Cyber security analyst jobs in Ithaca, NY

Our client is one of the largest Hospitals in the US. Based out of Philadelphia, they are looking to hire a Cloud Security Engineer on a Contract basis. Contract Duration: 6 Month Contract (Potential for extension or conversion) Required Skills & Experience At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment. CISSP Certification At least six (6) years experience with information security, regulatory compliance and risk management concepts. At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training. Experience with Cloud and/or Virtualization technologies. Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures. Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series). Comprehensive knowledge of information security regulations, standards and leading practices, including understanding of EHR, cloud frameworks, identity access controls. Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality. Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security. Microsoft, UNIX, Lawson, and Clinical Applications, Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project). Experience with risk management frameworks. Information Security Requirements Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store information. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information. Daily Responsibilities Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies. Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies. Functions as the Subject Matter Expert (SME) to maintain an understanding of DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business. Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering. Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption). Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models. You will receive the following benefits: Medical Insurance - Four medical plans to choose from for you and your family Dental & Orthodontia Benefits Vision Benefits Health Savings Account (HSA) Health and Dependent Care Flexible Spending Accounts Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance Hospital Indemnity Insurance 401(k) including match with pre and post-tax options Paid Sick Time Leave Legal and Identity Protection Plans Pre-tax Commuter Benefit 529 College Saver Plan Motion Recruitment Partners (MRP) is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.

Title: Chief Information Security Officer Reports to: President The Chief Information Security Officer (CISO) is a critical leadership position responsible for establishing, managing, and evolving the enterprise-wide information security strategy and program. The Company's security strategy will initially focus on ensuring regulatory requirements are met but it must also provide a robust, scalable and secure foundation that enables future growth in the dynamic and regulated financial markets. The CISO will serve as the company's foremost authority on all matters of cybersecurity, information compliance, and information risk, protecting the core exchange and clearing technology, corporate IT, and all related data and physical assets. This role is highly visible and requires a hands-on technical leader capable of strategic direction, executive management, and detailed technical oversight, including direct interface with the CFTC and the Company's Board of Directors. Key Responsibilities 1. Strategic Leadership & Governance ● Develop, communicate, and implement a robust, risk-based, and continuously evolving information security strategy and architecture that aligns with business objectives and regulatory requirements (including but not limited to CFTC regulations and guidance as well as new emerging security standards). ● Report directly to the President, providing regular, concise, and comprehensive security and risk updates to the Executive Leadership Team and the Board of Directors. ● Drive the creation of and report upon Key Performance Indicators related to the company's security controls. ● Work closely with the Chief Risk Officer (CRO) to integrate information security risk management into the enterprise risk management framework. ● Establish and enforce security policies, standards, and procedures across all technical infrastructure, applications, and business processes. 2. Technical Security & Operations ● Direct all security operations, including threat intelligence, vulnerability management, security monitoring, incident detection, and response across the entire technology footprint (trading, clearing, corporate IT, and data platforms). ● Oversee and be responsible for the security of all data and critical systems, including secure software development lifecycle (SDLC), network security, and cloud security architecture working closely with the DevOps team. ● Cryptography and Key Management: Drive the strategy and implementation for managing, securing, and auditing cryptographic keys and secrets for all critical systems. ● Manage and direct the company's incident response and disaster recovery/business continuity planning related to information security. This is a 24/7/365 critical function. ● Manage third-party security assurance activities, including vendor evaluation, due diligence, penetration testing, and vulnerability assessments. 3. Regulatory Compliance & Audit ● Serve as the primary liaison for the CFTC, external auditors, and other regulatory bodies on all cybersecurity and information security compliance matters. ● Ensure continuous compliance with all relevant financial regulatory frameworks, including CFTC regulations applicable to DCMs and DCOs, and other applicable standards (e.g., NIST Cybersecurity Framework, ISO 27001). ● Oversee internal and external security audits and lead remediation efforts for all identified findings. 4. Team & Resource Management ● Build, mentor, and lead a high-performing team of information security professionals (analysts, engineers, and architects). ● Manage the security budget, technology procurement, and vendor relationships to ensure cost-effective and optimal security controls. ● Direct security awareness and training programs for all employees. ● Collaborate across Legal, HR, and executive management in the building of policies as well as incident management. Required Qualifications ● Minimum of 10 years of progressive experience in information security roles, with a minimum of 5 years in a senior leadership or CISO role within a large or highly regulated financial institution. ● Mandatory experience working in a regulated financial industry such as banking, brokerages, or clearing firms, with a strong preference for candidates with direct experience at a financial exchange (DCM/DCO) or other critical market infrastructure. ● Proven hands-on technical expertise in security architecture, operations, and engineering, coupled with executive-level leadership and communication skills. Beneficial Qualifications ● Deep familiarity with CFTC compliance requirements for DCMs/DCOs and a strong understanding of the financial, operational, and regulatory risks unique to exchange and clearing functions. ● Expert-level knowledge of security best practices for secrets management, hardware security modules (HSMs), and cryptographic key management, particularly as they relate to digital assets, blockchain technology, or regulated crypto asset custody. ● Bachelor's or Master's degree in Computer Science, Information Security, or a related field. ● Relevant professional certifications highly desired (e.g., CISSP, CISM, CISA, CRISC).

We invite you to review our current business services professionals openings to learn about the opportunities available across the firm. About Us Skadden, Arps, Slate, Meagher & Flom LLP has forged a reputation as one of the most prestigious law firms in the world. Relying on innovation, intellect, teamwork and tenacity, our lawyers deliver the highest quality advice and novel solutions to our clients' legal issues. We are known for handling the most complex transactions, litigation/controversy issues, and regulatory matters, as well as for the strong partnerships we build with clients and each other. Our attorneys, who reflect a broad range of experiences and perspectives, work together seamlessly across 50-plus practices and 21 offices in the world's major financial centers. The Opportunity We are seeking two Network Security Analysts to join our Firm. These positions will be based in our White Plains office (hybrid), and please note the roles have different shift times, listed below. The Network Security Analysts are responsible for implementing and supporting network security solutions for the Firm and, implementing and enforcing practical solutions to secure the Firm's internal and external network infrastructure. Available Shift Times (EST- Hybrid) 1.) Saturday - Sunday: 7:00 a.m. - 8:00 p.m. EST & Monday 7:00 a.m. - 7:00 p.m. 2.) Monday - Friday: 2:00 p.m. - 10:00 p.m. Note: The scheduled hours listed may be flexible and will be discussed during the interview process. Responsibilities Performs daily review of automated security reports and escalate as necessary. Responds to system generated security alerts and coordinate responses. Assists with internal audits, vulnerability scans and risk assessments. Assists with annual penetration testing, review of findings and tracking issue resolution. Participates in evaluating new technologies or new versions of existing products. Works with project teams to implement secure network connectivity solutions. Writes and maintains technical documentation including procedures and troubleshooting guides. Demonstrates effective interpersonal, written and verbal communication skills to facilitate effective work relationships with others. Manages Firm resources responsibly. Complies with and understands Firm operation, policies and procedures. Performs other related duties as assigned. Qualifications Knowledge of relevant firm computer software programs (e.g., Outlook, Excel, PowerPoint), with the ability to learn new software and operating systems Proficient with Access, Project and Visio Thorough knowledge of network management and security technologies and approaches Thorough knowledge of security techniques, latest protocols and defenses Proficient with Microsoft Active Directory and Operating Systems Basic ability to program scripts and batch files Demonstrates effective interpersonal and communication skills, both verbally and in writing Demonstrates close attention to detail Excellent analytical, troubleshooting, organizational, and planning skills Ability to handle multiple projects and shifting priorities Ability to handle sensitive matters and maintain confidentiality Ability to organize and prioritize work Ability to work well in a demanding and fast-paced environment Ability to work well independently as well as effectively within a team Ability to use discretion and exercise independent and sound judgment Flexibility to adjust hours and work the hours necessary to meet operating and business needs Education/Experience Bachelor's degree or equivalent Minimum of two years' experience in multi-national enterprise IT Culture & Life at Skadden What makes Skadden special is our people and the culture, community and spirit of collaboration we have created. We believe in teamwork and inspiring each other to be our best in an atmosphere that promotes professionalism and excellence in all that we do. We know that inclusion and drawing on the strength of a wide spectrum of talent only make us better and is vital to the firm's success. Our goal is for everyone at the firm to enjoy a challenging career with opportunities for development and growth and to support the well-being of our attorneys and business services professionals. Benefits The overall well-being of our team is important to us. We offer generous benefits to help you achieve wellness in all areas of your life. Competitive salaries and year-end discretionary bonuses. Comprehensive health care (medical, dental, vision), savings plan/401(k) and voluntary benefits. Generous paid time off. Paid leave options, including parental. In-classroom, remote, and on-demand learning and professional development opportunities. Robust well-being classes and programs. Opportunities to give back and make an impact in local communities. For further details, please visit: ******************************************************* Skadden is an Equal Opportunity Employer (Disability/Vet/other protected categories). For more information, please visit Skadden.com/careers. The starting base salary for this position is expected to be within the range listed under Salary Details. Actual salary will be determined based on skills, experience (to the extent relevant) and other-job related factors, consistent with applicable law. Salary Details $125,000 -$140,000 EEO Statement Skadden is an Equal Opportunity Employer. It does not discriminate against applicants or employees based on any legally impermissible factor including, but not limited to, race, color, religion, creed, sex, national origin, ancestry, age, alienage or citizenship status, marital or familial status, domestic partnership status, caregiver status, sexual orientation, gender, gender identity or expression, change of sex or transgender status, genetic information, medical condition, pregnancy, childbirth or related medical conditions, sexual and reproductive health decisions, disability, any protected military or veteran status, or status as a victim of domestic or dating violence, sexual assault or offense, or stalking. Applicants who require an accommodation during the application process should contact Lara Bell at **************. Skadden Equal Employment Opportunity Policy Skadden Equal Employment Opportunity Policy Applicants Have Rights Under Federal Employment Law Applicants Have Rights Under Federal Employment Law In accordance with the Transparency in Coverage Rule, click here to review machine-readable files made available by UnitedHealthcare: Transparency in Coverage

Client Name: City of New York Contract Length (in weeks): 52 Hybrid: 3 days in office/2 days remote. SCOPE OF SERVICES The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the breach. TASKS: Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based forensic analysis. Research and develop new techniques, and procedures to continually improve the digital forensics process. Produce high quality written work product presenting complex technical issues clearly and concisely. Managing and maintaining the analysis labs and forensics tools leveraged for investigations. Ensuring data is collected and preserved within industry standard best practices and in alignment evidence integrity requirements. Assisting the Cyber Emergency Response Team during critical incidents. RequirementsMANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered Minimum 4 years of experience in Threat Management/Forensics Investigations/Incident Response environment Proficient in performing digital forensic investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools. DESIRABLE SKILLS/EXPERIENCE: Experience with a wide range of forensic tools (TZWorks, X-Ways, SIFT, AXIOM, Volatility, etc.) Experience with memory analysis tools (i.e. Volatility) Experience with Linux and open source tools Experience investigating intrusions on Windows and Linux/Unix operating systems Knowledge of gathering, accessing, and assessing evidence from computer systems and electronic devices Knowledge of virtual environments Knowledge of forensic imaging techniques Knowledge of Microsoft Windows operating system and Windows artifacts Knowledge of Linux/UNIX operating systems and artifacts Knowledge of MAC OS operating system and forensics artifacts Knowledge of file systems Strong analytical skills

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

Our client, a leading Management & Strategy Consulting firm, is seeking a Cybersecurity Analyst to support its client in the financial services domain. This role requires strong expertise in DevSecOps practices alongside solid knowledge of Identity and Access Management (IAM). The ideal candidate will have experience embedding security controls within cloud environments, CI/CD pipelines, and application development workflows, while also managing access governance, privileged access, and compliance requirements. Requirements and Qualifications: · 3+ years of experience in cybersecurity, with strong exposure to DevSecOps and IAM. · Familiarity with CI/CD pipelines and tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps) and integrating security into build/deploy processes. · Solid experience with IAM tools such as SailPoint, CyberArk, and Active Directory. · Hands-on experience with infrastructure-as-code security (e.g., Terraform, CloudFormation, or Azure ARM templates). · Understanding of cloud security (AWS, Azure, or GCP), container security, and policy enforcement in cloud-native environments. · Excellent communication and collaboration skills to work with both technical and business teams. · Implement and enhance DevSecOps practices, integrating security tooling (e.g., SAST, DAST, container scanning) into CI/CD pipelines. · Collaborate with engineering and cloud teams to design and enforce secure-by-default architectures across application and infrastructure layers. · Support IAM initiatives including onboarding/offboarding, entitlement reviews, and role-based access governance. · Utilize and integrate tools such as SailPoint, CyberArk, and Active Directory within broader DevSecOps workflows. · Assist with implementation of SSO, MFA, RBAC, and identity federation, ensuring secure and compliant access controls. · Partner with cross-functional stakeholders to ensure security and compliance requirements are embedded early in the SDLC.

Join our global Cyber team as a Wordings Analyst supporting the Global Cyber Wordings Manager in the strategic development and governance of our Cyber and Tech policy suite, including Liberty Cyber Resolution and Liberty Tech Resolution. This role is a hands-on business enabler: you will help translate complex legal and regulatory requirements into clear, market-ready wordings, maintain our global clause library, support manuscript negotiations, and produce practical tools that empower underwriters and strengthen broker confidence. It's an excellent opportunity for an early-career insurance wordings or legal professional to build expertise in a fast-moving, global specialty line and make a visible impact on growth, innovation, and client experience. Key responsibilities: Wording library and drafting support Maintain and expand the global wording library centered on Liberty Cyber Resolution and Liberty Tech Resolution, including endorsements, exclusions, and guidance notes. Redline and prepare first drafts of standard clauses and endorsements; ensure consistency with definitions, coverage intent, and plain-language standards. Track version control, change logs, approvals, and archiving; Assist with localization for different jurisdictions, coordinating translations and filing documentation with Legal/Compliance. Commercial enablement Build practical tools (playbooks, FAQs, objection-handling guides, coverage summaries) to help regional teams position our products and close deals efficiently. Prepare broker/client comparison decks and battlecards; support pitches, RFP/RFI responses, and manuscript negotiations with clause comparisons and recommended alternatives. Triage wording queries from regions; track SLAs and referral approvals per the global governance framework. Partner closely with Underwriting, Product, Global Cyber Engagement, Claims, Legal/Compliance, and regional leaders to deliver accurate, timely support and uphold governance standards. Regulatory and legal stewardship Monitor and synthesize global regulatory and market developments (e.g., Lloyd's cyber war/systemic guidance, GDPR, DORA, NIS2, sanctions) into succinct briefs and recommended wording actions. Maintain audit-ready documentation; assist with regulatory filings or attestations where required. Claims partnership and feedback loop Collaborate with Claims to capture lessons from disputes and litigation trends; draft guidance notes and propose clarifications to improve coverage certainty. Support coverage position letters and documentation packs with research, citations, and clause histories. Innovation and product development support Help draft prototype wordings for new propositions Check alignment between underlying policy wordings and reinsurance treaty/facultative clauses. Administer wording management tools, ensuring robust version control, approval workflows, and usage analytics. Build dashboards and trackers for adoption of standard forms, deviation rates, SLA performance, disputes, and audit findings; provide monthly reporting to stakeholders. Qualifications Bachelor's degree in business, economics, or other quantitative field. Minimum 3 years, typically 4 years or more of relevant work experience. 2 - 5 years of experience in insurance wordings, legal/paralegal support, underwriting support, or product documentation; cyber specialty experience preferred. Strong drafting, redlining, and proofreading skills with a plain-language mindset and exceptional attention to detail. Working knowledge of insurance policy structures, endorsements, exclusions, and coverage interpretation; familiarity with cyber war/systemic language, sanctions, and privacy regulations is advantageous. Research and synthesis skills to translate complex regulatory/legal topics into practical guidance and actionable updates. Proficiency with MS Word (advanced track changes/redlining), Excel (trackers and dashboards), PowerPoint (training/pitch materials), and document/enablement tools. Collaborative, service-oriented approach; comfortable operating in a global matrix and meeting defined SLAs. Curiosity about cybersecurity risks and the incident response ecosystem; willingness to learn common threat scenarios to inform practical drafting. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: *********************** Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices California Los Angeles Incorporated Los Angeles Unincorporated Philadelphia San Francisco We can recommend jobs specifically for you! Click here to get started.

APPLICATION INSTRUCTIONS: * CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday. * CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday. * If you are NOT a current employee or student, please click "Apply" and complete the application process for external applicants. Approval of remote and hybrid work is not guaranteed regardless of work location. For additional information on remote work at Penn State, see Notice to Out of State Applicants. POSITION SPECIFICS We are searching for an experienced Information Systems Security Manager (ISSM) to join our Cybersecurity Division at the Applied Research Laboratory (ARL) at Penn State. Information Technology Services provides ARL's administrative and research computing environments and capabilities, delivering secure, responsive, efficient, effective, and compliant IT services and operations to meet the demanding needs of ARL's leading edge research. This position will have a focus on the unclassified space, overseeing and owning the unclassified information security program, including implementing our various compliance requirements like the Cybersecurity Maturity Model Certification (CMMC). This ISSM will however operate within and support both unclassified and collateral spaces, backing up fellow ISSM's and enforcing commonalities between environments where possible. They will be responsible for developing and maintaining policy and security documentation, providing cybersecurity recommendations for system, network, and application design, leading information system risk assessments, assist in leading incident response actions, setting standards for continuous monitoring processes such as auditing or vulnerability assessments, and ensuring cybersecurity requirements are effectively and efficiently communicated to operational and researcher team leadership to ensure integration into their respective team processes. ARL is an authorized DoD SkillBridge partner and welcomes all transitioning military members to apply. You will: * Develop, validate, submit, and maintain information system security plans, certification and authorization packages, and plans of action and milestones in support of compliance requirements * Oversee development and implementation of risk assessments against information systems in all phases of their lifecycles * Provide cybersecurity recommendations for system, network, and application design * Monitor and assist in the assessment and review of current and new systems and networks to ensure compliance with current cybersecurity policies, concepts, and measures * Develop training material related to compliance and audit requirements to assist employees in individual compliance/audits as applicable * Assist in technical requirements such as; vulnerability scanning, review of security/event logs, network analysis, and incident response on an as-needed basis Required skills/experience areas include: * Current eligibility for access to classified information at the Top-Secret level or higher and may be subject to a government background investigation to upgrade clearance eligibility, if required * Assessment and Authorization experience of systems and networks using CMMC and RMF * NIST/ISO standards (eg. NIST SP 800-53 and NIST SP 800-171), Department of Defense directives, DISA STIG, and regulatory requirements * Strong technical background, with significant experience using multiple operating systems to include Windows and Linux * Policy, procedure, plan of action and milestone, risk assessment and security plan development with experience of continuous monitoring for compliance with said documentation * System functions, security policies, technical security safeguards, and operational security measures * The ability to certify and maintain information security related certifications (eg. Security+, CISSP, and any other required certifications) * Excellent communications, analytical and problem-solving skills * Efficient organizational, multitasking, and time management abilities Preferred skills/experience areas include: * A Bachelor's degree in Information Security, Information Technology, or Computer Science * Management or leadership experience in IT and information security space * Vulnerability scanning and mitigation utilizing Nessus, Retina, GFI Languard, or similar tool * Experience with networking fundamentals including various concepts, tools, and administrative functions * Working knowledge of container image security and experience overseeing security for containerized environments (docker, podman, etc) * SEIM management or use for analysis, such as Splunk, ELK, or AlienVault * VMWare and management of Virtual Machines * Training material development Your working location will be located in State College, PA in a hybrid on-site/work from home format. Questions related to flexible work should be directed to the hiring manager during the interview process. This position will require periodic travel to remote locations. MINIMUM EDUCATION, WORK EXPERIENCE & REQUIRED CERTIFICATIONS If filled as Cyber Information Assurance Analyst - Principal Professional, this position requires: Master's Degree 8+ years of relevant experience; or an equivalent combination of education and experience accepted Required Certifications: None If filled as Cyber Information Assurance Analyst - Senior Professional, this position requires: Bachelor's Degree 6+ years of relevant experience; or an equivalent combination of education and experience accepted Required Certifications: None ARL's purpose is to research and develop innovative solutions to challenging scientific, engineering, and technology problems in support of the Navy, the Department of Defense (DoD), and the Intel Community (IC). FOR FURTHER INFORMATION on ARL, visit our web site at **************** BACKGROUND CHECKS/CLEARANCES Employment with the University will require successful completion of background check(s) in accordance with University policies. All positions at ARL require candidates to possess the ability to obtain a government security clearance; you will be notified during the interview process if this position is subject to a government background investigation. You must be a U.S. citizen to apply. Employment with the ARL will require successful completion of a pre-employment drug screen. SALARY & BENEFITS The salary range for this position, including all possible grades, is $86,300.00 - $145,700.00.THE PROPOSED SALARY RANGE MAY BE IMPACTED BY GEOGRAPHIC DIFFERENTIAL Salary Structure - Information on Penn State's salary structure Penn State provides a competitive benefits package for full-time employees designed to support both personal and professional well-being. In addition to comprehensive medical, dental, and vision coverage, employees enjoy robust retirement plans and substantial paid time off which includes holidays, vacation and sick time. One of the standout benefits is the generous 75% tuition discount, available to employees as well as eligible spouses and children. For more detailed information, please visit our Benefits Page. CAMPUS SECURITY CRIME STATISTICS Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here. EEO IS THE LAW Penn State is an equal opportunity employer and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact ************. Federal Contractors Labor Law Poster PA State Labor Law Poster Penn State Policies Copyright Information Hotlines

States: MA, NH, RI, ME, CT, VT, NJ, NY is home office based. Meet the Team You will provide guidance and assist Security Sellers and Account teams within the territory in a pre-sales technical role, showcasing Cisco security product solutions, setting up demonstrations, explaining features and benefits to customers, and designing and configuring products to address specific customer security needs. You will form relationships with our customer's key decision-makers, positioning Cisco security solutions aligned accurately to their requirements. You will be a part of an outstanding technical pre-sales team in our Global Security Sales Organization (GSSO), responsible for driving the success of Cisco's Security Portfolio and focusing on protecting Customer Application Environments no matter where they live (on-prem / any cloud). Our mission is simple: democratize security by making it easy and effective for everyone. We're transforming security from the ground up by solving the world's most pressing geopolitical challenge - safe, secure information access. We engineer our business to enable our customers to easily address their ever-evolving security challenges. We believe that impactful work is rewarding work and that our team is at its best when everyone feels empowered to bring their whole self to work. We learn together by hiring for cultural contribution, not cultural fit, and recognize that diversity in background and thought are essential to building high-impact teams. We invest in growth and learning opportunities and encourage our people to never stop learning. We foster collaboration and believe in being recognized (and rewarded!) for hard work. We champion a healthy work-life balance. We're kinder than necessary. Together we build for the future by designing simple solutions for complex problems. And that's why we're the most loved and trusted name in security. Your Impact As an advisor to the customer, you'll be working with technology experts to craft architectures and configure products to meet customer-specific needs, are prepared to lead all technical aspects of pre-sales activities, and position security solutions effectively against competing offerings. You are an aggressive starter, self-starter with the ability to build executive relationships, develop and execute sales strategies and tactics that improve Cisco's opportunity with a customer environment, position and promote the partner and customer value proposition for Cisco security architecture, articulate Cisco's product and business strategies, and create the demand that makes deals happen! You will: - Serve as the subject matter expert in Cisco security solutions - Provide guidance and assist account teams within the territory in building solutions to address specific customer security needs - Understand business requirements for a customer base and be able to translate them into technical requirements - Understand and articulate Cisco's architecture and services within security technologies - Create, present, and document technical solutions - Perform in-depth and high-level technical presentations for customers partners and prospects - Drive identified major account opportunities (i.e. technical consulting, upper-level management presentations, and Cisco technology solutions) while allowing local account teams to maintain long-term ownership Who You Are You are passionate about the customer experience and excited about new technology. You are a true teammate and love to learn. Being a self-starter, our SEs act as an industry domain authority, and strive to help Cisco make customers for life. Minimum Qualifications -Minimum of 4 years of pre-sales experience -Hands on experience with one or more of these Cisco Security Products (or their competitive equivalent): ******************************************************************** - Experience with whiteboard discussions that transform customer requirements into security solutions Preferred Qualifications - History of successful quota achievement. - Ability to demo / POV any of these Cisco Security products (the more the better): ******************************************************************** - Knowledge of public clouds AWS, Azure, GCP, and OCI. - Experience with incident response a plus - Experience with administering security for a company (e.g. purchased and deployed Cisco security products as a customer) is a plus. - Solid presentation and interpersonal skills. - Highly motivated self-starter who does not need day-to-day management - Experience with APIs and scripting languages **Why Cisco?** At Cisco, we're revolutionizing how data and infrastructure connect and protect organizations in the AI era - and beyond. We've been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you'll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. We are Cisco, and our power starts with you. **Message to applicants applying to work in the U.S. and/or Canada:** The starting salary range posted for this position is $217,200.00 to $274,100.00 and reflects the projected salary range for new hires in this position in U.S. and/or Canada locations, not including incentive compensation*, equity, or benefits. Individual pay is determined by the candidate's hiring location, market conditions, job-related skillset, experience, qualifications, education, certifications, and/or training. The full salary range for certain locations is listed below. For locations not listed below, the recruiter can share more details about compensation for the role in your location during the hiring process. U.S. employees are offered benefits, subject to Cisco's plan eligibility rules, which include medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, paid parental leave, short and long-term disability coverage, and basic life insurance. Please see the Cisco careers site to discover more benefits and perks. Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time. U.S. employees are eligible for paid time away as described below, subject to Cisco's policies: + 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees + 1 paid day off for employee's birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco + Non-exempt employees** receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees + Exempt employees participate in Cisco's flexible vacation time off program, which has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations) + 80 hours of sick time off provided on hire date and each January 1st thereafter, and up to 80 hours of unused sick time carried forward from one calendar year to the next + Additional paid time away may be requested to deal with critical or emergency issues for family members + Optional 10 paid days per full calendar year to volunteer For non-sales roles, employees are also eligible to earn annual bonuses subject to Cisco's policies. Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components, subject to the applicable Cisco plan. For quota-based incentive pay, Cisco typically pays as follows: + .75% of incentive target for each 1% of revenue attainment up to 50% of quota; + 1.5% of incentive target for each 1% of attainment between 50% and 75%; + 1% of incentive target for each 1% of attainment between 75% and 100%; and + Once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay 0% up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid. The applicable full salary ranges for this position, by specific state, are listed below: New York City Metro Area: $223,000.00 - $330,300.00 Non-Metro New York state & Washington state: $217,200.00 - $315,300.00 * For quota-based sales roles on Cisco's sales plan, the ranges provided in this posting include base pay and sales target incentive compensation combined. ** Employees in Illinois, whether exempt or non-exempt, will participate in a unique time off program to meet local requirements. Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

At Customers Bank, we believe in working hard, working smart, working together to deliver memorable customer experiences and having fun. Our vision, mission, and values guide us along our path to achieve excellence. Passion, attitude, creativity, integrity, alignment, and execution are cornerstones of our behaviors. They define who we are as an organization and as individuals. Everyone is encouraged to have personal development plans. By doing so, our team members are on their way to achieve their highest potential and be successful in their personal and professional lives. This role is required to be ONSITE in Malvern, PA Monday through Thursday with Friday remote. Must be eligible to work in the U.S. without requiring sponsorship now or in the future. Who is Customers Bank? Founded in 2009, Customers Bank is a super-community bank with over $22 billion in assets. We believe in dedicated personal service for the businesses, professionals, individuals, and families we work with. We get you further, faster. Focused on you: We provide every customer with a single point of contact. A dedicated team member who's committed to meeting your needs today and tomorrow. On the leading edge: We're innovating with the latest tools and technology so we can react to market conditions quicker and help you get ahead. Proven reliability: We always ground our innovation in our deep experience and strong financial foundation, so we're a partner you can trust. What you'll do: * Control Testing & Evaluation: Assist in definition of and execute testing procedures to assess the design and effectiveness of key internal controls across business units, technology, and operational processes. * Risk & Compliance Alignment: Ensure testing activities are aligned with regulatory standards (SOX, FFIEC, FDIC, etc.) and internal policies. * Issue Identification & Reporting: Document test results, identify control deficiencies, and provide clear recommendations for remediation. * Collaboration: Work closely with business process owners, auditors, compliance, and risk teams to ensure timely resolution of identified issues. * Process Improvement: Recommend enhancements to testing methodologies, control design, and risk management practices to strengthen the bank's control environment. Maintain awareness of industry regulatory environment and threat landscape. * Documentation & Communication: Prepare executive-ready reports, dashboards, and presentations for senior management and regulators, and information technology peers. * Continuous Monitoring: Participate in ongoing monitoring and follow-up activities to confirm remediation effectiveness and sustainability. What do you need? * Must-Haves * 3+ years of experience in internal audit, compliance testing, risk management, or internal controls. * Strong knowledge of information security and IT risk control frameworks (e.g., COSO, COBIT, NIST). * Understanding of financial, operational, and IT control environments. * Strong analytical skills with attention to detail and accuracy. * Excellent written and verbal communication skills with the ability to present complex findings clearly. * Bachelor's degree in information systems, or related field. * Key Skills * Risk and control assessments in highly regulated environments * Understanding of information technology infrastructure (networking, Active Directory, backups, etc.) * Process analysis and documentation. * Strong interpersonal skills to work across departments. * Proficiency with Microsoft Office applications (Excel, Word, PowerPoint). * Develop and maintain working relationships with audit, GRC, and IT teams to promote continuous control awareness and improvements. * Nice-to-Haves * Professional certifications such as CIA, CISSP, CISA, Microsoft certifications, or CRMA. * Experience with GRC (Governance, Risk, and Compliance) tools. * Banking or financial services industry experience Customers Bank is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also provide "reasonable accommodations", upon request, to qualified individuals with disabilities, in accordance with the Americans with Disabilities Act and applicable state and local laws. Diversity Statement: At Customers Bank, we believe in working smart, working together, and having fun while delivering innovative solutions and memorable experiences for our customers. We are committed to the continual advancement of a culture which reflects the value we place on diversity, equity, and inclusion. We honor the diverse experiences, perspectives, and identities of our team members, and we recognize that it is their passion, creativity, and integrity that drives our success. Step into your future with us! Let's take on tomorrow.

The Cloud Security Specialist is a senior technical and leadership position responsible for implementing, managing, and continuously improving cloud security across multi cloud environments including AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).This role combines hands on technical execution with team leadership. The successful candidate will lead a team of cloud security engineers, develop secure architectures, and manage enterprise grade cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Container Security, API Security, and AI Security Posture Management (AISPM).The individual will partner with cloud service, DevOps, and application teams to design secure deployments, enforce policies, and integrate automation for vulnerability remediation, threat detection, and compliance. They will also implement secure private connectivity between cloud and on premise networks using technologies such as AWS PrivateLink and Azure ExpressRoute. Required Education/Experience Master's Degree and with 3 years of relevant experience IT or Information security or Bachelor's Degree and with 5 years of relevant experience IT or Information security or Associate's Degree and with 6 years of relevant experience IT or Information security or High School Diploma/GED and with 8 years of relevant experience IT or Information security. Preferred Education/Experience Master's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 3 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Bachelor's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 5 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Relevant Work Experience Handson experience with at least two major cloud providers (AWS, Azure, GCP, or OCI), required. Implementation and management experience with CSPM, CWP, AISPM, and API security platforms, required. Knowledge of IAM, rolebased access control, and policy enforcement, required. Experience integrating cloud telemetry and logs with SIEM tools, required. Understanding of hybrid connectivity and private link technologies (PrivateLink, ExpressRoute), required. Experience with scripting (Python, PowerShell, Bash) and automation, required. Experience with WAF and cloud API gateway configurations, required. Strong understanding of cloud network fundamentals and background in cloud network security, and secure architecture design, required. Experience collaborating with cloud service teams for planning and remediation, required. Experience implementing application security best practices and training engineering teams, required. Familiarity with CDN operations, certificates, and brand monitoring preferred, required. Experience with SIEM integration, telemetry collection, and event analysis, preferred. Demonstrated experience leading technical teams or project groups, preferred. Experience with Container Security, preferred. Experience securing API endpoints and implementing advanced cloud application protections, preferred. Knowledge of AI/ML data protection and secure model deployment practices, preferred. Experience integrating security automation into DevSecOps workflows using Terraform or Ansible, preferred. Experience developing and delivering cloud security training and awareness programs, preferred. Skills and Abilities Effective leadership skills Demonstrated problem solving skills Demonstrated problem solving skills Strong written and verbal communication skills Ability to drive multiple projects to successful completion Proactively approaches responsibilities Licenses and Certifications Driver's License Required Other: CISSP, CCNP Security, GSEC, GCIH, CEH, or equivalent certifications. Preferred Other: CCSP, AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or OCI Security Professional. Preferred Physical Demands Ability to push, pull, and lift up to 25 pounds Sit or stand to use a keyboard, mouse, and computer for the duration of the workday Additional Physical Demands The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. Core Responsibilities Lead and mentor a team of cloud security engineers, fostering technical excellence and professional growth. Architect and maintain secure multi-cloud environments across AWS, Azure, GCP, and OCI in partnership with Enterprise Architecture. Deploy and manage CSPM platforms to drive continuous visibility, compliance, and risk posture improvement. Implement CWP solutions to protect cloud workloads, prevent threats, and manage vulnerabilities effectively. Define and enforce IAM policies and least-privilege principles to strengthen identity security across all platforms. Design and secure private and hybrid connectivity using technologies such as AWS PrivateLink, Azure ExpressRoute, and Google Cloud Interconnect. Integrate cloud telemetry and security events with SIEM systems to enhance incident detection and response capabilities. Automate provisioning, configuration, and remediation workflows using IaC tools like Terraform and Ansible, supported by Python or PowerShell scripting. Implement and manage WAF policies and API gateways to safeguard cloud applications and services. Partner with DevOps and engineering teams to embed security within CI/CD pipelines and promote secure development practices. Collaborate with risk and architecture teams to assess emerging technologies and align them with enterprise security strategy. Stay informed on evolving threats, regulatory frameworks, and AI security trends to continuously improve cloud security posture.

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details Job Description for IAM Hygiene Analyst III role This role is responsible for supporting the Execution and Improvement of IAM operations across the enterprise, specifically within the IAM Hygiene space. This role will assist with continuously detecting, remediating, and preventing identity-related risks by maintaining accurate, minimal, and secure identity data, access configurations, and authentication mechanisms, as well as assisting with other IAM Governance related functions where needed. The Analyst II will be responsible to generate possible hygiene actions (hypotheses), using approved Cencora tooling, to proactively identify and escalate potential identity-related control gaps, data integrity issues, process deficiencies, and other hygiene concerns; collaborate with stakeholders to validate gaps, evaluate root causes and drive timely remediation. This role is key to creating and maintaining a mature IAM Hygiene function to ensure access is controlled, organized, and following the concept of “least privilege”. The ideal candidate will have hands-on experience remediating identity and access related risks. This role works closely with more senior IAM analysts, engineers, and business stakeholders to ensure secure and efficient access to systems and data. The Analyst II also supports the development of IAM procedures, participates in user support and troubleshooting, and contributes to continuous improvement efforts. They are expected to demonstrate learning agility, attention to detail, and a strong commitment to operational excellence and user experience. Primary Duties and Responsibilities: Identify and take appropriate actions around unused or stale accounts. Identify and take appropriate actions around unused or stale accounts. Ensure Policies and Control Standards are being followed and work toward training, awareness, and resolution where gaps are identified. Monitor and analyze identity-related activities to identify and remediate risky accounts, authorizations, and configurations, ensuring compliance with policies. Assist in the development and maintenance of comprehensive processes for identity threat detection and response, including the creation of runbooks and workflows. Collaborate with cross-functional teams to evaluate and align on identity analytics tools and data structures to enhance IAM capabilities. Develop and track key performance indicators (KPIs) and key risk indicators (KRIs) for IAM hygiene, providing insights and recommendations to improve identity management practices. Support the establishment of a culture of continuous improvement by leveraging incident learnings to refine IAM processes and protocols. Ensure Policies and Control Standards are being followed and work toward training, awareness, and resolution where gaps are identified. Qualifications: 4+ years of experience IAM or related field 1+ years in an IAM Hygiene or IAM Governance role Bachelors degree or equivalent experience Skills and Knowledge: Behavioral: Strong understanding of IAM concepts, practices, and technologies including Least Privilege, Privileged Access Management (PAM), Identity Lifecycle management and access controls Familiarity with SailPoint Familiarity with Axonius (preferred) Familiarity with NIST framework Strong analytical and problem-solving skills, with the ability to interpret data and make informed decisions. Ability to operate independently and within a team structure Effective communication and collaboration skills Strong time management, with ability to multi-task and shift from task to task effectively in a fast-paced environment. Technical Skills: IAM Lifecycle and Access provisioning Authentication Support (MFA and SSO) IAM Policy and Standards (NIST, ISO 27001, HITRUST) IT Risk and Compliance Awareness Root Cause Analysis and Incident Support Reporting and Documentation Threat Monitoring and Alert Response Tools Knowledge: IAM Platforms (e.g., SailPoint, Saviynt, Okta, Ping Identity) Directory Services (Active Directory, Azure AD) ITSM Tools (e.g., ServiceNow) Security Tools (SIEM, EDR, SOAR) Programming/Scripting (e.g., Python, PowerShell, SQL) Microsoft Office Suite What Cencora offers We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit ************************************** Full time Equal Employment Opportunity Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call ************ or email ****************. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned Affiliated CompaniesAffiliated Companies: AmerisourceBergen Services Corporation

Information Security Specialist Job Responsibilities: Safeguards information system assets by identifying and solving potential and actual security problems. Information Security Specialist Job Duties: Protects system by defining access privileges, control structures, and resources. Recognizes problems by identifying abnormalities; reporting violations. Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines security violations and inefficiencies by conducting periodic audits. Upgrades system by implementing and maintaining security controls. Keeps users informed by preparing performance reports; communicating system status. Maintains quality service by following organization standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Contributes to team effort by accomplishing related results as needed. Information Security Specialist Skills and Qualifications: System Administration, Network Security, Problem Solving, Information Security Policies, Informing Others, Process Improvement, On\-Call, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches. "}}],"is Mobile":false,"iframe":"true","job Type":"Full time","apply Name":"Apply Now","zsoid":"641401441","FontFamily":"Verdana, Geneva, sans\-serif","job OtherDetails":[{"field Label":"Industry","uitype":2,"value":"Technology"},{"field Label":"City","uitype":1,"value":"Brooklyn"},{"field Label":"State\/Province","uitype":1,"value":"New York"}],"header Name":"Information Security Specialist","widget Id":"**********00072311","is JobBoard":"false","user Id":"**********00133003","attach Arr":[],"custom Template":"3","is CandidateLoginEnabled":true,"job Id":"**********00267067","FontSize":"12","location":"Brooklyn","embedsource":"CareerSite","indeed CallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do","logo Id":"2qf78d018cc5be94b40bbbcb719566377b192"}

Principal Information Security Analyst (Tier 2) As a Principal Information Security Analyst within Gen Digital's global Security Operations Center (SOC), you will play a key role in strengthening threat detection and response across the organization. The role focuses on improving SOC monitoring and detection processes through technical expertise, continuous development, and close collaboration with other security teams. In this position, you will serve as a senior specialist, leading automation and detection engineering efforts, mentoring junior analysts and contributing to projects that enhance security visibility and overall SOC performance. Operating in a follow-the-sun model, the SOC ensures 24/7 global coverage, with regional teams working during their respective business hours and sharing on-call responsibilities for weekend. Key Responsibilities: * Monitor, analyze, and correlate security alerts and events across multiple platforms (SIEM, WAF, EDR, email, cloud, network, and threat intelligence tools) to identify and validate suspicious or malicious activity * Continuously develop and fine-tune detection rules, correlation searches, security policies, and dashboards to improve visibility, reduce false positives, and increase alert accuracy across security platforms * Support and mentor Tier 1 analysts in alert triage, escalation quality, and use of tools * Collaborate with security engineers on automation and enrichment initiatives to streamline operational workflows and improve detection efficiency * Maintain complete and up-to-date documentation for all detection use cases, workflows and process improvements * Participate in security projects and collaborate with internal stakeholders (e.g., Incident Response, Security Engineering, Application Security, and IT) to enhance detection coverage, visibility, and response capabilities * Support the execution of incident response playbooks Qualification and Work Experience: * 3-5 years of hands-on experience in SOC operations, cybersecurity monitoring, or related areas such as detection engineering or threat analysis * Solid understanding of networking concepts (TCP/IP, DNS, HTTP/S) and how they apply to security monitoring and threat analysis * Strong knowledge of cybersecurity principles, common attack techniques, and threat types (e.g., phishing, malware, brute force, web application attacks) * Proven experience working with security logs, alerts, and structured data across multiple platforms (SIEM, EDR, WAF, cloud, and network telemetry) * Hands-on experience with SIEM platforms - Splunk preferred - including detection content development, rule tuning, and dashboard creation * Familiarity with Web Application Firewall (WAF) technologies and the ability to analyze or tune related alerts and policies * Understanding of cloud security concepts and experience with monitoring tools for major providers (AWS, Azure, GCP) * Working knowledge of scripting or automation (e.g., Python, PowerShell, or API-based integrations) to support analysis and enrichment workflows * Experience using AI-based tools to support daily SOC operations, including data analysis, investigation, documentation, and collaboration * Strong analytical and problem-solving skills with attention to detail and curiosity for continuous learning * Effective communication and documentation skills in English, both written and verbal * Experience collaborating across teams (e.g., Security Engineering, Incident Response, Application Security) on detection improvements or automation projects * Prior experience in a Security Operations Center (SOC) or similar environment is highly preferred * Familiarity with the fintech environment or experience supporting financial services infrastructure is considered a strong advantage #LI-AS1 Gen is proud to be an equal-opportunity employer, committed to diversity and inclusivity. We base employment decisions on merit, experience, and business needs, without considering race, color, national origin, age, religion, sex, pregnancy, genetic information, disability, medical condition, marital status, sexual orientation, gender identity or expression, military or veteran status, or other unlawful factors. Gen prohibits discrimination based on these protected characteristics and recruits talented candidates from diverse backgrounds. We consider individuals with arrest and conviction records and do not discriminate against employees for discussing their own pay or that of other employees or applicants. Learn more about pay transparency. To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.

About the Role: The Network Security Engineer will design, implement, and manage secure network infrastructure to ensure uninterrupted business operations. Responsibilities: Configure and maintain firewalls, VPNs, and IDS/IPS systems. Perform network security monitoring and incident response. Conduct penetration testing and simulate attacks to identify weaknesses. Harden routers, switches, and network devices. Optimize performance without compromising security. Requirements: 3+ years experience in network engineering/security. Strong knowledge of Cisco, Palo Alto, or Fortinet firewalls. Experience with network protocols (TCP/IP, DNS, SSL, VPN). CCNA Security, CCNP Security, or equivalent certifications. Required Skills: Information Security Security

Come work with us: Metropolitan Commercial Bank (the “Bank”) is a full-service commercial bank based in New York City. The Bank provides a broad range of business, commercial, and personal banking products and services to individuals, small businesses, private and public middle-market and corporate enterprises and institutions, municipalities, and local government entities. Metropolitan Commercial Bank was named one of Newsweek's Best Regional Banks and Credit Unions 2024. The Bank was ranked by Independent Community Bankers of America among the top ten successful loan producers for 2023 by loan category and asset size for commercial banks with more than $1 billion in assets. Kroll affirmed a BBB+ (investment grade) deposit rating on January 25, 2024. For the fourth time, MCB has earned a place in the Piper Sandler Bank Sm-All Stars Class of 2024. Metropolitan Commercial Bank operates banking centers and private client offices in Manhattan, Boro Park, Brooklyn and Great Neck on Long Island in New York State. The Bank is a New York State chartered commercial bank, a member of the Federal Reserve System and the Federal Deposit Insurance Corporation, and an equal housing lender. The parent company of Metropolitan Commercial Bank is Metropolitan Bank Holding Corp. (NYSE: MCB). Position Summary: We are seeking a highly motivated and analytical Information Security Analyst to join our Line 2 Information Security team. This position plays a critical role in supporting the Bank's IT Risk & Cyber Resilience functions, including IT risk assessments, user access reviews, business continuity, and operational resilience practices. The role reports to the VP of IT Risk & Cyber Resilience, under the broader direction of the Chief Information Security Officer (CISO). This position is ideal for professionals with 1-4 years of relevant experience in cybersecurity, risk management, audit or IT governance, and who hold or are pursuing an advanced degree. We have a flexible work schedule where employees can work from home one day a week. Essential duties and responsibilities: IT Risk Assessments: Assists in the planning, execution, and documentation of IT risk assessments against minimum security standards, for the entire IT asset inventory. Review control environments, identify control gaps, and work with first-line partners to ensure risk mitigation plans are in place Internal IT Controls Testing and Validation Execute validation testing of IT internal controls to ensure design and operating effectiveness across infrastructure, applications, databases, and systems. Apply risk analysis principles to determine testing scope, focus, objectives, and rationale. Develop testing strategies, including the selection of samples, sample sizes, and testing methodologies. Analyze testing results, identify exceptions, and recommend actionable steps to address control deficiencies and strengthen internal processes. Prepare thorough working papers and document control testing findings to ensure accuracy and alignment with standards. User Access review Governance: Coordinate and oversee the user access review process across business applications and infrastructure. Ensure alignment with access control policies and identity governance best practices. Business Continuity Planning (BCP): Support the development, maintenance, and testing of business continuity and resilience plans. Work with business units to ensure plan completeness and alignment with enterprise resilience strategies. Operational Outage Investigations: Assist in root cause analysis and risk review of IT outages and incidents and determine if BCPs need to be updated. Track remediation efforts and document lessons learning for reporting to senior leadership. Governance Reporting: Develop and maintain risk metrics, dashboards, and material for the IT and IS Steering Committee and Operational Risk Management Committee. Draft risk summaries and escalation reports for senior management, auditors, and regulators, where appropriate. Policy Framework Support: Support the development and refinement of policies, standards, and procedures related to IT and Cyber Risk Management, Business Continuity, and security governance. Required knowledge, skills and experience: Graduate degree in Information Technology, Information Security, Risk Management, Finance, or Accounting. Candidates with IT audit or IT controls and/or audit experience preferred. Experience and or education in IT controls testing, risk management, or IT audit. Strong knowledge of IT internal controls, infrastructure, and applications. Familiarity with IT risk frameworks such as NIST, COBIT, or ISO 27001. Ability to analyze and document control deficiencies, root causes, and remediation efforts. Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint). Strong analytical, verbal, and written communication skills with attention to detail. Ability to interact effectively with IT teams, risk management partners, and stakeholders. Exposure to Third-Party Risk Management (TPRM) or vendor IT controls assessment. Preferred knowledge, skills and experience: Certifications (e.g., CISA, CRISC) are a plus. Potential Salary: $80,000 - $100,000 annually This salary range only reflects base wages and does not include benefits, bonus, or incentive pay. Salary bands are purposefully wide ranging to encompass the different factors considered in determining where a candidate falls in the range, including but not limited to, seniority, performance, experience, education, and any other legitimate, non-discriminatory factor permitted by law. Metropolitan Commercial Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

The Systems Engineer position is responsible for providing full cycle implementation and support of customer systems, while working across multiple company departments to ensure full client satisfaction. Under the direction of a manager or dispatcher, coordinates the design and maintenance of all access control, intrusion, and video surveillance systems. Incumbent receives and evaluates work orders and requests, investigates requests and troubleshoots problems where appropriate, establishes priorities and coordinates with contractors, when required. Requirements Essential functions and responsibilities: Assists with security systems integration, mapping and software updates and helps train personnel in the use of these systems. Assists on new projects in both existing areas and new construction helping with security assessments, vendor selection, technology upgrades, product selections, testing, field verification of systems and inspection of work in progress for compliance with standards Assess work sites, conditions, and logistics for each project; Develop Method of Procedure based on pre-project assessment. Design, develop and provide documentation of systems, configurations, and other pertinent information for the customer. Communicate with clients to resolve issues in a professional and confidential manner; Develop and execute client specific solutions. Manage the allocation of project resources, including software, hardware, tools, and related items specific to each customer and/or project. Direct the work responsibilities of union labor personnel based on specific project needs. Design and oversee training programs for new and existing customers; Determine which customers receive training. Collaborate with Customer Relationship Managers on demonstrations for new and potential clients. Perform installation, configuration, programming, and final commissioning of customer systems. Work collaboratively with installation, project management and engineering teams. Perform infrastructure services, including pulling cables, installing wall, and ceiling cabling, and installing surface mounted devices, as required. Perform system wiring and terminations services, as required. Deliver on-going remote and on-site technical support for existing customers and systems. Additional responsibilities may be required as necessary, including but not limited to: Provide internal support for basic trouble shooting. Organizes and manage parts stock and tools. Perform other duties as needed. Success factors/job competencies: Effectively communicate both in writing and verbally Work independently and prioritize multiple tasks and adapt to needed change Analysis Mechanical aptitude Comprehend technical language and read and interpret blueprints, wiring diagrams, and schematics Safety orientation Customer Focus Attention to Detail Teamwork/Collaboration Stay abreast of changes in security technology Physical demands and work environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Individual will be required to travel to customer sites as needed. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts. The employee is occasionally exposed to outside weather conditions and risk of electrical shock. Individual will regularly be required to lift, push, pull, and carry up to 50 pounds, and occasionally up to 75 pounds. Incumbent will be required to use a computer with keyboard, telephone, or handheld mobile device for extended periods of time, and office machinery as needed. Incumbent must be able to read, see, hear, and speak. Workdays and Shifts: Position works Monday-Friday, daylight hours, and additional time as needed to complete work. Education/Certification(s)/License(s) required: Bachelor's Degree in Electronics, Information Technology or related field, or equivalent experience. May be required to participate in safety trainings and/or certifications provided by the Company or customers. Valid driver's license, as employee will be required to travel to local and overnight client sites as needed. Manufacturer specific certifications, as required. Responsible to maintain active certifications and obtain new and updated certifications as required by the Company. Experience/Other required: Position requires two (2) to three (3) years of relevant experience in the electronic services. Strong knowledge of Microsoft Office. Strong computer skills with advanced software aptitude. Security systems to include, service and maintenance across a broad spectrum of access control, intrusion and video surveillance systems such as, Genetec, Milestone, Bosch, and DMP. Applicants must be currently authorized to work in the United States on a full-time basis. Visa sponsorship is not available for this position. This is a full-time, in-person position, and candidates must be able to work from our office located in Pittsburgh, Pennsylvania.

Job Description Here at SFCU we define our culture as one of GROWTH . Growing our member, growing our employee, and growing our organization. This is a great opportunity to join our innovative and growing SFCU team. Reporting: Hybrid - travel to Sidney, NY required Salary: $70,544 - $88,180 Position Summary The Information Security Analyst plays a critical role protecting the organization's digit assets, ensuring the confidentiality, integrity, and availability of information systems. This role involves monitoring security events, identifying vulnerabilities, and implementing safeguards to defense against cyber threats. Key Responsibilities Information Security Security monitoring and incident response: Investigate SIEM alerts, analyze logs, coordinate containment, and support post-incident reviews. Regulatory compliance support: Assist with GLBA, NCUA, NIST Cybersecurity Framework 2.0, and internal audit activities. Vulnerability management: Perform scans, validate findings, prioritize remediation, and track closure with IT teams. Access control administration: Support access review program and review identity protection logs. Risk assessments: Support periodic risk assessments, evaluate control effectiveness, and document mitigation plans. Vendor security reviews: Assess third-party risk, review SOC reports, ad ensure vendors meet security requirements. Security awareness initiatives: Deliver training, run phishing simulations, and promote a strong security culture. Audit and reporting: Prepare documentation for audits, board reports, and regulatory examinations. Knowledge, Skills and Abilities Required Qualifications 3-5 years of information security experience in a financial or regulated environment Bachelors degree in a relevant Information Technology field Knowledge of financial regulations such as GLBA, NCUA, and FFIEC Experience with SIEM, EDR, and vulnerability scanning tools Understanding of networking, operating systems, and security architecture Ability to analyze threats and recommend mitigations strategies Strong documentation and communication skills Attention to detail, analytical thinking, cross team collaboration and adaptability in a regulated environment Preferred Qualifications Security certifications such as Security+, CySA+, CEH, or CISSP associate Experience with core banking systems and financial applications Scripting or automation skills (Python, PowerShell) Equal Opportunity Employer/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Job Posted by ApplicantPro

McLaughlin Research has several openings (pending award) for Information Systems Security Engineers at the Naval Surface Warfare Center, Philadelphia Division. The Information System Security Engineer (ISSE) designs, develops, implements, and integrates advanced cybersecurity solutions to protect the organization's information systems and data assets. The ISSE III functions as a technical subject matter expert, applying security engineering principles across the system development lifecycle to identify vulnerabilities, mitigate risks, and maintain compliance with information assurance standards. This position often works with classified systems and complex networking environments. Requirements Key Responsibilities Security Architecture and Design: Designing and implementing security architectures for various environments and ensuring trusted relationships between systems. Risk Management and Compliance: Assessing and mitigating threats, leading the creation of security artifacts like SSPs and RARs, supporting system accreditation under frameworks like RMF, and ensuring compliance with policies such as DoD and NIST SP 800-series. Vulnerability Management and Incident Response: Conducting vulnerability assessments and ethical hacking, performing risk assessments, leading incident response, and managing automated scanning tools like ACAS and SCAP. Mentorship and Team Leadership: Guiding junior engineers and analysts and leading teams to achieve security goals. Cross-Functional Collaboration: Representing security engineering on technical teams and interfacing with stakeholders to translate requirements. Required Qualifications Education: BS in Computer Science or relevant field. Experience: 3-10 years in information security engineering, with specific experience potentially needed for DoD or SAP environments. Certifications: Must meet DoD 8570/8140 compliance (IASAE Level III, IAT Level III, or IAM Level III) and hold certifications such as CISSP, CASP+, CISM, CSSLP, or CISSP-ISSEP. Technical Skills: Expertise in RMF, NIST SP 800-53, DISA STIGs/SRGs, experience with security tools (e.g., eMASS, ACAS, Splunk), and knowledge of operating systems and networks (Windows, Linux, Cisco). Scripting proficiency is beneficial. Security Clearance: U.S. citizenship and eligibility to obtain an active security clearance. Equal Employment Opportunity Statement: McLaughlin Research Corporation is an Equal Opportunity and Affirmative Action Employer. It is our policy to recruit, hire, promote, and train for all positions without regard to age, race, creed, religion, national origin, gender identity, marital status, sexual orientation, family responsibilities, pregnancy, minorities, genetic information, status as a person with a disability, amnesty or status as a protected veteran, and to base all such decisions upon the individual's qualifications and ability to perform the work assigned, consistent with contractual requirements and all federal, state and, local laws. EEO is the Law: Applicants and employees are protected under Federal law from discrimination.