Cyber security analyst jobs in Rapho, PA

APPLICATION INSTRUCTIONS: * CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday. * CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday. * If you are NOT a current employee or student, please click "Apply" and complete the application process for external applicants. Approval of remote and hybrid work is not guaranteed regardless of work location. For additional information on remote work at Penn State, see Notice to Out of State Applicants. POSITION SPECIFICS We are searching for an experienced Information Systems Security Manager (ISSM) to join our Cybersecurity Division at the Applied Research Laboratory (ARL) at Penn State. Information Technology Services provides ARL's administrative and research computing environments and capabilities, delivering secure, responsive, efficient, effective, and compliant IT services and operations to meet the demanding needs of ARL's leading edge research. This position will have a focus on the unclassified space, overseeing and owning the unclassified information security program, including implementing our various compliance requirements like the Cybersecurity Maturity Model Certification (CMMC). This ISSM will however operate within and support both unclassified and collateral spaces, backing up fellow ISSM's and enforcing commonalities between environments where possible. They will be responsible for developing and maintaining policy and security documentation, providing cybersecurity recommendations for system, network, and application design, leading information system risk assessments, assist in leading incident response actions, setting standards for continuous monitoring processes such as auditing or vulnerability assessments, and ensuring cybersecurity requirements are effectively and efficiently communicated to operational and researcher team leadership to ensure integration into their respective team processes. ARL is an authorized DoD SkillBridge partner and welcomes all transitioning military members to apply. You will: * Develop, validate, submit, and maintain information system security plans, certification and authorization packages, and plans of action and milestones in support of compliance requirements * Oversee development and implementation of risk assessments against information systems in all phases of their lifecycles * Provide cybersecurity recommendations for system, network, and application design * Monitor and assist in the assessment and review of current and new systems and networks to ensure compliance with current cybersecurity policies, concepts, and measures * Develop training material related to compliance and audit requirements to assist employees in individual compliance/audits as applicable * Assist in technical requirements such as; vulnerability scanning, review of security/event logs, network analysis, and incident response on an as-needed basis Required skills/experience areas include: * Current eligibility for access to classified information at the Top-Secret level or higher and may be subject to a government background investigation to upgrade clearance eligibility, if required * Assessment and Authorization experience of systems and networks using CMMC and RMF * NIST/ISO standards (eg. NIST SP 800-53 and NIST SP 800-171), Department of Defense directives, DISA STIG, and regulatory requirements * Strong technical background, with significant experience using multiple operating systems to include Windows and Linux * Policy, procedure, plan of action and milestone, risk assessment and security plan development with experience of continuous monitoring for compliance with said documentation * System functions, security policies, technical security safeguards, and operational security measures * The ability to certify and maintain information security related certifications (eg. Security+, CISSP, and any other required certifications) * Excellent communications, analytical and problem-solving skills * Efficient organizational, multitasking, and time management abilities Preferred skills/experience areas include: * A Bachelor's degree in Information Security, Information Technology, or Computer Science * Management or leadership experience in IT and information security space * Vulnerability scanning and mitigation utilizing Nessus, Retina, GFI Languard, or similar tool * Experience with networking fundamentals including various concepts, tools, and administrative functions * Working knowledge of container image security and experience overseeing security for containerized environments (docker, podman, etc) * SEIM management or use for analysis, such as Splunk, ELK, or AlienVault * VMWare and management of Virtual Machines * Training material development Your working location will be located in State College, PA in a hybrid on-site/work from home format. Questions related to flexible work should be directed to the hiring manager during the interview process. This position will require periodic travel to remote locations. MINIMUM EDUCATION, WORK EXPERIENCE & REQUIRED CERTIFICATIONS If filled as Cyber Information Assurance Analyst - Principal Professional, this position requires: Master's Degree 8+ years of relevant experience; or an equivalent combination of education and experience accepted Required Certifications: None If filled as Cyber Information Assurance Analyst - Senior Professional, this position requires: Bachelor's Degree 6+ years of relevant experience; or an equivalent combination of education and experience accepted Required Certifications: None ARL's purpose is to research and develop innovative solutions to challenging scientific, engineering, and technology problems in support of the Navy, the Department of Defense (DoD), and the Intel Community (IC). FOR FURTHER INFORMATION on ARL, visit our web site at **************** BACKGROUND CHECKS/CLEARANCES Employment with the University will require successful completion of background check(s) in accordance with University policies. All positions at ARL require candidates to possess the ability to obtain a government security clearance; you will be notified during the interview process if this position is subject to a government background investigation. You must be a U.S. citizen to apply. Employment with the ARL will require successful completion of a pre-employment drug screen. SALARY & BENEFITS The salary range for this position, including all possible grades, is $86,300.00 - $145,700.00.THE PROPOSED SALARY RANGE MAY BE IMPACTED BY GEOGRAPHIC DIFFERENTIAL Salary Structure - Information on Penn State's salary structure Penn State provides a competitive benefits package for full-time employees designed to support both personal and professional well-being. In addition to comprehensive medical, dental, and vision coverage, employees enjoy robust retirement plans and substantial paid time off which includes holidays, vacation and sick time. One of the standout benefits is the generous 75% tuition discount, available to employees as well as eligible spouses and children. For more detailed information, please visit our Benefits Page. CAMPUS SECURITY CRIME STATISTICS Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here. EEO IS THE LAW Penn State is an equal opportunity employer and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact ************. Federal Contractors Labor Law Poster PA State Labor Law Poster Penn State Policies Copyright Information Hotlines

*****CANDIDATE MUST BE US Citizen (due to contractual/access requirements)***** **For candidates residing within a 50-mile radius of a Highmark office, a hybrid work schedule of three days per week (Tuesday, Wednesday, and Thursday) in the office is required.** The Cyber User Behavior Engineer is a pivotal role at Highmark, dedicated to enhancing our organization's security by cultivating a robust "security-first" culture. This individual will lead the design, implementation, and ongoing management of comprehensive security awareness programs. Their primary responsibility will be to educate, train, and inspire all Highmark employees to effectively identify and report security threats, ensuring adherence to Highmark's security policies and industry best practices. This role is crucial in minimizing human-centric security risks and fostering a vigilant and informed workforce. **ESSENTIAL RESPONSIBILITIES** + Develop, implement, and continuously improve a proactive program to identifying internal threats. + Establish close relationships with business stakeholders outside of the security discipline, working closely with privacy, physical security, fraud, legal, human resources and senior leadership. + Perform predictive analysis of behavior, anomalies, and concerns to identify internal threats. + Execute campaigns designed to improve enterprise security posture. + Continually enhance insider risk program to increase efficiencies and measure program effectiveness and report accordingly on progress. + Utilize change management methodologies to mitigate identified security risks. + Provide insider threat support to security operations and incident response teams in advance of and during cyber security incidents. + Ensure clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, identifying impact to the business and to consumers, helping shape remediation, and developing external and internal communications. + Ensure the education and awareness program is aligned with the Information Security Program, Policies and Standards. + Other duties as assigned or requested. **EDUCATION** **Required** + Bachelor's Degree in Business Education, Marketing or Information Systems **Substitutions** + Six (6) years relevant, progressive experience **Preferred** + Bachelors in Information Security **EXPERIENCE** **Required** + 3 years in IT or IT Security Focus + 3 years of Insider Threat Program focus To include: + 3 years with Human Intelligence (HUMINT) **OR** as an Open-source Intelligence Analyst **Preferred** + 1-3 years in a Security Awareness or adjacent role **LICENSES or CERTIFICATIONS** **Required** + None **Preferred** + Security + **OR** + GSEC **OR** + CISSP **OR** + CERT Insider Threat + SANS Security Awareness Professional (SSAP) Proofpoint Certified Security Awareness Specialist **SKILLS** + Change Management + Presentation Delivery + Prioritizing + Analytical and Logical Reasoning/Thinking + Communication Skills + Cyber Security + User Behavior + Continuous Improvement **Language (Other than English):** None **Travel Requirement:** 0% - 25% **PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS** **Position Type** Office-based Teaches / trains others regularly Frequently Travel regularly from the office to various work sites or from site-to-site Rarely Works primarily out-of-the office selling products/services (sales employees) Never Physical work site required Yes Lifting: up to 10 pounds Occasionally Lifting: 10 to 25 pounds Rarely Lifting: 25 to 50 pounds Never **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._ **_Compliance Requirement_** _: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies._ _As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy._ _Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements._ Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at ***************************** California Consumer Privacy Act Employees, Contractors, and Applicants Notice Req ID: J272819

**Are You Ready to Make It Happen at Mondelēz International?** **Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.** The Cloud Security Analyst is responsible for ensuring the security, compliance, and operational integrity of enterprise workloads across cloud environments, including mostly AWS, Azure, and Google Cloud Platform. This role provides hands-on security expertise, drives cloud governance maturity, and partners closely with engineering, operations, and compliance teams to reduce risk and strengthen the organization's multi-cloud security posture. **Key Responsibilities** **Cloud Security Posture Management (CSPM)** + Monitor and manage security posture across AWS, Azure, and GCP using CSPM tools such as Wiz and Falcon Cloud Security. + Identify misconfigurations, vulnerabilities, and high-risk assets + Track and document remediation efforts. + Develop dashboards, metrics, and reporting for cloud compliance and risk reduction. **Identity, Access & Entitlement Security** + Review and enforce least-privilege access across cloud and hybrid environments. + Maintain identity guardrails (SSO, MFA, conditional access). + Conduct periodic access reviews and support privileged access governance. **Cloud Security Engineering** + Partner with engineering teams to design secure architectures following NIST, CIS, and company standards. + Validate Infrastructure-as-Code for compliance. + Support deployment and maintenance of cloud-native security controls. **Threat Detection & Incident Response** + Analyze cloud alerts and support cloud-focused incident response. + Coordinate with SOC teams to refine monitoring rules. **Governance, Risk & Compliance** + Contribute to cloud security policies, standards, and baselines. + Perform compliance reviews for CIS, NIST, ISO 27001. + Support audits and evidence gathering. **DevSecOps & Automation** + Work with DevOps teams to embed security into CI/CD pipelines. + Implement automated security checks. + Create scripts to automate security tasks. **Collaboration & Stakeholder Engagement** + Serve as a trusted partner to cloud engineering, network, application, and GRC teams. + Provide secure design guidance and threat modeling support. + Communicate risks clearly to technical and executive stakeholders. **What extra ingredients you will bring:** + 5+ years of experience in cloud security or cloud engineering. + Hands-on experience securing AWS, Azure, and GCP. + Strong understanding of IAM, network security, encryption, and cloud shared responsibility models. + Experience with CSPM tools, such as Wiz and Falcon Cloud Security. + Solid understanding of IaC concepts. + Familiarity with SIEM/SOAR and compliance frameworks. **Salary and Benefits:** The base salary range for this position is $106,300 to $146,190; the exact salary depends on several factors such as experience, skills, education and location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results. In addition, Mondelez International offers the following benefits: health insurance, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education related programs, paid holidays and vacation time. Some of these benefits have eligibility requirements. Many of these benefits are subsidized or fully paid for by the company. No Relocation support available **Business Unit Summary** The United States is the largest market in the Mondelēz International family with a significant employee and manufacturing footprint. Here, we produce our well-loved household favorites to provide our consumers with the right snack, at the right moment, made the right way. We have corporate offices, sales, manufacturing and distribution locations throughout the U.S. to ensure our iconic brands-including Oreo and Chips Ahoy! cookies, Ritz, Wheat Thins and Triscuit crackers, and Swedish Fish and Sour Patch Kids confectionery products -are close at hand for our consumers across the country. Mondelēz Global LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Applicants who require accommodation to participate in the job application process may contact ************ for assistance. For more information about your Federal rights, please see eeopost.pdf ; EEO is the Law Poster Supplement ; Pay Transparency Nondiscrimination Provision ; Know Your Rights: Workplace Discrimination is Illegal **Job Type** Regular Information Security Technology & Digital At Mondelēz International, our purpose is to empower people to snack right through offering the right snack, for the right moment, made the right way. That means delivering a broader range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands - both global and local. Including many household names such as Oreo, bel Vita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the number 1 position globally in biscuits, chocolate and candy as well as the No. 2 position in gum Our 80,000 Makers and Bakers are located in our operations in more than 80 countries and are working to sell our products in over 150 countries around the world. They are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen, and happen fast. Join us and Make It An Opportunity! Mondelez Global LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Applicants who require accommodation to participate in the job application process may contact ************ for assistance.

Job DescriptionDescription: Client Solution Architects (CSA) is currently seeking a Cyber Security Engineer to support our program at Fort Indiantown Gap, PA. For nearly 50 years, CSA has delivered integrated technology and operational support services to meet the defense and federal sector's most complex enterprise needs. Working from operations centers and shipyards to training sites and program offices, CSA deploys experienced teams, innovative tools and proven processes to advance federal missions. This position is contingent on contract award. How Role will make an impact: Maintains the appropriate operational security posture and documentation for MCTSP information systems Implementing DoD, Army, ARNG, and MCTSP information security policies Creating and implementing POA&M in response to vulnerabilities identified during risk assessments, audits, and inspections RMF document and artifact management Managing and tracking the IAVM system Physical and environmental protection, access control, incident handling, security training, vulnerability and compliance management, configuration management, and assistance in the development of security policies and procedures. Requirements: What you'll need to have to join our award-winning team: Clearance: Must possess and maintain an active Secret Clearance. Bachelor's degree in Cyber Security or related field or associate degree and 5 years of specialized experience. IAT II Certification 3 years' experience in assessing and mitigating risk for networks and systems utilized in LVC and integrated training environments that include simulations that stimulate Army C2 Systems. 3 years' experience planning architectures for LVC and integrated training environments and for stimulation of Army Mission Command Systems in support of Division and Above training events and distributed exercises; 5 years' experience with military training and training support; experience designing and supporting distributed, simulation-supported exercises Why You'll Love this Job: Purpose filled roles that contribute to impactful solutions to advance our federal clients' mission. You may examine doctrine, plans, policies and procedures that will enhance and enrich the training environment, ensuring our warfighters are fully prepared for any challenge. Daily opportunities to develop new skills Team environment What We Can Offer You: Compensation Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have - whether you want to become a knowledge expert in your field or apply your skills to another division. Diversity, Inclusion & Belonging We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Benefits Healthcare (medical, dental, vision, prescription drugs) Pet Insurance 401(k) savings plan Paid Time Off (PTO) Holiday pay opportunities Basic life insurance AD&D insurance Company-paid Short-Term and Long-Term Disability Employee Assistance Program Tuition Support Options Identity Theft Program

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Job Summary:Responsible for reducing the impact of information security incidents and system compromises. They do so by assisting with security monitoring, incident / event investigation and analysis, roleplay through tabletop events and "purple team" exercises, contributing to documentation and playbooks to ensure repeatable security-focused processes, participating with security and data privacy assessment as well as providing recommendation for endpoints, servers, and network infrastructure. They are responsible for the understanding and identification of indicators of compromise (IoC) as well as helping understand evidence of attack in alerts or monitoring, by hunting through data, systems and from review of investigation notes. Position has a moral and legal responsibility to uphold all local, state, and federal regulations especially in regards to security and data privacy. Job Responsibilities:• Perform security incident investigations and reporting according to the Incident Response Plan (IRP).• Perform industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.• Contribute to network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.• Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended.• Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.• Assist and support user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.• Participate in any breach analysis activities to help discover root cause.• Participate in disaster and business continuity recovery planning as well as plan execution should an event occur.• Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing.• Provide support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.• Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.• Participate in threat modeling activities with more senior team members or with select management approved security partners. Qualification Requirements:• Education: Bachelor's degree in Computer Science, Network Administration, Cybersecurity, or a related field required; Master's degree preferred; relevant certifications and professional experience may be considered in lieu of formal education.• Experience Level: 5-7 years of Software Development, Network Administration, or Cyber Security experience is required.• Experience in securing applications (front end / back end, SaaS), servers, or networks is required. • Experience in the event log monitoring of computer systems is required.• Experience with industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) as well as experience with PII, PHI, CPNI, and PCI data handling requirements is required.• Experience in information security or data privacy investigative work is required.• 2-3 years of Splunk or SIEM experience is preferred.• Experience with SOX compliance is preferred.• Experience with mobile device management (MDM) is preferred. Job Skills & Knowledge:• Ability to review reports and system activity logs to identify critical events, categorize according to priority, and escalate as appropriate.• Capability to gather information, analyze and evaluate evidence, draw conclusions, and share that knowledge gained in an appropriate manner.• Ability to absorb intelligence information about threats and threat actors to help mitigate harmful events for the organization.• Ability to develop and analyze processes.• Understanding of security measures and testing at an application level that aim to prevent data or code from being stolen, manipulated, or hijacked.• Ability to identify detailed information risk and to apply governance compliance concepts and principles.• Must have excellent verbal and written skills.• Must be able to work effectively in a team environment.• Excellent capability to develop and document security architecture, assessment, and plans. Including strategic, tactical, and project plans.• Ability to develop security policies, procedures, standards, and guidelines.• Capability to work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate. Knowledge of:• WSUS Management and Deployment, SCCM Package Building and Maintenance, Windows, Endpoint Protection and Compliance systems, Active Directory, Office 365, SIEM solutions.• Penetration/vulnerability test suites and compliance regulations (SOX, PCI, etc.)• Applicable knowledge of Information Technology, security and data privacy fundamentals, and networking. Certifications:• CompTIA Network+ and Security+ certifications required, or equivalent certifications demonstrating foundational knowledge in networking and security. Candidates with substantial hands-on experience may be considered in lieu of formal certification.• Computer Hacking Forensic Investigator (CHFI) or Certified Ethical Hacker (CEH) Certifications preferred.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Back to Open Opportunities Returning Applicant? Login Now Notice: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time. However, USLI reserves its right to provide employment-based immigrant visa assistance on a discretionary basis. Explore USLI's extensive company benefits, perks, and more below! *Not applicable to External Customer Program U.S. Benefits Canada Benefits Information Security Engineer Location:Wayne, PA Team:Information Security Job Type:Information Technology FT/PT Status:Full Time Job Title: Information Security Engineer Location: Wayne, PA About Us: At USLI, we're not just about insurance, we are committed to making a difference - both internally and externally. Our community is built upon five values: Caring, Attitude, Respect, Empathy and Energy. Our commitment to these values leads us to make better decisions and furthers our true sense of community. By joining our team, you'll be part of a vibrant organization that values innovation, collaboration and growth. Here, you'll have the opportunity to shape the future of insurance and make a meaningful impact. Your Role: You will drive initiatives in the design, implementation, configuration and monitoring of security technologies for mobile, web and in-house systems. Combining technical expertise with strong interpersonal skills, you will collaborate with various teams to ensure the success of security initiatives. Your responsibilities will include overseeing security processes, mentoring team members and maintaining high standards of security practices. Key Responsibilities: * Technical expertise: Lead by example with a deep understanding of firewalls, SIEM, vulnerability management, endpoint security, data classification and network access control * Cloud security migration: Migrate appropriate security technologies and processes to Microsoft Cloud, ensuring compliance with industry standards * Mentorship: Mentor team members on complex technical subjects and best practices in information security * Log analysis and triage: Conduct log analysis and triage of security events, coordinating response activities with relevant teams * Audit and compliance: Produce documentation for audits and compliance reports, validating findings in security reports and assisting in remediation efforts * Vulnerability management: Assist in the execution of vulnerability assessment and patch management plans, ensuring timely resolution of identified issues * Policy development: Define policies and procedures consistent with Center for Internet Security (CIS) controls and benchmarks * Research and development: Engage in research to identify emerging technologies and processes that could enhance the company's security posture * Collaboration: Work closely with operational, development and business teams to determine security needs and collaboratively complete initiatives What You'll Bring: * Leadership skills: Strong interpersonal skills to effectively drive initiatives, work collaboratively with other teams and foster personal accountability * Technical expertise: Proficiency in security technologies, including enterprise-class firewall platforms and public cloud environments (preferably Azure/Microsoft Cloud) * Problem-solving skills: Ability to solve complex technical problems and mentor others on effective solutions * Communication skills: Excellent oral and written communication skills to collaborate with business leaders, developers and IT leadership * Adaptability: Ability to thrive in a fast-paced, ever-changing collaborative team environment Qualifications: * College degree or equivalent industry/technical experience * Minimum of 5+ years in information security, with demonstrated expertise in networking fundamentals, Windows and Linux operating systems and information security principles * Strong understanding of security workflows Working Hours: 9 a.m. to 5 p.m. ET, with some overtime as needed. What We Offer: One of the advantages of working at USLI is the competitive salary and benefits program we offer full-time and eligible part-time employees. Benefits include performance-based tri-annual bonuses, medical benefits paid at 100% for full-time employees and 80% for eligible part-time employees, a profit-sharing program, free lunch every day while onsite and more than 450 annual personal and professional development courses. Explore more company benefits. Why USLI? At USLI, we are committed to fostering a vibrant and inclusive community that celebrates the rich diversity of all ethnicities, nationalities, abilities, genders, gender identities, sexual orientations, ages, religions, socioeconomic backgrounds and life experiences. We understand the importance of continuous learning, self-reflection, acknowledging our biases and expanding our perspectives beyond our own. We actively encourage open dialogue on diversity, equity, inclusion and belonging to support a workplace where every individual feels valued, respected and empowered to contribute at their fullest potential. Join us in building a diverse and inclusive environment where our shared values drive us toward excellence.

Summary Statement: You will be working with a team of experts to resolve issues and create new security infrastructure based on current market trends. What you will be doing: As a Penske Systems Engineer - Cyber Security you will maintain network, server and workstation firewall protection and provide network and application scanning, security logging, and intrusion detection capabilities. You will provide security reviews and define security models for new systems based on current trends and developments. You will also collaborate with different teams within the IT department to discuss, analyze or resolve usability issues and work on projects to update or create new security infrastructures. Major Responsibilities: * Ensure associates follow security standards through oversight of the set-up of a user's security access, administer network security access and monitor the associate's use of data systems to safeguard company information * Provide security reviews and define security models for new systems * Analyze and recommend security products based on their performance * Audit access to mission critical applications and to maintain compliance documentation for SOX and PCI * Analyze and review annual SOX and other compliance reports * Collaborate with different teams within the IT department to discuss, analyze, or resolve usability issues * Work on 1-3 mid to large-scale projects concurrently, assigned from department and group senior leadership * Mentor Security Administrators and Offshore Contractors * Define, implement, communicate and update security architecture for multiple computing platforms, operating systems, data networks, applications, and client software * Develop, implement, communicate, and update security policies and procedures for hardware, software, and network infrastructure * Develop, implement, and maintain tools for effective security administration and monitoring compliance IT security policies and procedures as well as detection of attempted security breaches and intrusion * Develop, test, and update disaster recovery plans to ensure that plans achieve desired results in protecting company assets and plans meet corporate risk and business resumption goals * Develop training material to be used to develop awareness within corporation of security policies, procedures, best practices and other issues as needed * Detailed understanding of Cloud Security fundamentals, including cryptography and the shared responsibility model * Other projects as assigned Qualifications: * Bachelor's degree or equivalent experience required, advanced degrees or certifications preferred * Minimum of 3+ years' experience * A background in auditing is also desirable * Knowledge of current state of the art security products is required * Firewall software/hardware * Proxy Filtering * Centralized Log configuration and analysis * IDS/IPS configuration and analysis. * SSO Infrastructure * Network Vulnerability Scanning * Advanced User Authentication Structures * OS Hardening and Security * Application vulnerability scanning * Networking TCP/IP and packet capture applications * Endpoint Protection solutions * Encryption Technology * Good documentation and presentation skills are also necessary for this position * Familiarity with disaster recovery planning and test execution * Regular, predictable, full attendance is an essential function of the job * Willingness to travel as necessary, work the required schedule, work at the specific location required, complete Penske employment application, submit to a background investigation (to include past employment, education, and criminal history) and drug screening are required Physical Requirements: * The physical and mental demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. * The associate will be required to read; communicate verbally and/or in written form; remember and analyze certain information; and remember and understand certain instructions or guidelines. * While performing the duties of this job, the associate may be required to stand, walk, and sit. The associate is frequently required to use hands to touch, handle, and feel, and to reach with hands and arms. The associate must be able to occasionally lift and/or move up to 25lbs/12kg. * Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and the ability to adjust focus. Penske is an Equal Opportunity Employer About Penske Truck Leasing/Transportation Solutions Penske Truck Leasing/Transportation Solutions is a premier global transportation provider that delivers essential and innovative transportation, logistics and technology services to help companies and people move forward. With headquarters in Reading, PA, Penske and its associates are driven by a dedication to excellence and a commitment to customer success. Visit Go Penske to learn more. Job Category: Information Technology Job Function: Software Engineering Job Family: Information Technology Address: 100 Gundy Drive Primary Location: US-PA-Reading Employer: Penske Truck Leasing Co., L.P. Req ID: 2510735

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. Position Overview The Mid Information System Security Officer (ISSO) (IAM 2) will support the Defense Security Cooperation Agency (DSCA) Cybersecurity (CYBR) team by providing expertise in Risk Management Framework (RMF) activities, security control assessments, controls validation, and continuous monitoring. The role involves ensuring compliance with RMF, IT, and Federal Information System Controls Audit Manual (FISCAM) guidelines, and supporting the cybersecurity responsibilities detailed in the DSCA CYBR Service Catalog. Work Location: Hybrid (Strongly preferred to live near Washington, DC / Mechanicsburg, PA is also an option) 3 days a week Remote, 2 days a week in Office. Clearance: Active Secret Clearance Job Responsibilities and/or Success Factors * Produce all required DOD compliance documentation for RMF, Audit Response and Remediation, Cyber Task Orders, Required Scorecards, Privacy documentation, and other compliance requirements as detailed in the DSCA CYBR Service Catalog. * Draft and coordinate cybersecurity-related documentation to meet required standards, controls, and metrics. * Support all steps of the RMF process (Steps 0-6) required to gain and maintain DOD Information Network (DODIN) and agency commercial network authority to operate. * Assist in categorization, control selection, implementation, and tailoring support, as well as support of assessments from the ISSO role. * Prepare and validate controls in eMASS packages for assessment and review. * Ensure that control requirements are well-defined and that necessary documentation and evidence are gathered for validation and assessment. * Work in the DOD GRC tool Enterprise Mission Assurance Support Service (eMASS) to support control validation. * Conduct continuous monitoring of information systems to detect vulnerabilities, threats, and security incidents. * Utilize security tools and technologies to perform regular scans, assessments, and analysis of system vulnerabilities. * Maintain and update continuous monitoring processes and procedures to ensure they are effective and aligned with organizational requirements. * Assist in the configuration and maintenance of security tools and technologies provided by the CSSP. * Assist in the detection, analysis, and response to cybersecurity incidents. * Participate in incident response activities, including triage, containment, eradication, and recovery. * Document and report on incident response activities, providing detailed analysis and recommendations for improvement. * Provide support to the Watch Officer in monitoring and managing cybersecurity events and incidents. * Maintain situational awareness of the organization's security posture and emerging threats. * Assist with the performance of daily and ad hoc/on-demand vulnerability scans, monthly audit scans, and monthly discovery scans. * Provide weekly vulnerability compliance reporting to ISSMs. * Review and adjust assets, subnets, credentials, and policies to properly manage C5ISR provided Assured Compliance Assessment Solution (ACAS) solutions. * Track and ensure configuration compliance of Enterprise Security Services (ESS) Suite with RMF, ATO, and Inspection requirements. * Assist with the maintenance of completed security waiver forms in coordination with EADSD and ISSM (PMO). * Work with TSD to implement effective scanning, COAMS System Registration, and Continuous Monitoring Scoring (CMRS) Tagging. * Maintain and update Ports, Protocols, and Services Management (PPSM) records, including emergency and exception requests. * Support the maintenance and accuracy of DoD Allow List entries. * Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities. * Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security. * Provide detailed documentation and evidence to support security assessments and audits. * Support the maintenance and configuration needed to maintain accurate ingestion of logs from all assets. * Provide summaries of events/incidents, including time of event/incident, anomalous activity identified, asset names and IPs, affected users, and POC for outreach/additional actions. * Complete Cybersecurity Incident Reporting Forms and assist with the detection and analysis of cybersecurity events and incidents. * Support accurate IR POC list, accurate hardware/software and IP inventory, and accurate summary of event/incident. * Document efforts involved in mitigating cybersecurity-related events/incidents that occur within the enterprise. * Support the generation of performance monitoring reports to monitor asset availability. * Support the generation of system health and security posture reports for system owners and ISSMs. * Support accurate hardware and software inventory, accurate ingestion of logs from all assets, and accurate system performance and security posture baselines. * Conduct specified areas of focus/detail for trend analysis. * Support migration information provided by affected system ISSM and report vulnerabilities to appropriate system ISSMs/POCs. * Assist with the reporting to outside agencies, including JFHQ, battle stations, external leadership, and other DOD Agencies. * Support the correlated agency-level POA&Ms with the coordination of POA&Ms from DSCA to outside entities. * Help complete the Cybersecurity Incident Reporting Form, including additional inputs such as personnel logs, system logs, event logs, and accurate software and hardware inventory list. Education and Minimum Qualifications * Must be a US Citizen * Active Secret Clearance * Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is required OR additional four (4) years of experience * Strong understanding of Risk Management Framework (RMF) processes and security control assessments, including experience with categorization, control selection, implementation, and assessment. * Minimum of two (2) years of relevant experience in cybersecurity, information assurance, or a related field. * Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines. * Experience in incident response, continuous monitoring, and vulnerability management. * Proficiency in using security assessment tools and platforms such as eMASS (Enterprise Mission Assurance Support Service). * Familiarity with continuous monitoring processes and tools. * Experience with incident response processes and tools. * Knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and CIS Controls. Desired Qualifications: * Certifications such as CSSP, CISM, CISA, CAP, Security+, or equivalent is highly desirable. * Experience with OKTA * Experience as an ISSO or otherwise prior experience with IT Risk Management Framework Support. AAP Statement We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

Overview/ Job Responsibilities Sev1Tech is looking for a Junior-level Information Systems Security Officer (ISSO) who can assist in the preparation, submission, and monitoring of accreditation packages through the Risk Management Framework (RMF) process ensuring receipt of Interim Authority to Test (IATT) or Authority to Operate (ATO) in support of the Naval Supply Systems Command (NAVSUP) Ordnance Information System (OIS) program. The ISSO will assist in maintenance of current operating cybersecurity environment within AWS GovCloud operating environment. The ISSO will apply their knowledge of DOD Cybersecurity processes and best practices used to secure technical solutions, including applications, systems, architectures, and infrastructures on-site in either Mechanicsburg, PA, or Yorktown, VA. If position filled in Yorktown, VA, travel to Mechanicsburg, PA, will be required for Program Increment planning sessions, 2 times per year. Additional travel may be required for other meetings. This critical role will also be responsible for working with the Cyber team leads to ensure the team meets customer requirements, to include: * Meeting and maintaining DOD RMF CYBER certification and accreditation requirements, including researching, testing and providing technical information for obtaining required system accreditation. * Developing Security Requirements Traceability Matrix (STRM), aligning security requirements with the individual components of a system. * Performing checks of systems and applications for Information Assurance vulnerabilities using approved automated IA tools (ACAS, VRAM, SCAP-compliant scanners, DISA STIG Viewer, etc.), custom scripts and manual processes (i.e., Security Technical Implementation Guides [STIGS]). * Monitoring OIS security posture, documenting raw findings in a quick look report, for customer notification. Create and maintain system Plan of Action and Milestones (POA&Ms) of open vulnerabilities and applied mitigations utilizing Department of Defense Enterprise Mission Assurance Support Service (eMASS) tool. * Supporting the development and documentation of risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within context of risk tolerances * Monitor all database and application software used in OIS for version change control and nearing/exceeding last date allowed in the Department of Navy Application Database Management System (DADMS). * Coordinating/interfacing with OIS Technical Team, Defense Information Systems Agency (DISA), IA Staff, and Fleet Cyber Command to document, review, revise, and submit changes related to Ports, Protocols, and Services Management (PPSM), Access Control Lists (ACLs), and Whitelists. This support includes preparing and submitting the registration forms for new requirements. * Supporting DOD IT Portfolio Repository-DON (DITPR-DON) to support the annual review. * Providing recommendations for corrective actions and mitigation strategies. * Producing security risk assessment briefs and reports for delivery to stakeholders and senior management. * Support the DevSecOps team in implementing Cyber Security requirements to achieve and maintain accreditation and authority to operate within specified timelines. * Interpret OS, web server, and database scans to facilitate resolving security findings with the DevSecOps team and external teams * Conducting security monitoring through the use of VRAM (Vulnerability Remediation Asset Manager), and applying mitigation techniques to reduce and remediate vulnerabilities * Coordinating / troubleshooting with afloat platforms to assist in identification and remediation of cybersecurity vulnerabilities within the Program of Record (POR) area of responsibility * Ensure systems are scanned, patched, and compliant with DoD policy * Troubleshoot Windows and RHEL security policies * Support with configurations including CloudWatch logs, registering systems, reporting and manage findings * Assess systems to determine applicable IA controls based on design, architecture, and data * Attend risk management and system meetings to provide status updates and take action items * Other as needed Minimum Qualifications * Must have DOD Secret level clearance to start (T3 background investigation) * Certification Requirement: Directive 8570.1/8140 - IAM-1: Security+ * Allowable substitutes for Security+ include CAP, CND, Cloud+, GSLC, HCISPP * Bachelor's degree with a minimum of 5 years of relevant experience. (4 years of additional experience in lieu of Bachelor's degree is acceptable) * Experience performing risk assessments and audits. * Knowledge of the overall Risk Management Framework and NIST compliance as a security professional. * Familiarity with Cyber Security policies and requirements * Ability to work independently Desired Qualifications * Experience performing risk assessments and audits. * Knowledge of the overall Risk Management Framework and NIST compliance as a security professional. * Familiarity with Cyber Security policies and requirements * Ability to work independently About Sev1Tech LLC Welcome to Sev1Tech! Founded in 2010, we are proud to be a leading provider of IT modernization, engineering, and program management solutions. Our commitment is to deliver exceptional program and IT support services that empower critical missions for both Federal and Commercial clients. At Sev1Tech, our mission is clear: Build better companies. Enable better government. Protect our nation. Build better humans across the country. We believe that through innovation and dedication, we can make a significant impact on the communities we serve. Join the Sev1Tech family, where your potential for greatness is limitless! Here, you will not only achieve remarkable accomplishments but also enjoy a fulfilling and rewarding career progression. We invite you to explore opportunities with us and become part of a team that values your contributions and growth. Ready to take the next step? Apply directly through our website: Sev1Tech Careers and use the hashtag #join Sev1Tech to connect with us on social media! For any additional questions or to submit referrals, feel free to reach out to ***********************.

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

Members Achieve More isn't just a tagline for us, it's part of everything we do! We're looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere that's remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on... The Information Security Operations Engineer III focuses on preventing Technology- based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and Information Technology (IT) assets and intellectual property. The Engineer hunts for threats within our ecosystem, focusing on exposure and eradication by leveraging data analysis techniques, human intuition, expert security knowledge, and proactive monitoring. The individual is responsible for ensuring the enterprise is configured in accordance with industry best practice from organizations such as NIST, SANS, OWASP, and CIS. The incumbent supports multiple security-related platforms and technologies, interfacing with others within the IT organization and other internal business units and external customers/partners. Resources to do the job require the ability to display an in-depth understanding of new trends and technologies related to IT security and compliance and contribute to the company IT security strategy and roadmap. The position reports to the Information Security Operations Manager and works closely with other areas within the Information Technology Service (ITS) organization. Schedule: Monday - Friday 8:00am - 4:00pm or 9:00am - 5:00pm In this position, you will Security Monitoring and Incident Response: Monitor security alerts and logs from various sources (e.g., SIEM systems, IDS/IPS, firewalls). Investigate and respond to security incidents, including performing root cause analysis and remediation. Participate in the incident response process, including documentation and communication. Vulnerability Management: Conduct regular vulnerability assessments and scans to identify potential security weaknesses. Work with IT teams to prioritize and remediate vulnerabilities. Endpoint and Network Security: Implement and manage endpoint protection solutions (e.g., antivirus, anti-malware). Ensure network security through the configuration and management of firewalls, VPNs, and intrusion detection/prevention systems. Security Tools and Technologies: Maintain and optimize security tools and technologies (e.g., SIEM, DLP, encryption tools). Assist in the evaluation and deployment of new security technologies. Threat Intelligence and Research: Stay updated on the latest security threats and vulnerabilities through threat intelligence feeds and research. Apply threat intelligence to enhance security monitoring and defenses. Collaboration and Communication: Collaborate with IT and other departments to ensure integrated security across systems and networks. Communicate effectively with stakeholders regarding security issues and initiatives. Other duties as assigned. Qualifications: Bachelors: Business Administration/Management, Bachelors: Computer and Information Science, Bachelors: Computer Engineering (Required), Bachelors: Management Information Systems, Bachelors (Required) Any equivalent combination of experience and education. | Required Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP, and other network and system monitoring tools. | Required Professional security certifications such as CISSP, CEH, Security+, CISA, CCSP, CHFI, or CCNA highly recommended. | Not Required Working knowledge/experience with network systems, security principles, applications, and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), and the General Data Protection Regulation (GDPR) | RequiredCCNA - Cisco Systems, CCSP - ISC2, CEH - EC-Council, Certified Information Systems Security Professional (CISSP) - ISC2, CHFI - EC-Council, CISA - ISACA, Security+ - CompTIA

The Information Security Engineer focuses on a specific category of security (Network, Server, Identity and Access, Endpoint, Application) and serves as the subject matter expert in that category. They are responsible for performing the threat modeling, control analysis, control design and roadmap for that category. They lead security projects, designs solutions, consult with other IT teams to provide secure designs, create best-practices and guidelines, manage themselves and teams to their roadmaps, etc. MUST HAVE: • 5+ years of IT experience implementing enterprise-wide application solutions • Extensive experience with the McAfee security suite (specifically): o ePolicy Orchestrator (ePO) o Virus Scan Enterprise (VSE) o Host Intrusion Prevention (HIPS) o Data Loss Prevention (DLP) o Full Disk Encryption (EEPC, FDE, MDE, etc.) o Virus Scan for Virtual Environments (MOVE) o Rogue Sensor Detection (RSD) • Demonstrated experience with at least one programming/scripting language (Python, Ruby, Perl, Powershell, etc.) • Demonstrated experience with securing all aspects of an enterprise • Demonstrated experience in understanding networking technologies and protocols • Demonstrated systems administration experience with Windows and UNIX-based operating systems • Must have technology passion and staying current with emerging security trends • Excellent verbal & written communication and presentation skills. Must be able to communicate effectively to executive and developer levels. • Thorough understanding of business concepts, SDLC, security issues, software market and networking standards • Experience with new technology evaluations, software package selection and buy vs. build analysis • Strong ability to influence others outside of their direct area of control and seen as a team player • Experience managing multiple projects with diverse requirements and competing priorities • Project management and business analysis skills • Must be willing to occasionally travel globally and alter daily work schedule to meet with global community • Strong English oral/written communication, presentation, and organizational skills Additional Information All your information will be kept confidential according to EEO guidelines

We are looking for a hands on WorkDay developer. This person will fully understand how the HCM modules work and will be able to customize workflows and finetune the system. They will be highly focused on Performance Management and Performance Metrics within workday. Job Description: Experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing Expert understanding of Red Team concepts, tools, and automation strategies Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability Expert understanding of Windows and Linux system hardening concepts and techniques Expert understanding of modifying payloads to bypass detections like EDR Expert understanding of how to compromise a company without using phishing Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.) Experience with at least one cloud environment (AWS, GCP, Azure) Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings Experience of using multi operating system command and control tools Experience developing custom attack tradecraft or modifying existing tools Experience using automated configuration management such as Chef Experience discovering and exploiting vulnerabilities in AI systems Experience of conducting Offensive Security and/or Red Team exercises against mac OS, iOS, or ChromeOS Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.) Knowledgeable in Agile project management Responsibilities : This role will be responsible for participating in the execution of Red Team cyber exercises of internal and internet facing information systems and infrastructure to identify misconfigurations and cyber security vulnerabilities that could be exploited by a threat actor to gain unauthorized access to computer systems and data In addition, the role will require participation in Purple Team exercises to help the Blue Team improve their detection capabilities This is a perfect opportunity for the right person to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework Participate in purple team exercises that are intelligence driven to test cyber detections Build and maintain Red and Purple team infrastructure, automating functions where possible Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation Active contributor to Red and Purple Team activities for internal presentations and conferences Regards, All done! Your application has been successfully submitted! Other jobs

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

Meta Platforms, Inc. (Meta), formerly known as Facebook Inc., builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps and services like Messenger, Instagram, and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. To apply, click "Apply to Job" online on this web page. **Required Skills:** Security Engineer Responsibilities: 1. Build tools that enable connectivity to our infrastructure only from Meta owned and managed devices. 2. Build machine attestation and secure certificate storage solutions to enable strong client trust. 3. Deploy systems that help mitigate security risks by understanding and controlling what software is allowed to execute on our client devices. 4. Develop, validate, and enforce our client security policies. 5. Build and deploy tools and automation that proactively detect and respond to security risks and threats to internal corporate services. 6. Advise and collaborate with other teams. 7. Telecommuting from anywhere in the U.S. allowed. **Minimum Qualifications:** Minimum Qualifications: 8. Requires Bachelor's Degree (or foreign equivalent) in Computer Science, Engineering or a related field and 1 year of experience in the job offered or a computer-related occupation 9. Requires 12 months of experience involving the following: 10. PHP, Golang, Python, C/C++, Rush, or Ruby 11. Designing and deploying security infrastructure such as PKI, key management, and certificate management 12. Endpoint Security & Management 13. Certificate Lifecycle 14. Devices & OS hardening and security policies 15. Identity & Access Management (Authentication & Authorization, SSO) 16. Network Security and 17. Programming and Code Review **Public Compensation:** $178,041/year to $200,200/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

The Information Security Engineer focuses on a specific category of security (Network, Server, Identity and Access, Endpoint, Application) and serves as the subject matter expert in that category. They are responsible for performing the threat modeling, control analysis, control design and roadmap for that category. They lead security projects, designs solutions, consult with other IT teams to provide secure designs, create best-practices and guidelines, manage themselves and teams to their roadmaps, etc. MUST HAVE: • 5+ years of IT experience implementing enterprise-wide application solutions • Extensive experience with the McAfee security suite (specifically): o ePolicy Orchestrator (ePO) o Virus Scan Enterprise (VSE) o Host Intrusion Prevention (HIPS) o Data Loss Prevention (DLP) o Full Disk Encryption (EEPC, FDE, MDE, etc.) o Virus Scan for Virtual Environments (MOVE) o Rogue Sensor Detection (RSD) • Demonstrated experience with at least one programming/scripting language (Python, Ruby, Perl, Powershell, etc.) • Demonstrated experience with securing all aspects of an enterprise • Demonstrated experience in understanding networking technologies and protocols • Demonstrated systems administration experience with Windows and UNIX-based operating systems • Must have technology passion and staying current with emerging security trends • Excellent verbal & written communication and presentation skills. Must be able to communicate effectively to executive and developer levels. • Thorough understanding of business concepts, SDLC, security issues, software market and networking standards • Experience with new technology evaluations, software package selection and buy vs. build analysis • Strong ability to influence others outside of their direct area of control and seen as a team player • Experience managing multiple projects with diverse requirements and competing priorities • Project management and business analysis skills • Must be willing to occasionally travel globally and alter daily work schedule to meet with global community • Strong English oral/written communication, presentation, and organizational skills Additional Information All your information will be kept confidential according to EEO guidelines