Cyber security analyst jobs in Saint Cloud, MN

Job Title: Cyber Security Risk Expert IV Duration: Long-term contract (6-month extension expected) Work Type: Full-time, business hours Job Summary We are seeking a senior Cyber Security Risk Expert to support a large federal enterprise environment. This role is responsible for identifying, assessing, tracking, and helping remediate cybersecurity risks and vulnerabilities that could impact enterprise systems, data, and operations. The ideal candidate will have deep hands-on experience with ServiceNow Vulnerability Response (VR) and will serve as a subject-matter expert (SME) for vulnerability risk management processes, working closely with technical teams, business stakeholders, and leadership. Key Responsibilities Identify, assess, document, and communicate cybersecurity risks across enterprise systems and platforms Manage and track vulnerabilities using ServiceNow Vulnerability Response (VR) Design and maintain vulnerability remediation workflows, dashboards, and reports Analyze security findings and recommend appropriate risk responses (accept, mitigate, transfer, or avoid) Monitor and validate the progress and effectiveness of remediation efforts Review and assess vulnerabilities across applications, infrastructure, hardware, and cloud environments Develop automation and scripts to support vulnerability data collection, reporting, and remediation tracking Serve as a cybersecurity risk and vulnerability management SME, providing guidance to stakeholders and technical teams Support security documentation, validation, and compliance remediation efforts Manage multiple initiatives simultaneously and maintain clear action plans and schedules Communicate technical risks and remediation status to both technical and non-technical audiences Required Skills & Experience 13-20 years of cybersecurity or information security experience Hands-on expertise with ServiceNow Vulnerability Response (VR) Strong knowledge of the ServiceNow platform, including: Forms, tables, dashboards, ACLs, MID servers Experience with ServiceNow scripting / JavaScript Strong background in vulnerability management and remediation processes Experience assessing risk across enterprise, cloud, and hybrid environments Ability to analyze data from multiple sources and present clear findings and recommendations Experience supporting security standards, models, and frameworks Strong organizational, communication, and stakeholder management skills Ability to work independently on high-visibility, mission-critical initiatives Education Bachelor's degree in a relevant field preferred Additional relevant experience may be accepted in lieu of a degree Additional Requirements Must have lived in the U.S. for the past 5 years Must be able to pass a background check, credit check, and drug screening No more than 6 months of international travel in the past 5 years (military service excluded) Business casual dress code when onsite Overtime must be pre-approved Location Preference Local candidates in or near Eagan, MN will be given priority Onsite work is preferred; remote candidates with strong qualifications may be considered

Job Description: Cyber Security Risk Expert IV Design, administer, and execute procedures for the identification, assessment, documentation, and communication of risks that could compromise Postal Service data and operations stemming from weaknesses in technology platforms, solution architectures, governance processes, and security capabilities, against industry standards and best practices. Provide recommendations to improve and sustain the security of the enterprise's data and operations and document the organizational risk response plan (accept, mitigate, transfer, or avoid). Monitor, report on, and validate, the status and efficacy of risk mitigation, transfer, or avoidance plans. Task description and/or any specific requirements: • Demonstrate expert-level knowledge and proficiency with ServiceNow (SNow) Vulnerability Response (VR) and generally associated modules, including but not limited to the following skills, abilities and knowledge: o General: Deep understanding of SNow platform's core functionalities and components, including forms, MID servers, tables, dashboards and access control lists (ACLs) o Scripting: Proficiency in rules and scripting (e.g., JavaScript), adequate to develop, test and deploy o Integrations: Proficiency to develop and troubleshoot VR integrations, including knowledge of APIs and service graph connectors o Dashboarding: Proficiency in designing and developing VR-focused dashboards and reports • Design and administer procedures within the organization to sustain the security of the organization's data and access to its technology and communication systems • Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures and forms of access, to the organization's systems and data contained within • Ability to review, collate, understand and present data, from various sources, to meet the remediation needs and expectations of the organization • Knowledge of automation coding, to automate data extrapolation, organization and dissemination, to meet the needs of the organization • Ability to review, investigate and assign cybersecurity vulnerabilities, for a variety of applications, systems and hardware, including cloud computing • Manage several projects/initiatives of various sizes, complexities and risks • Demonstrated proficiency in successfully evaluating and supporting documentation, validation and remediation processes required to ensure new and existing information technology (IT) systems meet the organization's vulnerability remediation expectations and requirements • Demonstrated ability to review and understand security blueprints, principles, models, designs, standards, and guidelines to ensure enterprise cybersecurity remediation support is consistent and beneficial to the organization • Experience with vulnerability remediation and remediation processes and efforts, as well as remediation tools • Ability to serve as subject matter expert (SME) for the VRM process, including providing guidance to stakeholders, business units and new CISO resources, as necessary • Strong organizational skills and ability to build and maintain schedules and step-by-step action plans • Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders and IT professionals, and to conduct presentations to varying audiences and technical knowledge levels. Experience/Education: o A minimum of thirteen (13) to twenty (20) years' relevant experience. o A degree from an accredited College/University in the applicable field of services is preferred. four additional years of relevant experience in lieu of a college degree is required. If the indiviual's degree is not in the applicable field then four additional years of related experience is required. o Works on high-visibility, or mission critical aspects of a given program, and performs all functional duties independently. o Oversees the efforts of direct reporting resources and/or be responsible for the efforts of all staff assigned to a specific job. o Note: Special credentials (licenses and/or certifications) may be required at the Task Order level on a case-specific basis.

Title: Security Engineer (SPIFFE/SPIRE) Job Type: Contract (12 months) Compensation: $90.00 - $112.00 per hour (W2) Industry: Retail Key Skills: SPIFFE SPIRE Kubernetes Experience building or customizing workload and node attestors About the Role We are seeking a Security Engineer to join a leading organization in the retail and e-commerce industry. This role focuses on implementing secure identity frameworks and workload authentication across distributed systems. You will work on cutting-edge technologies to ensure secure communication between services in a dynamic, large-scale environment. Job Description As a Security Engineer, you will be responsible for designing, deploying, and maintaining SPIFFE/SPIRE-based identity solutions. You will integrate these frameworks with container orchestration platforms, service meshes, and proxy workloads to enhance security posture. This position requires hands-on experience with SPIRE components and the ability to customize attestors and identity issuance workflows. Key responsibilities include: Deploy and manage SPIRE Server and SPIRE Agent in production environments. Design and implement secure workload identity solutions using SPIFFE IDs and trust domains. Build or customize workload and node attestors to meet organizational needs. Implement SVID issuance and rotation for X.509 and JWT formats. Integrate SPIRE with Kubernetes clusters, service meshes (e.g., Istio, Linkerd), and Envoy-based workloads. Collaborate with cross-functional teams to ensure seamless identity management across distributed systems. Qualifications Required: Proven hands-on experience deploying and managing SPIRE Server and SPIRE Agent. Strong understanding of SPIFFE IDs, trust domains, and workload identity concepts. Experience designing and implementing SVID issuance and rotation (X.509/JWT). Ability to build or customize workload and node attestors. Practical experience integrating SPIRE with Kubernetes, service meshes (Istio, Linkerd), and Envoy-based workloads. Preferred: Background in large-scale distributed systems or cloud-native environments. Familiarity with container security and zero-trust architectures. Experience with scripting or automation tools for identity management. Knowledge of TLS, PKI, and cryptographic principles. Benefits Dahl Consulting is proud to offer a comprehensive benefits package to eligible employees that will allow you to choose the best coverage to meet your family's needs. For details, please review the DAHL Benefits Summary: *********************************************** Equal Opportunity Statement As an equal opportunity employer, Dahl Consulting welcomes candidates of all backgrounds and experiences to apply. If this position sounds like the right opportunity for you, we encourage you to take the next step and connect with us. We look forward to meeting you!

Our client is seeking an Information Security Architect to join their team! This position is located in Hopkins, Minnesota. Validate the design and operational effectiveness of IT General Controls and Cloud controls Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures Prepare test scripts Perform root cause and impact analysis and provide management with recommendations to resolve issued findings Advise business partners on IT findings, risks and control weaknesses Validate findings post remediation Use knowledge of the current IT environment and industry IT trends to help identify and anticipate potential issues that may impact the banks risk landscape Design and assist in building continuous monitoring/reporting to improve efficiency an awareness of control testing activities Provide technical assistance on audit techniques Maintain an understanding of the cybersecurity footprint, platform architecture, cloud infrastructure, data governance and privacy compliance, general computing control structure of the Company (systems and architecture) and be able to apply that knowledge to how it supports the processes and procedures being reviewed Develop and maintain strong and effective working relationships with key business partners Engage and follow up to ensure deliverables are met, and identified gaps have been communicated Desired Skills/Experience: Ability to operate independently and perform quality work within the scheduled timeframe Excellent listening and communication skills in both written and verbal forms Previous experience in writing internal audit reports, preferred Experience executing technology audit and ITGC Testing Experience in auditing IT cloud operations, network, infrastructure, and security related to Amazon Web Services and Azure Experience in IT security and IT governance risk and compliance Must be proficient using Microsoft Office software Must possess an understanding of Information Security policies and standards, and have a working knowledge of Business Continuity Programs, electronic banking software and applications, Cloud computing, Cybersecurity Regulatory Framework, and Vendor Management practices Strong analytical, interpersonal and communication skills Strong understanding of cybersecurity processes and concepts as well as application controls Working knowledge and experience in python, JSON and SQL Working knowledge and experience with professional standards including CCM, NIST CSF, COSO and COBIT Benefits: Medical, Dental, & Vision Insurance Plans Employee-Owned Profit Sharing (ESOP) 401K offered The approximate pay range for this position is between $46.00 and $65.71. Please note that the pay range provided is a good faith estimate. Final compensation may vary based on factors including but not limited to background, knowledge, skills, and location. We comply with local wage minimums.

- Bachelor's Degree in Computer Science or related field or equivalent experience - Certified Information Systems Security Professional (CISSP) and/or Certified Cloud Security Certification (CCSP) and/or equivalent - AWS certifications (or ability to obtain within 6 months - Entry to junior level, 1-2 years of hands on Penetration Testing of web applications and infrastructure experience - 2-4 years of hands on cyber security operations, threat analysis, and/or incident response - Good appreciation of other security roles such as intelligence, vulnerability and patch management, Risk, auditing, Awareness and Security Architecture - A good understanding of the OSI stack and the various protocols from layer 1 - 7 including SNMP, HTTP, VPN, 802.11. - Social engineering engagement experience (i.e. phishing) - Excellent communication skills with the ability to communicate at a technical and business user level This role will be part of the Cyber Security Operations team within CWT's Global Security and Risk department at our Minnetonka office. You will support the global operations by participating in the security incident response program and identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to CWT. This information will enable CWT to proactively adjust its defensive posture. We are seeking an individual to be part of the team, to help as it grows with maturity. The team will carry out or coordinate (third parties) penetration testing across a number of environments including infrastructure, web app, and mobile platforms. In addition, you will collect and distribute Cyber Threat Intelligence as it relates to CWT. The role offers some exciting opportunities including the potential to develop your talents and skills, and investigating in more detail vulnerabilities and techniques that could be used against CWT. - Ability to create investigation results into a report - Ability to influence others where there is no direct authority - Data analysis, Network, OS systems (Windows, Unix, Linux) - Strong technical background and great understanding on emerging security trends - Deep technical knowledge IT Network, Infrastructure, Software, Cloud, Mobile - Red Team experience or experience of using Open Source and COTS for penetration testing which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar - Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH - Experience in at least one development language e.g. Java, C, C# or similar - A good understanding of Cloud based architectures primarily AWS

Senior Cyber Security Analyst - 180000L1) Primary Responsibility #1 - Global security lead for information security technologies in CWT Work on datasets such as network packets, security device logs to identify any security vulnerabilities and gaps. Manage, maintain, and deploy global security services/tools to protect the environment, including vulnerability management, endpoint protection, and network protection technologies Evaluate, design, implement, monitor and support security infrastructure including IAM, IPS, SIEM, Endpoint agents, WAF's, DLP, WCF, and other tools or systems. Perform vulnerability testing, risk analyses and security assessments Create new ways to solve existing production security issues using security tool Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors Evaluates and develops secure solutions, based on approved security architectures. Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks Collaborates with colleagues and across departments to enhance security and efficiency Assist during internal and regulatory compliance audits, PCI, SOC2, etc. Cloud Security Access Broker, Mobile Security (iOS and Android) Knowledge in IDS, IPS, Firewall, Data Leak Prevention tools Primary Responsibility #2 - Assists in the incident investigations and response process Knowledge in programming using scripting tools and enterprise software development tools such as Java Stay abreast of the latest vulnerabilities and exploits Work with the Security Operation Center is develop solutions/configurations to address threats Participate in the on-call rotation for security services outages and incident escalations Ability to present security technologies, risks, solutions to management in business context Deliver technical reports and documentation on solutions and incidents Contributes to the development and maintenance of the CWT information security strategy Qualifications -Bachelor's Degree in Computer Science or related field or equivalent experience and-Certified Information Systems Security Professional (CISSP) and/or Certified Cloud Security Certification (CCSP) and/or AWS certifications (or ability to obtain within 6 months-5-10 years of hands on experience in all technical security domains-Strong technical background and great understanding on emerging security trends-Background and style that elicits respect in the organization through management style, technical depth, customer service and results-Ability to influence others where there is no direct authority-Deep technical knowledge IT Network, Infrastructure, Software, Cloud, Mobile-Scripting, coding, or automation skills (Python, Perl, Java, . NET)-Ability to solution, plan, and deploy security technologies-Data analysis, Network, OS systems (Windows, Unix, Linux) Primary Location: MinnetonkaEmployment type: StandardJob Family: Information TechnologyScope: GlobalTravel: Yes, 5 % of the TimeShift: Day JobOrganization: P&T_Security & RiskExperience Level: 1 to 3 years Job Posting: Feb 12, 2018 As an Equal Opportunity Employer/Affirmative Action employer, the organization will not discriminate in its employment practices due to an applicant's race, color, religion, sex, national origin, veteran status, disability status, sexual orientation, gender identity or any other federal, state or local protected class

The Lead Security Engineer position is part of the Information Technology team, reporting directly to the Manager, Information Security. The focus of this role is to design, implement, and maintain advanced security solutions that protect the confidentiality, integrity, and availability of Cirrus digital assets. This role requires deep technical expertise in Microsoft technologies, cybersecurity engineering, and enterprise security architecture, as well as the ability to mentor Security analysts and partner with IT teams on secure system design and operations. Duties and Responsibilities/Essential Functions Design, implement, and maintain enterprise security controls across Microsoft environments, including Azure, Entra ID (Azure AD), Microsoft 365, Microsoft Defender, and Windows Server platforms. Lead incident response activities, including investigation, containment, eradication, and recovery, as well as post-incident lessons learned. Analyze security events and alerts from IDS/IPS, SIEM, EDR/XDR, vulnerability scanners, and Microsoft security tools to identify and mitigate threats. Develop and implement security hardening baselines, patch management processes, and secure configuration standards for Microsoft platforms and hybrid environments. Collaborate with IT and business stakeholders to design secure solutions, ensuring security requirements are integrated into Windows, Active Directory/Entra ID, Azure, and Microsoft 365 systems. Conduct threat modeling and risk assessments, making recommendations for risk treatment and mitigation strategies. Oversee vulnerability management program, including regular assessments, prioritization, and remediation validation. Create strategies to mitigate risks and ensure compliance with relevant laws and regulations Focus on continuous improvement to stay updated on cybersecurity trends and emerging threats to enhance security measures. Provide mentorship and technical guidance to Information Security Analysts and IT staff. Assist in the development and enforcement of security policies, standards, and procedures, with specific emphasis on Microsoft platforms. Stay current with emerging threats, vulnerabilities, and security technologies; recommend improvements to strengthen the security posture Regular, reliable, and predictable attendance Qualifications: To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. Bachelor's degree in Information Security, Computer Science, Information Systems, or equivalent combination of education and experience. 7+ years of progressive experience in information security, engineering, or related IT disciplines. Advanced knowledge of Microsoft technologies, including Azure, Entra ID (Azure AD), Office 365, Microsoft Defender suite, and Windows Server. Experience with SIEM, SOAR, EDR/XDR, vulnerability management, and forensic analysis tools, preferably integrated with Microsoft Sentinel and Defender. Strong understanding of cloud platforms (Azure, AWS, Google Cloud) and securing hybrid infrastructures. Relevant security certifications preferred: CISSP, CISM, OSCP, GIAC (GCIA, GCIH, GPEN), Microsoft Certified: Azure Security Engineer Associate, Microsoft 365 Security Administrator Associate, or equivalent. Demonstrated expertise in incident response, malware analysis, and intrusion detection. Proficiency with scripting/automation languages (PowerShell, Python, etc.) to enhance security operations. In-depth knowledge of common frameworks and standards (NIST CSF, ISO 27001, CIS Controls, MITRE ATT&CK). Proven ability to design and implement Zero Trust and defense-in-depth strategies. Applies advanced knowledge of Microsoft security technologies and enterprise platforms to solve complex challenges. Mentors and guides team members, builds trust, and fosters a culture of continuous improvement Competencies To perform the job successfully, an individual should demonstrate the following competencies: Manages Complexity - Asks the right questions to accurately analyze situations, acquires data from multiple and diverse sources when solving problems, uncovers root causes to difficult problems, evaluates pros and cons, risks and benefits of different solution options. Situational Adaptability - Picks up on situation cues and adjusts in the moment. Readily adapts personal, interpersonal, and leadership behavior. Understands that different situations may call for different approaches. Can act differently depending on the circumstance. Optimizes Work Processes - Identifies and creates the processes necessary to get work done, Separates and combines activities into efficient workflow, Designs processes and procedures that allow managing from a distance, Seeks ways to improve processes, Collaborates: Builds partnerships and works collaboratively with others to meet shared objectives. Organizational Savvy: Maneuvers comfortably through complex policy, process, and people-related organizational dynamics. Directs Work: Provides direction, delegates, and removes obstacles to get work done. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice. Work beyond 40 hours per week may be required. Cirrus is dedicated to a drug free work environment promoting equal employment opportunity. Qualified applicants will receive consideration for employment without regard to race, sex, national origin, color, age, disability, religion, pregnancy, veteran status, marital and family status, sexual orientation, receipt of public assistance, genetic information or any other characteristic protected by applicable law. Our Benefits: Cirrus provides a range of exciting benefits, including: 401(k) Plan: Dollar-for-dollar match up to 5% after 90 days, with 100% vesting. Employer-Paid Coverages: Group term life, short- and long-term disability insurance. Comprehensive Health Coverage: Medical, vision, dental, with additional dependent coverage options. Free Health Tracking: With rewards for meeting health goals. Generous PTO: 120+ hours accrued within the first year. Employee Referral Bonus: For referring talented candidates. Career Development: Tuition reimbursement and professional growth opportunities. Exclusive Discounts: Access to partner and marketplace discounts. Community & Engagement: Company and employee clubs at various locations. These benefits are designed to support your well-being, growth, and enjoyment at Cirrus!

Title: Cyber Security Risk Expert IV Terms: 6 months contract with possible extension * Design, administer, and execute procedures for the identification, assessment, documentation, and communication of risks that could compromise Postal Service data and operations stemming from weaknesses in technology platforms, solution architectures, governance processes, and security capabilities, against industry standards and best practices. * Provide recommendations to improve and sustain the security of the enterprise's data and operations and document the organizational risk response plan (accept, mitigate, transfer, or avoid). * Monitor, report on, and validate, the status and efficacy of risk mitigation, transfer, or avoidance plans. Task description and/or any specific requirements: * Demonstrate expert-level knowledge and proficiency with ServiceNow (SNow) Vulnerability Response (VR) and generally associated modules, including but not limited to the following skills, abilities and knowledge: * General: Deep understanding of SNow platforms core functionalities and components, including forms, MID servers, tables, dashboards and access control lists (ACLs) * Scripting: Proficiency in rules and scripting (e.g., JavaScript), adequate to develop, test and deploy * Integrations: Proficiency to develop and troubleshoot VR integrations, including knowledge of APIs and service graph connectors * ]Dashboarding: Proficiency in designing and developing VR-focused dashboards and reports * Design and administer procedures within the organization to sustain the security of the organizations data and access to its technology and communication systems * Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures and forms of access, to the organizations systems and data contained within * Ability to review, collate, understand and present data, from various sources, to meet the remediation needs and expectations of the organization * Knowledge of automation coding, to automate data extrapolation, organization and dissemination, to meet the needs of the organization * Ability to review, investigate and assign cybersecurity vulnerabilities, for a variety of applications, systems and hardware, including cloud computing * Manage several projects/initiatives of various sizes, complexities and risks * Demonstrated proficiency in successfully evaluating and supporting documentation, validation and remediation processes required to ensure new and existing information technology (IT) systems meet the organization's vulnerability remediation expectations and requirements * Demonstrated ability to review and understand security blueprints, principles, models, designs, standards, and guidelines to ensure enterprise cybersecurity remediation support is consistent and beneficial to the organization * Experience with vulnerability remediation and remediation processes and efforts, as well as remediation tools * Ability to serve as subject matter expert (SME) for the USPS VRM process, including providing guidance to stakeholders, business units and new CISO resources, as necessary * Strong organizational skills and ability to build and maintain schedules and step-by-step action plans * Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders and IT professionals, and to conduct presentations to varying audiences and technical knowledge levels. Experience/Education: * A minimum of thirteen (13) to twenty (20) years relevant experience. * A degree from an accredited College/University in the applicable field of services is preferred. four additional years of relevant experience in lieu of a college degree is required. If the indiviual's degree is not in the applicable field then four additional years of related experience is required. * Works on high-visibility, or mission critical aspects of a given program, and performs all functional duties independently. * Oversees the efforts of direct reporting resources and/or be responsible for the efforts of all staff assigned to a specific job. * Note: Special credentials (licenses and/or certifications) may be required at the Task Order level on a case-specific basis. Pay Range: $45-$50/hr W2 About Seneca Resources: At Seneca Resources, we are more than just a staffing and consulting firm-we are a trusted career partner. With offices across the U.S. and clients ranging from Fortune 500 organizations to government agencies, we connect professionals with opportunities that drive meaningful impact and support long-term career growth. When you join Seneca, you gain a team committed to your success. We offer competitive compensation, comprehensive health, dental, and vision coverage, 401(k) plans, and continuous support throughout your assignment. Our recruiters and account managers invest in understanding your goals and placing you in roles aligned with your talents and ambitions. Seneca Resources is proud to be an Equal Opportunity Employer, dedicated to building a diverse and inclusive workplace where all qualified applicants are encouraged to apply.

Established in 1991, Collabera has been a leader in IT staffing for over 22 years and is one of the largest diversity IT staffing firms in the industry. As a half a billion dollar IT company, with more than 9,000 professionals across 30+ offices, Collabera offers comprehensive, cost-effective IT staffing & IT Services. We provide services to Fortune 500 and mid-size companies to meet their talent needs with high quality IT resources through Staff Augmentation, Global Talent Management, Value Added Services through CLASS (Competency Leveraged Advanced Staffing & Solutions) Permanent Placement Services and Vendor Management Programs. Job Description Position Details: Job Title - Information Security Analyst Duration - 3 Months (with a possibility of an extension) Location - Eagan , MN - 55123 Qualifications Primary Objective Perform in the delivery and development of processes and services which support best practices in information security and risk management for Client enterprise. Knowledge, Skills & Behaviors • 2+ years related information security risk management experience • 3+ years related information technology experience • Preferred industry-related certifications: GSEC, CISSP, CISA, CISM, ITIL • Preferred exposure in SOC2, ISO 27000, risk assessment methodologies, Shared Assessments, ITIL practices, and GRC • Demonstrate results in planning and delivering complex projects on time • Maintain focus and manage multiple efforts concurrently • Perform independently to expectations while being collaborative and maintaining alignment with the team • Work effectively with all levels of the organization including subject matter experts, stakeholders, and leadership • Strong written and verbal communication skills to include executive audiences • Apply tactical and strategic methods appropriately • Effective negotiation and influence • Focused on supporting the customer, the team, and the business • Strong collaboration and problem-solving skills Major Areas of Accountability • Operate as a key contributor to the Vendor Risk Management processes. • Interface with subject matter experts, peers and stakeholders; and business or technology leaders across the Client enterprise. • Demonstrate subject matter expertise on information security best practices and Client security posture focused on performing due diligence for vendor assurance inquiries and attestations. • Assist in initiatives to evaluate and provide input on the effectiveness of processes and solutions, and to determine or support a course of action. Track and report on mitigation progress. • Contribute to the strategic and tactical development of information security, risk management and compliance initiatives, to include policy and standards development, solution development, security awareness and training, and other information security initiatives as assigned. • Track, verify and collect data points for reporting and metrics on identified services to identify gaps and inform leadership. • Serve as a subject matter expert in information technology operations, information security and risk management practices, global legal and regulatory requirements, and other applicable security and privacy trends and practices. • Participate as a member of a team for Vendor Risk Management • Contribute to and achieve business and departmental goals and objectives • Deliver processes and services consistently and accurately • Accept feedback and flex to address tactical needs • Report on status of initiatives to all levels in the organization • Work across the organization to contribute to departmental initiatives and programs Education • Prefer 4 year (Bachelor's) Degree in a technology related field If you are interested please contact NEHA KALIA (Technical Recruiter) at ************ and email an updated copy of your resume (preferably WORD format) to *************************** Additional InformationIf you are interested please contact NEHA KALIA (Technical Recruiter) at ************ and email an updated copy of your resume (preferably WORD format) to ***************************

Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for. Nuclear Security Analyst Position Summary Responsible for auditing nuclear security performance and recommending corrective actions to ensure Security Force compliance with the nuclear Security Plan, procedures, Safeguards Contingency Plan and licensing documents. Essential Responsibilities Audit nuclear security performance to ensure Security Force compliance with all policies and procedures. Update policies and procedures as needed and recommend or take action as appropriate. Identify methods to improve the efficiency and effectiveness of the security organization and submit these suggestions to management. Conduct human performance and safety related evaluations in accordance with site requirements. Interface with various department managers for scheduled work activities. Conduct assessments of security programs. Monitor security department KPIs. Fulfill other security-related duties that may arise to meet departmental needs and regulatory commitments. Coordinate equipment repairs, logistics, and work with vendors for support and contracts as necessary. Support capital project (project initiation requests, work planning, implementations). Perform regulatory compliance evaluations and reviews. Conduct regulatory inspection readiness and support inspection activities. Minimum Requirements High School diploma or equivalent required. Two years of experience as a nuclear security officer or related experience. Be assigned to a dedicated Emergency Response Organization role, which will require either a dedicated on-call frequency or a pool-style response. Ability to obtain and maintain nuclear unescorted access (UA) and critical group requirements of 10 CFR 73.56. Preferred Requirements Associate's or Bachelor's Degree 3+ years of experience in a Nuclear Security leadership role. Military or Law enforcement (nuclear regulatory related) experience. Ability to work in highly complex, procedurally driven environment. Currently Nuclear AA/UA (e.g. badged). As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Individuals with a disability who need an accommodation to apply please contact us at *************************. Non-BargainingThe anticipated starting base pay for this position is: $71,900.00 to $102,100.00 per year This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part. In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information. Deadline to Apply: 01/04/26 EEO is the Law | EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF) All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility. ACCESSIBILITY STATEMENT Xcel Energy endeavors to make *************************** accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at *************************. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Patterson isn't just a place to work, it's a partner that cares about your success. One of the distinguishing marks of our company is the talented people who embrace the people-first, always advancing, and results-driven culture. Professional growth abounds in this motivating environment. We value the diverse talents and experiences our employees bring to Patterson and believe that they build a stronger and successful organization. Job Description: The Application Senior Security Analyst leads the implementation and maintenance of network and application security systems to protect Patterson's information assets. This role drives technical support, incident response, and ensures alignment with security and project goals. The analyst develops and enhances the application security program using industry best practices and frameworks. Expertise in secure coding, static and dynamic code analysis, and vulnerability remediation is essential. The candidate integrates security controls into CI/CD pipelines using SecDevOps methodologies. Responsibilities include tool integration, policy enforcement, and continuous monitoring. Collaboration across DevOps, compliance, risk, and audit teams ensures enterprise-wide security alignment. A methodical approach to assessing and triaging security findings is critical for success. Essential Functions To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position. Perform application security triage, oversee issue resolution, and track remediation metrics Oversees the maintenance, support, and delivery of associated security platforms Drives continuous improvements in acting on alerts, service requests, and incidents Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects Provide support and ongoing input in the evolution of the application security program Ensure the application security tool set is optimized, tuned, and maintained Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and SecDevOps workflows Perform security testing to include SAST, DAST, SCA, Container, APIs, IaC, Secrets Interact with Infrastructure, DevOps, and application owners to ensure alignment with Patterson's roadmaps Prioritize workload depending on business direction, compliance, and / or security requirements Embedded in the SDLC process for all major applications, working with DevOps, SecDevOps, Developers, QA, Principal Architects, Security Champions, Actively participate and / or lead weekly meetings with application team leads and security champions Track and manage identified vulnerabilities through resolution, ensuring timely remediation and documentation. Oversee the planning, execution, and follow-up of penetration tests conducted by internal teams and external security partners. Additional functions In addition to the essential functions listed above, the incumbent may perform the following additional functions. Experience with .Net, C#, Javascript, Angular and related languages Familiarity with AzureDevOPs (ADO), Package Management, SBOM, TFS and / or VSTS Familiarity with major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) General knowledge of Application Security frameworks such as BSIMM, OWASP SAMM / ASVS, NIST, etc Experience with Thick Clients, Web Apps, Cloud Solutions, SPA, Web Services, MVC, APIs, etc Familiar with Azure DevOps Pipelines for automated build, test and deployment workflows Ability to support and manage Azure services including Azure Container Apps (ACA), Azure Kubernetes Service (AKS), and Azure Artifacts Familiarity with software supply chain security processes, including vulnerability scanning, artifact integrity validation, and dependency risk management Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment Experience communicating security concerns and issues to non-technical audiences Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques. Familiar with key application security tools such as BurpSuite, HCL AppScan, Veracode, Qualsys WAS, Micro Focus WebInspect, Checkmarx, Mend.io (White Source), DevTools, Fiddler, Owasp Zap, Metasploit, BeeF, SQLMap, Postman, etc Experience with Swagger, SOAPUI, Visual Studio Required Qualifications Bachelor's Degree with an emphasis in security, technology, or engineering or equivalent work experience At least 4 years work experience in information technology, cyber security, or information security Preferred Qualifications Security industry certification desired This person must be located within a commutable distance to Mendota Heights, MN or Loveland, CO. This will be 2 days in the office hybrid model. What's In It For You We provide competitive benefits, unique incentive programs and rewards for our eligible employees: Full Medical, Dental, and Vision benefits and an integrated Wellness Program. 401(k) Match Retirement Savings Plan. Paid Time Off (PTO). Holiday Pay & Floating Holidays. Volunteer Time Off (VTO). Educational Assistance Program. Full Paid Parental and Adoption Leave. LifeWorks (Employee Assistance Program). Patterson Perks Program. The potential compensation range for this role is below. The final offer amount could exceed this range, based on various factors such as candidate location (geographical labor market), experience, and skills. $94,100.00 - $117,700.00EEO Statement Patterson provides equal employment opportunities to applicants and employees without regard to race; color; sex; gender identity; sexual orientation; religious practices and observances; national origin; pregnancy, childbirth, or other related medical conditions; status as a protected veteran or spouse/family member of a protected veteran; or disability.

Who You'll Work With As a modern technology company, our Slalom Technologists are disrupting the market and bringing to life the art of the possible for our clients. We have passion for building strategies, solutions, and creative products to help our clients solve their most complex and interesting business problems. We surround our technologists with interesting challenges, innovative minds, and emerging technologies. We are currently looking for a Senior Consultant or Principal level Security strategist with deep technical and functional expertise in Business Continuity and Disaster Recovery. What You'll Do * Lead and facilitate Business Impact Assessments (BIAs) across business units * Develop and update Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) aligned to critical business functions and systems * Assess organizational risk and capability gaps related to crisis management, workforce continuity, and infrastructure resilience * Design tiered recovery strategies based on RTOs, RPOs, and MVC (Minimum Viable Company) principles * Coordinate and conduct tabletop exercises, test execution, and post-mortem reviews * Align BC/DR practices with enterprise risk management frameworks, compliance requirements (e.g., HIPAA, ISO 22301), and audit expectations * Support program governance, metrics, training, and awareness efforts What You'll Bring * 6+ years of experience in Business Continuity, Disaster Recovery, or operational resilience consulting * Strong working knowledge of BIAs, BCP/DRP development, and crisis management planning * Understanding of IT infrastructure concepts and DR technologies (e.g., backup systems, cloud platforms) * Experience supporting risk assessments and regulatory audits * Excellent facilitation and stakeholder management skills * Strong writing skills to produce clear, client-ready plans and reports About Us Slalom is a fiercely human business and technology consulting company that leads with outcomes to bring more value, in all ways, always. From strategy through delivery, our agile teams across 52 offices in 12 countries collaborate with clients to bring powerful customer experiences, innovative ways of working, and new products and services to life. We are trusted by leaders across the Global 1000, many successful enterprise and mid-market companies, and 500+ public sector organizations to improve operations, drive growth, and create value. At Slalom, we believe that together, we can move faster, dream bigger, and build better tomorrows for all. Compensation and Benefits Slalom prides itself on helping team members thrive in their work and life. As a result, Slalom is proud to invest in benefits that include meaningful time off and paid holidays, parental leave, 401(k) with a match, a range of choices for highly subsidized health, dental, & vision coverage, adoption and fertility assistance, and short/long-term disability. We also offer yearly $350 reimbursement account for any well-being-related expenses, as well as discounted home, auto, and pet insurance. Slalom is committed to fair and equitable compensation practices. For this role, we are hiring at the following levels and targeted base pay salary ranges: The targeted base salary pay range for Senior Consultant in New Jersey, New York City, and Washington DC is $153,000 to $186,000. The targeted base salary range for Senior Consultant in Atlanta, Chicago, Detroit, Kansas City, Minneapolis, Nashville, Philadelphia, Phoenix, St. Louis is $140,000 to $171,000. In addition, individuals may be eligible for an annual discretionary bonus. Actual compensation will depend upon an individual's skills, experience, qualifications, location, and other relevant factors. The salary pay range is subject to change and may be modified at any time. We are committed to pay transparency and compliance with applicable laws. If you have questions or concerns about the pay range or other compensation information in this posting, please contact us at: ********************. EEO and Accommodations Slalom is an equal opportunity employer and is committed to inclusion, diversity, and equity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans' status, or any other characteristic protected by federal, state, or local laws. Slalom will also consider qualified applications with criminal histories, consistent with legal requirements. Slalom welcomes and encourages applications from individuals with disabilities. Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team if you require accommodations during the interview process. #LI-MS12

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience. The Security Strategy, Risk, and Resilience (SRR) team is responsible for TikTok's Governance, Risk and Compliance function working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements. The Cybersecurity Strategy Senior Analyst plays a critical role in supporting the development and execution of strategic initiatives and metrics programs across TikTok's Global Security Organization. You will help define what "best-in-class" looks like for a rapidly growing global cybersecurity team by driving data-informed decision-making, maturity modeling, and performance measurement. This role involves working closely with cross-functional stakeholders to align cybersecurity efforts with broader organizational goals while contributing to the department's strategic direction and operational excellence. You would be a great fit for this role if you are enthusiastic about: 1. Using data and metrics to tell compelling stories and influence decisions at the highest levels of leadership 2. Thriving in a fast-paced, ambiguous environment with a passion for building frameworks and programs from the ground up 3. Collaborating with technical and non-technical stakeholders to build visibility and alignment around cybersecurity goals and performance Responsibilities As a Cybersecurity Strategy and Metrics Senior Analyst, you will be responsible for: * Supporting the development and execution of the department-wide cybersecurity strategy and multi-year maturity roadmap * Designing and maintaining cybersecurity performance measurement frameworks, including department KPIs, KRIs, OKRs, and executive dashboards * Developing maturity models and measurement tools to assess and monitor cybersecurity capabilities across teams and functions * Providing regular reporting and briefings to leadership, summarizing progress against strategic goals, identifying areas for improvement, and recommending adjustments * Conducting benchmarking and trend analysis to assess the organization's performance relative to industry standards and peers * Partnering with leadership to identify strategic gaps and support initiative development, prioritization, and tracking * Supporting strategic planning cycles, initiative management, and documentation efforts that align with both security and business priorities Minimum Qualifications: * Strong understanding of cybersecurity domains and frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and how to translate them into measurable objectives * Experience designing and operationalizing metrics or performance programs in a cross-functional environment * Strong analytical and project management skills with the ability to lead initiatives and drive results with multiple stakeholders * Excellent communication skills, with the ability to translate complex data and strategy into business-relevant narratives * Ability to work at the Washington DC or New York office for 5 days per week and willingness to travel to other offices, including international locations, as required to support business needs Preferred Qualifications: * Strong experience in cybersecurity, GRC, metrics development, strategic operations, or a related field * Strong experience in security strategy, cybersecurity operations, metrics programs, consulting, or related areas * Experience working with data visualization tools such as Tableau, Power BI, or internal dashboards * Relevant certifications (e.g., CISSP, CRISC, CISM, PMP, or other strategy or security-related certifications)

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

The Information Security Analyst Identifies security risks and exposures, determine the causes of security violations, and configuring systems to optimize notification of future incidents. The Security Analyst Integrates appropriate systems and logs into the enterprise security incident and event management system to effectively monitor and detect various people and enterprise asset activity. The Information Security Analyst works under the direction of the Information Security Director on the IT Security Operations Team. This is a hybrid job, must be located in Saint Paul MN Responsibilities • Investigates and analyzes security events to evaluate risk, prioritizing findings based on internal and external information. • Configures and maintains SIEM platform, including areas such as source feeds, alerts, alarms, and API integrations. • Configures and maintains EDR/antivirus. • Configures and maintains vulnerability management platform, including areas such as vulnerability scanning, remediation, and mitigation as well as impact and risk analysis. • Communicates security concerns to the business stakeholders to collectively develop and execute an appropriate remediation/mitigation plan. • Interacts with security risk and compliance group, adjacent IT departments, and business units as needed to ensure compliance with IT Security goals and policies. • When needed, assists in administration of other security tools (Data Loss Prevention, Email Security/Spam Filter, End User Training, Mobile Device Management). • Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and evolving attacks and threat vectors. General Job Responsibilities: • Ability to work in a team environment and independently as required • Contributes to project planning and scheduling. • Normally receives minimal instructions on routine work and detailed instructions on new assignments. • Participate in Architecture design reviews and other technical governance forums across the organization representing the security team across multiple projects. • Be on call and available after business hours, would require working Holidays and weekends if major security incident occurs. • Establish and maintain pertinent policies, standards, and procedures • Perform duties in compliance with applicable regulations and standards such as Sarbanes Oxley Act, FDA Quality System, and ISO (International Organization for Standardization) Works on routine assignments per written procedures, where ability to recognize deviation from accepted practice is required. • Contributes to the overall operations and to the achievement of departmental goals • Perform job specific tasks in compliance with applicable Regulations, International Standards, and WuXi AppTec Policies and Standard Operating Procedures. • Understanding of Good Laboratory Practices and Good Manufacturing Practices • Other duties as assigned Qualifications • Degree in Cyber Security, Management Information Systems, Information Security or equivalent work experience o Minimum 2 years prior experience in a Cyber Security • In depth knowledge of LogRhythm SIEM platform or other SIEM platforms, which includes configuring and maintaining API integrations and source feeds, alerts and alarms • In depth knowledge in Qualys Vulnerability Management System, which includes configuring and maintaining • In depth knowledge in Cisco AMP Anti-Virus software, which includes configuring and maintaining • Knowledge of ISO/IEC 27001 standards. • Strong technical acumen with a solid understanding of security technologies and network architecture • Strong verbal and written communication skills • Independent driver of self-development and continuous learning • Knowledge of information security technology, design, research techniques, administration, operating standards, and quality control methods. • Basic understanding of LAN/WAN technologies and protocols, FTP, Active Directory, VPN technologies (MPLS, IPSEC, etc.), IIS and other network services. • Experience in a large, formal vulnerability program. • General knowledge of cloud, wireless network and mobile security. • Team-oriented and skilled in working within a collaborative environment. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability This job description does not state or imply that the above are the only duties and responsibilities assigned to this position. Employees holding this position will be required to perform any other job-related duties as requested by Management.

Senior Cyber Security Analyst - 180001PV) This role will be part of the Cyber Security Operations team within CWT's Global Security and Risk department at our Minnetonka office.You will support the global operations by participating in the security incident response program and identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to CWT. This information will enable CWT to proactively adjust its defensive posture. We are seeking an individual to be part of the team, to help as it grows with maturity. The team will carry out or coordinate (third parties) penetration testing across a number of environments including infrastructure, web app, and mobile platforms. In addition, you will collect and distribute Cyber Threat Intelligence as it relates to CWT. The role offers some exciting opportunities including the potential to develop your talents and skills, and investigating in more detail vulnerabilities and techniques that could be used against CWT. - Ability to create investigation results into a report- Ability to influence others where there is no direct authority- Data analysis, Network, OS systems (Windows, Unix, Linux)- Strong technical background and great understanding on emerging security trends- Deep technical knowledge IT Network, Infrastructure, Software, Cloud, Mobile- Red Team experience or experience of using Open Source and COTS for penetration testing which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar - Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH - Experience in at least one development language e.g. Java, C, C# or similar - A good understanding of Cloud based architectures primarily AWS Qualifications - Bachelor's Degree in Computer Science or related field or equivalent experience - Certified Information Systems Security Professional (CISSP) and/or Certified Cloud Security Certification (CCSP) and/or equivalent - AWS certifications (or ability to obtain within 6 months- Entry to junior level, 1-2 years of hands on Penetration Testing of web applications and infrastructure experience - 2-4 years of hands on cyber security operations, threat analysis, and/or incident response- Good appreciation of other security roles such as intelligence, vulnerability and patch management, Risk, auditing, Awareness and Security Architecture - A good understanding of the OSI stack and the various protocols from layer 1 - 7 including SNMP, HTTP, VPN, 802.11. - Social engineering engagement experience (i.e. phishing) - Excellent communication skills with the ability to communicate at a technical and business user level Primary Location: MinnetonkaEmployment type: StandardJob Family: Information TechnologyScope: GlobalTravel: Yes, 5 % of the TimeShift: Day JobOrganization: P&T_Security & RiskExperience Level: 3 to 5 years Job Posting: Apr 25, 2018 As an Equal Opportunity Employer/Affirmative Action employer, the organization will not discriminate in its employment practices due to an applicant's race, color, religion, sex, national origin, veteran status, disability status, sexual orientation, gender identity or any other federal, state or local protected class

Primary Responsibility #1 - Global security lead for information security technologies in CWT Work on datasets such as network packets, security device logs to identify any security vulnerabilities and gaps. Manage, maintain, and deploy global security services/tools to protect the environment, including vulnerability management, endpoint protection, and network protection technologies Evaluate, design, implement, monitor and support security infrastructure including IAM, IPS, SIEM, Endpoint agents, WAF's, DLP, WCF, and other tools or systems. Perform vulnerability testing, risk analyses and security assessments Create new ways to solve existing production security issues using security tool Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors Evaluates and develops secure solutions, based on approved security architectures. Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks Collaborates with colleagues and across departments to enhance security and efficiency Assist during internal and regulatory compliance audits, PCI, SOC2, etc. Cloud Security Access Broker, Mobile Security (iOS and Android) Knowledge in IDS, IPS, Firewall, Data Leak Prevention tools Primary Responsibility #2 - Assists in the incident investigations and response process Knowledge in programming using scripting tools and enterprise software development tools such as Java Stay abreast of the latest vulnerabilities and exploits Work with the Security Operation Center is develop solutions/configurations to address threats Participate in the on-call rotation for security services outages and incident escalations Ability to present security technologies, risks, solutions to management in business context Deliver technical reports and documentation on solutions and incidents Contributes to the development and maintenance of the CWT information security strategy -Bachelor's Degree in Computer Science or related field or equivalent experience and -Certified Information Systems Security Professional (CISSP) and/or Certified Cloud Security Certification (CCSP) and/or AWS certifications (or ability to obtain within 6 months -5-10 years of hands on experience in all technical security domains -Strong technical background and great understanding on emerging security trends -Background and style that elicits respect in the organization through management style, technical depth, customer service and results -Ability to influence others where there is no direct authority -Deep technical knowledge IT Network, Infrastructure, Software, Cloud, Mobile -Scripting, coding, or automation skills (Python, Perl, Java, .NET) -Ability to solution, plan, and deploy security technologies -Data analysis, Network, OS systems (Windows, Unix, Linux)

Established in 1991, Collabera is one of the fastest growing end-to-end information technology services and solutions companies globally. As a half a billion dollar IT company, Collabera's client-centric business model, commitment to service excellence and Global Delivery Model enables its global 2000 and leading mid-market clients to deliver successfully in an increasingly competitive marketplace. With over 8200 IT professionals globally, Collabera provides value-added onsite, offsite and offshore technology services and solutions to premier corporations. Over the past few years, Collabera has been awarded numerous accolades and Industry recognitions including. Collabera awarded Best Staffing Company to work for in 2012 by SIA. (hyperlink here) Collabera listed in GS 100 - recognized for excellence and maturity Collabera named among the Top 500 Diversity Owned Businesses Collabera listed in GS 100 & ranked among top 10 service providers Collabera was ranked: 32 in the Top 100 Large Businesses in the U.S 18 in Top 500 Diversity Owned Businesses in the U.S 3 in the Top 100 Diversity Owned Businesses in New Jersey 3 in the Top 100 Privately-held Businesses in New Jersey 66th on FinTech 100 35th among top private companies in New Jersey *********************************************** Collabera recognizes true potential of human capital and provides people the right opportunities for growth and professional excellence. Collabera offers a full range of benefits to its employees including paid vacations, holidays, personal days, Medical, Dental and Vision insurance, 401K retirement savings plan, Life Insurance, Disability Insurance. Job Description Position Details: Job Title - Information Security Analyst Duration - 3 Months (with a possibility of an extension) Location - Eagan , MN - 55123 Qualifications Primary Objective Perform in the delivery and development of processes and services which support best practices in information security and risk management for Client enterprise. Knowledge, Skills & Behaviors • 2+ years related information security risk management experience • 3+ years related information technology experience • Preferred industry-related certifications: GSEC, CISSP, CISA, CISM, ITIL • Preferred exposure in SOC2, ISO 27000, risk assessment methodologies, Shared Assessments, ITIL practices, and GRC • Demonstrate results in planning and delivering complex projects on time • Maintain focus and manage multiple efforts concurrently • Perform independently to expectations while being collaborative and maintaining alignment with the team • Work effectively with all levels of the organization including subject matter experts, stakeholders, and leadership • Strong written and verbal communication skills to include executive audiences • Apply tactical and strategic methods appropriately • Effective negotiation and influence • Focused on supporting the customer, the team, and the business • Strong collaboration and problem-solving skills Major Areas of Accountability • Operate as a key contributor to the Vendor Risk Management processes. • Interface with subject matter experts, peers and stakeholders; and business or technology leaders across the Client enterprise. • Demonstrate subject matter expertise on information security best practices and Client security posture focused on performing due diligence for vendor assurance inquiries and attestations. • Assist in initiatives to evaluate and provide input on the effectiveness of processes and solutions, and to determine or support a course of action. Track and report on mitigation progress. • Contribute to the strategic and tactical development of information security, risk management and compliance initiatives, to include policy and standards development, solution development, security awareness and training, and other information security initiatives as assigned. • Track, verify and collect data points for reporting and metrics on identified services to identify gaps and inform leadership. • Serve as a subject matter expert in information technology operations, information security and risk management practices, global legal and regulatory requirements, and other applicable security and privacy trends and practices. • Participate as a member of a team for Vendor Risk Management • Contribute to and achieve business and departmental goals and objectives • Deliver processes and services consistently and accurately • Accept feedback and flex to address tactical needs • Report on status of initiatives to all levels in the organization • Work across the organization to contribute to departmental initiatives and programs Education • Prefer 4 year (Bachelor's) Degree in a technology related field Additional Information To know more about this opportunity or to schedule an interview, Please Contact: Neha Kalia *************************** ************

The Information Security Analyst Identifies security risks and exposures, determine the causes of security violations, and configuring systems to optimize notification of future incidents. The Security Analyst Integrates appropriate systems and logs into the enterprise security incident and event management system to effectively monitor and detect various people and enterprise asset activity. The Information Security Analyst works under the direction of the Information Security Director on the IT Security Operations Team. **This is a hybrid job, must be located in Saint Paul MN** **Responsibilities** - Investigates and analyzes security events to evaluate risk, prioritizing findings based on internal and external information. - Configures and maintains SIEM platform, including areas such as source feeds, alerts, alarms, and API integrations. - Configures and maintains EDR/antivirus. - Configures and maintains vulnerability management platform, including areas such as vulnerability scanning, remediation, and mitigation as well as impact and risk analysis. - Communicates security concerns to the business stakeholders to collectively develop and execute an appropriate remediation/mitigation plan. - Interacts with security risk and compliance group, adjacent IT departments, and business units as needed to ensure compliance with IT Security goals and policies. - When needed, assists in administration of other security tools (Data Loss Prevention, Email Security/Spam Filter, End User Training, Mobile Device Management). - Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and evolving attacks and threat vectors. General Job Responsibilities: - Ability to work in a team environment and independently as required - Contributes to project planning and scheduling. - Normally receives minimal instructions on routine work and detailed instructions on new assignments. - Participate in Architecture design reviews and other technical governance forums across the organization representing the security team across multiple projects. - Be on call and available after business hours, would require working Holidays and weekends if major security incident occurs. - Establish and maintain pertinent policies, standards, and procedures - Perform duties in compliance with applicable regulations and standards such as Sarbanes Oxley Act, FDA Quality System, and ISO (International Organization for Standardization) Works on routine assignments per written procedures, where ability to recognize deviation from accepted practice is required. - Contributes to the overall operations and to the achievement of departmental goals - Perform job specific tasks in compliance with applicable Regulations, International Standards, and WuXi AppTec Policies and Standard Operating Procedures. - Understanding of Good Laboratory Practices and Good Manufacturing Practices - Other duties as assigned **Qualifications** - Degree in Cyber Security, Management Information Systems, Information Security or equivalent work experience o Minimum 2 years prior experience in a Cyber Security - In depth knowledge of LogRhythm SIEM platform or other SIEM platforms, which includes configuring and maintaining API integrations and source feeds, alerts and alarms - In depth knowledge in Qualys Vulnerability Management System, which includes configuring and maintaining - In depth knowledge in Cisco AMP Anti-Virus software, which includes configuring and maintaining - Knowledge of ISO/IEC 27001 standards. - Strong technical acumen with a solid understanding of security technologies and network architecture - Strong verbal and written communication skills - Independent driver of self-development and continuous learning - Knowledge of information security technology, design, research techniques, administration, operating standards, and quality control methods. - Basic understanding of LAN/WAN technologies and protocols, FTP, Active Directory, VPN technologies (MPLS, IPSEC, etc.), IIS and other network services. - Experience in a large, formal vulnerability program. - General knowledge of cloud, wireless network and mobile security. - Team-oriented and skilled in working within a collaborative environment. **An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability** This job description does not state or imply that the above are the only duties and responsibilities assigned to this position. Employees holding this position will be required to perform any other job-related duties as requested by Management. **Need help finding the right job?** We can recommend jobs specifically for you! An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability (************************************************************************************************** **Job Locations** _US-MN-St. Paul_ **Job ID** _2025-13901_