Cyber security analyst jobs in Tulare, CA

ROLE: Oracle Security Analyst Duration: 6 months extendable Job Details: This role will be part of a growing team responsible for maintaining and supporting the security functionalities of the Oracle Fusion Cloud ERP/EPM/OTM applications. The Oracle Fusion Security Analyst is responsible for supporting all security related issues in Oracle Fusion Cloud ERP, EPM & OTM application. This role will also require strong knowledge on supporting user access, auditing, and custom role security design. In addition, this role may have to support managing the Oracle application environments with supporting refreshes, outages, system monitoring, configurations, and patching. We are looking for a candidate with an in-depth understanding of Security and RMD in Oracle Fusion Cloud, experience in ERP implementations. Key Responsibilities: Effectively support Oracle Cloud ERP, EPM, and OTM SaaS user access and auditing Support user security and roles within Oracle Fusion Cloud, OTM, EPM and guide users as needed to provide proper access to proper functionality. Import users and access using oracle standard functionalities Understand and has experience in Oracle ERP, EPM, OTM security fundamentals and role base access Manage auditing for users and access for ERP, EPM and OTM ensuring access violations are to a minimum in Oracle RMC. Support all issues related to auditing and security for Oracle Fusion Cloud applications (ERP, EPM & OTM) Partner with Security, Network, Development and Product Teams to identify issues, driving issue resolution. Migrate technical SaaS and PaaS objects such as OIC, BIP, BICC, and ESS jobs Follow up on service requests in MOS as needed to complete issues resolution Complete Service Now tickets as required to support users as needed under agreed

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.

We are seeking an Information Security Analyst to support enterprise security operations with a focus on vendor risk management, security control integration, and infrastructure security. This role is responsible for conducting security assessments, coordinating the implementation of core security services (including SSO, logging, IAM, and data protection), and supporting compliance activities aligned with frameworks such as NIST and ISO 27001. The ideal candidate has experience in cybersecurity risk management, cloud environments (AWS/Azure), and collaborating with technical teams to ensure the effective delivery of security controls. At least 2+ years of experience in the following: Security & Compliance Frameworks NIST CSF ISO 27001 CIS Controls ITIL SOC 2 PCI DSS FedRAMP GDPR / CCPA Vendor Risk & GRC Tools OneTrust SIG (Standardized Information Gathering) Other GRC/TPRM platforms Identity, SSO & Access Management SSO (PingFederate, SAML) Active Directory Azure AD AWS IAM

At PriMed, your uniqueness is valued, celebrated, encouraged, supported, and embraced. Whatever your relationship with Hill Physicians, we welcome ALL that you are. We value and respect your race, ethnicity, gender identity, sexual orientation, age, religion, disabilities, experiences, perspectives, and other attributes. Our celebration of diversity and foundation of inclusion allows us to leverage our differences and capitalize on our similarities to better serve our communities. We do it because it's right! Job Description We are seeking a skilled Governance, Risk, and Compliance (GRC) Engineer to strengthen our security posture and ensure adherence to healthcare regulations. The GRC Engineer will play a vital role in designing, implementing, and maintaining risk management processes, compliance frameworks, and policies that align with healthcare regulations such as HIPAA and HITECH. The ideal candidate will have experience with tools like SAI360, CyberArk, and other compliance and security platforms. Job Responsibilities: Develop, implement, and maintain GRC policies, processes, and controls in alignment with industry best practices and regulatory requirements (e.g., HIPAA, HITECH, NIST, ISO 27001). Perform risk assessments and develop mitigation strategies for identified security risks. Administer and optimize SAI360 for governance, risk management, and compliance activities, including reporting and policy management. Collaborate with cross-functional teams to ensure new projects and systems are designed with security and compliance in mind. Monitor and report on compliance status, identifying gaps and proposing remediation strategies. Oversee third-party vendor risk assessments and ensure adherence to security requirements. Support internal and external audits by providing documentation, evidence, and responses to audit findings. Conduct security awareness training programs and promote a culture of compliance within the organization. Required Experience/Skills/Knowledge: 5+ years of experience in Governance, Risk, and Compliance roles or a related field. Strong knowledge of healthcare regulations, including HIPAA, HITECH, and other relevant standards. Proficiency in GRC tools such as SAI360 for compliance and risk management. Experience with privileged access management tools like CyberArk. Solid understanding of risk assessment methodologies and security frameworks, including NIST CSF, ISO 27001, or COBIT. Excellent communication and collaboration skills to engage with technical and non-technical stakeholders. Strong analytical and organizational skills with attention to detail. This role is critical in maintaining our organization's compliance with healthcare security standards and reducing risk exposure. Required Education: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree.

In this role, you will drive the evolution of our infrastructure and security posture. You will have substantial ownership over our technology choices and implementation for deployment, observability, storage, and security. You will identify, triage, and implement incremental improvements in all of these domains, working closely with backend engineers and internal and external auditors to develop appropriately scoped interventions. You will work with engineers to ensure that security considerations are baked into software development from the outset. You should have a broad understanding of modern best practices around cloud architecture, data governance and infrastructure as code. You should approach questions of infrastructure and security risk with a sense of nuance and good judgment. You should be able to build consensus around your threat models such that the necessary consequences seem natural to other stakeholders. In this role, you will need to be fluent in Python and Terraform (at least to start). Company & Funding We're building the world's largest long-term insurer, using digital money and AI to serve billions of people profitably. We want anyone, anywhere, to be able to save for their future, protect their family, and build wealth across generations. We face a once-in-a-century opportunity to build a vertically integrated life (re)insurer. Our product offerings are globally unique, making it possible for us to scale our balance sheet, build modern systems from scratch, and then directly compete to win a market that is 3% of global GDP. We've raised over $140M to date. Sam Altman and Lachy Groom led our initial raise, and they've since been joined by leading investors in AI, insurance, and Bitcoin, including Northwestern Mutual, Apollo, Bain Capital, Pantera, Haun, Framework, Fulgur Ventures, MS&AD, Mouro, Stillmark, and Wences Casares. Our Bermuda operating subsidiary holds the the world's only license to issue life insurance denominated entirely in Bitcoin. It's also the only company in the world with audited financials stated in Bitcoin. (If you join us, you can expect to do a lot of things no one's ever done before.) Engineering at Meanwhile With the advent of ubiquitous AI tooling, the dynamic range in individual engineering effectiveness is only widening. At Meanwhile, we're planning for a world in which small, tight-knit engineering teams (supported by a small, tight-knit platform team) own entire lines of business, and are compensated accordingly. We're attacking a huge market with the leanest, most effective team in insurance. Where incumbents employ a thousand people, we think we can make it work with a hundred or a dozen. We're looking for hungry ICs (and former managers who see the writing on the wall) interested in pushing the boundaries of engineering productivity in a vertically integrated, regulated organization. We're growing quickly. You will fix million-dollar bugs. On the business side, we hire for deep domain expertise, ambition, and the creativity to figure out the previously impossible. Because our engineers work closely with people from the business, they need curiosity, flexibility, an appetite for (and the ability to digest) complex context, and strong communication skills. Our view is that ownership is taken, not given. You will be successful here if your work progressively builds others' trust in your ability to identify, attack, and solve larger and larger problems, including those that no one else has anticipated. We believe that "code wins arguments," that prototyping is often the best first step in a design process, and that the impact of velocity is non-linear. You are excited by putting up multiple meaningful changes, or writing thousands of lines of code, in a day (even though you know that deleting lines of code is more exciting than writing them, and that, occasionally, deep reflection is required in order to ship anything). You aren't fazed by building systems that don't work out - sometimes, you have to throw code away. Intellectual honesty is non-negotiable. You love to learn and to teach, to ask questions and to answer them, and to be transparent about your uncertainty. You are eager to learn, with the rest of the team, how to work with AI tools, including agents, in order to move faster and ship better, more complete versions of your ideas. You will experiment with new ways of working, with the expectation that some of them will be unsuccessful, and you will teach others what works. This is the most exciting time in decades to be a competent, technically ambitious engineer. We want to offer you the opportunity to see what's really possible and how much better you can get at your craft.

About Company, Droisys is an innovation technology company focused on helping companies accelerate their digital initiatives from strategy and planning through execution. We leverage deep technical expertise, Agile methodologies, and data-driven intelligence to modernize systems of engagement and simplify human/tech interaction. Amazing things happen when we work in environments where everyone feels a true sense of belonging and when candidates have the requisite skills and opportunities to succeed. At Droisys, we invest in our talent and support career growth, and we are always on the lookout for amazing talent who can contribute to our growth by delivering top results for our clients. Join us to challenge yourself and accomplish work that matters. We're hiring Senior Backend Engineer - Cloud Security in Sunnyvale, CA What You Will Do Build containerized microservices and related components for a multi-tenant, distributed system that ingests and processes real-time cloud events, system telemetry, and network data across major cloud platforms. Your work will enable customers to detect risks and strengthen their cloud security posture. Mentor junior engineers, interns, and new graduates, helping them develop strong technical skills and become effective contributors. Write production-quality software primarily in Java using Spring Boot, and work extensively with Kafka, SQL, and other data interfaces. Work within a Kubernetes-based service infrastructure, while learning new technologies as needed. Take ownership of major features and subsystems through the entire development lifecycle-requirements, design, implementation, deployment, and customer adoption. Participate in operational responsibilities, gaining firsthand experience with real-world performance, reliability, and support scenarios-informing how you design and build better systems. Prioritize quality at every stage, performing thorough developer testing, functional validation, integration checks, and performance testing to ensure highly resilient systems. Collaborate closely with Product Management to review, refine, and finalize requirements. Develop a deep understanding of customer needs by engaging with peers, stakeholders, and real-world use cases. What You Bring Bachelor's degree in computer science or similar (Master's preferred). 5+ years of experience building scalable, distributed systems. Passion for software engineering, continuous learning, and working in a collaborative environment. Hands-on experience with AWS, Azure, or GCP, with strong familiarity at the API/programming level. Experience with networking and/or security concepts is a plus. Experience developing containerized services on Kubernetes is strongly desired. Strong programming experience in Java/Spring Boot or Golang. Experience building or using REST APIs. Knowledge of infrastructure-as-code tools such as CloudFormation, Terraform, or Ansible is a plus. Understanding of TCP/IP networking fundamentals. Experience developing in Unix/Linux environments. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment

(Salary Range: $125,000 - $143,000 annually DOE) Purpose of Position: This position is responsible for maintaining and improving the security of the organization's information systems, networks, and data. Key responsibilities include proactively identifying potential security risks, developing and implementing security measures to prevent data loss. Essential Functions: • Perform active threat hunting, looking for potential attacks rather than just passively waiting for attacks • Perform red team/blue team exercises to test defenses and improve security operations. • Assists with vulnerability assessments, using provided security tools to identify system vulnerabilities • Design and implement security controls across cloud and on-premises environments • Create and maintain security monitoring and alerting solutions • Data Loss Prevention (DLP): Monitor DLP alerts, investigate incidents, and recommend actions to relevant teams to mitigate data breaches. • Assists in the planning and deployment of the company's cloud information security strategies • Manage Infrastructure and application security monitoring tools to detect and respond to security incidents in real-time • Participate in the development and improvement of the company's SDLC processes, ensuring security practices are integrated into all stages of product development • Responsible for evaluating, influencing, and recommending technology and product direction • Stay informed on the latest cybersecurity trends, emerging threats, attack techniques, and zero-day vulnerabilities affecting Microsoft environments and other relevant technologies. • On-site or remote regular attendance and punctuality are essential functions of the job. • Perform other business tasks or functions as assigned. Knowledge, Skills & Abilities Required: • Experience with Microsoft Defender, Sentinel, Azure Security Center, and Microsoft 365 security solutions, helping to identify vulnerabilities, mitigate threats, and enhance security postures. • Deep knowledge of Microsoft security solutions o Microsoft Defender for Endpoint o Microsoft Sentinel (SIEM/SOAR) o Azure Security Center & Microsoft Purview Compliance Manager o Microsoft Intune and Conditional Access Policies • Strong understanding of security principles and best practices • Strong knowledge and hands on experience with Data Loss Prevention • Hands-on experience in threat hunting • Certifications such as OSCP, OSWE, CISSP, CEH, GPEN, AZ-500 (Microsoft Azure Security Engineer), SC-200 (Microsoft Security Operations Analyst), or SC-300 (Microsoft Identity and Access Administrator) are a plus. • Proficiency in Microsoft security technologies and tools such as Purview Information Protection, Defender for Cloud and Sentinel • Experience with Managed Extended Detection and Response (MXDR) • Proficient in Microsoft Office programs, including Word, Excel, PowerPoint, as well as Outlook. • Adhere to all PHI (Protected Health Information) and HIPAA (Health Insurance Portability and Accountability Act) guidelines. Educational Requirements: • High School Diploma or equivalent required. • Bachelor's degree in Computer Science, Cyber Security or equivalent experience required. • Minimum of six (6) years of hands-on experience in IT with a focus on security. Physical Requirements: Must be able to sit for extended periods and occasionally stand and walk. Must have adequate hearing for phone work. Vision requirements include close vision and the ability to adjust focus. Must be able to communicate effectively in English. Must be able to use a keyboard and other office equipment. Ability to lift up to 10 pounds occasionally.

JT4 Point Mugu is seeking an Information Systems Security Specialist. This role is responsible for assessing, developing and implementing programs and controls set in place to help increase cybersecurity within our company. The Information Systems Security Specialist will be detail-oriented, have great problem-solving and analytical skills, and a passion for cybersecurity. JT4, LLC provides engineering and technical support to multiple western test ranges for the U.S. Air Force, Space Force, and Navy under the Joint Range Technical Services Contract, better known as J-Tech II. JT4 develops and maintains realistic, integrated test and training environments and prepares our nation's war-fighting aircraft, weapons systems, and aircrews for today's missions and tomorrow's global challenges. **An ideal candidate will have an active DoD secret clearance** **This position is located at Point Mugu and is not eligible for telework** Job Summary -- Essential Functions/Duties This position is the on-site technical specialist for monitoring information systems and maintaining the environment of operation to include developing and updating System Security Plans, managing and controlling changes to the systems, conducting audits, providing incident response, perpetration for vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Employee will be responsible to perform the following functions/duties: Provides incident handling in conjunction with the Facility Security Office (FSO) and Information Security Officer / Information Systems Security Manager (ISSO/ISSM) Assists in writing and maintaining computer security processes to meet Navy requirements of Risk Management Framework Monitors computer system use and audits logs Makes recommendations for future hardware / software implementations and related process improvements This position requires skills in team building and customer service Provides operational status as required Uses established policies and procedures and subject matter knowledge to complete complex assignments requiring originality and ingenuity performed under minimum supervision with considerable latitude for independent contribution Provides security training and awareness briefings Other duties as assigned. Requirements -- Education, Technical, and Work Experience Associates or higher degree in Computer/Information Technology, or equivalent academic/technical training/certification. Possess two to three years of experience in computer system security and/or related areas of expertise. Must be compliant to DoD 8570.01-M levels and possess or working toward Security+ certification with a CISSP desired. Should have experience with JSIG, NIST 800 and NISPOM, Chapter 8. In addition, an Information Systems Security Specialist must possess the following qualifications: Must possess and apply a broad knowledge of principles, practices and procedures in computer security and information systems and working experience with Microsoft Office, Access, and Visio Must possess experience supporting various system configurations such as Stand Alone, Local Area Networks, and Wide Area Networks Must possess excellent skills in verbal and written communications, planning, and organizing Ability to work under deadlines. Employee is expected to routinely cross fields in the completion of somewhat difficult and varied assignments. Government vehicle is used on an as-needed basis Ability to work in a field environment at remote locations with occasional overnight assignments Must qualify for and maintain a government security clearance Must possess a valid, state-issued driver's license.

Company - Our client is a globally recognized leader in financial services and technology innovation, consistently ranked in the Fortune 200. Known for their commitment to cybersecurity and digital transformation, they offer a dynamic environment where top-tier tech professionals can make a large-scale impact on cutting-edge cloud and security initiatives. Job Title - Principal Cloud Security Architect Location - Irvine, California (Hybrid - onsite 2-3 days per week) Role Type - 6-Month Contract (1,040 hours) with potential for full-time conversion Must Have Skills: 15 years in information risk management and information security, including 5+ years in security architecture and 5+ years in cloud environments Deep technical expertise in cloud security architecture, including IAM, CI/CD security, data protection, and threat modeling Experience designing and implementing large-scale cloud and security programs (e.g., SOC, SSDLC, DLP, IAM, Zero Trust) Hands-on familiarity with security frameworks such as NIST 800-53, ISO 27002, CIS Benchmarks, and Cloud Security Alliance Strong leadership and communication skills with the ability to influence executive stakeholders Responsibilities and Job Details: Lead the overall cloud security architecture strategy and define secure computing frameworks and standards Collaborate with Infrastructure, Development, and Business Leadership teams to ensure secure cloud adoption Serve as the security SME on the Information Technology Architecture Committee (ITAC) and Architecture Review Committee Develop and maintain the Secure Software Development Lifecycle (SSDLC) and Data Protection Programs Define and enforce enterprise-wide security architecture patterns based on best practices and compliance needs Manage the enterprise threat management/intelligence program, supporting SOC operations and risk integration Evaluate and lead implementation of new security technologies and vendor tools to support enterprise cloud strategy Provide mentorship to junior cybersecurity staff, elevating technical acumen across the team Guide secure integration of innovative technologies such as IoT and AI in alignment with risk posture Participate in security incident investigations and lead post-incident review and strategy refinement Ensure secure CI/CD pipelines, container security, and cloud-native protection strategies are embedded into architecture Influence security roadmap by identifying gaps and defining forward-looking technical solutions across domains

WHO WE ARE: Headquartered in Southern California, Skechers-the Comfort Technology Company -has spent over 30 years helping men, women, and kids everywhere look and feel good. Comfort innovation is at the core of everything we do, driving the development of stylish, high-quality products at a great value. From our diverse footwear collections to our expanding range of apparel and accessories, Skechers is a complete lifestyle brand. ABOUT THE ROLE: Skechers is seeking a passionate Application Security Engineer to join our team and serve as a security champion who bridges the gap between development and security operations. This role is critical to strengthening our security posture by embedding security practices throughout the software development lifecycle and fostering a security-first culture across our development teams. The ideal candidate will be a hands-on security professional who thrives on collaboration, enjoys mentoring developers, and has the technical expertise to identify vulnerabilities while providing practical remediation guidance. You will play a pivotal role in scaling our application security program and ensuring our applications are secure by design. WHAT YOU'LL DO: Successfully integrate security practices into development workflows, resulting in measurable reduction of security vulnerabilities in production applications Conduct thorough security-focused code reviews that identify critical vulnerabilities while providing actionable feedback to development teams Establish and implement efficient processes for triaging, prioritizing, and tracking remediation of security findings with clear SLAs and accountability measures Enhance developer engagement through proactive security awareness initiatives, building trusted relationships that enable developers to implement secure coding practices throughout the development process. Assist with management and optimization of SAST, DAST, OSS, WAF, and other application security tools to maximize coverage and minimize false positives Provide analysis and support as needed during security incidents to contribute to faster resolution times WHAT YOU'LL BRING: Proficiency with application security tools including SAST, DAST, dependency scanning, and WAF technologies Strong understanding of common web application vulnerabilities (OWASP Top 10) and secure coding practices Experience with at least one programming language (Java, Python, JavaScript, C#, or similar) Knowledge of API security, authentication mechanisms, and authorization frameworks Familiarity with DevSecOps practices and CI/CD pipeline integration REQUIREMENTS: 3-5 years of hands-on application security experience with demonstrated expertise in secure code review Retail or e-commerce experience a plus The pay range for this position is $110,000-$155,000/yr USD.

1. Security, Compliance and Audit Readiness a. Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. b. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. c. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. d. Provide documentation and evidence for security audits and compliance reviews. 2. Implementation, Operations and Support a. Serve as the hands-on engineer for network deployment, upgrades, and incident response. b. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. c. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). 3. SME Leadership and Staff Development a. Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. b. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. c. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. d. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. e. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. 4. Any other activities reasonably related to the foregoing, as assigned by OCSD.

A client of Sharp Decisions if looking for a Security Architect. This role is ONSITE in Torrance, CA- a multi-year contract with no end date, W2 only. Daily Task Performed: • Security Design and Architecture: Knowledge of security design and architecture for organizational systems to meet defined cybersecurity needs; ability to embed security principles into the design goals while minimizing the risk from cyber security threats and vulnerabilities. • Cross-functional Collaboration: Knowledge of collaborative techniques and approaches; ability to promote a culture of continuous improvement and working together across functions to solve business problems and meet business goals. • Frameworks and Industry Standards: Knowledge of cybersecurity enterprise programs, policies, and standards to govern the organization's approach towards protecting their systems; Ability to align them with regulations, organization's context, operating environment, and cyber threats. Position Success Criteria (Desired) - 'WANTS' • IS related bachelors degree and/or equivalent work experience. • 5+ years of IT business work experience Desired Certifications: CISSP, CCSP, CCNP, CISA, or equivalent are highly desirable • Problem Solving: Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply knowledge of problem solving appropriately to diverse situations. • Conceptual Thinking: Knowledge of thinking and reasoning at a conceptual level; ability to identify the critical ideas and interdependencies among system elements that impact performance. • Cloud Security: Knowledge of tools, technologies, and processes of cloud security; ability to minimize security risks to secure cloud computing services.

Information Security Need Local to San Francisco, CA Onsite role Looking for independent folks. Top Skills: KQL - kusto query language - used by different Microsoft security tools like sentinel or defender SPL that Splunk uses General incident response actual incident tickets - resolve actual security incident tickets Requirements • Self-starter, able to readily explore and learn new areas and concepts. • Knowledge and experience normally acquired through, or equivalent to, the completion of a Computer Science or Computer Engineering Bachelor's degree with a minimum of 5 years of job-related experience. • Degrees in Computer Science or Engineering and/or relevant technically focused certifications in Cloud and/or enterprise security architecture such as GCAD or GDSA are advantageous Experience with • AWS commercial or government cloud • Experience securing critical workloads in a cloud environment. • Knowledge and experience with Databricks, Starburst, Collibra and Immuta is advantageous. Job Role Summary Lead and produce system threat models for integration of commercial components into a data lake platform. Help design secure cloud architectures. Propose effective security controls within the environment and identify and mitigate security vulnerabilities. Simplify complex security topics, lead discussion in technical and business teams, communicate risk accurately. Skills • Able to create AWS secure cloud architecture designs • Understand current security threats, techniques, and landscape • System threat modeling of applications and platforms • Able to identify and provide mitigation for security vulnerabilities within applications and application environments based on threat models. • Able to simplify complex security topics for consumption and critical decision making. • Clear and accurate communication • Able to lead/direct discussions with technical and business teams to achieve common goals. • Able to work well within a team and support team goals • Understand cyber security frameworks such as NIST 800-53 • Ability to work on a geographically distributed team across multiple time zones • Familiarity with SAFe a plus Responsibilities • Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture. Ensure these artifacts are in alignment with FRS policy and standards. • Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer. • Work with members of application development teams to review and create secure application and infrastructure designs and patterns. • Assist development teams by reviewing threat models related to applications and related systems. Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc. • Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines. • Assist in identification and integration of security focused tooling into development and operations processes. • Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views. • Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position. • Assist with recruiting activities and administrative work.

Security Architect / Implementation Engineer Duration: 6 Months contract with possibility of extension We are seeking a highly skilled Security Architect / Security Implementation Engineer with expertise in designing, implementing, and integrating Google Cloud Security Command Center (SCC), Chronicle SIEM, and Cybereason XDR. The candidate will be responsible for architecting the end-to-end solution, implementing GCP native security controls, integrating third-party security tools, and producing detailed design and operational documentation. Key Responsibilities: Design and architect cloud-native security controls in GCP aligned with security and compliance frameworks (CIS, ISO 27001, NIST, etc.). Implement Google Security Command Center (SCC) for threat detection, vulnerability management, and risk insights. Architect and configure Chronicle SIEM for log ingestion, correlation, and advanced threat analytics. Integrate Cybereason XDR with SCC, Chronicle, and other security tools to establish end-to-end threat detection and response workflows. Define use cases, rules, policies, and security playbooks to automate detection and response. Document the solution architecture, design decisions, configuration standards, and integration workflows. Conduct knowledge transfer sessions with security operations and support teams. Collaborate with GCP Cloud Platform teams, SOC teams, and compliance teams to align solutions with enterprise policies. Required Skills & Experience: 8-12 years of overall IT security experience with at least 4-5 years in Google Cloud Security. Proven experience with Google Security Command Center (SCC), Chronicle SIEM, and XDR platforms (Cybereason preferred). Strong knowledge of GCP IAM, VPC Service Controls, Cloud Armor, DLP, Cloud Logging, Cloud Monitoring. Hands-on experience in integrating SIEM, XDR, and native GCP security tools. Experience with Terraform, Deployment Manager, or automation frameworks for security deployment. Strong documentation and presentation skills. Security certifications preferred: Google Professional Cloud Security Engineer, GCP Professional Architect, CISSP, CISM, CCSP.

Cloud Security AI Security Container Security Cyber Risk Assessment Identity and Access Management (IAM) DevSecOps CISSP / CCSP / CISA / CCNP (Certifications) Daily Tasks Performed: • Security Design and Architecture: Knowledge of security design and architecture for organizational systems to meet defined cybersecurity needs; ability to embed security principles into the design goals while minimizing the risk from cyber security threats and vulnerabilities. • Cross-functional Collaboration: Knowledge of collaborative techniques and approaches; ability to promote a culture of continuous improvement and working together across functions to solve business problems and meet business goals. • Frameworks and Industry Standards: Knowledge of cybersecurity enterprise programs, policies, and standards to govern the organization's approach towards protecting their systems; Ability to align them with regulations, organization's context, operating environment, and cyber threats. • Communicating Complex Concepts: Knowledge of effective presentation tools and techniques to ensure clear understanding; ability to use summarization and simplification techniques to explain complex technical concepts in simple, clear language appropriate to the audience. • Domain Knowledge: Knowledge of a specific domain, its current trends, directions, and regulatory considerations; ability to apply domain-specific knowledge to relevant situations. • Technical Excellence: Knowledge of a given technology and various application methods; ability to develop and provide solutions to significant technical challenges • Cybersecurity Expertise: Knowledge of the processes, tools, and techniques in the cybersecurity domain; ability to deploy and monitor cybersecurity measures, while detecting, controlling, and preventing cybersecurity breaches. What this person will be working on: This is a Security architect role and will include Cloud Security, AI Security, endpoint security, Network security and other security domain areas as needed Position Success Criteria (Desired) - 'WANTS' Qualification: IS related bachelor's degree and/or equivalent work experience. 5+ years of IT business work experience Desired Certifications: CISSP, CCSP, CCNP, CISA, or equivalent are highly desirable • Problem Solving: Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply knowledge of problem solving appropriately to diverse situations. • Conceptual Thinking: Knowledge of thinking and reasoning at a conceptual level; ability to identify the critical ideas and interdependencies among system elements that impact performance. • Cloud Security: Knowledge of tools, technologies, and processes of cloud security; ability to minimize security risks to secure cloud computing services. • Container Security: Knowledge of containerization technologies, secure image practices, runtime security, secure networking, and incident response; ability to design, develop, and implement secure container environments, while assessing risks, leading audits, and advocating for best practices, enables effective protection of containerized environments. • AI Security: Designs secure architectures for Gen AI systems with a focus on threat modeling, data protection, and adversarial risk mitigation. Ensures secure deployment, access control, and compliance with AI governance and regulatory standards. Collaborates cross-functionally to embed security across the AI/ML lifecycle. Knowledge of tools, technologies related to AI development and security. • Cyber Risk Assessment and Mitigation: Knowledge of cyber risk assessment and mitigation strategies across the systems' life cycle; ability to assess risks timely and propose countermeasures. • Threat Analysis and Defense: Knowledge of characteristics, behaviors, capabilities, intent, and interactions of incoming cyber threats; ability to analyze the threats and develop defense and mitigation strategies to effectively combat such threats. • Identity and Access Management: Knowledge of security administration; ability to manage access to computers, infrastructure, networks, and applications. • DevSecOp: Knowledge of concept, principles, methodologies of DevSecOps; ability to utilize related tools and techniques to integrate security into DevOps processes.

The pay range for this position at commencement of employment is expected to be between $104,400 and $171,000/year. However, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If hired, employee will be in an "at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. We are Alibaba Cloud's Network and Application Security R&D Team, specializing in the research, development, operations, and management of foundational network security and application security. Our core mandate revolves around advancing the capabilities of DDoS Protection, Web Application Firewall (WAF), and Cloud Firewall solutions. As a young, dynamic team with deep technical expertise and R&D excellence, we deliver robust network traffic security and application security services to users, committed to safeguarding their network infrastructure and application-layer security. Core Responsibilities: System Construction and Maintenance ●Deploy, monitor, and maintain cloud security product systems (including foundational services, operation platforms, consoles, and security components such as cloud firewalls, DDoS protection, and WAF), ensuring high availability and security. ● Participate in disaster recovery and circuit breaker drills for high-availability systems to enhance stability and risk resilience. Product Release and Management ● Lead the release of cloud security foundational services and core network security products, conduct independent operational testing, and ensure post-launch stability and performance. Operational Observability Management ●Configure and manage hardware/software monitoring systems (e.g., Prometheus) for 24/7 real-time monitoring and rapid response, ensuring timely issue detection and resolution. Automated Operations Development ● Design and develop automated operation and maintenance tools/platforms to improve efficiency, reduce manual intervention, and optimize system performance. Service Support and Troubleshooting ● Monitor system logs, independently troubleshoot application issues, propose solutions, and collaborate with R&D teams for fixes and validation. Capacity Planning and Budget Management ● Develop annual capacity plans and budgets based on product usage and scaling needs, ensuring rational resource allocation and utilization.

Select Cyber, an Information Security recruitment specialty firm, seeks to fill the following role for our client: Network Security Analyst I Be part of a cutting-edge Computer Incident Response Team, (CIRT) for a fortune 500 company. We are looking for individuals that want to learn a new field and grow with the company. Training provided. The selected candidate will be a part of the Security Operations Center (SOC) and its mission to improve the information security of our customers using a Security Information and Event Management (SIEM) tool to detect and analyze IT security incidents. Responsibilities: Perform the following functions as individual assignments or as part of a team: · Monitoring client networks for signs of adversarial activity. · Respond to alerts from various monitoring systems and platforms providing indicators for enterprise defensive measures. · Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs). · Triage potentially malicious events to determine severity and criticality of the event. · Follow procedures to analyze and escalate security incidents which vary from customer to customer. Experience · 1+ years technical experience in the Information Technology field. · Experience with Intrusion Detection & Prevention Systems (IDS/IPS) or Firewalls & Log Analysis a plus. · Technical degree, Associate or Bachelor's degree from an accredited institution in Computer Science or information technology field preferred. · CompTIA Network+/Security+ certifications is a plus

Dynamic Solutions Technology, LLC, a premier strategic services firm that meets IT and Service needs for commercial and government clients. We are is seeking a full-time Information Security Analyst to support DoD customer. This position is to provide support in the China Lake, CA area. Responsibilities: Serves as a team member providing network monitoring and scanning functions. Provides network vulnerability scanning to ensure IAVA compliance and remediation. Provides antivirus management using antivirus tools. Provides wireless scanning using network detection software. Implements system security policies, and scans Provides Cybersecurity reporting requirements to appropriate authorities. Provides assistance for personnel / users needing information/assistance with Information Assurance (IA) related issues. Directly supports Information Assurance (IA) requirements, within the immediate area of responsibility (AOR), managing and tracking system administrator elevated level of access to network resources. Works with team members to identify IA trends and suggests long-term strategies to help mitigate IA issues. Assesses procedures and identifies opportunities to improve customer service. Champions customer service and sets and monitors parameters for customer service excellence. Qualifications Requirements: Active SECRET clearance Bachelor's Degree in Engineering, Computer Science, or Information Assurance 6 years' additional work experience may be substituted for a Bachelor's Degree Min 3 to 10 years of relevant focused experience Must meet specific certification and training requirements in accordance with DoD 8570.1-M, DoDD 8570.1 Experience and Skills: Excellent oral and written skills. Excellent critical thinking skills. Proficient in Microsoft applications such as Word, Excel, PowerPoint, and Outlook. Ability to work independently and as a team member

Why PlayStation? PlayStation isn't just the Best Place to Play - it's also the Best Place to Work. Today, we're recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation 5, PlayStation 4, PlayStation VR, PlayStation Plus, acclaimed PlayStation software titles from PlayStation Studios, and more. PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team. The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation. PlayStation is looking for an Information Security Analyst to join our team and operate the day-to-day Information Security, Risk and Compliance management processes. This is a mixture of processing requests from the business and driving internal security projects such as security audit and assessment. This role requires a sound understanding of technical and engineering terminology, outstanding ability to articulate risk across any security domains (technical and governance) with the demonstrable ability to work independently and process high volumes of security requests on a weekly basis. This role also provides ample opportunity to work across technical and game-related projects with studio and PlayStation engineering teams and therefore requires risk advisory and influencing experience. Based in San Diego, the candidate will be the key business relationship partner on behalf of Information Security and work on Information Security processes as well as strategic projects across PlayStation and the Studios group. This role will collaborate closely directly with business, technical and third party collaborators, as well as work multi-functionally with our other Information Security specialist teams across the globe to protect PlayStation's intellectual property, data and infrastructure whilst delivering new and evolving games, services and hardware to the market. This is an opportunity to provide security directly to the global PlayStation business, our PlayStation Network and global Studios and their game development. What you will be doing: Serve as a primary partner to PlayStation Studios, supporting security risk management across global game development and studio environments. Triage and manage technical and strategic security risks across studios, ensuring alignment to security strategy and policy compliance. Engage directly with technical teams and studio leadership to strengthen risk posture, manage vulnerabilities, and drive mitigation strategies. Act as a trusted advisor to studio teams, driving a culture of embedding “security by design” principles. Support the creation of risk insights, reporting, and executive briefings that inform leadership on studio security health and emerging trends. Maintain broad knowledge of emerging security trends, risks, adn technologies that are applicable to the studio business and Sony at large. Advance the Information Security program through collaborative and cross-team partnerships. Required Experience: 3+ years of experience in information security, with demonstrated expertise in risk identification and mitigation. 2+ years conducting risk assessments and providing actionable recommendations to technical and business stakeholders. 2+ years working in vulnerability management, including detection, analysis, reporting, or remediation tracking. 2+ years of hands-on experience managing or evaluating cloud environments, networks, and security infrastructure. 2+ years of experience communicating risk and security insights to leadership and cross-functional partners. Preferred Experience & Attributes: Background in the gaming or entertainment industry. Experience leading projects or programs in a security or risk management capacity. Technical and Security focused certifications a strong preference Confident communicator able to translate complex security risk concepts for both technical and non-technical audiences. Comfortable working in a dynamic, fast-paced environment balancing innovation and security priorities. Proven success working independently to establish relationships, deliver requirements, and communicate effectively. #LI-GM1 Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights. At SIE, we consider several factors when setting each role's base pay range, including the competitive benchmarking data for the market and geographic location. Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location. In addition, this role is eligible for SIE's top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more. The estimated base pay range for this role is listed below.$140,000-$210,000 USD Equal Opportunity Statement: Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category. We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond. PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.