Cyber security analyst jobs in Rhode Island

The Systems Security Analyst is a critical member of the Chief Information Security Officer's (CISO's) team and reports to the Manager of Information Security Operations. This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks, including the day-to-day administration of information security tools, the creation of security documentation as well as second and third level support for security information and event management (SIEM) alerts. The role ensures that the healthcare organization maintains compliance with regulatory requirements, industry standards, and internal policies while proactively managing security risks. Brown University Health employees are expected to successfully role model the organization's values of Compassion, Accountability, Respect, and Excellence as these values guide our everyday actions with patients, customers and one another. In addition to our values, all employees are expected to demonstrate the core Success Factors which tell us how we work together and how we get things done. The core Success Factors include: Instill Trust and Value Differences Patient and Community Focus and Collaborate RESPONSIBILITIES: Consistently applies the corporate values of respect, honesty and fairness and the constant pursuit of excellence in improving the health status of the people of the region through the provision of customer-friendly, geographically accessible and high-value services within the environment of a comprehensive, integrated academic health system. Is responsible for knowing and acting in accordance with the principles of the Brown University Health Corporate Compliance Program and Code of Conduct. Monitors, configures and takes remediation actions surrounding, SIEM, Alerting / Detection (Network & Endpoint), Log Management, Phishing (Detection & Response), Digital Forensics, Penetration Testing, Zero-Trust architecture, threat-informed defense (MITRE ATT&CK), O365, and security automation. Monitor and configure security controls across multi-cloud (Azure / AWS) environment as needed. Assists in the development and documentation of security architecture, policies, standards, and procedures Works with third party partners and services to ensure Brown University Health receives value and performance in accordance with contractual agreement Participate in cloud / on-premises Incident Response processes, including tabletop exercises for breach scenarios Ensure Brown University Health is prepared for external audits. Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature. Attend and actively contribute to problem-management and major-incident conference calls as required. Researches and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies. Monitor emerging threats, vulnerabilities, and industry best practices to ensure security controls remain effective and aligned with the evolving threat landscape. Provide expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies. Contributes to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Evaluates baseline security configurations for operating systems, applications, and networking and telecommunications equipment Assists Brown University Health staff in the resolution of reported security incidents. Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST, and other applicable frameworks. Research and assess new threats and security alerts and recommends remedial actions. Identify opportunities for improving Security Operations practices, recommending updates to processes and controls. Stay current with emerging security risks, regulatory requirements, and best practices to ensure the ongoing effectiveness of the security program. Provides expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures. Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices. Participates in security projects and provides expert guidance on security policy, process, and procedures for other IT projects, as required. Participates in compliance / audit activities as requested by internal and external auditors. Maintains work effort status within SLA's on Brown University Health's Service Desk and Task Management Platforms. Identifies risks within the environment and performs risk register validations as required. Requires participation in a recurring on-call schedule that includes evenings and weekends. Performs other duties as assigned. MINIMUM QUALIFICATIONS: EXPERIENCE: A minimum of 10 years of IS experience, with 5 years in an information security role. A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred. Certifications Required (3 or more - CISSP, CCSP, OSCP, CISA, GIAC, CEH, Security+) Strong understanding of authentication and authorization protocols (OAuth2, SAML, OpenID Connect) Experience implementing and supporting phishing-resistant multi-factor authentication (e.g., FIDO2/WebAuthn, smart cards, or certificate-based authentication) to strengthen identity and access security. Experience implementing security controls via infrastructure-as-code (Terraform, Ansible, etc.) Familiarity with SOAR platforms or automated incident response playbooks Experience securing cloud environments (AWS, Azure, GCP) with knowledge of cloud-native security services Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) for monitoring, alerting, and correlation Hands-on familiarity with EDR/XDR solutions (e.g., CrowdStrike, Defender for Endpoint) Knowledge of vulnerability scanning and management tools (e.g., Nessus, Qualys, Rapid7) Experience with cloud security posture management (CSPM) and cloud workload protection tools to identify misconfigurations, vulnerabilities, and risks across multi-cloud environments. Experience with APIs, including integrating with RESTful or GraphQL endpoints to securely pull and push data between systems. Proficiency in scripting and automation using Python, PowerShell, or Bash to support security operations, including tasks such as log parsing, API integration, incident response workflows, and orchestration of security tools. Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001). Expert level in security best practices. Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences. Intermediate level with Wireshark and/or equivalent packet capture and analysis Experience with patch management, device hardening, configuration auditing and other end point security best practices. Familiarity with the principles of cryptography and cryptanalysis. Experienced in the use of virtualization technologies Experience designing and implementing secure landing zones in both Microsoft Azure and Amazon AWS. Understanding of Public Key Infrastructure Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. Strong understanding of networking technologies from architecture best practices to packet analysis In-depth knowledge of risk assessment methods and technologies. Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. Proficiency in performing risk, business impact, control and vulnerability assessments. Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks. Strong written and verbal communication skills. Ability to communicate security guidance to a non-technical audience. INDEPENDENT ACTION: Functions independently within departmental policies and practices. Must be able to work independently in a manner to achieve goals, objectives and productivity requirements. Refers unresolved complex issues to director where clarification of department policies and procedures may be required. SUPERVISORY RESPONSIBILITIES: Employee functions independently within department policies and practices; refers specific complex problems to direct manager where clarification of departmental policies and procedures may be required. Pay Range: $102,963.22-$169,867.15 EEO Statement: Brown University Health is committed to providing equal employment opportunities and maintaining a work environment free from all forms of unlawful discrimination and harassment. Location: BHCS 15 LaSalle Square - 15 LaSalle Square Providence, Rhode Island 02903 Work Type: M-F 8:00am-4:30pm Work Shift: Day Daily Hours: 8 hours Driving Required: Yes

*****CANDIDATE MUST BE US Citizen (due to contractual/access requirements)***** **For candidates residing within a 50-mile radius of a Highmark office, a hybrid work schedule of three days per week (Tuesday, Wednesday, and Thursday) in the office is required.** The Cyber User Behavior Engineer is a pivotal role at Highmark, dedicated to enhancing our organization's security by cultivating a robust "security-first" culture. This individual will lead the design, implementation, and ongoing management of comprehensive security awareness programs. Their primary responsibility will be to educate, train, and inspire all Highmark employees to effectively identify and report security threats, ensuring adherence to Highmark's security policies and industry best practices. This role is crucial in minimizing human-centric security risks and fostering a vigilant and informed workforce. **ESSENTIAL RESPONSIBILITIES** + Develop, implement, and continuously improve a proactive program to identifying internal threats. + Establish close relationships with business stakeholders outside of the security discipline, working closely with privacy, physical security, fraud, legal, human resources and senior leadership. + Perform predictive analysis of behavior, anomalies, and concerns to identify internal threats. + Execute campaigns designed to improve enterprise security posture. + Continually enhance insider risk program to increase efficiencies and measure program effectiveness and report accordingly on progress. + Utilize change management methodologies to mitigate identified security risks. + Provide insider threat support to security operations and incident response teams in advance of and during cyber security incidents. + Ensure clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, identifying impact to the business and to consumers, helping shape remediation, and developing external and internal communications. + Ensure the education and awareness program is aligned with the Information Security Program, Policies and Standards. + Other duties as assigned or requested. **EDUCATION** **Required** + Bachelor's Degree in Business Education, Marketing or Information Systems **Substitutions** + Six (6) years relevant, progressive experience **Preferred** + Bachelors in Information Security **EXPERIENCE** **Required** + 3 years in IT or IT Security Focus + 3 years of Insider Threat Program focus To include: + 3 years with Human Intelligence (HUMINT) **OR** as an Open-source Intelligence Analyst **Preferred** + 1-3 years in a Security Awareness or adjacent role **LICENSES or CERTIFICATIONS** **Required** + None **Preferred** + Security + **OR** + GSEC **OR** + CISSP **OR** + CERT Insider Threat + SANS Security Awareness Professional (SSAP) Proofpoint Certified Security Awareness Specialist **SKILLS** + Change Management + Presentation Delivery + Prioritizing + Analytical and Logical Reasoning/Thinking + Communication Skills + Cyber Security + User Behavior + Continuous Improvement **Language (Other than English):** None **Travel Requirement:** 0% - 25% **PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS** **Position Type** Office-based Teaches / trains others regularly Frequently Travel regularly from the office to various work sites or from site-to-site Rarely Works primarily out-of-the office selling products/services (sales employees) Never Physical work site required Yes Lifting: up to 10 pounds Occasionally Lifting: 10 to 25 pounds Rarely Lifting: 25 to 50 pounds Never **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._ **_Compliance Requirement_** _: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies._ _As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy._ _Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements._ Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at ***************************** California Consumer Privacy Act Employees, Contractors, and Applicants Notice Req ID: J272819

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to grow and scale security compliance engines and create positive change across the business, we'd like to speak with you about joining our team. Coinbase is looking for a Security Compliance Senior Analyst to drive the second line of defense IT SOX initiatives and help mature the IT SOX program. *What you'll be doing (ie. job duties):* * Lead Security and IT initiatives to support the SOX roadmap and advance program maturity * Assist with SOX planning activities, including scoping of IT systems and creating training material to owners in preparation for SOX audit * Lead security control gap assessments over SOX control environment, recommend remediation plans and track through completion * Assess SOX implications of new products, update relevant controls, and communicate requirements to product organization and other stakeholders * Provide ongoing reporting to stakeholders and leadership on above responsibilities and communicate progress and escalations management * Perform SOX audit and control impact analysis as a result of security and technology incidents and partner with owning teams on control uplift activities * Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership * Create and improve SOX procedural documentation, including process documentation, data flow diagrams, and uplifting templates * Work closely with internal and external auditors to educate them about a complex technology control environment * Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members * Develop creative solutions to prove risk mitigation and solve for complex audit problems faced by the crypto industry * Identify opportunities to address systemic program challenges, recommend solutions and drive efficiency through AI and automation *What we look for in you (ie. job requirements):* * Minimum of 5+ years of security/IT compliance or equivalent experience * Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance * Prior experience at a big 4 accounting firm * Experience leading compliance initiatives from start to finish * Proven understanding and audit experience of cloud technologies, AWS preferred * Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision * Strong oral and written communication skills * Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment * Ability to communicate with technical / non-technical stakeholders to align on shared outcomes * Experience in Financial services, Big Tech, or FinTech *Nice to haves:* * BA or BS in a technical field or equivalent experience * Security certifications e.g. CISA, CISSP, CISM or other relevant certifications * Experience auditing in Crypto space Position ID: P73675 \#LI-Remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $167,280-$196,800 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

At Hasbro, our mission is to entertain and connect generations of fans through the wonder of storytelling and exhilaration of play. We're looking for adventurous and curious people who want to explore, experiment, and innovate to come up with the best ideas. Our culture has inspired our diverse team of highly skilled, highly creative, and highly committed individuals for 100 years and we believe the best is yet to come. Would you like to be part of a growing IT security team where you will have an opportunity to use some of the newest technologies? We are looking for a Security Engineer to join the security operations team at the Rhode Island corporate office. Working with the Director of IT Security Operations, this Engineer will chip in to ongoing security operations management and assist in rapidly growing IT security capabilities. The preferred candidate possesses a blend of security proficiencies, project management capability, ability to work with little strategic direction, creative thinking and effective communication skills that will enable the individual to contribute in a dynamic, rapidly changing environment! A day in the life as a Security Engineer: Operate cyber security tools to monitor, identify and evaluate potential security events; research alerts that may indicate the potential of a security event. Continually provide input and drive cyber security tool enhancements to improve alert quality and reporting capabilities. Operate network scanning tool to identify network vulnerabilities; collaborate with IT partners to prioritize patching and vulnerability remediation. Configure, install and maintain security technologies such as firewalls, IDS/IPS, antivirus, and endpoint protection. Contribute to incident investigations and incident response as a member of the global incident response team. Assist in defining application security policies and guidelines and lead implementation within a multi-functional team; develop evaluation methods to ensure compliance with policies. What you'll bring: Around 5 years-experience with common security tools and applications a must (intrusion detection, firewall technologies, anti-virus, anti-malware). Experience with Active Directory and privileged account management. Familiarity with common network, system and web application attack vectors and related mitigation strategies. Experience using network, web and mobile application vulnerability scanners and an ability to analyze scan reports. Can drive automation through scripting capabilities using Python and PowerShell. Ability to think creatively & propose solutions that improve security capabilities & drive operational efficiencies. CISSP, GCIH, GSEC, CRISC, or other security certifications considered a plus. Hybrid role located in Pawtucket, RI We are an Equal Opportunity / Affirmative Action Employer Hasbro is committed to equality of opportunity in all aspects of employment. We are committed to making all employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, marital status, or any other legally protected status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you have a disability and require assistance in this application process and need to request an accommodation, please contact your recruiter or coordinator. The base salary range for this position is $101,400.00 to $152,200.00. The hiring range will vary based on factors such as experience, skills, and market conditions. Additionally, employees may be eligible for annual and long-term incentives as part of their overall compensation package. Our Comprehensive Benefits Package Includes: Health & Wellness: Medical, Dental, and Vision Insurance Time Off to Recharge: Paid Vacation & Holidays Financial Well-being: Generous 401(k) Match Life & Family Support: Paid Parental Leave Giving Back: Volunteer & Employee Giving Programs Level Up Your Skills: Tuition Reimbursement Exclusive Perks: Product Discounts & More!

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress. We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. **The Role** Black Lotus Labs is seeking a Principal Security Engineer on the Research & Analysis team. This team leverages Lumen's global visibility of one of the world's largest and most interconnected IP backbones and a petabyte-scale compute cluster to perform cutting edge threat research, hunting and tracking advanced persistent threat actors (APTs) and emerging criminal activity as the threat actors traverse the internet. They empower customers to stay ahead of the evolving threat landscape. **The Main Responsibilities** + Serve as Threat Research Subject Matter Expert, offering guidance and support to the Black Lotus Labs team on threat hunting activities, such as identifying knowledge gaps, troubleshooting technical challenges, developing solutions, and mentoring team members in overcoming obstacles. Set priorities for what threats to analyze to maximize team's impact. + Conduct threat research across technical data sets, fusing Black Lotus Labs telemetry with third party data sets, to automate detection of the latest threat attacker tools, techniques and procedures (TTPs) with a goal of automating detection. + Use industry-leading technical knowledge of adversary capabilities and infrastructure and define, develop, and implement techniques to lead the team in tracking sophisticated adversaries, delivering actionable threat intelligence data to Lumen customers. + Lead and enhance threat hunting operations by actively engaging with other research teams, building strong partnerships to achieve shared goals, exploring new data sources, and mentoring team members in executing workflows and solving complex challenges. + Provide expert analysis and strategic insights on emerging threats and vulnerabilities, translating complex technical information into actionable intelligence for executive leadership and external stakeholders. + Spearhead thought leadership initiatives by leading Black Lotus Lab's voice at security conferences and internal executive briefings. **What We Look For in a Candidate** + Proven experience in threat hunting and in-depth technical security research, demonstrating a strong track record of successfully identifying, tracking, and disrupting nation-state and cybercriminal threat actors. + Deep understanding of advanced threat hunting methodologies, attacker tactics, techniques, and procedures (TTPs), and the ability to derive actionable threat hunts from complex data sets. + Demonstrated experience building prototype threat hunting solutions and large data analysis tools with Python (or other equivalent languages). + Proven experience initiating and coordinating technical projects focused on telemetry collection, TTP based threat hunting, or developing threat hunt tools that have cross-organization impact on threat visibility, including leading private-public partnerships and multi-company collaborations. + 5+ years of experience in the IC, DoD or similar tracking and defending against nation state threat activity. + Exceptional communication and presentation skills, including the ability to clearly and concisely convey complex technical information to both technical and non-technical audiences, ranging from executives and board members to conference attendees and internal stakeholders. + Experience presenting at industry conferences and in the media. + Highly organized with the ability to manage multiple tasks, prioritize effectively, and triage competing demands in a fast-paced environment. + Proven ability to lead and manage complex technical projects, effectively driving them to successful completion. + Active TS/SCI clearance with poly **Well-experienced candidates may also have the following skills: ** + Proficiency in malware reverse engineering and incident response. + 5+ years of experience leading teams of technical threat discovery professionals. + Software development experience in Docker and big data technologies like Hadoop, Spark, and Tensor Flow. **Compensation** This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. Location Based Pay Ranges: $149,084 - $198,779 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $156,539 - $208,718 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $163,993 - $218,657 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA. Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process. Learn more about Lumen's: + Benefits (**************************************************** + Bonus Structure **What to Expect Next** \#LI-JS1 Requisition #: 339093 **Background Screening** If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page (************************************* . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. **Equal Employment Opportunities** We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. **Disclaimer** The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name. **Application Deadline** 12/09/2025

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

DecisiveInstincts, LLC has an immediate opportunity for a Systems Security Analyst / Cyber Defense Analyst in Newport, RI. This position requires a Top Secret/SCI clearance. Immediate Opportunity: Systems Security Analyst / Cyber Defense Analyst Location: Newport, RI Clearance Required: Top Secret/SCI Key Responsibilities Analyze, document, and develop integration, testing, operations, and maintenance for system security. Utilize cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to monitor and mitigate threats. Apply defensive measures to identify, analyze, and report security events. Coordinate threat and mitigation strategies across the enterprise. Required Experience Network & Security Operations: Install, configure, and maintain security devices on EDU, SIPRNET, DMZ, and commercial ISP networks. Ensure compliance with DoD security and information assurance policies. Support unclassified and classified information security services. Security Tools & Technologies: Operate ACAS, McAfee HBSS, Corelight, and Cortex for threat detection and management. Implement SOAR orchestration and SIEM event correlation & analysis. Manage cloud security systems for DLP, email security, and threat prevention. Perform vulnerability scanning, penetration testing, and firewall administration. Cybersecurity Expertise: Analyze network alerts and identify causes of security incidents. Conduct security reviews, gap analysis, and risk mitigation. Apply knowledge of cyber threats, attack vectors, and mitigation strategies. Understand TCP/IP, DHCP, DNS, and OSI Model. Perform packet-level analysis and collect data from cyber defense resources. Education & Certifications Degree Requirement: Bachelor's in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science (ABET-accredited or CAE-designated institution). Certifications may be considered in lieu of a degree. ************Direct Applicants Only - No Agencies or Third-Party Recruiters***********

Job Overview: We are seeking a highly skilled and experienced Senior Security Engineer to join our IAM Engineering organization. The ideal candidate will have extensive solution-building experience across various Ping Identity products, including PingFederate, Ping DaVinci, PingOne, PingCentral, PingAccess, PingDirectory, AWS, and PingID Mobile. This role focuses on engineering rather than operations, and a background in Identity and Access Management (IAM) is a significant plus. Key Responsibilities: Design, develop, and implement IAM solutions using Ping Identity products such as PingFederate, PingDaVinci, PingOne, PingCentral, PingAccess, PingDirectory, and PingID Mobile. Architect and build secure and scalable IAM frameworks and solutions tailored to meet business and technical requirements. Collaborate with cross-functional teams to integrate IAM solutions with various applications and systems, ensuring seamless authentication and authorization processes. Develop and maintain AWS-based IAM solutions, leveraging cloud services to enhance security and scalability. Provide technical leadership and mentorship to junior engineers, fostering a culture of continuous learning and innovation. Conduct thorough security assessments and audits of IAM systems, identifying and mitigating potential risks and vulnerabilities. Stay current with the latest trends and best practices in IAM and security engineering, applying this knowledge to improve existing solutions. Work closely with stakeholders to understand their requirements and translate them into technical specifications and solutions. Develop and maintain comprehensive documentation for IAM solutions, including design documents, configuration guides, and operational procedures. Qualifications: Bachelor's degree in computer science, Information Security, or a related field. A master's degree is a plus. Minimum of 8+ years of overall experience in security engineering or a related field. At least 3+ years of experience with Ping Identity products, including PingFederate, Ping DaVinci, PingOne, PingCentral, PingAccess, PingDirectory, and PingID Mobile. At least 5+ years of experience with cloud services, particularly AWS. Strong engineering background with hands-on experience in building and deploying IAM solutions. Proficiency with AWS services and IAM integrations in cloud environments. In-depth understanding of IAM principles, including authentication, authorization, single sign-on (SSO), multi-factor authentication (MFA), and directory services. Experience with any programming language is a plus(Java preferably). Excellent problem-solving skills and the ability to troubleshoot complex IAM issues. Strong communication and collaboration skills, with the ability to work effectively in a team-oriented environment. Relevant certifications such as CISSP, CISM, or similar are a plus. Preferred Experience: Experience in Identity and Access Management (IAM) in large-scale enterprise environments. Familiarity with security standards and protocols such as SAML, OAuth, OpenID Connect, and LDAP. Experience with DevOps practices and tools for automation and continuous integration/continuous deployment (CI/CD). Compensation: $140,000.00 per year Who We Are CARE ITS is a certified Woman-owned and operated minority company (certified as WMBE). At CARE ITS, we are the World Class IT Professionals, helping clients achieve their goals. Care ITS was established in 2010. Since then we have successfully executed several projects with our expert team of professionals with more than 20 years of experience each. We are globally operated with our Head Quarters in Plainsboro, NJ, with focused specialization in Salesforce, Guidewire and AWS. We provide expert solutions to our customers in various business domains.

DecisiveInstincts, LLC has an immediate opportunity for a Systems Security Analyst / Cyber Defense Analyst in Newport, RI. This position requires a Top Secret/SCI clearance. Immediate Opportunity: Systems Security Analyst / Cyber Defense Analyst Location: Newport, RI Clearance Required: Top Secret/SCI Key Responsibilities Analyze, document, and develop integration, testing, operations, and maintenance for system security. Utilize cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to monitor and mitigate threats. Apply defensive measures to identify, analyze, and report security events. Coordinate threat and mitigation strategies across the enterprise. Required Experience Network & Security Operations: Install, configure, and maintain security devices on EDU, SIPRNET, DMZ, and commercial ISP networks. Ensure compliance with DoD security and information assurance policies. Support unclassified and classified information security services. Security Tools & Technologies: Operate ACAS, McAfee HBSS, Corelight, and Cortex for threat detection and management. Implement SOAR orchestration and SIEM event correlation & analysis. Manage cloud security systems for DLP, email security, and threat prevention. Perform vulnerability scanning, penetration testing, and firewall administration. Cybersecurity Expertise: Analyze network alerts and identify causes of security incidents. Conduct security reviews, gap analysis, and risk mitigation. Apply knowledge of cyber threats, attack vectors, and mitigation strategies. Understand TCP/IP, DHCP, DNS, and OSI Model. Perform packet-level analysis and collect data from cyber defense resources. Education & Certifications Degree Requirement: Bachelor's in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science (ABET-accredited or CAE-designated institution). Certifications may be considered in lieu of a degree. ************Direct Applicants Only - No Agencies or Third-Party Recruiters***********

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: + Assess existing scanning program to implement cloud scanning capabilities + Assist in deployment and maintenance of data scanning tools + Partner with other groups within the organization to identify and remediate data at rest access risk. + Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement + Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards + Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: + Understanding of information security concepts, best practices, and regulations related to data loss prevention + Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss + Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) + Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). + Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. + Experience as a security consultant + Working knowledge of cloud topology + Knowledge of file share security and Windows ACL administration + Familiarity with the Financial Services Industry + Knowledge of varying cloud platforms + Familiarity with cloud security at major cloud service providers + Certifications: Associate of (ISC)^2, CISSP, or similar. Education: + Bachelor's degree in Information Security, Computer Science or a related field OR + Bachelor's degree in Business or other field + 3 years relevant experience + Equivalent years: BA/BA = HS + 5 years of experience Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Why Work for Us At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.

Your Future. Secured. ISC2 is a force for good. As the world's leading nonprofit member organization for cybersecurity professionals, our core values - Integrity, Advocacy, Commitment, Inclusion, and Excellence - drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you'll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization - an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more. **Position Summary** The Application Security Engineer will be an integral part of the security team and will work cross-functionally with several lines of business to ensure the secure delivery of products and applications. The Application Security Engineer will be expected to attend stand-ups and strategy sessions to identify areas of risk and offer consulting on best practices. The Application Security Engineer will act as a champion and will formalize the integration of application security into our current processes and tools. **Responsibilities** The Application Security Engineer will be expected to facilitate technical design reviews, perform code analysis, offer remediation recommendations, perform manual and dynamic security testing, and document and present all findings. The Application Security Engineer will work closely with the Development, Release, and QA teams to identify and coordinate security testing, validate, test, and vet both internally and externally developed applications. As an Application Security Engineer, you will act as a DevSecOps Engineer that will be responsible for secure application delivery as well as the underlying infrastructure. The Application Security Engineer must be comfortable with securing cloud-based products in environments such as AWS, Azure and Salesforce. Additionally, this position will provide security risk assessments, create threat models and assist the team with vulnerability testing. Additionally, this position manages the ISC2 responsible reporting program that supports the organization's secure application delivery objectives. In addition to the daily duties described, the individual will assist the security engineering team in the management of security technologies administered by the group (e.g., WAF, Firewall, IDS, and SEIM). This would be an "as needed" function, which is primarily to provide coverage for those duties when individuals on the security engineering team are out of the office for training or vacation. Additionally, the Application Security Engineer will be expected to participate in the Incident Response team and act as a Subject Matter Expert when dealing with the continuity of our operations and when responding with cyber incidents. + Conduct security assessments: Perform comprehensive security assessments of applications, including static code analysis, dynamic application testing, and penetration testing. Identify vulnerabilities, weaknesses, and potential attack vectors. + Secure code review: Review application source code to identify security flaws, such as insecure authentication mechanisms, input validation vulnerabilities, and potential injection attacks. Provide recommendations for remediation and best practices for secure coding. + Threat modeling: Collaborate with development teams to identify and assess potential threats and risks associated with the application. Use threat modeling techniques to prioritize security controls and countermeasures. + Develop and implement security controls: Design, develop, and implement security controls and countermeasures to protect applications against common security threats, such as cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection. Implement secure coding practices and security guidelines. + Vulnerability management: Establish and maintain a vulnerability management program for applications. Track and prioritize vulnerabilities based on their severity and impact. Coordinate with development teams to ensure timely remediation of identified vulnerabilities. + Security testing automation: Develop and maintain automated security testing tools and scripts to streamline the application security testing process. Integrate security testing into the continuous integration and deployment (CI/CD) pipeline. + Security training and awareness: Conduct security training and awareness programs and determine skills training needs for development teams, promoting secure coding practices andawareness of common security vulnerabilities. Stay updated with the latest security trends, attack techniques, and best practices. + Incident response: Provide support during security incidents or breaches related to applications. Participate in incident response activities, including containment, investigation, and remediation. + Compliance and regulatory requirements: Ensure that applications adhere to relevant security compliance standards, industry regulations, and data privacy requirements (e.g., GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability)). Collaborate with compliance teams to address any compliance-related concerns. + Security documentation and reporting: Prepare and maintain security documentation, including security policies, procedures, and guidelines. Generate periodic reports on the security posture of applications and present findings to relevant stakeholders. Other responsibilities include: + Maintain and manage all pipelines from a security perspective. + Onboard new pipelines for security tooling. + Keep pipeline diagrams up to date with current security details. + Serve as the primary SME for the DAST scanner.This includes configuration, testing, vulnerability management, and remediation oversight. + Recommend continuous improvements for the SAST scanner. + Security code release approvals + Maintain and manage the WAF, including signatures, configuration, and threat intel feeds. + Serve as the SME and provide recommendations for ongoing improvements. + Establish baseline WAF signatures for XD Prod following the Silverline migration. + Baseline WAF signatures after code releases. + Serve as the primary point of contact for vetting bug reports and managing the informed disclosure process. + Assist with attestation data gathering. + Support and assist with threat modeling. + Act as the formal backup for the threat modeling and attestation processes. + Review and approve Security Assessment Review reports as needed. + Perform other duties as required. **Behavioral Competencies** + Ability to demonstrate and support the ISC2 Core Values: Integrity, Excellence, Inclusion, Advocacy and Commitment + Function as an architect, who can conduct architecture reviews of new systems and solutions. + Serve as a builder who can build and integrate application security in our SDLC. + Act as a collaborator, who likes to engage with the team and the industry. + Serve as a team player, who will jump in and assist in other security functions as needed. + Function as a leader, who will use your knowledge and to train and guide developers and engineers. + Demonstrate a passion for application security, creative and critical thinking, strong analysis skills, the ability to work in a fast-paced environment, and have familiarity with agile, continuous integration, and continuous deployment. + Experience in securing SaaS-delivered offerings in multiple cloud environments deployed with automation & orchestration. **Qualifications** + Ability to write some code, as needed, to conduct security-focused testing. + Application Experience with common testing tools such as Veracode, Fortify, Zap, Burp, and fiddler, among others. + Application Understanding of common vulnerabilities & remediation. + Application Knowledge and understanding of automation and scripting languages. + Design & code review skills. + A solid understanding of Microsoft platforms such as .NET, Windows, C#, Azure. + General Knowledge of cloud security, API (Application Programming Interface) security, and associated best practices. **Education and Work Experience** + Bachelor's degree in computer science, information systems, related engineering field. Will consider a high school diploma and 10+ years of relevant work experience, as well as current additional credentials (CCSP, GDSP, etc..) in lieu of a degree. + A CISSP and CSSLP are required for this position. + 8+ years of experience in Information Security. + 8+ years of experience with static and dynamic analysis for coding and vulnerability identification and remediation. + 5+ years of Secure Development experience. + Application Experience with implementing Secure Development Lifecycle in an agile environment. + First-hand experience with architectural reviews, application reviews, and penetration testing. + Application Experience with Continuous Integration processes, particularly with building security practices into the pipeline. **Physical and Mental Demands** + Ability to travel up to 10% of time. May also include overnight travel. + Work extended hours, when necessary. + Work in an office environment using dual monitor computer screens. + Sitting for extended periods. **Equal Employment Opportunity Statement** All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. **Job Locations** _US-Remote_ **Posted Date** _2 weeks ago_ _(11/19/2025 1:29 PM)_ **_Job ID_** _2025-2253_ **_\# of Openings_** _1_ **_Category_** _Information Security_

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: Assess existing scanning program to implement cloud scanning capabilities Assist in deployment and maintenance of data scanning tools Partner with other groups within the organization to identify and remediate data at rest access risk. Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: Understanding of information security concepts, best practices, and regulations related to data loss prevention Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. Experience as a security consultant Working knowledge of cloud topology Knowledge of file share security and Windows ACL administration Familiarity with the Financial Services Industry Knowledge of varying cloud platforms Familiarity with cloud security at major cloud service providers Certifications: Associate of (ISC)^2, CISSP, or similar. Education: Bachelor's degree in Information Security, Computer Science or a related field OR Bachelor's degree in Business or other field + 3 years relevant experience Equivalent years: BA/BA = HS + 5 years of experience

The Systems Security Analyst is a critical member of the Chief Information Security Officer's (CISO's) team and reports to the Manager of Information Security Operations. This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks, including the day-to-day administration of information security tools, the creation of security documentation as well as second and third level support for security information and event management (SIEM) alerts. The role ensures that the healthcare organization maintains compliance with regulatory requirements, industry standards, and internal policies while proactively managing security risks. Brown University Health employees are expected to successfully role model the organization's values of Compassion, Accountability, Respect, and Excellence as these values guide our everyday actions with patients, customers, and one another. In addition to our values, all employees are expected to demonstrate the core Success Factors which tell us how we work together and how we get things done. The core Success Factors include: Instill Trust and Value Differences Patient and Community Focus and Collaborate RESPONSIBILITIES: Consistently applies the corporate values of respect, honesty and fairness and the constant pursuit of excellence in improving the health status of the people of the region through the provision of customer-friendly, geographically accessible and high-value services within the environment of a comprehensive, integrated academic health system. Is responsible for knowing and acting in accordance with the principles of the Brown University Health Corporate Compliance Program and Code of Conduct. Monitors, configures and takes remediation actions surrounding, SIEM, Alerting / Detection (Network & Endpoint), Log Management, Phishing (Detection & Response), Digital Forensics, Penetration Testing, Zero-Trust architecture, threat-informed defense (MITRE ATT&CK), O365, and security automation. Monitor and configure security controls across multi-cloud (Azure / AWS) environment as needed. Assists in the development and documentation of security architecture, policies, standards, and procedures Works with third party partners and services to ensure Brown University Health receives value and performance in accordance with contractual agreement Participate in cloud / on-premises Incident Response processes, including tabletop exercises for breach scenarios Ensure Brown University Health is prepared for external audits. Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature. Attend and actively contribute to problem-management and major-incident conference calls as required. Researches and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies. Monitor emerging threats, vulnerabilities, and industry best practices to ensure security controls remain effective and aligned with the evolving threat landscape. Provide expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies. Contributes to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Evaluates baseline security configurations for operating systems, applications, and networking and telecommunications equipment Assists Brown University Health staff in the resolution of reported security incidents. Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST, and other applicable frameworks. Research and assess new threats and security alerts and recommends remedial actions. Identify opportunities for improving Security Operations practices, recommending updates to processes and controls. Stay current with emerging security risks, regulatory requirements, and best practices to ensure the ongoing effectiveness of the security program. Provides expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures. Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices. Participates in security projects and provides expert guidance on security policy, process, and procedures for other IT projects, as required. Participates in compliance / audit activities as requested by internal and external auditors. Maintains work effort status within SLA's on Brown University Health's Service Desk and Task Management Platforms. Identifies risks within the environment and performs risk register validations as required. Requires participation in a recurring on-call schedule that includes evenings and weekends. Performs other duties as assigned. MINIMUM QUALIFICATIONS: EXPERIENCE: A minimum of 10 years of IS experience, with 5 years in an information security role. A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred. Certifications Required (3 or more - CISSP, CCSP, OSCP, CISA, GIAC, CEH, Security+) Strong understanding of authentication and authorization protocols (OAuth2, SAML, OpenID Connect) Experience implementing and supporting phishing-resistant multi-factor authentication (e.g., FIDO2/WebAuthn, smart cards, or certificate-based authentication) to strengthen identity and access security. Experience implementing security controls via infrastructure-as-code (Terraform, Ansible, etc.) Familiarity with SOAR platforms or automated incident response playbooks Experience securing cloud environments (AWS, Azure, GCP) with knowledge of cloud-native security services Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) for monitoring, alerting, and correlation Hands-on familiarity with EDR/XDR solutions (e.g., CrowdStrike, Defender for Endpoint) Knowledge of vulnerability scanning and management tools (e.g., Nessus, Qualys, Rapid7) Experience with cloud security posture management (CSPM) and cloud workload protection tools to identify misconfigurations, vulnerabilities, and risks across multi-cloud environments. Experience with APIs, including integrating with RESTful or GraphQL endpoints to securely pull and push data between systems. Proficiency in scripting and automation using Python, PowerShell, or Bash to support security operations, including tasks such as log parsing, API integration, incident response workflows, and orchestration of security tools. Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001). Expert level in security best practices. Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences. Intermediate level with Wireshark and/or equivalent packet capture and analysis Experience with patch management, device hardening, configuration auditing and other end point security best practices. Familiarity with the principles of cryptography and cryptanalysis. Experienced in the use of virtualization technologies Experience designing and implementing secure landing zones in both Microsoft Azure and Amazon AWS. Understanding of Public Key Infrastructure Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. Strong understanding of networking technologies from architecture best practices to packet analysis In-depth knowledge of risk assessment methods and technologies. Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. Proficiency in performing risk, business impact, control and vulnerability assessments. Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks. Strong written and verbal communication skills. Ability to communicate security guidance to a non-technical audience. INDEPENDENT ACTION: Functions independently within departmental policies and practices. Must be able to work independently in a manner to achieve goals, objectives and productivity requirements. Refers unresolved complex issues to director where clarification of department policies and procedures may be required. SUPERVISORY RESPONSIBILITIES: Employee functions independently within department policies and practices; refers specific complex problems to direct manager where clarification of departmental policies and procedures may be required. Pay Range: $102,963.22-$169,867.15 EEO Statement: Brown University Health is committed to providing equal employment opportunities and maintaining a work environment free from all forms of unlawful discrimination and harassment. Location: Corporate Headquarters - 15 LaSalle Square Providence, Rhode Island 02903 Work Type: Mon-Friday Work Shift: Day Daily Hours: 8 hours Driving Required: Yes

Meta Platforms, Inc. (Meta), formerly known as Facebook Inc., builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps and services like Messenger, Instagram, and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. To apply, click "Apply to Job" online on this web page. **Required Skills:** Security Engineer Responsibilities: 1. Build tools that enable connectivity to our infrastructure only from Meta owned and managed devices. 2. Build machine attestation and secure certificate storage solutions to enable strong client trust. 3. Deploy systems that help mitigate security risks by understanding and controlling what software is allowed to execute on our client devices. 4. Develop, validate, and enforce our client security policies. 5. Build and deploy tools and automation that proactively detect and respond to security risks and threats to internal corporate services. 6. Advise and collaborate with other teams. 7. Telecommuting from anywhere in the U.S. allowed. **Minimum Qualifications:** Minimum Qualifications: 8. Requires Bachelor's Degree (or foreign equivalent) in Computer Science, Engineering or a related field and 1 year of experience in the job offered or a computer-related occupation 9. Requires 12 months of experience involving the following: 10. PHP, Golang, Python, C/C++, Rush, or Ruby 11. Designing and deploying security infrastructure such as PKI, key management, and certificate management 12. Endpoint Security & Management 13. Certificate Lifecycle 14. Devices & OS hardening and security policies 15. Identity & Access Management (Authentication & Authorization, SSO) 16. Network Security and 17. Programming and Code Review **Public Compensation:** $178,041/year to $200,200/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: * Assess existing scanning program to implement cloud scanning capabilities * Assist in deployment and maintenance of data scanning tools * Partner with other groups within the organization to identify and remediate data at rest access risk. * Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement * Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards * Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: * Understanding of information security concepts, best practices, and regulations related to data loss prevention * Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss * Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) * Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). * Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. * Experience as a security consultant * Working knowledge of cloud topology * Knowledge of file share security and Windows ACL administration * Familiarity with the Financial Services Industry * Knowledge of varying cloud platforms * Familiarity with cloud security at major cloud service providers * Certifications: Associate of (ISC)^2, CISSP, or similar. Education: * Bachelor's degree in Information Security, Computer Science or a related field OR * Bachelor's degree in Business or other field + 3 years relevant experience * Equivalent years: BA/BA = HS + 5 years of experience Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award Fair360 Top Regional Company FORTUNE's World's Most Admired Companies Military Friendly Employer