Cyber security analyst jobs in Lloyd, NY

Job Title: Cyber Security Risk Analyst. Job Type: Contract. IS NOT OPEN TO AGENCIES. The Cyber Security Risk Analyst supports enterprise governance, risk, and compliance (GRC) initiatives by strengthening cyber risk management practices, enhancing third-party risk oversight, and contributing to cybersecurity governance across a complex organizational environment. This role works closely with cybersecurity leadership, internal stakeholders, and partner teams to mature risk assessment processes and ensure consistent, well-documented risk management activities. Key Responsibilities Design, develop, and enhance cybersecurity risk management processes and supporting frameworks Support enterprise cyber risk governance, including risk identification, evaluation, and remediation tracking Perform cybersecurity risk assessments in collaboration with business and IT stakeholders Evaluate and manage third-party and vendor cybersecurity risk throughout the vendor lifecycle Contribute to the development and maintenance of a third-party risk register Review and analyze cybersecurity risk cases, exceptions, and justifications Document risks, mitigations, and remediation actions within a centralized risk register Assist in developing risk assessment procedures, methodologies, and testing approaches aligned with industry frameworks Collaborate with cross-functional teams and subject matter experts to gather risk intelligence Support remediation efforts by helping initiate corrective actions where vulnerabilities or weaknesses are identified Participate in special cybersecurity initiatives and projects as assigned Required Qualifications Minimum of 4 years of experience in one or more of the following areas: Cybersecurity risk management Cybersecurity risk assessment Third-party or vendor risk management within a cybersecurity function Strong understanding of GRC concepts and the cyber risk lifecycle Experience working in large, complex, multi-stakeholder environments Strong analytical, investigative, and documentation skills Excellent written and verbal communication skills Preferred Qualifications Bachelor's degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field Familiarity with one or more cybersecurity frameworks or standards, including: NIST ISO/IEC 27001 / 27002 CIS SANS PCI Relevant certifications are a plus, including but not limited to: CISSP, CISM, CRISC, CISA CompTIA Security+, CySA+, Network+ GIAC certifications Knowledge of cybersecurity laws, regulations, and data privacy principles Ability to work independently in a self-directed and organized manner About Buchanan Technologies Since Buchanan's inception over 30 years ago, we have operated on 5 core values - People Matter, Customers Matter, Principles Matter, Community Matters, and Every Interaction Matters. These values are represented across each facet of the company, from employee relations to client service delivery to corporate social responsibility initiatives and beyond. Why Work at Buchanan? At Buchanan Technologies, we offer a great employment experience with a fun but professional work environment, competitive salary, and various employee career advancement programs that add value to your skills and daily life. If you are excited about being part of an energetic team where your contributions are appreciated and hard work is recognized, Buchanan is the place for you. Things We Are Passionate About We are passionate about providing top-tier technology services to our customers and clients and fostering a culture of continuous learning for our employees. We are a people- centric company, focused on growth and diversity for our workforce. Come join us and let's build something amazing together. Follow Us: LinkedIn: ******************************************************* Website: **************** Buchanan Technologies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, protected veteran status, or genetics. In addition to federal law requirements, Buchanan Technologies complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Job information: Functional title - Application Security Specialist Department - IT Security Corporate level - Vice President Report to - Director, Application Security Expected full-time salary range between $ 140,000- $180,000 + variable compensation + 401(k) match + benefits. What you will be doing: Perform Application Security scans (e.g. DAST and SCA) on applications and APIs to identify security vulnerabilities and weaknesses, Triage security findings and collaborate with development teams to prioritize and remediate identified vulnerabilities. Drive threat modelling as a standard part of the SDLC, and develop and maintain threat models for critical applications, identifying potential security risks and proposing mitigations. Drive the Security Champions program, and define and promote secure coding practices, patterns, and standards across development teams. Conduct security reviews and provide guidance on security requirements for new features and projects. Assist in the analysis, selection and rollout of new application security tools, processes, and standards. Stay up to date with the latest security threats, vulnerabilities, and industry best practices. What we're looking for: Proven experience in application security with a focus on application security testing and vulnerability management. Hands-on experience with Application Security tools. Strong understanding of common application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques. Experience with threat modelling methodologies and tools. Proficiency in at least one programming language (e.g., Java, Python, JavaScript). Excellent communication and collaboration skills, with the ability to work effectively in cross functional teams. Strong understanding of risk management. Professional qualifications / certifications Degree in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). Relevant security certifications (e.g. CISSP, CEH, CSSLP) or equivalent is preferred.

ABOUT OUR CLIENT Our Client is a leader in energy management and power trading, leveraging cutting-edge platforms to deliver secure and resilient operations. With a strong focus on protecting systems, data, and intellectual property, they are committed to building a world-class information security program that supports business growth while staying ahead of emerging cyber threats. ABOUT THE ROLE The Information Security Analyst and Engineer will play a key role in safeguarding mission-critical systems, ensuring compliance, and advancing the organization's security maturity. This hybrid role blends hands-on security engineering with proactive monitoring, incident response, and program improvement. The position will collaborate with consultants, managed service providers (MSPs), and internal stakeholders to realize a highly effective security strategy. Reporting directly to the Director of Information Security, the role also provides occasional support to the Infrastructure team with basic system administration and help desk duties. RESPONSIBILITIES Develop and implement processes and technologies to enhance the security program and protect business platforms Monitor security systems and analyze alerts, logs, and reports Analyze vulnerability reports and track remediation across teams and systems Provide metrics to evaluate security program effectiveness Support security training and awareness programs, including phishing campaigns and in-person sessions Research emerging IT security trends, attack techniques, and defensive measures Assist in designing secure architectures across applications and infrastructure Support internal and external risk assessments, vendor reviews, and security audits Analyze penetration test results and drive remediation Contribute to security roadmaps and maturity assessments Safeguard IT assets and intellectual property by recommending best practices and solutions Participate in incident response planning, investigations, and compliance reviews Enhance data loss prevention technologies and processes Respond rapidly to incidents, conduct root cause analysis, and recommend mitigations Support business continuity and disaster recovery planning and testing Validate MSP-delivered security solutions to ensure alignment with standards Use automation to improve efficiency and effectiveness of security processes Maintain and improve information security policies and ensure compliance QUALIFICATIONS Bachelor's degree in Computer Science, Information Security, or a related technical field 3-5 years of IT security experience, with hands-on implementation and analysis Proficiency with EDR or SIEM solutions for configuration and investigations Competency with firewalls, email gateways, internet filters, and VPNs Strong background in network security, protocols, and best practices Understanding of operating system, network, and application security concepts Familiarity with the NIST Cybersecurity Framework Working knowledge of network and data center operations Experience with hybrid, public cloud (Azure preferred), and SaaS environments Strong analytical, troubleshooting, and problem-solving skills Excellent communication skills and attention to detail Adaptability and eagerness to learn new technologies in a collaborative environment PREFERRED QUALIFICATIONS Experience in the energy or financial services industries Familiarity with regulatory compliance frameworks such as NERC CIP or SOX Relevant certifications such as CISSP, CompTIA, or GIAC Experience in Agile and DevSecOps environments Scripting knowledge in PowerShell and/or Python

Client: Metropolitan Transportation Authority Job Title: IGA/Security Analyst Duration: 12+Months Contract Number of Hours: 37.50 Hrs/Week Interview Type: Either Webcam Interview or In Person Ceipal ID: MTA_SECU154_MA Requirement ID: 5154-1 **PLEASE NOTE THIS POITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE. UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME** Overview: The IGA Analyst will play a critical role in strengthening the organization's identity security posture across corporate, frontline, and operational technology (OT) environments. This role will focus on onboarding applications into the enterprise IGA platform, modernizing authentication through FIDO2 and passwordless technologies, and reducing technical debt through effective governance and lifecycle management controls. The ideal candidate has hands-on experience with major IGA, PAM, and MFA platforms, possesses a strong understanding of Active Directory and Entra ID, and can collaborate with cross-functional teams to implement scalable identity controls that align with Zero Trust principles. KEY RESPONSIBILITIES: **Application Onboarding & Integration** * Partner with application owners to onboard and certify applications within the IGA platform (e.g., SailPoint, Saviynt, or Oracle). * Define and enforce access models, entitlements, and approval workflows for new and existing applications. * Establish least-privilege and segregation-of-duties (SoD) controls within IGA. **Identity Security Posture & Technical Debt Reduction** * Identify and remediate identity risks such as orphaned accounts, excessive entitlements, and privileged access sprawl. * Contribute to ongoing cleanup initiatives for AD, Entra ID, and connected systems to align with modern identity hygiene standards. * Support implementation of risk-based access policies and automated lifecycle management processes. **Authentication Modernization** * Support the adoption of phishing-resistant authentication methods, including FIDO2 security keys and passwordless sign-ins. * Collaborate with MFA and SSO platform teams to migrate legacy authentication flows to modern protocols (e.g., WebAuthn, OIDC, SAML). * Evaluate user experience, security impact, and deployment readiness across diverse user populations (corporate, frontline, OT). **Federation & Access Management** * Configure and manage federated SSO integrations via Entra ID and other IdPs. * Apply conditional access and adaptive authentication policies based on user risk, device health, and context. * Coordinate with PAM teams to align privileged session management with federated access controls. **Cross-Domain Collaboration** * Partner with security architecture, IAM engineering, and compliance teams to ensure IGA controls meet enterprise and regulatory standards. * Document and report on metrics related to access certifications, compliance posture, and identity lifecycle performance. * Provide operational support for IGA platform maintenance, upgrades, and new integrations. QUALIFICATIONS * Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience). * 3-5 years of hands-on experience in Identity Governance & Administration (IGA). * Strong knowledge of Active Directory, Entra ID, and federated authentication protocols (SAML, OIDC, OAuth2). * Familiarity with one or more of the following platforms: * IGA: SailPoint, Saviynt, Oracle IDCS * PAM: BeyondTrust, CyberArk, ManageEngine PAM360 * MFA/SSO: Microsoft Entra ID, Duo, Okta, Ping Identity * Working knowledge of Zero Trust, FIDO2, passwordless, and phishing-resistant MFA concepts. * Experience applying IGA controls for diverse user types (corporate, frontline, OT). * Strong analytical, documentation, and communication skills; ability to collaborate across technical and business teams. Additional Skills and Information: * Experience with identity lifecycle automation and role-based access control (RBAC) modeling. * Understanding of privilege escalation risks, identity threat detection, and compliance frameworks (NIST 800-63B, CIS, TSA, etc.). * Scripting knowledge (PowerShell, Python, or SQL) for data analysis or automation. * Familiarity with cloud identity models (Azure, AWS, GCP). V Group Inc. is a NJ based IT Services and Products Company with its business strategically categorized in various Business Units including Public Sector, Enterprise Solutions, Professional Services, Ecommerce, Projects, and Products. Within Public Sector business unit, we cater IT Professional Services to Federal, State and Local. We have multiple awards/ contracts with 30+ states, including but not limited to NY, CA, FL, GA, MD, MI, NC, OH, OR, CO, CT, TN, PA, TX, VA, NM, VT, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant. Please share my contact information with others working in Information Technology. Website: ************************************** LinkedIn: ***************************************** Facebook: ********************************* Twitter: *********************************

IT Security Analyst II - AI & Emerging Technology Security (Contract) We are seeking a Junior to Mid-Level IT Security Analyst with hands-on exposure to AI, Generative AI, and Agentic AI security. This role supports a Product Security organization focused on implementing security guardrails for AI-enabled applications. You will work closely with Data, AI, and Product teams to secure machine learning pipelines, large language models, and agent-based systems in a cloud-native enterprise environment. Key Responsibilities Embed security controls into AI/ML models, LLM-based applications, and agentic workflows across the SDLC Conduct security reviews of Generative AI, traditional ML models, and supporting data pipelines Identify and mitigate AI-specific threats such as prompt injection, data poisoning, model abuse, and insecure agents Support and apply AI security standards aligned with NIST, ISO, and emerging AI governance frameworks Partner with legal, compliance, and privacy teams on AI risk management and regulatory requirements Assist in evaluating and operating AI security and observability tools for model monitoring and data protection Contribute to internal guidance and training on secure AI development practices Required Qualifications Bachelor's degree in Computer Science, Information Security, or related discipline 2+ years of experience in cybersecurity, with exposure to AI/ML environments Experience with cloud-native security concepts and threat modeling Understanding of AI/ML concepts including model training, inference, data labeling, and adversarial attacks Familiarity with core security domains such as authentication, encryption, network security, and IAM Strong communication and collaboration skills within agile or SAFe-based teams Preferred / Nice-to-Have Skills Experience with AI security platforms such as Zenity or HiddenLayer Familiarity with Microsoft security and AI governance tooling, including: Microsoft Defender for Cloud Microsoft Defender for Cloud Apps Azure AI Content Safety Microsoft Purview (data governance / DLP) Exposure to Power Platform, Power BI, or low-code environments, especially implementing DLP or data governance controls Experience with AI model governance or AI security programs Security or cloud certifications (e.g., CCSK, CEH, or AI-focused credentials) Scripting or automation experience for security testing and validation

Apply now: Cloud Security Engineer (Principal InfoSec Specialist), location is Hybrid (Philadelphia, PA). The start date is 12/22/25 for this contract-to-hire position. Job Title: Cloud Security Engineer (Principal InfoSec Specialist) Location-Type: Hybrid (80% remote, 20% onsite - Philadelphia, PA) Start Date Is: 12/22/25 Duration: 6-month contract-to-hire Compensation Range: $80-102/hr on W2 ONLY Job Description: Serve as a subject matter expert for cloud security architecture and controls, driving risk-based outcomes and optimizing cloud security operations in a hybrid multi-cloud environment. Day-to-Day Responsibilities: Design, implement, and optimize cloud security controls and tools Support cloud migration and secure cloud services delivery Collaborate across internal teams and vendors on security architecture Manage security tools like EDR, SIEM, IAM, CSPM Lead or support incident response, system hardening, and compliance activities Participate in audits, risk assessments, and governance forums Mentor junior InfoSec engineers Ensure alignment with industry standards and compliance frameworks Requirements: Must-Haves: Bachelor's Degree 12+ years of IT experience, with 6+ years in InfoSec and 3+ years in IAM, RBAC, or related areas Strong experience with cloud/virtualization technologies (Azure preferred) Experience with multi-cloud security, identity management, and regulatory compliance Proficiency in tools like Microsoft Defender, Sentinel/Splunk, Wiz, Entra ID, Terraform CISSP certification Nice-to-Haves: Cloud security certifications (e.g., Azure Security Engineer, AWS Certified Security) Experience working with high-performance matrixed teams Familiarity with clinical systems (e.g., Epic, Lawson) and SDLC methodologies Benefits: This role is eligible to enroll in both Mondo's health insurance plan and retirement plan. Mondo defers to the applicable State or local law for paid sick leave eligibility

Senior Security Engineer (US) New York & Boston candidates: Office-based Other listed states: Remote employees considered Contract: Full-time, Hybrid / Flexible | 35-hour week Salary: $175,000 base + 15% bonus Overview We are seeking a hands-on, senior security engineer to proactively strengthen our security posture across cloud-native and hybrid environments. This highly technical, strategic role will lead security platform integration, governance, threat detection, and mentoring, while influencing security-first practices across the organisation. Key Responsibilities Security Architecture & Engineering Lead integration and optimisation of Zscaler, Wiz (EDR/CSPM/CNAPP), and endpoint protection (EDR/XDR) to maximise prevention, detection, and response. Develop detection rules and manage analytics in Microsoft Sentinel and Wiz. Conduct proactive threat hunting, posture management, and remediation validation. Administer Zscaler Internet Access (ZIA), including policy tuning, SSL inspection, forwarding profiles, and authentication flows. Troubleshoot traffic flows and collaborate with DevOps, IT, and R&D to integrate security into CI/CD pipelines and infrastructure-as-code. Compliance, Audit & Governance Ensure compliance with NIST SP 800-53, NIST SP 800-171, SOC 2, ISO/IEC 27001:2022, and client-specific requirements. Lead audits, penetration testing, and maintain continuous audit readiness. Security Operations & Incident Response Develop, tune, and manage detection rules and playbooks across Wiz, Zscaler, and other platforms aligned with MITRE ATT&CK. Hunt threats, triage alerts, and lead incident investigations. Manage advanced email security with Microsoft Defender for Office 365. Drive automation and orchestration initiatives to improve operational efficiency. Stakeholder Engagement & Leadership Act as a technical advisor on Zero Trust, cloud security, and operations. Mentor junior staff and foster a security-first culture. Communicate complex security concepts clearly to technical and non-technical stakeholders, including senior leadership. Mandatory Platform Expertise GitGuardian CyberHaven Wiz Advanced & Defend Zscaler Email Security (various platforms) Education & Preferred Certifications Master's degree in Information Security, Computer Science, or related field. GIAC certifications: GCIA, GCED, GCIH, GDAT, GDSA, GMON Microsoft Cloud Security certifications: AZ-500, AZ-305, SC-300

You will provide guidance and technical support to clients deploying security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Your thorough understanding of our product integrations contributes to the development of new principles and concepts - providing detailed analysis around what's working, what's not, and what could be better. You enjoy implementation work, are proactive about resolving potential concerns, and operate well around strict best practices that enable our clients on their road to a more secure digital world. You're creative, innovative, and you love a challenge - learning how integrations might work better around new products and technologies. Responsibilities Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution Configure, implement, and maintain Security Operating Platform Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall Test and validate the migration environment Coordinate and execute cutover to production Provide guidance on code upgrades Facilitate the development of new application and threat signatures Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases Some travel may be required, dependent on customer request You work with the customer's security & network teams to build confidence across the business units impacted by the change Experience High level of experience with Panorama and log collectors NGFW Global Protect BS in Computer Science, MIS, business, or equivalent education/training/experience Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching) Minimum of 3 years' experience leading security solutions in large environments) Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products You're experienced in internetworking, LAN, and WAN technologies You have a good understanding of Internet protocols and applications Any of the following industry certifications or equivalent experience is a plus: CISSP, CCNA, PCNSE, JNCIE-SEC You effectively handle multiple projects and work calmly in high pressure You're an excellent writer, with strong verbal communication skills, with demonstrable ability to communicate to senior leaders and technical peers

This young and agile company, providing identity risk solutions is currently seeking a Senior Cloud Security Engineer with a focus on Infrastructure and Security to join their growing team. You will assist with the continuous maturation of their Cloud Security services within the Security division. This is an excellent opportunity for an experienced Cloud Security Engineer with experience in both Infrastructure and Security to take the next step into a challenging position with a company offering significant growth potential. About the Company: Founded in the last 10 years, they are one the fastest growing companies in their space. They are a fast-growing company that have built a platform that allows finance organisations and fintechs to strengthen their security defences. Their mission is to allow companies to manage their identity and fraud risk. Everything they do is entrenched in achieving engineering excellence. Their culture is not corporate, and they like to trust their employees to take on a lot of responsibility and have input into the shape of growth of the organisation. About the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: What you will be doing: • Serve as a cloud security subject matter expert, advise on and implementing best practices • Respond to security incidents and provide timely and appropriate solutions • Conduct cloud security risk assessments and audits • Conduct investigations into security incidents and potential threats • Take part in on call rotations for incident response and remediation • Assist with policy management, security audits, and due diligence for cloud security concerns • Advise on, configuring, and managing a variety of security tools • Keep informed about and respond to emerging security threats and vulnerabilities • Assist with cloud security reviews of potential vendors Ideal Requirements for the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: • Several years of experience working in a similar role with a focus on Cloud Security in AWS • Experience provisioning infrastructure in AWS using Terraform, CloudFormation, CDK, or similar tools • Experience configuring VPCs, route tables, NACLs, Security Groups, iptables, Web Application Firewall, Config, GuardDuty, Inspector, KMS, IAM, etc. • In depth knowledge of AWS security best practices around systems hardening, monitoring, and incident response • Experience taking part in an on-call rotation • You are passionate about securing infrastructure, reducing risk, and protecting data! • You are a subject matter expert on cloud security in AWS • You have a solid understanding of network architecture and protocols • You can advise on cloud security policies and procedures Apply to the Role: Roles like these are snapped up very quickly, so act now if you do not want to miss out! Reply to this advert or email your CV to **********************

115-125k / Hartford CT / Hybrid Role / Security & Complaince We are seeking a Security Engineer with strong technical expertise and a focus on compliance to join our team. The ideal candidate will be responsible for designing, implementing, and maintaining security solutions while ensuring that our systems and processes meet industry standards and regulatory requirements. This role bridges hands-on security engineering with compliance oversight, supporting both technical operations and audit readiness. Key Responsibilities Design, implement, and maintain security tools, systems, and infrastructure. Support compliance initiatives, ensuring alignment with frameworks such as ISO 27001, NIST, SOC 2, HIPAA, or PCI-DSS. Collaborate with internal teams to ensure security controls are implemented and maintained across systems, networks, and applications. Perform risk assessments, vulnerability management, and remediation planning. Develop and maintain security documentation, policies, and standard operating procedures. Assist with audit preparation and evidence gathering for external and internal reviews. Monitor and analyze security alerts, responding to incidents in line with established processes. Provide guidance on secure design and compliance requirements for new systems and projects. Stay up to date with evolving security threats, tools, and compliance requirements. Qualifications 3-5 years of experience as a Security Engineer or similar role. Strong knowledge of network, system, and application security. Experience with compliance frameworks (ISO, NIST, SOC 2, HIPAA, PCI-DSS, etc.). Hands-on experience with security tools (SIEM, IDS/IPS, endpoint protection, vulnerability management, firewalls). Familiarity with cloud security (AWS, Azure, or GCP). Strong understanding of risk management, access control, and encryption. Excellent documentation, communication, and cross-team collaboration skills. Preferred Skills (Nice to Have) Relevant certifications (CISSP, CISM, CISA, Security+, CCSP). Experience supporting compliance audits or certification processes. Knowledge of DevSecOps practices and automation tools. Familiarity with privacy regulations (GDPR, CCPA).

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

Seeking an experienced and dedicated Senior Cloud Security Engineer to join our team. This role is crucial for ensuring the security and compliance of our cloud infrastructure in a highly regulated financial environment. The ideal candidate will have a strong background in cloud security, a deep understanding of regulatory requirements, and the ability to design, implement, and maintain secure cloud solutions. Primary Success Factors Design, develop, and deploy scalable cloud-based security solutions to protect sensitive financial data and ensure compliance with industry regulations. Perform comprehensive vulnerability testing, risk analyses, and security assessments to identify and mitigate potential threats. Develop and coordinate robust cloud security procedures Monitor for and respond to security incidents in the cloud environment, utilizing advanced security tools and techniques. Collaborate with IT and development teams to ensure cloud solutions are securely integrated with existing software and infrastructure, following best practices and security standards. Keep abreast of the latest security issues, regulatory changes, and industry trends to proactively address emerging threats. Assist with the design of security training and awareness programs to educate staff about cloud security risks and responsibilities, fostering a culture of security within the organization. Regularly report on the status of cloud security, including any breaches or vulnerabilities, to senior management and stakeholders. Work with third-party vendors to ensure that security requirements are met and maintain strong relationships with external security partners. Maintain compliance with all relevant security and privacy laws and regulations, including PCI-DSS, GDPR, SOX, and other industry-specific standards Required Experience Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Specific experience will be considered in lieu of a degree. Minimum of 7 years of experience Relevant certifications in Cyber Security, with Cloud specific certifications a plus. Proven experience in cloud security engineering, preferably in a financial institution, with a track record of successfully implementing secure cloud solutions. Strong knowledge of cloud platforms and cloud security best practices, including identity and access management, encryption, and network security. Experience with regulatory compliance frameworks such as PCI-DSS, GDPR, and SOX, and the ability to navigate complex regulatory environments. Excellent problem-solving skills and the ability to work under pressure, with a proactive and detail-oriented approach to security. Strong communication and collaboration skills, with the ability to effectively convey complex security concepts to both technical and non-technical audiences. Experience with DevSecOps practices and tools, including continuous integration and continuous deployment (CI/CD) pipelines. Knowledge of infrastructure as code (IaC) and automation tools, such as Terraform, Ansible, or CloudFormation. Familiarity with security monitoring and incident response tools, such as SIEM, IDS/IPS, and EDR solutions. Ability to deliver with minimal management oversight

This role is for a mid-to-senior Security Engineer who thrives in a lean, high-performance environment and takes a hands-on, engineering-first approach to security. You will operate as a generalist within a small security team, owning the design, build, and evolution of security systems that protect a highly technical organization with many proprietary platforms. This is not an analyst role; the focus is on building, integrating, and improving security capabilities end to end, with a strong emphasis on problem solving, automation, and how systems work together. You will design and implement enterprise-grade security monitoring, detection, and response solutions, integrating commercial tools and developing custom capabilities tailored to the environment. While the role includes reviewing and triaging alerts from detection and response platforms, the core responsibility is continuously improving detection quality, response workflows, and overall security posture. You will engineer and tune detections using structured data and JSON-based queries, develop automated response and orchestration workflows, and drive improvements across the full incident lifecycle. The position requires close collaboration with teams across the organization, translating security risks and technical concepts into clear, practical language for non-security stakeholders. You will partner with engineering, infrastructure, and product teams to embed security into systems and workflows, applying strong security principles that are portable across technologies rather than tied to a single toolset. The environment is fast-moving and production-heavy, with ongoing adoption of AI-driven technologies and modern development practices. The ideal candidate has several years of experience in security engineering, preferably in a fintech, startup, or similarly high-tech environment, and is accustomed to operating outside of large, siloed security teams. You bring strong hands-on experience with cloud and endpoint security platforms such as Azure, Microsoft Defender, and Elastic, with exposure to tools like Zscaler and Purview considered a plus. You are comfortable coding and scripting, particularly in Python, working with Git-based workflows, and applying infrastructure-as-code concepts. Experience building and operating detection and response systems, security orchestration and automation platforms, and threat-informed defenses is essential. They'll need someone who's fully authorized to work in the US without any sponsorship / visa (cannot support H1B).

Must have an OT background with life sciences experience Deliver OT security firewall policy design and document Investigate and deliver appropriate OT architectures for RD systems Troubleshoot connectivity issues experienced during migration activities Must be proficient in Palo Alto Must have an OT background with life sciences experience Knowledge of supporting technologies, Zscaler, Cisco network infrastructure, Azure, and Google cloud Good to have Experience using ServiceNow Preferred RD lab experience, knowledge of lab systems, such as LIMS. HPLC etc Experience with project software (ADO) Generic US or UK based (US preferred) Good communicator, role requires frequent conversations with the business Note : If you are interested please share me your resumes to ********************* or else reach me at **********.

We are seeking a high-judgment, detail-oriented operator to lead our Threat Modeling Program Operations. This individual will be responsible for orchestrating workflows, triaging intake, designing key metrics, and eliminating process inefficiencies. The role demands an expert in building executive-ready reports and dashboards to track throughput, cycle times, and model quality, ensuring optimal outcomes for complex, multifaceted initiatives in Information Security Engineering. This is a contingent resource assignment, and the candidate may: Consult on complex, large-scale initiatives in Information Security Engineering. Review and analyze intricate, long-term security challenges, considering multiple factors including intangible or unprecedented elements. Contribute to resolving complex issues requiring deep understanding of security policies, procedures, and compliance requirements. Strategically collaborate with client personnel to ensure project success. Key Responsibilities: Lead and optimize workflow orchestration for the Threat Modeling Program. Develop and manage reports and dashboards to monitor program effectiveness (throughput, cycle time, model quality). Analyze and address complex security engineering issues, guiding teams to resolution. Collaborate cross-functionally with stakeholders, delivering executive communication and reporting. Continuously improve processes to eliminate inefficiencies and ensure scalability. Required Qualifications: 5+ years of experience in Information Security Engineering or equivalent (consulting, training, military, education). Proven ability to take initiative, work independently, and drive results. Strong attention to detail and ability to handle ad hoc reporting. Advanced skills in Microsoft Excel (VLookups & Pivot Tables) and PowerPoint. Proficient with Agile methodologies and project management tools like Atlassian JIRA and Confluence. Experience in analytical

Delta Information Systems, Inc. is seeking a highly skilled Information Security Specialist to protect and secure critical systems, data, and intellectual property in a fast-paced Aerospace & Defense environment. This role is responsible for implementing and managing security controls, ensuring compliance with strict regulatory requirements, and defending against advanced cyber threats. The ideal candidate will bring deep technical knowledge, strong problem-solving skills, and the ability to work across teams to maintain the confidentiality, integrity, and availability of sensitive information that supports our national security mission. This is a fully onsite position located in Horsham, PA. Key Responsibilities Implement, monitor, and maintain security tools, including firewalls, intrusion detection/prevention systems, endpoint protection, and SIEM platforms. Perform continuous monitoring, vulnerability assessments, penetration testing, and risk analysis of systems and networks. Ensure compliance with DoD, NIST 800-171, CMMC, ITAR, DFARS, and other regulatory frameworks. Champion the company's certification to CMMC Level 2. Develop, document, and enforce cybersecurity policies, procedures, and incident response plans. Support Government and customer security audits, preparing evidence and remediation plans as required. Investigate and respond to cybersecurity incidents, performing root-cause analysis and recommending corrective actions. Collaborate with IT, Engineering, Program Management, and Security teams to embed cybersecurity best practices into operations and product development. Provide cybersecurity awareness training to employees with a focus on handling sensitive defense-related data. Stay current on emerging cyber threats, nation-state tactics, and evolving compliance regulations impacting aerospace and defense. Qualifications Required: Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in information security, IT security operations, or cybersecurity. Strong knowledge of NIST 800-171, CMMC, and DFARS cybersecurity requirements. Experience developing, implementing and achieving CMMC compliance. Experience supporting DoD or government contracts with cybersecurity compliance needs. Hands-on experience with security infrastructure: SIEM, IDS/IPS, endpoint security, and network monitoring tools. Strong understanding of Windows, Linux, and cloud environments (Microsoft Office 365, Deltek Costpoint). Excellent analytical, documentation, and communication skills. U.S. Citizenship (required due to defense industry regulations). Preferred: Active security clearance (Secret or higher), or ability to obtain one. Relevant certifications: CISSP, CISM, Security+, CEH, or GIAC. Experience with RMF (Risk Management Framework) and STIG compliance. Familiarity with secure software development, DevSecOps practices, or classified system security. Compensation Competitive salary Outstanding benefits package 100% Paid Coverage for Medical, Dental, and Vision 401(k) Employer Match Employee Stock Ownership Program (company funded) Life Insurance (company funded) Short-Term Disability (company funded) Long-Term Disability (company funded) Vacation & Sick Holidays: 11 days HealthCare FSA Dependent Care FSA What We Offer Opportunities for training, certifications, and career growth. A mission-driven culture where your work contributes to national security. Exposure to advanced technologies and programs critical to the aerospace and defense sector. About Delta Information Systems, Inc. Delta Information Systems (DIS) is an industry-leading supplier of high-quality aerospace telemetry products for Flight Test, Missile Test, Range Safety, Launch Support and Satellite Command and Control applications. Their products address the complete telemetry chain from Data Acquisition, Storage, Transport and Distribution to Telemetry Processing and Display. DIS customers include all DoD entities, all Major Primes, Integrators, Gov Labs, Aircraft & Missile Manufacturers, & Launch Facilities. In addition, Delta Information Systems (DIS) designs and develops sophisticated electronic equipment that is specifically designed to reliably operate in harsh environments. They deliver critical video communications capability for manned and unmanned Intelligence, Surveillance and Reconnaissance (ISR) programs.

Minimum Experience: 10+ Years Key Responsibilities Security & Compliance Serve as divisional lead for NIST 800-171 control alignment, tracking, and remediation. Partner with Internal Audit and Enterprise Security to review non-compliance findings and drive resolution. Maintain and improve Defender for Cloud posture management across Azure infrastructure. Identify, prioritize, and remediate vulnerabilities across infrastructure, networks, and systems. Develop and implement Linux patch management strategy and compliance reporting. Contribute to policy documentation and control evidence collection for SOX and NIST readiness. Infrastructure & Cloud Security Operations Work closely with Infrastructure, Cloud Ops, and Application teams to assess risk and prevent operational disruption. Integrate security best practices into Azure, network, and datacenter operations. Utilize Defender, Azure Security Center, and related tools to monitor and report on environment health. Coordinate with Cloud and Systems Engineers to validate patch success, compliance metrics, and configuration baselines. Automate recurring security validation and compliance tasks using scripting (PowerShell, Python, Bash). Governance, Reporting, and Training Maintain centralized tracking for security initiatives, audit remediations, and policy adherence. Partner with PMs to ensure remediation workstreams are integrated into project schedules. Support KnowBe4 phishing campaign analysis and contribute to security awareness reinforcement. Report key risk indicators (KRIs) and compliance metrics to leadership. Required Qualifications 8 years of experience in Information Security, Infrastructure Engineering, or Cloud Operations. Proven experience with Defender for Cloud, Azure Security Center, or equivalent platforms (e.g., Tanium, Nessus, Qualys). Working knowledge of NIST 800-171, NIST CSF, or ISO 27001 frameworks. Experience managing patching and vulnerability remediation across Windows and Linux environments. Proficiency with scripting or automation tools (PowerShell, Python, Bash). Familiarity with Active Directory, Azure AD, and network security principles. Preferred Qualifications Experience with Fortify or similar static code analysis tools. Familiarity with KnowBe4, VRX, or patch compliance tracking systems. Exposure to Azure DevOps, IaC, and configuration-as-code methodologies. Security or cloud certifications (e.g., AZ-500, Security+, CISSP, or equivalent). Success Measures Reduction in open audit findings and non-compliant controls. Establishment of measurable Linux and infrastructure patch compliance reporting. Defender for Cloud secure score improvement over baseline. Defined and repeatable NIST alignment process for divisional systems. Improved coordination between Infrastructure, Cloud, and Security teams during vulnerability remediation. If I missed your call ! Please drop me a mail. Thank you, Harish Accounts Manager/Talent Acquisition Astir IT Solutions, Inc - An E-Verified Company Email:******************* Direct : ***********788 50 Cragwood Rd. Suite # 219, South Plainfield, NJ 07080 ***************

Job Posting Title: Cloud Security Engineer - SRE Job Profile: Technical Project Management - Advisor II We are seeking a skilled and motivated Cloud Security Engineer - SRE to join our dynamic team. The ideal candidate will possess a strong technical background in systems administration, cloud computing, and infrastructure as code, with a particular focus on solution engineering/site reliability. This role will involve collaborating with cross-functional teams to enhance our security posture and streamline processes through automation. Technical Skills • Programming and Scripting: Strong proficiency in languages like Python, Go, Bash, or Ruby. SREs often need to write automation scripts and build tooling. • Systems Administration: Deep understanding of operating systems (Linux/Unix), file systems, processes, and system configurations. • Infrastructure as Code (IaC): Experience with IaC tools like Terraform, Ansible, or Chef to manage infrastructure. • Cloud Computing: Knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform, including services like EC2, S3, Kubernetes, and serverless functions. • Containers and Orchestration: Expertise in containerization (Docker) and container orchestration (Kubernetes, OpenShift). • Networking: Understanding of networking concepts, including DNS, firewalls, load balancing, and VPNs. • Monitoring and Observability: Experience with monitoring and observability tools like Prometheus, Grafana, Datadog, or New Relic. Ability to set up and maintain monitoring dashboards, alerts, and logs. • Continuous Integration/Continuous Deployment (CI/CD): Familiarity with CI/CD tools like Jenkins, GitLab CI, GitHub Actions, or CircleCI. • A strong understanding of HashiCorp Vault and Terraform will make you stand out. 2. Problem-Solving and Troubleshooting • Incident Management: Ability to manage and respond to incidents, perform root cause analysis, and implement post-mortem reviews. • Automation: Focus on automating repetitive tasks to improve efficiency and reduce human error. • Performance Tuning: Skills in identifying and resolving performance bottlenecks in systems and applications. 3. Collaboration and Communication • Teamwork: Ability to work closely with cross-functional teams, including software engineers, product managers, and DevOps teams. • Documentation: Skill in creating clear and comprehensive documentation for systems, processes, and incident reports. • Communication: Effective communication skills for interacting with stakeholders and explaining technical concepts to non-technical audiences. 4. Reliability and Scalability • Service-Level Objectives (SLOs) and Service-Level Agreements (SLAs): Understanding of setting, monitoring, and maintaining SLOs and SLAs for system reliability. • Scalability: Knowledge of best practices for designing and scaling systems to handle increased loads and demands. • Redundancy and Resilience: Experience in designing systems with redundancy and fault tolerance to minimize downtime. 5. Security and Compliance • Security Best Practices: Understanding of security principles, such as access control, data encryption, and secure coding practices. • Compliance: Familiarity with compliance standards like GDPR, HIPAA, or PCI-DSS, depending on the industry. Minimum Job Qualifications: • Bachelor degree in business or equivalent work experience • 10 years of previous program leadership and/or relevant consulting experience • Knowledge of and demonstrated experience in program management framework, knowledge groups & life cycle • 5+ years' experience in driving large scale data center consolidation efforts • Minimum 5 years' experience with matrix management of cross-functional processes and teams • Proficient with Project Management tools

Are you considering a new role in Cyber Security and want to work in a company that is helping to change the world? Consider joining an organization serving the global scientific research community, supporting the brightest minds on the planet. Are you a collaborative Incident Response Engineer looking to work for a mission driven global organization? About the role, Elsevier is expanding its Global InfoSec Security Incident Response team. As a Security Incident Response Engineer, you will play a crucial role in our internal security support team, assisting with incident response investigations. This team is entrusted with analyzing, triaging, scoping, containing, and providing guidance for remediation, as well as determining the root cause of security incidents. This team also is empowered by collecting and analyzing security incident-related data to identify indicators of attack and compromise. Responsibilities: Assisting in scoping security incidents and identifying indicators of attack and compromise. Analyzing incident data from threat analytics tools. Communicating recommendations and guidance based on security incident analysis. Coordinating responses to security incidents with other security and consulting teams. Developing, documenting, and implementing runbooks, capabilities, and techniques for Incident Response. Performing security triage and analysis on endpoint, server, and network infrastructure. Conducting activities necessary for immediate containment and short-term resolution of incidents. Maintaining current knowledge of the threat landscape, emerging security threats, and vulnerabilities. Investigating the root cause of complex security incidents. Maintaining a high level of confidentiality. Requirements Possess experience in cybersecurity incident response or related fields. Proven ability to analyze, triage, scope, contain, and remediate security incidents. Have current and extensive knowledge of security technologies, tools, and processes. Experience with major cloud providers, including cloud security, networking, and multi-cloud or hybrid deployments. Have current skills in automation using PowerShell, Python, Java, or similar languages. Experience in Linux and/or Mac administration. Experience in Network Security Administration or Systems Administration. Experience supporting large, complex, and geographically distributed enterprise environments. Preferred certifications: CISSP, CISM, SANS, GIAC, ethical hacking/penetration tester, or security risk assessment. Elsevier employs 10,000 people worldwide, including over 2,500 technologists. We have supported the work of our research and health partners for more than 140 years. Growing from our roots in publishing, we offer knowledge and valuable analytics that help our users make breakthroughs and drive societal progress.