Cyber security analyst jobs in Plymouth, CT

Job Title: Cyber Security Threat Analyst/ IT Security Specialist Duration: 6-12+ Months COMPLETE SKILL MATRIX : Cyber Security Threat Analyst/ IT Security Security aspects of multiple platforms, operating systems, software, communications, and network protocols Security CISSP or CISM certification is a plus What are the Job Responsibilities: Use Tanium and other tools to view data, indicators of compromise-IOCs, collect inventory to identify threats and relate them to the areas of the organization. Use the analytical information from a diverse set of tools - Splunk, ArcSight, syslog, Tanium, to name a few- to their best advantage to identify threats and trends in addition to current state reactive behavior. Configure components to effectively detect and report incidents & and follow escalation workflows Work with cross functional teams to perform activities including planning, providing technical leadership, and tracking projects and key task dates. Uses Security monitoring tools to review, investigate, and recommend appropriate corrective actions for data security incidents. Work with engineering to assist with recommendations regarding direction of tools and applications. Who Is Our Ideal Candidate: Bachelor's degree in Computer Science, Engineering, or a directly related field. Four to six years of professional IT experience. Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols. Requires excellent analytical ability, consultative and communication skills, and strong judgment. Must be highly skilled and proficient in problem solving, with an aptitude to learn new technologies. Ability to regularly exercise independent judgment and discretion. Excellent end users support skills Ability to multitask and handle multiple priorities Must be resourceful, creative, innovative, results driven, and adaptable Nice to have: Security CISSP or CISM certification is a plus Additional Information

Manage and continuously improve a Cyber Security Compliance program. This would include conducting security business and infrastructure compliance reviews, security risk assessments for internal/external information assets. Lead the Incident response and forensics program for Connecticut Children's Medical Hospital to ensure the confidentiality, integrity and availability of enterprise information resources. Provide recommendations to balance cyber risks and enable the business in a secure manner. Improve the overall security posture to meet the expanding and changing business needs of the organization. Education and/or Experience Required: Education Required: Bachelor's degree in Information Systems or equivalent Experience Required: Minimum of six (6) years of enterprise security related work experience. Minimum of four (4) years incident response/forensics experience. Previous 24 x 7 operations experience License and/or Certification Required: Required: Certified Information Systems Security Professional (CISSP) within 1 year of hire. Preferred: CISM, PCI QSA, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA). Knowledge, Skills and Abilities: Knowledge Experience and proficiency with: Anti-Virus, HIPS, IDS/IPS, Network Captures, Host-Based & Network Forensics. Knowledge of Linux, UNIX, Windows OS, Active Directory and other operating systems. Knowledge of database platforms such as MS SQL, Oracle, and MySQL. Experience with a scripting language (e.g. Powershell, Python) Skills: Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executives Abilities: Must be self-directed, able to manage individual projects or act as part of a larger team Experienced in performing security audits, risk analysis, forensics and penetration testing. Actively monitor systems and networks for potential intrusions. Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and remediation plans. Manage remediation plans toward closure. Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology. Develop and document security policies and procedures, training and awareness. Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations of new/updated applications and services. Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance. Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Join a team focused on the success of our customers, the success of our communities, and the success of each other. Farm Credit East (FCE) is the leading provider of loans and farm advisory services to farm, forest product, fishing, and other agricultural business owners across the northeast with $13.5 billion in total loan volume and $29 million in annual financial services revenue from 18,000 customers across our 8-state territory. We are One Team Working Together with a focus on our five pillars: Outstanding Customer and Employee Experience, Quality Growth, Operational Excellence, Commitment to our Communities, and Protecting Customer Information. As part of our commitment to protecting customer information and enabling operational excellence, the Security Solutions Analyst plays a key role in supporting the secure design, implementation, and documentation of systems and cybersecurity initiatives. This role serves as a technical liaison between the Information Security team and internal and external stakeholders, including Farm Credit Financial Partners, Inc. (FPI). The analyst represents Information Security in the Architecture Review Board (ARB), evaluates strategic projects for security alignment, and ensures that security requirements are embedded in technical decisions and implementation plans. The analyst applies Security by Design principles, ensuring that systems and solutions are architected with security as a foundational principle. This includes adherence to internal standards, regulatory requirements, and industry best practices throughout the lifecycle of technology initiatives. The value drivers for this role are as follows: Secure Enablement of Initiatives Data Protection and Governance Support Alignment with Standards and Risk Appetite Operational Resilience and Incident Readiness Cross-Team Collaboration and Technical Alignment Come join a collaborative, customer-focused team at Farm Credit East! Duties and Responsibilities Security Architecture, Standards & Project Evaluations Represent Information Security in the Architecture Review Board (ARB) for all projects requiring architectural review. Evaluate strategic and technical initiatives for alignment with security architecture, regulatory requirements and risk posture. Conduct threat modeling to assess cybersecurity risk related to new projects and technologies. Apply security by design principles to ensure security is embedded throughout project lifecycles. Ensure solutions adhere to internal security standards, NIST CSF principles, and applicable regulatory frameworks. Ensure security standards are defined, are accurate, up-to-date, and aligned with FCE's risk appetite and industry best practices. Conduct security evaluations of internal and third-party systems, including encryption, patching, APIs, data residency, incident response, and third-party risk indicators. Review configurations and security controls for AI-enabled systems, including generative, agentic, and embedded AI. Evaluate risks related to model behavior, data usage, integration points, and alignment with internal standards and responsible AI security practices. Provide security oversight throughout the full lifecycle of systems, from design to deployment to decommissioning. System Configuration Oversight & Technology Service Provider Collaboration Provide guidance and maintain oversight for the configuration and security settings of all FCE systems. Partner with FPI and/or other outside vendors to ensure system configurations, access policies, and integration points meet FCE's security requirements. Participate in joint planning and review sessions to support shared initiatives and maintain architectural alignment. Maintain visibility into FPI-managed implementations and ensure security expectations are clearly communicated, documented, and tracked. Participate in change management process to assess the security impact of system changes, upgrades and new deployments. Initiative Coordination, Implementation Support & Incident Readiness Serve as a bridge between business and security to ensure cybersecurity initiatives are implemented effectively, securely and in alignment with organizational goals. Facilitate secure implementation of systems in alignment with architectural principles and engineering best practices. Monitor initiative progress and ensure readiness for integration with managed services. Ensure systems are configurated to support incident detection, logging, and response capabilities. Assist in tuning and optimizing security tools in collaboration with FPI or other external parties, such as data loss prevention (DLP), endpoint protection, and threat detection platform to improve visibility and reduce false positives. Lead the implementation of data classification and labeling, including applying classification rules, tagging sensitive data, and testing configurations to ensure accuracy and effectiveness. Contribute to incident readiness by validating that systems and integrations support timely response and containment of security events. Documentation, Reporting & Governance Develop and maintain technical documentation (e.g., workflows, configuration guides, implementation checklists). Maintain dashboards and reporting tools to track progress and security posture. Support audits, readiness assessments, and leadership reporting. Contribute to the development and maintenance of architecture standards and security metrics. Security by Design Enablement Facilitate effective communication of security risks and best practices for both technical and non-technical audiences. Champion Security by Design philosophy for embedding cybersecurity design thinking into organizational processes and enabling technologies. Contribute to internal education efforts by developing technical guides, reference material, and awareness content to promote security best practices. Promote a culture of security through collaboration, training, and knowledge sharing across departments. Translate technical tasks into business impact for non-technical stakeholders to support decision-making Support awareness and adoption of data classification and labeling frameworks, ensuring users understand how to handle sensitive information appropriately. Job Qualifications and Requirements: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field required. Master's degree or equivalent experience preferred. Minimum of 3-5 years of experience in cybersecurity, information security, or security engineering roles. Hands-on experience with security architecture or engineering support, including secure system design, configuration, and implementation. Experience working with data protection technologies, such as data loss prevention (DLP), data classification and labeling, trainable classifiers, and endpoint protection. Experience collaborating with managed service providers or external technology partners to implement and maintain secure systems. Exposure to governance frameworks such as NIST CSF, CIS Controls, or ISO 27001, with an understanding of how to align security standards with organizational risk appetite. Participation in architecture review boards (ARBs) or similar governance bodies is a strong plus. Experience supporting change management processes, including security impact assessments for system changes and deployments. Strong background in technical documentation, process mapping, and reporting to support visibility and compliance. Security-related certifications such as CISSP, CCSP or equivalent are preferred. Certifications in architecture or engineering support (e.g., ITIL, TOGAF, cloud security) are a plus. We offer hybrid work options after two weeks of employment with Farm Credit East. Hybrid work options are determined based on job role and balancing the needs of the customers, the team, and individual work performance. This will be reviewed based on manager discretion. Compensation and Benefits: Salary Range: $80,000 to $120,000 commensurate with experience Short-Term Incentive to reward business results Retirement Contributions : 401k match up to 6% of salary; or for those unable to take full advantage of the 401(k) match, verified student loan payments may qualify for an employer match in your 401(k) up to 6% of salary Defined Contribution retirement plan funded at 2-9% of salary depending on years of service Time Off: 15-25 days of vacation leave per year, depending on years of service 12 days of holiday leave per year 7.5 days of sick leave in your first year, followed by 12 days of sick leave per year thereafter; unlimited rollover of unused sick leave year to year Paid Parental Leave: Up to 80 hours of paid leave for birthing, non-birthing, and adoptive parents Family Care Leave: Additional leave options available under FMLA and company policy Health and Insurance: Comprehensive medical, dental, and vision plans, including preventive care and wellness programs to support your overall health and well-being Health Savings Account Life insurance at 2x base pay Accidental Death and Dismemberment insurance at 2x base pay Long-term disability insurance at 2/3 base pay Additional Benefits: Tuition reimbursement Continuing education and training Employee Assistance Program offering a wide variety of tools and resources Benefits Eligibility: Eligibility Begins: First of the month following your hire date Eligible Employees: Full-time employees working 30+ hours per week; Part-Time employees working 20+ hours per week. Farm Credit East is an Equal Opportunity Employer. As an Equal Opportunity Employer, we do not discriminate on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity or expression, age, marital status, parental status, political affiliation, disability status, protected veteran status, genetic information or any other status protected by federal, state or local law. It is our goal to make employment decisions that further the principle of equal employment opportunity by utilizing objective standards based upon an individual's qualifications for a specific job opening. In compliance with the Americans with Disabilities Act (“ADA”), if you have a disability and would like a reasonable accommodation in order to apply for a position with Farm Credit East, please call ************** or e-mail ************************************

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As Senior Cybersecurity Engineer, you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. In this role you will: Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation Document analysis, findings, and actions for case management and metrics Support security incident response planning, procedure/playbook development and investigations Participate in on-call rotation for off-hours escalations Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). Assist with remediation of identified security risks Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred What you bring to BIC: Minimum 6 years' experience in Information Technology or Cybersecurity IT or cybersecurity certifications from industry recognized sources preferred Prior experience interpreting or analyzing log data and working with log pipelines Triaging alerts from various sources, following playbooks, and escalating legitimate issues Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Specialist. This is a full-time, hybrid position requiring 2 days per week onsite in our Wallingford, CT office. Primary Responsibilities: Under the direction of the Director of Information Security, the Information Security Specialist is responsible for operations, auditing, and technical monitoring of CHNCT's Information Security and related activities. These activities include but are not limited to implementing and maintaining Information Security related systems, policies and processes in compliance with applicable security regulations (i.e., HIPAA and State of CT Security laws), and establishing and developing security-related operating procedures and standards. Works directly with contracted vendors for the implementation and maintenance of security hardware, software and services. Assists with the selection and evaluation of security related state-of-the-art systems. Tasks Performed: Monitors and maintains all aspects of the information security program. As a COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRT) member, logs and responds to incidents including communication of potential violations of the company's information security policies to CHNCT's Chief Information Security Officer. Independently acts to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications. Monitors email and Data Loss Prevention logs and responds to potential policy or regulatory violations. Monitors Phishing alerts and end user notifications. Audits network and file permissions structure and password and account maintenance. Assists in the development and testing of the Disaster Recovery and Business Continuity Plans. Processes exception requests and performs risk analysis on these and other customer requests. Actively reviews threat alerts and determines relevance and criticality to the organization. Contributes to project activities as a project team member or ad-hoc as requested. Other duties as assigned. Essential Functions: Implementation and maintenance of Information security related software, hardware and systems. Systems include but are not limited to phishing identification and prevention, Internet content filtering, Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), Endpoint Detection and Response (EDR), Log Management, and Advanced Threat Mitigation. Duties include information security policy administration and configuration, security related server management, Disaster Recovery Planning, proactively identifying or rapidly responding to customer security issues and security events. Desired Education: 2 years post-secondary schooling Desired Degree: Associate's degree Desired Major: Computer Assurance or Computer Science Desired Job Experience: 3+ years' direct information security experience, preferably in healthcare Other Qualifications: Security+ or other security-related certification. Hands on exposure to providing information security operational support in a medium to large scale healthcare organization preferred. Knowledgeable in the management and setup of security related software and hardware Working knowledge of security administration, DLP, or other information security systems. Knowledge of EDR, EPP, IDS/IPS, AD and network infrastructure. Detail oriented, with meticulous attention to system and procedure documentation. CHNCT Offers Great Benefits: Medical, dental and vision coverage options Flexible spending and health savings accounts Group term life insurance A 401(k) plan with company-match and immediate vesting Voluntary accidental injury coverage Tuition reimbursement and continuing education opportunities A generous paid-leave bank and company holidays Wellness program We are dedicated to having a workplace where everyone feels valued, respected, and empowered to succeed. We embrace a wide range of perspectives and backgrounds, ensuring fair treatment and opportunities for all employees. We value our team's rich array of experiences and viewpoints, which contribute to our innovative and collaborative environment.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Full-time Description The Risk Management Security Analyst is responsible for assisting Access Health CT (AHCT) with its Information Security Risk Management Program, satisfying both regulatory compliance requirements and managing security risk to an acceptable level. This role is a hands-on role that will be responsible for actively identifying, detecting, monitoring, maintaining, analyzing, advising, and responding to ongoing IT security and compliance needs under the guidance of the Associate Director, IT Security & Compliance. The individual selected for this role will collaborate with various cross-functional teams inclusive of partners and vendors in identifying, evaluating, categorizing, tracking and monitoring enterprise IT security risk and will assist with development and maintenance of IT security controls in adherence with federal and other government required cyber security frameworks. Furthermore, the individual in this role will be responsible for assisting with development, automation, and ongoing maintenance of end-to-end risk register and related risk management work streams and processes (i.e., risk assessments, risk mitigation strategies, etc.) by utilizing existing Archer Governance, Risk, and Compliance (GRC) platform and other state-of-the-art security tools. This role reports to the Associate Director of IT Security and Compliance and has no direct reports. *Please note that this position is available to individuals authorized to work in the U.S. without the need for sponsorship . Responsibilities Conduct third-party security risk assessments and security reviews in accordance with regulatory requirements. Collaborate with IT, Legal, product owners, and business teams to ensure appropriate IT Security and Compliance requirements are incorporated into new and ongoing engagements and initiatives. Support development, maintenance, and operation of a centralized enterprise cyber risk register and associated activities in Archer GRC platform. Define and report on key risk metrics to Management on regular basis. Liaise with IT, Legal, product owners, and business teams to provide accurate and timely responses to internal and external IT Security and Compliance inquiries and related activities. Assist with technical vulnerability assessments and security reviews of infrastructure, network, applications, and databases, utilizing Nessus scanning software and other state- of- the- art security tools. Facilitate, track, and manage vulnerability remediation based on risk categorization, with timely assessing and communicating risk, documenting, and reporting on mitigation status. Actively monitor, analyze, and generate reports on company's security landscape utilizing SIEM and other state- of- the- art security tools. Provide guidance, technical expertise, and training to the enterprise to ensure optimal use of the Archer GRC platform. Develop and maintain technical documentation, such as security control implementations, System Security Plan (SSP), user guides, process documentation, and configuration details. Identify opportunities for process optimization, automation, and streamlining tasks. Participate actively in frequent regulatory submissions and inquiries. Manage and continuously monitor remediation plans for compliance and mitigation of risk. Assist with responding to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches. Bridge information security requirements with business processes and IT systems and projects. Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitor for compliance. Develop, administer, and provide advice, evaluation, and oversight for information security training and awareness programs. Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program. Completes other tasks, as assigned. Requirements Qualifications Bachelor's degree in Management Information Systems, Cybersecurity, Computer Science or related Information Technology field and/or equivalent industry experience. A minimum of 3-5 years of combined hands-on experience in Information Security, Information Technology, Audit, or Governance, Risk, and Compliance. One or more of the following security certifications is preferred or in process: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Global Information Assurance Certification (GIAC) Working knowledge of common Cybersecurity Frameworks including the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF), NIST SP 800-53, FedRAMP, and Center for Internet Security (CIS) Critical Security Controls. Hands-on experience with GRC platforms and other state-of-the-art security tools. Experience with development and management of metrics and reporting. Applied knowledge with data mapping, risk assessments, third-party risk management, audits, compliance tracking, and security controls management. Solid understanding of cybersecurity best practices and how to implement and apply at a business setting. Demonstrated success in problem solving, project management, business analysis, and data analysis. Solid organizational and excellent verbal and written communication skills. Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly. Ability to successfully multi-task while working independently or within a group environment. Ability to collaborate with internal and external stakeholders in an effective manner that produces desired results. Physical Demands: the physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to sit, stand, hear, use hands to type data, and utilize a phone or other electronic communication devices. This employee may occasionally have to operate business machines. Specific vision abilities required in this job include close vision and the ability to adjust focus. Work Environment: this is an in-office role on Tuesdays and Wednesdays and a remote role 3 days per week. The noise level in the work environment is usually low to moderate. The role requires the ability to work offsite with stakeholders at their locations, e.g., BITS, DSS. Requires fast-paced deadlines and has a high stress at times. Occasional local travel and some travel within the U.S. Affirmative Action and Equal Opportunity Employer Salary Description $79,000 to $88,000 DOE

Job Description Aquinas Consulting is currently looking to fill an IT Security and Compliance Engineer job for our direct client in East Hartford, CT. In this role, you will design, implement, and manage security controls across cloud and on-prem environments while guiding clients through compliance requirements. You will support audits, assess gaps, and respond to incidents - ensuring clients maintain strong security postures. IT Security and Compliance Engineer Job Responsibilities: Design and implement security architectures across cloud, on-prem, and hybrid client environments Manage and optimize security tools including EDR, MDR, MFA, SIEM, firewalls, and VPNs Collaborate with NOC/SOC partners to monitor threats and respond to incidents Conduct gap assessments and advise on remediation plans for compliance frameworks such as NIST, CMMC, and PCI Support client audits by coordinating evidence collection and documentation Perform vulnerability scans, risk assessments, and configuration reviews Create and maintain security policies, procedures, and environment documentation Deliver security awareness training for internal teams and client personnel Develop and execute incident response playbooks and handle security events Improve security processes and tools, ensuring audit readiness and SLA compliance Stay current on industry trends and recommend new security measures Qualifications: Strong knowledge of servers, network infrastructure, and security technologies (firewalls, VPNs, MFA, SIEM, MDR, EDR) Experience securing cloud platforms such as AWS, Azure, or GCP, including IAM and native controls Familiarity with compliance frameworks such as NIST, CMMC, PCI, ISO 27001, etc. Excellent troubleshooting skills and experience supporting incident response Strong written and verbal communication skills with both technical and non-technical audiences Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience) 4+ years in cybersecurity engineering (MSP/MSSP/SOC experience preferred) Relevant certifications such as CompTIA Security+, CISSP, CISM, GIAC, or ISO 27001 Lead Implementer preferred If you are interested in this IT Security and Compliance Engineer job in East Hartford, CT, please apply now to be connected with a member of our team. Please note: Applying to this role is an agreement to have your information entered into our database and acknowledgement that a recruiter will reach out to you either by phone, email, and/or text message regarding this and similar job opportunities. Aquinas Consulting is a woman and minority owned company headquartered in Milford, CT that provides Engineering, Information Technology (IT), and Manufacturing staffing solutions throughout the US. We take pride in 20 years of service to our clients, our hiring managers, our consultants, and our local community. Aquinas is an affirmative action, equal opportunity employer and committed to considering all qualified applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. *************************

Must have: Application security, Relevant security certifications , Devops, OWASP Duties: The Opportunity We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. Description: Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to MassMutual's cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. Office location worker is associated with: Springfield, MA, Boston, MA, or NY, NY. Skills: Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

Job Description We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. The Impact Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. The Minimum Qualifications Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.). Education: Bachelor's or master's degree in computer science. Skills and Experience: Required Skills: MITIGATION CLOUD SECURITY METRICS SCANNING GCP Additional Skills: SOC INFORMATION SECURITY API DYNAMIC ANALYSIS C JAVA MAVEN AMAZON WEB SERVICES PROBLEM-SOLVING GITHUB DEPLOYMENT REPORTING TOOLS INCIDENT RESPONSE C/C++ CONTINUOUS INTEGRATION/DELIVERY TERRAFORM CODING DEV OPS EXCELLENT COMMUNICATION SKILLS JAVASCRIPT SOFTWARE SECURITY COMPTIA PYTHON STRUCTURED SOFTWARE GIAC SDLC JENKINS CODING STANDARDS TEAM PLAYER GRADLE KUBERNETES

What you'll do • Design and implement comprehensive data security architectures, with particular focus on database platforms (primarily SQL Server) • Develop and maintain enterprise-wide encryption strategies for securing structured and unstructured data both in transit and at rest, both and both on-premise and in the cloud • Enhance logging, monitoring and SecOps capabilities of enterprise databases and other data stores • Configure and optimize Identity and Access Management (IAM) solutions across data platforms and repositories to align to least privilege principles • Implement Data Loss Prevention (DLP) strategies and controls • Implement and maintain Information Rights Management (IRM) and Digital Rights Management (DRM) solutions • Design and implement data tokenization strategies where appropriate • Secure data processing pipelines and ensure appropriate controls for data workflows • Create and maintain data security documentation, including policies, procedures, and standards • Collaborate with development teams to ensure security best practices in data handling • Conduct vulnerability assessments of the firm's database architecture and associated data storage and processing systems • Assist in monitoring and managing security patching and upgrade processes for database platforms What's required • Bachelor's degree in computer science, cybersecurity, or related technical field • 6+ years of experience in data/database security engineering and governance • Deep expertise in database security, particularly SQL Server • Comprehensive understanding of data warehouse/data lake architectures and tools, particularly Databricks (required) • Subject matter expertise in Object Storage (eg: S3, Azure Blob, etc) and related security • Understanding of Active Directory Delegation (constrained vs. unconstrained) and associated best practices • Experience with 3rd-party SQL Server security governance and monitoring products (eg: Idera, Solarwinds) • Extensive knowledge of encryption technologies for both structured and unstructured data • Broad knowledge of secure data/file sharing solutions and ETL workflows • Experience designing and implementing data tokenization solutions • Experience with data classification and DLP technologies • Scripting/automation capabilities (eg: SQL, PowerShell, Python) • Commitment to the highest ethical standards Qualifications Ivy league colleges education preferred or huge plus. Additional Information All your information will be kept confidential according to EEO guidelines.

Duration: 6+ Months Experienced Firewall administrator for operational implementation, maintenance and configuration of firewalls. Key Responsibilities: Performs maintenance and changes in firewalls as required. Implementation of new firewalls as required Assists with troubleshooting network connectivity as it relates to firewalls Utilizes change management, request, and ticketing systems, documents status updates and problem resolutions Complete All assignments in a timely manner with an acceptable level of quality Maintains documentation related to work area Completes network change requests Follows documented processes, procedures and policies Performs customer service duties and responds to customer and project requests as defined by management Other related duties assigned as needed. Qualifications/Requirements: Bachelor's degree and with 3 to 4 years of operational experience administering Firewalls 4 or more years networking/firewall background Must have networking TCP/IP routing protocol experience Desired Characteristics: In-depth experience in security aspects of multiple platforms, operating systems, software, communications and network protocols is desired Competency in verbal, written, and presentation communications and interpersonal understanding Ability to understand customer's business needs. Leadership of work teams/groups Ability to work with all levels of employees Highly motivated and able to work effectively under minimal supervision in a fast-paced environment Team-oriented, placing priority on quality and the successful completion of team goals Organization and planning skills that include: time management, project coordination and management, and the ability to handle multiple deadlines and associated pressures. Competency in developing effective solutions to business problems Ability to analyze problems and to make decisions REQUIRED SKILLS YEARS OF EXPERIENCE WHEN THE SKILL WAS LAST USED Expert knowledge of Cisco Security products, ASA and Firepower Expert knowledge of NSX Expert knowledge of Palo Alto systems Security Certifications a Plus Must have networking TCP/IP routing protocol experience Networking/firewall background Operational experience administering Firewalls Additional Information All your information will be kept confidential according to EEO guidelines.

115-125k / Hartford CT / Hybrid Role / Security & Complaince We are seeking a Security Engineer with strong technical expertise and a focus on compliance to join our team. The ideal candidate will be responsible for designing, implementing, and maintaining security solutions while ensuring that our systems and processes meet industry standards and regulatory requirements. This role bridges hands-on security engineering with compliance oversight, supporting both technical operations and audit readiness. Key Responsibilities Design, implement, and maintain security tools, systems, and infrastructure. Support compliance initiatives, ensuring alignment with frameworks such as ISO 27001, NIST, SOC 2, HIPAA, or PCI-DSS. Collaborate with internal teams to ensure security controls are implemented and maintained across systems, networks, and applications. Perform risk assessments, vulnerability management, and remediation planning. Develop and maintain security documentation, policies, and standard operating procedures. Assist with audit preparation and evidence gathering for external and internal reviews. Monitor and analyze security alerts, responding to incidents in line with established processes. Provide guidance on secure design and compliance requirements for new systems and projects. Stay up to date with evolving security threats, tools, and compliance requirements. Qualifications 3-5 years of experience as a Security Engineer or similar role. Strong knowledge of network, system, and application security. Experience with compliance frameworks (ISO, NIST, SOC 2, HIPAA, PCI-DSS, etc.). Hands-on experience with security tools (SIEM, IDS/IPS, endpoint protection, vulnerability management, firewalls). Familiarity with cloud security (AWS, Azure, or GCP). Strong understanding of risk management, access control, and encryption. Excellent documentation, communication, and cross-team collaboration skills. Preferred Skills (Nice to Have) Relevant certifications (CISSP, CISM, CISA, Security+, CCSP). Experience supporting compliance audits or certification processes. Knowledge of DevSecOps practices and automation tools. Familiarity with privacy regulations (GDPR, CCPA).

Connecticut Children's is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children's offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members. At Connecticut Children's, treating children isn't just our job - it's our passion. As a leading children's health system experiencing steady growth, we're excited to expand our team with exceptional team members who share our vision of transforming children's health and well-being as one team. Manage and continuously improve a Cyber Security Compliance program. This would include conducting security business and infrastructure compliance reviews, security risk assessments for internal/external information assets. Education and/or Experience Required: * Education Required: Bachelor's degree in Information Systems or equivalent * Experience Required: Minimum of six (6) years of enterprise security related work experience. Minimum of four (4) years incident response/forensics experience. Previous 24 x 7 operations experience License and/or Certification Required: Required: Certified Information Systems Security Professional (CISSP) within 1 year of hire. Preferred: CISM, PCI QSA, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA). Knowledge, Skills and Abilities: Knowledge * Experience and proficiency with: Anti-Virus, HIPS, IDS/IPS, Network Captures, Host-Based & Network Forensics. * Knowledge of Linux, UNIX, Windows OS, Active Directory and other operating systems. * Knowledge of database platforms such as MS SQL, Oracle, and MySQL. * Experience with a scripting language (e.g. Powershell, Python) Skills: * Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executives Abilities: * Must be self-directed, able to manage individual projects or act as part of a larger team * Experienced in performing security audits, risk analysis, forensics and penetration testing. Actively monitor systems and networks for potential intrusions. Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and remediation plans. Manage remediation plans toward closure. Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology. * Develop and document security policies and procedures, training and awareness. Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations of new/updated applications and services. * Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance. Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response.

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As **Senior Cybersecurity Engineer,** you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. **In this role you will:** + Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation + Document analysis, findings, and actions for case management and metrics + Support security incident response planning, procedure/playbook development and investigations + Participate in on-call rotation for off-hours escalations + Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). + Assist with remediation of identified security risks + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred **What you bring to BIC:** + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred + Prior experience interpreting or analyzing log data and working with log pipelines + Triaging alerts from various sources, following playbooks, and escalating legitimate issues + Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) + Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. + In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

What you'll do • Design and implement comprehensive data security architectures, with particular focus on database platforms (primarily SQL Server) • Develop and maintain enterprise-wide encryption strategies for securing structured and unstructured data both in transit and at rest, both and both on-premise and in the cloud • Enhance logging, monitoring and SecOps capabilities of enterprise databases and other data stores • Configure and optimize Identity and Access Management (IAM) solutions across data platforms and repositories to align to least privilege principles • Implement Data Loss Prevention (DLP) strategies and controls • Implement and maintain Information Rights Management (IRM) and Digital Rights Management (DRM) solutions • Design and implement data tokenization strategies where appropriate • Secure data processing pipelines and ensure appropriate controls for data workflows • Create and maintain data security documentation, including policies, procedures, and standards • Collaborate with development teams to ensure security best practices in data handling • Conduct vulnerability assessments of the firm's database architecture and associated data storage and processing systems • Assist in monitoring and managing security patching and upgrade processes for database platforms What's required • Bachelor's degree in computer science, cybersecurity, or related technical field • 6+ years of experience in data/database security engineering and governance • Deep expertise in database security, particularly SQL Server • Comprehensive understanding of data warehouse/data lake architectures and tools, particularly Databricks (required) • Subject matter expertise in Object Storage (eg: S3, Azure Blob, etc) and related security • Understanding of Active Directory Delegation (constrained vs. unconstrained) and associated best practices • Experience with 3rd-party SQL Server security governance and monitoring products (eg: Idera, Solarwinds) • Extensive knowledge of encryption technologies for both structured and unstructured data • Broad knowledge of secure data/file sharing solutions and ETL workflows • Experience designing and implementing data tokenization solutions • Experience with data classification and DLP technologies • Scripting/automation capabilities (eg: SQL, PowerShell, Python) • Commitment to the highest ethical standards Qualifications Ivy league colleges education preferred or huge plus. Additional Information All your information will be kept confidential according to EEO guidelines.