault tolerance to minimize downtime. 5. Security and Compliance • Security Best Practices: Understanding of security principles, such as access control, data encryption, and secure coding practices. • Compliance: Familiarity with compliance standards like GDPR, HIPAA, or PCI-DSS, depending on the industry. Minimum Job Qualifications: • Bachelor degree in business or equivalent work experience • 10 years of previous program leadership and/or relevant consulting experience • Knowledge of and demonstrated experience in program management framework, knowledge groups & life cycle • 5+ years' experience in driving large scale data center consolidation efforts • Minimum 5 years' experience with matrix management of cross-functional processes and teams • Proficient with Project Management tools

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

A financial firm is looking for a Chief Information Security Officer (CISO) to join their team in New York, NY. Compensation: $150-200K Responsibilities: Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements Draft, maintain, and periodically review security-related policies and procedures Establish and chair/co-chair an Information Security / Cyber Risk Committee and contribute to Board-level reporting on cyber risk Develop and maintain the firm's information security governance framework Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties Act as primary security point of contact for external auditors, assessment firms, and key institutional partners Ensure security program alignment with SEC Regulation S-P, Reg S-ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500 Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective Provide security oversight for cloud (AWS) and on-prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs Define and oversee Security Operations Center (SOC) / XDR usage, log management, SIEM, threat detection, and incident handling Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls Partner with business and product teams to ensure client data privacy and secure data flows, including with third-party vendors and partners Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring Evaluate and manage key security vendors Build and lead a small but high-impact security team, scaling capabilities over time Promote a security-first culture through training, awareness programs, and regular communication with staff at all levels Qualifications: Required Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience 7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent) Hands-on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider Strong background in financial services or capital markets (broker-dealer, clearing firm, trading platform, or similar) Understanding of Information security frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001) Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500) Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS) Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs Strong track record of cross-functional leadership, communicating complex security and risk topics to non-technical executives and boards Preferred Experience as CISO, Deputy CISO, or security leader at a broker-dealer, clearing firm, exchange/ATS, or large fintech Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar Experience with AWS security services Familiarity with DevSecOps practices and secure CI/CD pipelines Experience managing data localization and cross-border data separation initiatives

Chief Information Security Officer (CISO) 📍 💰 Base Salary: Up to $325,000 + Bonus + Equity 🏢 Our Client: A Blockchain & Digital Asset Infrastructure Company About Our Client Our client is a fast-growing organization building infrastructure, software, and services that support the next generation of blockchain and digital asset ecosystems. They power secure transactions, institutional-grade solutions, and high-performance platforms used across the crypto economy. As the business scales, they are expanding their leadership team with a Chief Information Security Officer (CISO) who will own the strategic direction, operations, and continuous improvement of all information and cybersecurity initiatives. Role Overview The CISO will set the long-term vision for security across the entire organization, covering infrastructure, products, employee environments, and customer-facing systems. This leader will ensure that the company's digital asset capabilities, blockchain networks, APIs, and cloud environments meet the highest standards of protection, resilience, and regulatory readiness. This role requires an executive who can operate across technical, operational, and strategic levels-partnering with engineering, legal, compliance, product, and leadership teams. Key Responsibilities Design and drive a holistic security strategy covering infrastructure security, application security, product security, data governance, and operational risk. Safeguard digital asset environments, including wallets, key management systems, consensus mechanisms, and blockchain-based services. Build and lead an advanced threat detection, monitoring, and incident response program, ensuring rapid response and clear communication pathways. Collaborate with engineering teams to integrate secure development practices into blockchain, smart contract, and cloud-native workflows. Establish and maintain security controls, audits, and certifications, ensuring alignment with industry frameworks and regulatory expectations. Oversee vendor security, supply-chain risk management, and third-party assessments. Develop a culture of security throughout the business, including training, policy development, and ongoing risk awareness. Provide regular reports and briefings to the executive team on emerging threats, risk posture, and security roadmap progress. Experience & Qualifications 15+ years of experience in cybersecurity, with at least 5 years leading security organizations or programs at scale. Strong experience in blockchain security, digital asset custody, exchange or infrastructure security, or related crypto-native environments. Demonstrated success leading enterprise security programs that span cloud infrastructure, distributed systems, and high-availability environments. Skilled in working with frameworks such as SOC 2, ISO 27001, NIST, and global data protection standards. Expertise in cloud security (AWS, GCP, Azure), network security architecture, identity management, and DevSecOps. Comfortable operating in fast-moving, engineering-driven environments. Professional certifications (CISSP, CISM, CCISO, etc.) are a strong plus.

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

Information Security Analyst II (E5122) - 250363: KNW-B40 Description Job Summary The overall purpose of this position is to protect the security and integrity of IEEE data through the implementation and maintenance of information security practices, measures, and technologies consistent with industry best practices. This position will act as a subject matter expert who will diligently assist with the maintenance and improvement of information and systems to ensure appropriate safeguards are in place. The incumbent must possess a thorough understanding and knowledge of security controls, strategies and methodologies as well as knowledge of some of the following technologies: firewalls, identity and access management, advanced authentication, single sing on, security audits, security diagnostics and encryption. The role reports to the Manager, Information Security and manages 0 direct reports. Key ResponsibilitiesProactively identify and remediates vulnerabilities using industry best practices and maintains a strong awareness and understanding of the current threat landscape. Performs internal and external security audits to ensure compliance with agreed security practices, policy and procedures to adhere with legal and regulatory requirements. Identifies security policy violations and leads in the corrective actions to maintain data and infrastructure security. Provides guidance and technical expertise to other technical employees and project teams and enforces established security policies. Assists project teams with the application and implementation of IEEE security policies, standards, processes and agreed architectures. Makes recommendations for enhancing security services, participates and, at times, leads the evaluation of commercial information security products and services to determine which of these should be adopted by or tested by the organization. Assists with the installation, maintenance and support of information security tools and services including, but not limited to, identity and access management systems including single sign on (SSO). Participates in development and update of security policies, procedures, standards, guidelines, and architectures. Assists with the execution vulnerability and penetration tests of IEEE network and systems including the remediation of findings. Assists with the investigation of security incidents, recommends and implements solutions to remediate or mitigate them. Assists in the formulation and enforcement of security policies and procedures. Qualifications Education Bachelor's degree or equivalent experience Bachelor's Degree in computer related field such as Computer Science, Mathematics or Engineering. In lieu of a degree equivalent experience will be considered. ReqWork Experience 2-4 years At least 4 years direct experience involving security, network architectures and Internet communications protocols (TCP/IP), monitoring and intrusion prevention strategies (e. g. Firewalls, Security Event Correlation, Malware Detection, IDS/IPS), Identity & Access Management technologies and concepts (Enterprise Directory Services, Virtual Directory, Enterprise Single Sign-On / Web Access Controls and Authorization models) in a large, distributed, high performance, business critical networked environment. ReqLicenses and Certifications Relevant professional qualifications / certifications (CISSP, CEH, CISM, CISA, CSSLP, SANS, CHECK, CREST) a plus. PrefSkills and Requirements Knowledge or familiarity of security technologies and concepts, including but not limited to, encryption, Public Key Infrastructure (PKI), two factor authentication, network security (firewall, intrusion detection / protection, and network anomaly detection), host based security (Anti-malware, firewall, intrusion detection / protection, patch management and file integrity), web application security (web application firewall, secure application development, authentication, session management, access control, single sign-on and error handling), database security (authentication, access control, auditing and integrity), secure remote access (VPN, terminal and console), security data analysis (security event monitoring, correlation, analysis and response) Knowledge or familiarity on conducting and mitigating security/risk assessments Knowledge of Authentication & Authorization technologies (LDAP, RADIUS, Two-factor authentication, SAML, OpenToken, OAuth, etc. ) Knowledge and experience installing and administering Enterprise Directory Services technologies, such as; Oracle Unified Directory, Oracle Virtual Directory, OpenLDAP, and Microsoft Active Directory. Knowledge or familiarity installing and administering Enterprise Single Sign-On (ESSO) and Access Management (AM) technologies, such as; Computer Associates SiteMinder, Oracle Access Manager, IBM Tivoli, PingFederate, PingAccess and OpenSSO / OpenAM. Knowledge and experience Windows Active Directory. Knowledge of Self Service Account Management technologies, concepts and best practices, such as; Identity validation, user provisioning, self-service password recovery and automation workflows (i. e. Self Service Access requests). Good understanding of a programming language (e. g. Java, C, Perl), HTML/XML and Unix “shells” scripting (e. g. CSH, KSH, SH). Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences. o Can effectively discuss security challenges with developers and testerso Experience of at least one code security review tool Ability to work alone and build relationships across the organization. Anticipates problems and identifies long-term implications of decisions and actions. Familiarity with server operating systems, such as; Windows, Linux & SolarisFamiliarity with web application security concepts, such as; secure application development, secure session management, cryptography, input validation, logging and error handling a plus. Familiarity with load balancer technologies and ESSO integration capabilities is a plus. Familiarity of Authentication, Authorization concepts, such as; Identity Federation, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), RADIUS / TACACS a plus. Other Requirements:As defined in IEEE Policies, individuals currently serving on an IEEE board or committee are not eligible to apply. PLEASE NOTE: This position is not budgeted for employer-sponsored immigration support, this includes all persons in F (both CPT and OPT), J, H, L, or O status. For information on work demands and conditions required for this position, please consult the reference document, ADA Requirements. This position is classified under Category I - Office Positions. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. ===============================================Disclaimer: This is proprietary to IEEE. It outlines the general nature and key features performed by various positions that share the same job classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and qualifications required of all employees assigned to the job. Nothing in this job description restricts management's right to assign or re-assign duties to this job at any time due to reasonable accommodations or other business reasons. Min: $91,000. 00 Max: $114,000. 00 Job: Technology Primary Location: United States-New Jersey-Piscataway Schedule: Full-time Job Type: Regular Job Posting: Dec 22, 2025, 4:20:40 PM

The Cloud Security Specialist is a senior technical and leadership position responsible for implementing, managing, and continuously improving cloud security across multi cloud environments including AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).This role combines hands on technical execution with team leadership. The successful candidate will lead a team of cloud security engineers, develop secure architectures, and manage enterprise grade cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Container Security, API Security, and AI Security Posture Management (AISPM).The individual will partner with cloud service, DevOps, and application teams to design secure deployments, enforce policies, and integrate automation for vulnerability remediation, threat detection, and compliance. They will also implement secure private connectivity between cloud and on premise networks using technologies such as AWS PrivateLink and Azure ExpressRoute. Required Education/Experience * Master's Degree and with 3 years of relevant experience IT or Information security or * Bachelor's Degree and with 5 years of relevant experience IT or Information security or * Associate's Degree and with 6 years of relevant experience IT or Information security or * High School Diploma/GED and with 8 years of relevant experience IT or Information security. Preferred Education/Experience * Master's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 3 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). * Bachelor's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 5 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Relevant Work Experience * Handson experience with at least two major cloud providers (AWS, Azure, GCP, or OCI), required. * Implementation and management experience with CSPM, CWP, AISPM, and API security platforms, required. * Knowledge of IAM, rolebased access control, and policy enforcement, required. * Experience integrating cloud telemetry and logs with SIEM tools, required. * Understanding of hybrid connectivity and private link technologies (PrivateLink, ExpressRoute), required. * Experience with scripting (Python, PowerShell, Bash) and automation, required. * Experience with WAF and cloud API gateway configurations, required. * Strong understanding of cloud network fundamentals and background in cloud network security, and secure architecture design, required. * Experience collaborating with cloud service teams for planning and remediation, required. * Experience implementing application security best practices and training engineering teams, required. * Familiarity with CDN operations, certificates, and brand monitoring preferred, required. * Experience with SIEM integration, telemetry collection, and event analysis, preferred. * Demonstrated experience leading technical teams or project groups, preferred. * Experience with Container Security, preferred. * Experience securing API endpoints and implementing advanced cloud application protections, preferred. * Knowledge of AI/ML data protection and secure model deployment practices, preferred. * Experience integrating security automation into DevSecOps workflows using Terraform or Ansible, preferred. * Experience developing and delivering cloud security training and awareness programs, preferred. Skills and Abilities * Effective leadership skills * Demonstrated problem solving skills * Demonstrated problem solving skills * Strong written and verbal communication skills * Ability to drive multiple projects to successful completion * Proactively approaches responsibilities Licenses and Certifications * Driver's License Required * Other: CISSP, CCNP Security, GSEC, GCIH, CEH, or equivalent certifications. Preferred * Other: CCSP, AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or OCI Security Professional. Preferred Physical Demands * Ability to push, pull, and lift up to 25 pounds * Sit or stand to use a keyboard, mouse, and computer for the duration of the workday Additional Physical Demands * The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. * The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. Core Responsibilities * Lead and mentor a team of cloud security engineers, fostering technical excellence and professional growth. * Architect and maintain secure multi-cloud environments across AWS, Azure, GCP, and OCI in partnership with Enterprise Architecture. * Deploy and manage CSPM platforms to drive continuous visibility, compliance, and risk posture improvement. * Implement CWP solutions to protect cloud workloads, prevent threats, and manage vulnerabilities effectively. * Define and enforce IAM policies and least-privilege principles to strengthen identity security across all platforms. * Design and secure private and hybrid connectivity using technologies such as AWS PrivateLink, Azure ExpressRoute, and Google Cloud Interconnect. * Integrate cloud telemetry and security events with SIEM systems to enhance incident detection and response capabilities. * Automate provisioning, configuration, and remediation workflows using IaC tools like Terraform and Ansible, supported by Python or PowerShell scripting. * Implement and manage WAF policies and API gateways to safeguard cloud applications and services. * Partner with DevOps and engineering teams to embed security within CI/CD pipelines and promote secure development practices. * Collaborate with risk and architecture teams to assess emerging technologies and align them with enterprise security strategy. * Stay informed on evolving threats, regulatory frameworks, and AI security trends to continuously improve cloud security posture.