Cyber security analyst jobs in Manchester, CT - 47 jobs

Connecticut Children's is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children's offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members. At Connecticut Children's, treating children isn't just our job - it's our passion. As a leading children's health system experiencing steady growth, we're excited to expand our team with exceptional team members who share our vision of transforming children's health and well-being as one team. Manage and continuously improve a Cyber Security Compliance program. This would include conducting security business and infrastructure compliance reviews, security risk assessments for internal/external information assets. Education and/or Experience Required: * Education Required: Bachelor's degree in Information Systems or equivalent * Experience Required: Minimum of six (6) years of enterprise security related work experience. Minimum of four (4) years incident response/forensics experience. Previous 24 x 7 operations experience License and/or Certification Required: Required: Certified Information Systems Security Professional (CISSP) within 1 year of hire. Preferred: CISM, PCI QSA, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA). Knowledge, Skills and Abilities: Knowledge * Experience and proficiency with: Anti-Virus, HIPS, IDS/IPS, Network Captures, Host-Based & Network Forensics. * Knowledge of Linux, UNIX, Windows OS, Active Directory and other operating systems. * Knowledge of database platforms such as MS SQL, Oracle, and MySQL. * Experience with a scripting language (e.g. Powershell, Python) Skills: * Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executives Abilities: * Must be self-directed, able to manage individual projects or act as part of a larger team * Experienced in performing security audits, risk analysis, forensics and penetration testing. Actively monitor systems and networks for potential intrusions. Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and remediation plans. Manage remediation plans toward closure. Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology. * Develop and document security policies and procedures, training and awareness. Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations of new/updated applications and services. * Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance. Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response.

Join a team focused on the success of our customers, the success of our communities, and the success of each other. Farm Credit East (FCE) is the leading provider of loans and farm advisory services to farm, forest product, fishing, and other agricultural business owners across the northeast with $13.5 billion in total loan volume and $29 million in annual financial services revenue from 18,000 customers across our 8-state territory. We are One Team Working Together with a focus on our five pillars: Outstanding Customer and Employee Experience, Quality Growth, Operational Excellence, Commitment to our Communities, and Protecting Customer Information. As part of our commitment to protecting customer information and enabling operational excellence, the Security Solutions Analyst plays a key role in supporting the secure design, implementation, and documentation of systems and cybersecurity initiatives. This role serves as a technical liaison between the Information Security team and internal and external stakeholders, including Farm Credit Financial Partners, Inc. (FPI). The analyst represents Information Security in the Architecture Review Board (ARB), evaluates strategic projects for security alignment, and ensures that security requirements are embedded in technical decisions and implementation plans. The analyst applies Security by Design principles, ensuring that systems and solutions are architected with security as a foundational principle. This includes adherence to internal standards, regulatory requirements, and industry best practices throughout the lifecycle of technology initiatives. The value drivers for this role are as follows: Secure Enablement of Initiatives Data Protection and Governance Support Alignment with Standards and Risk Appetite Operational Resilience and Incident Readiness Cross-Team Collaboration and Technical Alignment Come join a collaborative, customer-focused team at Farm Credit East! Duties and Responsibilities Security Architecture, Standards & Project Evaluations Represent Information Security in the Architecture Review Board (ARB) for all projects requiring architectural review. Evaluate strategic and technical initiatives for alignment with security architecture, regulatory requirements and risk posture. Conduct threat modeling to assess cybersecurity risk related to new projects and technologies. Apply security by design principles to ensure security is embedded throughout project lifecycles. Ensure solutions adhere to internal security standards, NIST CSF principles, and applicable regulatory frameworks. Ensure security standards are defined, are accurate, up-to-date, and aligned with FCE's risk appetite and industry best practices. Conduct security evaluations of internal and third-party systems, including encryption, patching, APIs, data residency, incident response, and third-party risk indicators. Review configurations and security controls for AI-enabled systems, including generative, agentic, and embedded AI. Evaluate risks related to model behavior, data usage, integration points, and alignment with internal standards and responsible AI security practices. Provide security oversight throughout the full lifecycle of systems, from design to deployment to decommissioning. System Configuration Oversight & Technology Service Provider Collaboration Provide guidance and maintain oversight for the configuration and security settings of all FCE systems. Partner with FPI and/or other outside vendors to ensure system configurations, access policies, and integration points meet FCE's security requirements. Participate in joint planning and review sessions to support shared initiatives and maintain architectural alignment. Maintain visibility into FPI-managed implementations and ensure security expectations are clearly communicated, documented, and tracked. Participate in change management process to assess the security impact of system changes, upgrades and new deployments. Initiative Coordination, Implementation Support & Incident Readiness Serve as a bridge between business and security to ensure cybersecurity initiatives are implemented effectively, securely and in alignment with organizational goals. Facilitate secure implementation of systems in alignment with architectural principles and engineering best practices. Monitor initiative progress and ensure readiness for integration with managed services. Ensure systems are configurated to support incident detection, logging, and response capabilities. Assist in tuning and optimizing security tools in collaboration with FPI or other external parties, such as data loss prevention (DLP), endpoint protection, and threat detection platform to improve visibility and reduce false positives. Lead the implementation of data classification and labeling, including applying classification rules, tagging sensitive data, and testing configurations to ensure accuracy and effectiveness. Contribute to incident readiness by validating that systems and integrations support timely response and containment of security events. Documentation, Reporting & Governance Develop and maintain technical documentation (e.g., workflows, configuration guides, implementation checklists). Maintain dashboards and reporting tools to track progress and security posture. Support audits, readiness assessments, and leadership reporting. Contribute to the development and maintenance of architecture standards and security metrics. Security by Design Enablement Facilitate effective communication of security risks and best practices for both technical and non-technical audiences. Champion Security by Design philosophy for embedding cybersecurity design thinking into organizational processes and enabling technologies. Contribute to internal education efforts by developing technical guides, reference material, and awareness content to promote security best practices. Promote a culture of security through collaboration, training, and knowledge sharing across departments. Translate technical tasks into business impact for non-technical stakeholders to support decision-making Support awareness and adoption of data classification and labeling frameworks, ensuring users understand how to handle sensitive information appropriately. Job Qualifications and Requirements: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field required. Master's degree or equivalent experience preferred. Minimum of 3-5 years of experience in cybersecurity, information security, or security engineering roles. Hands-on experience with security architecture or engineering support, including secure system design, configuration, and implementation. Experience working with data protection technologies, such as data loss prevention (DLP), data classification and labeling, trainable classifiers, and endpoint protection. Experience collaborating with managed service providers or external technology partners to implement and maintain secure systems. Exposure to governance frameworks such as NIST CSF, CIS Controls, or ISO 27001, with an understanding of how to align security standards with organizational risk appetite. Participation in architecture review boards (ARBs) or similar governance bodies is a strong plus. Experience supporting change management processes, including security impact assessments for system changes and deployments. Strong background in technical documentation, process mapping, and reporting to support visibility and compliance. Security-related certifications such as CISSP, CCSP or equivalent are preferred. Certifications in architecture or engineering support (e.g., ITIL, TOGAF, cloud security) are a plus. We offer hybrid work options after two weeks of employment with Farm Credit East. Hybrid work options are determined based on job role and balancing the needs of the customers, the team, and individual work performance. This will be reviewed based on manager discretion. Compensation and Benefits: Salary Range: $80,000 to $120,000 commensurate with experience Short-Term Incentive to reward business results Retirement Contributions : 401k match up to 6% of salary; or for those unable to take full advantage of the 401(k) match, verified student loan payments may qualify for an employer match in your 401(k) up to 6% of salary Defined Contribution retirement plan funded at 2-9% of salary depending on years of service Time Off: 15-25 days of vacation leave per year, depending on years of service 12 days of holiday leave per year 7.5 days of sick leave in your first year, followed by 12 days of sick leave per year thereafter; unlimited rollover of unused sick leave year to year Paid Parental Leave: Up to 80 hours of paid leave for birthing, non-birthing, and adoptive parents Family Care Leave: Additional leave options available under FMLA and company policy Health and Insurance: Comprehensive medical, dental, and vision plans, including preventive care and wellness programs to support your overall health and well-being Health Savings Account Life insurance at 2x base pay Accidental Death and Dismemberment insurance at 2x base pay Long-term disability insurance at 2/3 base pay Additional Benefits: Tuition reimbursement Continuing education and training Employee Assistance Program offering a wide variety of tools and resources Benefits Eligibility: Eligibility Begins: First of the month following your hire date Eligible Employees: Full-time employees working 30+ hours per week; Part-Time employees working 20+ hours per week. Farm Credit East is an Equal Opportunity Employer. As an Equal Opportunity Employer, we do not discriminate on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity or expression, age, marital status, parental status, political affiliation, disability status, protected veteran status, genetic information or any other status protected by federal, state or local law. It is our goal to make employment decisions that further the principle of equal employment opportunity by utilizing objective standards based upon an individual's qualifications for a specific job opening. In compliance with the Americans with Disabilities Act (“ADA”), if you have a disability and would like a reasonable accommodation in order to apply for a position with Farm Credit East, please call ************** or e-mail ************************************

Meta Security is looking for a threat intelligence investigator with extensive experience in investigating cyber threats with an intelligence-driven approach. You will be proactively responding to a broad set of security threats, as well as tracking actor groups with an interest or capability to target Meta and its employees. You will also be identifying the gaps in current detections and preventions by long-term intelligence tracking and research, and working with cross-functional stakeholders to improve Meta's security posture. **Required Skills:** Security Engineer - IR Threat Intelligence Responsibilities: 1. Track threat clusters posing threats to Meta's infrastructure and employees, and identify, develop and implement countermeasures on our corporate network 2. Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different types of audiences 3. Work closely with incident responders to provide useful and timely intelligence to enrich ongoing investigations 4. Improve the tooling of threat cluster tracking and intelligence data integration to existing systems 5. Engage constructively in cross-functional projects to improve the security posture of Meta's infrastructure, such as red team operations, surface detection coverage expansion and vulnerability management discussions **Minimum Qualifications:** Minimum Qualifications: 6. 5+ years threat intelligence experience 7. Bachelor's degree or equivalent experience in Security 8. Familiarity with campaign tracking techniques and ability to convert the tracking results to long term countermeasures 9. Familiarity with threat modeling framework, such as Diamond Model or/and MITRE ATT&CK framework 10. Experience intelligence-driven hunting to spot suspicious activities in the network and identify potential risks 11. Proven track record of managing and executing on short term and long term projects 12. Ability to work with a team spanning multiple locations/time zones 13. Ability to prioritize and execute tasks with minimal direction or oversight 14. Ability to think critically and qualify assessments with solid communications skills 15. Coding or scripting experience in one or more scripting languages such as Python or PHP **Preferred Qualifications:** Preferred Qualifications: 16. Experience close collaborating with incident responders on incident investigations 17. Familiarity with malware analysis or network traffic analysis 18. Familiarity with nation-state, sophisticated criminal, or supply chain threats 19. Production of file-based or network-based rules and signatures for detection and tracking of complex threats, such as YARA or Snort 20. Experience in one or more query languages such as SQL 21. Experience writing production code for threat intelligence tooling 22. Experience conducting large scale data analysis 23. Experience working across the broader security community **Public Compensation:** $154,000/year to $217,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As **Senior Cybersecurity Engineer,** you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. **In this role you will:** + Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation + Document analysis, findings, and actions for case management and metrics + Support security incident response planning, procedure/playbook development and investigations + Participate in on-call rotation for off-hours escalations + Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). + Assist with remediation of identified security risks + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred **What you bring to BIC:** + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred + Prior experience interpreting or analyzing log data and working with log pipelines + Triaging alerts from various sources, following playbooks, and escalating legitimate issues + Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) + Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. + In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

We are seeking a Cyber Security Engineer to join our corporate security team. This role focuses on insider threat protection and data loss prevention and requires expertise in monitoring sensitive information across email systems and tracking data outside of enterprise boundaries. The engineer will manage the Variato tool, perform random sampling of email logs and attachments, and collaborate closely with the corporate security team to ensure data integrity and prevent loss. Responsibilities include: Monitor sensitive information in emails and track potential data exfiltration Manage and maintain Variato and similar insider threat tools Conduct random sampling of email logs, attachments, and other data sources Work with corporate security team to enforce security policies and procedures Support insider threat investigations and threat management activities We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ********************.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: **************************************************** Skills and Requirements 5+ years of experience in an insider threat role (e.g., Security Engineer, Threat Analyst, Threat Management) Hands-on experience with insider threat protection tools; familiarity with Variato required, Encase or similar technologies preferred Experience working with Data Loss Prevention (DLP) solutions Strong understanding of email monitoring, sensitive data tracking, and log analysis Ability to manage and maintain security tools and perform random sampling of email logs, attachments, and data Must be able to obtain and maintain security clearance Military background preferred, especially in communications or intelligence Bachelor's degree in Computer Science, Information Technology, or related field

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Full-time Description The Risk Management Security Analyst is responsible for assisting Access Health CT (AHCT) with its Information Security Risk Management Program, satisfying both regulatory compliance requirements and managing security risk to an acceptable level. This role is a hands-on role that will be responsible for actively identifying, detecting, monitoring, maintaining, analyzing, advising, and responding to ongoing IT security and compliance needs under the guidance of the Associate Director, IT Security & Compliance. The individual selected for this role will collaborate with various cross-functional teams inclusive of partners and vendors in identifying, evaluating, categorizing, tracking and monitoring enterprise IT security risk and will assist with development and maintenance of IT security controls in adherence with federal and other government required cyber security frameworks. Furthermore, the individual in this role will be responsible for assisting with development, automation, and ongoing maintenance of end-to-end risk register and related risk management work streams and processes (i.e., risk assessments, risk mitigation strategies, etc.) by utilizing existing Archer Governance, Risk, and Compliance (GRC) platform and other state-of-the-art security tools. This role reports to the Associate Director of IT Security and Compliance and has no direct reports. *Please note that this position is available to individuals authorized to work in the U.S. without the need for sponsorship . Responsibilities Conduct third-party security risk assessments and security reviews in accordance with regulatory requirements. Collaborate with IT, Legal, product owners, and business teams to ensure appropriate IT Security and Compliance requirements are incorporated into new and ongoing engagements and initiatives. Support development, maintenance, and operation of a centralized enterprise cyber risk register and associated activities in Archer GRC platform. Define and report on key risk metrics to Management on regular basis. Liaise with IT, Legal, product owners, and business teams to provide accurate and timely responses to internal and external IT Security and Compliance inquiries and related activities. Assist with technical vulnerability assessments and security reviews of infrastructure, network, applications, and databases, utilizing Nessus scanning software and other state- of- the- art security tools. Facilitate, track, and manage vulnerability remediation based on risk categorization, with timely assessing and communicating risk, documenting, and reporting on mitigation status. Actively monitor, analyze, and generate reports on company's security landscape utilizing SIEM and other state- of- the- art security tools. Provide guidance, technical expertise, and training to the enterprise to ensure optimal use of the Archer GRC platform. Develop and maintain technical documentation, such as security control implementations, System Security Plan (SSP), user guides, process documentation, and configuration details. Identify opportunities for process optimization, automation, and streamlining tasks. Participate actively in frequent regulatory submissions and inquiries. Manage and continuously monitor remediation plans for compliance and mitigation of risk. Assist with responding to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches. Bridge information security requirements with business processes and IT systems and projects. Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitor for compliance. Develop, administer, and provide advice, evaluation, and oversight for information security training and awareness programs. Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program. Completes other tasks, as assigned. Requirements Qualifications Bachelor's degree in Management Information Systems, Cybersecurity, Computer Science or related Information Technology field and/or equivalent industry experience. A minimum of 3-5 years of combined hands-on experience in Information Security, Information Technology, Audit, or Governance, Risk, and Compliance. One or more of the following security certifications is preferred or in process: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Global Information Assurance Certification (GIAC) Working knowledge of common Cybersecurity Frameworks including the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF), NIST SP 800-53, FedRAMP, and Center for Internet Security (CIS) Critical Security Controls. Hands-on experience with GRC platforms and other state-of-the-art security tools. Experience with development and management of metrics and reporting. Applied knowledge with data mapping, risk assessments, third-party risk management, audits, compliance tracking, and security controls management. Solid understanding of cybersecurity best practices and how to implement and apply at a business setting. Demonstrated success in problem solving, project management, business analysis, and data analysis. Solid organizational and excellent verbal and written communication skills. Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly. Ability to successfully multi-task while working independently or within a group environment. Ability to collaborate with internal and external stakeholders in an effective manner that produces desired results. Physical Demands: the physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to sit, stand, hear, use hands to type data, and utilize a phone or other electronic communication devices. This employee may occasionally have to operate business machines. Specific vision abilities required in this job include close vision and the ability to adjust focus. Work Environment: this is an in-office role on Tuesdays and Wednesdays and a remote role 3 days per week. The noise level in the work environment is usually low to moderate. The role requires the ability to work offsite with stakeholders at their locations, e.g., BITS, DSS. Requires fast-paced deadlines and has a high stress at times. Occasional local travel and some travel within the U.S. Affirmative Action and Equal Opportunity Employer Salary Description $79,000 to $88,000 DOE

Position Synopsis: Individual will be relied upon to perform a variety of cyber security implementation and/or assessment activities involving power plant upgrades and/or new power plant projects. The individual will assist with planning, organizing, and preparing all activities related to cyber security when modifications are made at nuclear power facilities. This includes the development of DA/CDA lists, CDA assessments, performance of cyber security walkdowns, cyber security testing, and Cyber Security Assessment Team (CSAT) presentations. The individual will become familiar with codes and standards applicable to the nuclear power industry as well as possess a working knowledge of applicable NRC regulations. Typical activities include developing specifications and/or modification packages, defining design scope, developing design criteria documents, identifying, and selecting equipment, and configuration and testing of digital devices. The individual must be able to work on project teams with other engineers to evaluate conditions as well as proposed modifications which will improve plant performance, safety, and reliability. The individual will receive close supervision on unusual or difficult problems and general review of all aspects of work.

Are you a cybersecurity pro ready to lead security operations and compliance initiatives? Join our team today FT, Direct HireOnsite$105-125KNetwork infrastructure, servers, cloud platforms, compliance frameworks such as NIST, security technologies-firewalls, VPN, SIEM, Gap assessments, Incident response Are you a cybersecurity professional who thrives on protecting organizations and guiding them through complex compliance requirements? Join our team as a Security and Compliance Engineer and help clients secure their environments across cloud, on-prem, and hybrid infrastructures. In this role, you'll: Design, implement, and manage security architectures and controls. Guide clients through compliance frameworks like NIST, CMMC, PCI, and ISO 27001. Manage and optimize security tools (EDR, MDR, SIEM, MFA, firewalls, VPNs). Respond to incidents, conduct risk assessments, and develop remediation strategies. Maintain policies, procedures, and documentation while delivering security awareness training. Guide clients through frameworks such as NIST, CMMC, PCI, and ISO 27001. Conduct gap assessments and recommend remediation strategies. Support audits with evidence collection, reporting, and documentation. Perform vulnerability scans, risk assessments, and configuration reviews Requirements: 4+ years in cybersecurity engineering (MSP/MSSP/SOC experience preferred). Experience with cloud security (AWS, Azure, GCP) and IAM. Knowledge of compliance frameworks (NIST, PCI, ISO 27001, CMMC). Strong troubleshooting, communication, and problem-solving skills. Relevant certifications preferred: CISSP, CISM, Security+, GIAC, ISO 27001 Lead Implementer. #INDTPG

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

Job Description Aquinas Consulting is currently looking to fill an IT Security and Compliance Engineer job for our direct client in East Hartford, CT. In this role, you will design, implement, and manage security controls across cloud and on-prem environments while guiding clients through compliance requirements. You will support audits, assess gaps, and respond to incidents - ensuring clients maintain strong security postures. IT Security and Compliance Engineer Job Responsibilities: Design and implement security architectures across cloud, on-prem, and hybrid client environments Manage and optimize security tools including EDR, MDR, MFA, SIEM, firewalls, and VPNs Collaborate with NOC/SOC partners to monitor threats and respond to incidents Conduct gap assessments and advise on remediation plans for compliance frameworks such as NIST, CMMC, and PCI Support client audits by coordinating evidence collection and documentation Perform vulnerability scans, risk assessments, and configuration reviews Create and maintain security policies, procedures, and environment documentation Deliver security awareness training for internal teams and client personnel Develop and execute incident response playbooks and handle security events Improve security processes and tools, ensuring audit readiness and SLA compliance Stay current on industry trends and recommend new security measures Qualifications: Strong knowledge of servers, network infrastructure, and security technologies (firewalls, VPNs, MFA, SIEM, MDR, EDR) Experience securing cloud platforms such as AWS, Azure, or GCP, including IAM and native controls Familiarity with compliance frameworks such as NIST, CMMC, PCI, ISO 27001, etc. Excellent troubleshooting skills and experience supporting incident response Strong written and verbal communication skills with both technical and non-technical audiences Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience) 4+ years in cybersecurity engineering (MSP/MSSP/SOC experience preferred) Relevant certifications such as CompTIA Security+, CISSP, CISM, GIAC, or ISO 27001 Lead Implementer preferred If you are interested in this IT Security and Compliance Engineer job in East Hartford, CT, please apply now to be connected with a member of our team. Please note: Applying to this role is an agreement to have your information entered into our database and acknowledgement that a recruiter will reach out to you either by phone, email, and/or text message regarding this and similar job opportunities. Aquinas Consulting is a woman and minority owned company headquartered in Milford, CT that provides Engineering, Information Technology (IT), and Manufacturing staffing solutions throughout the US. We take pride in 20 years of service to our clients, our hiring managers, our consultants, and our local community. Aquinas is an affirmative action, equal opportunity employer and committed to considering all qualified applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. *************************

What we need… A Mobile Security Engineer to collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack. This role combines mobile application development with the integration of security practices throughout the development lifecycle. Responsibilities include incorporating security tools and frameworks, conducting hands-on security testing, developing automation to streamline security processes, promoting secure coding practices, and ensuring mobile security aligns with broader enterprise-wide security strategies. What's in it for you… COCC offers a unique and collaborative experience as you grow your career with us and all of the benefits you'd expect from an award-winning employer plus: Hybrid schedules and ample paid time off allowing you work/life balance and flexibility Customized training and onboarding to support you in your first year at COCC Robust employee development programs aligned with career pathing objectives Cutting-edge training and educational resources from vendors like SANS, PluralSight and CBTNuggets Generous PTO offerings, benefits and competitive compensation On-site fitness centers, wellness incentives, and lifestyle spending accounts Tuition Reimbursement One-on-one career coaching DEIB initiatives championing inclusion and encouraging you to bring your whole self to work Financial planning assistance with certified professionals Peer recognition programs What you'll do… Collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack Incorporate security tools and frameworks to enhance resilience against attacks Develop and maintain scripts, tools, and/or automation frameworks to streamline security testing and vulnerability detection within the development lifecycle Champion secure coding practices (OWASP Mobile Top 10, etc.) while working as part of the development team to architect and implement secure, scalable enhancements Leverage tools like Burp Suite, MobSF, Frida, or Drozer to perform mobile security testing Collaborate with Security Architecture & Engineering to integrate network security controls into the mobile stack Stay current with emerging threats, vulnerabilities, and security technologies relevant to mobile platforms What you'll bring… Bachelor's degree in Computer Science, Cybersecurity, IT, Software Development or related field (or equivalent experience) 4+ years of experience in mobile application security, including hands-on security and vulnerability testing 2+ years of experience in mobile application development (iOS and/or Android) with proficiency in Swift, Objective-C, Kotlin, and/or Java Experience with mobile security testing tools (DAST) such as MobSF, Burp Suite, Frida, or Postman Experience with mobile security testing tools (SAST) such as Checkmarx, Fortify, or SonarQube Familiarity with CI/CD pipelines and DevSecOps practices Strong communication to articulate technical security concepts to non-technical stakeholders Certifications such as GMOB, GSEC, OSCP or commensurate experience preferred

Job Description We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. The Impact Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. The Minimum Qualifications Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.). Education: Bachelor's or master's degree in computer science. Skills and Experience: Required Skills: MITIGATION CLOUD SECURITY METRICS SCANNING GCP Additional Skills: SOC INFORMATION SECURITY API DYNAMIC ANALYSIS C JAVA MAVEN AMAZON WEB SERVICES PROBLEM-SOLVING GITHUB DEPLOYMENT REPORTING TOOLS INCIDENT RESPONSE C/C++ CONTINUOUS INTEGRATION/DELIVERY TERRAFORM CODING DEV OPS EXCELLENT COMMUNICATION SKILLS JAVASCRIPT SOFTWARE SECURITY COMPTIA PYTHON STRUCTURED SOFTWARE GIAC SDLC JENKINS CODING STANDARDS TEAM PLAYER GRADLE KUBERNETES

Must have: Application security, Relevant security certifications , Devops, OWASP Duties: The Opportunity We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. Description: Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to MassMutual's cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. Office location worker is associated with: Springfield, MA, Boston, MA, or NY, NY. Skills: Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves? The Enterprise Cyber Security Cloud Security team is responsible for working with other security and cloud services teams to ensure alignment and collaboration in securing Ford's public cloud infrastructure. The teams work closely together to identify security gaps in the cloud environments and address them. The Cloud Security team is responsible for identifying, evaluating, and recommending cloud security tools and functions to enhance security around Ford's public cloud. The team is also responsible for developing and managing the following Security Services in Ford's public cloud environments: - Cloud Security Automation Development - GCP/Azure Security Compliance - GCP VPC Service Control - GCP Cloud Armor/ Azure WAF **What you'll do...** + Partner with other Cloud Security team members to identify and develop automation for security related workflows and audits (VPC SC, DLP, Exceptions, Org Policy, etc..). + Lead evaluation and develop an understanding of tools needed to address security gaps. + Lead/Collaborate with EPEO Services teams on security gap remediation. **You'll have...** + Bachelor's degree in Computer Science, Information Technology or related OR a combination of education and experience + 5+ years of scripting and automation experience + Proven experience in developing and implementing automation using scripting languages such as + Python, PowerShell, or Go, particularly for API integrations, security tool orchestration, and custom audit scripts. + Solid understanding and practical experience with Git and GitHub for version control, collaborative development, and security automation pipeline management. + Familiarity with CI/CD pipelines and automated deployment tools (e.g., Jenkins, Azure DevOps, GitHub Actions) to integrate security automation into the software development lifecycle. + Knowledge of Infrastructure-as-Code (IaC) principles and tools like Terraform. + Strong knowledge of security best practices and guidelines (at the enterprise-level) related to GCP and Azure Cloud deployments as well as common web application frameworks + Understand the functionality and secure usage of various GCP services: VPCs, IAM, security groups, compute engine, cloud storage, Security Command Center, VPC Service Control, Cloud DLP and Cloud Armor + Customer focused and strong team orientation + Self-starter and fast-learner + Strong communication and interpersonal skills + Strong problem solving and Analytical/Reasoning skills + Strong drive for results and ability to work independently + Demonstrated commitment to quality and project timing + Familiarity with the agile project planning process and use of Rally. + Document processes & procedures and developing other documentation. **Even better, you may have...** + Understand the functionality and secure usage of various Azure services: Virtual Machines, Virtual Networks, Azure Active Directory, App Services, Azure SQL Databases, Storage Accounts, Kubernetes, Containers, Key vaults. You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply! As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder...or all of the above? No matter what you choose, we offer a work life that works for you, including: - Immediate medical, dental, vision and prescription drug coverage - Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more - Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more - Vehicle discount program for employees and family members and management leases - Tuition assistance - Established and active employee resource groups - Paid time off for individual and team community service - A generous schedule of paid holidays, including the week between Christmas and New Year's Day - Paid time off and the option to purchase additional vacation time. For a detailed look at our benefits, click here: ******************************* This position is a range of salary grades 7-8. Visa sponsorship is not available for this position. SOUTHEAST MI RESIDENTS: This role is posted as remote unless you reside within 50 miles of Dearborn, MI-in which case we request on-site presence up to 4 days a week. Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call **************. \#LI-Remote **Requisition ID** : 54783

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As Senior Cybersecurity Engineer, you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. In this role you will: Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation Document analysis, findings, and actions for case management and metrics Support security incident response planning, procedure/playbook development and investigations Participate in on-call rotation for off-hours escalations Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). Assist with remediation of identified security risks Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred What you bring to BIC: Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred Prior experience interpreting or analyzing log data and working with log pipelines Triaging alerts from various sources, following playbooks, and escalating legitimate issues Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************