Cyber security analyst jobs in West Haven, UT - 71 jobs

WAGE: $38.09 - DOE/DOQ DEPARTMENT: Information Technology PERSONNEL STATUS: Full Time BENEFITS: Health, Dental, Vision, Retirement, 401k match, Sick/Vacation, Life Insurance, Short-term Disability, Accident, Critical Illness; Parental Leave; Maternity Leave WORK AUTHORIZATION & RESIDENCY: Applicants must be legally authorized to work in the United States without employer sponsorship on a permanent basis. This position requires regular onsite presence. Relocation assistance is not available, and candidates must be able to begin work without relocation support. JOB OVERVIEW: Implement, monitor, and maintain Weber County's enterprise-wide Information Technology (IT) security programs which are designed to protect the confidentiality, integrity, and availability of all County systems and resources, including but not limited to voice, data, network, applications, and computer infrastructure, and their associated information assets. Support Weber County's Information Security Officer with day to day security tasks. ESSENTIAL FUNCTIONS: Applicants must be prepared to demonstrate the ability to perform the essential functions of the job with or without reasonable accommodation. Have an enthusiasm and passion for security, be able to work independently or as part of a larger security team. Hands on virus/malware identification, investigation and mitigation on county endpoints as they arise. Act in an advisory role to other teams both internal to IT and throughout the county. Stays current with technical knowledge in information systems, security and privacy technologies, best practices, and use of appropriate security controls and methods. Deploys, as instructed, the Information Security plans and short-term and long-term strategies for the IT organization and the County. Deploys and integrates IT security and privacy-related programs designed to protect the County's systems, applications, and data. Identifies and communicates security issues and their impact on the IT organization and the County and assists with executing successful solutions while tracking and achieving measurable results. Complies with and promotes all IT security policies, processes, procedures, and best practices. Establishes and maintains positive business relationships with users countywide to actively market and educate them on the importance of security cooperation and compliance. Designs, develops, implements, and monitors information security systems and controls. Documents processes and monitors systems that report on the effectiveness of systems and controls necessary to protect the County's information technology systems, assets, and interests. Monitors compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties and resolves potential issues as needed. Assists with information security risk assessments and serve as information security subject matter expert to countywide customers. Responds, as directed, to information security incidents and follow up to ensure that proper protection and corrective measures have been taken. Participates, as instructed, in forensics investigations and audits as required. Implements, as instructed, security controls for systems that accept payment card data. Implements, as instructed, the County's cloud security strategy to protect County IT systems and data in PaaS, SaaS, and IaaS environments. Embraces managed security service options as they are considered. Maintains required certifications as specified by the Information Security Officer. Other duties as assigned. Any one position may not include all of the duties listed, nor do the listed examples include all duties which may be found in positions of this class. Applicants must be prepared to demonstrate the ability to perform the essential functions of the job with or without reasonable accommodation. SUPERVISORY RESPONSIBILITIES: None EDUCATION/EXPERIENCE : Education: Bachelor's Degree from and accredited college or university in Information Technology/Security or closely related field. OR Technical College certificate in Security/IT with additional technical certifications (Security+, Network+, etc.) plus (six) 6 months to (two) 2 years related experience. OR An equivalent combination of education and five (5) years of related experience. KNOWLEDGE, SKILLS, AND ABILITIES (KSA): Knowledge: Knowledge of security controls for application development and management. Basic understanding of IT systems, computer infrastructure & software (e.g., computer, server, storage, networking, firewall, OS, databases, web servers, virtualization). General understanding of how to reverse engineer attacks. Introductory level knowledge of Information Security or Information technology standards. Introductory knowledge of Linux, Windows and Network system administration practices, access control, and auditing/logging procedures within an enterprise class environment. Introductory knowledge of security related tools including vulnerability assessment tools, Host Based Security Systems, log aggregation and SIEMs, File Integrity Monitoring Software. Skills: communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles, and levels; Leveraging networking tools to map networks on a basic level. Abilities: Ability to create and maintain effective documentation, including policies, processes, and procedures. Ability to prioritize workload in order to meet commitments. Basic networking skills (IP Addressing, subnets, simple network tools). Ability to multitask and prioritize projects, appropriately manage expectations, make difficult judgment calls and communicate complex issues in an easy to understand format. Ability to prepare multiple types of documentation, policies, guides, communications, presentations, etc. Initiative driven attitude and a willingness to take on challenging tasks independently. Professional, self-motivated and a strong sense of urgency. SPECIAL QUALIFICATIONS: Due to the nature of this position, the successful candidate may be required to complete a pre-employment background check prior to starting the position. PHYSICAL DEMANDS : The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to sit and talk or hear, use hands to finger, handle, or feel objects, tools, or controls; and reach with hands and arms. The employee is occasionally required to walk. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus. WORK ENVIRONMENT : The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually quiet.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

RELOCATION ASSISTANCE: Relocation assistance may be available CLEARANCE TYPE: SecretTRAVEL: Yes, 10% of the TimeDescriptionAt Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Join Northrop Grumman on our continued mission to push the boundaries of possible across land, sea, air, space, and cyberspace. Enjoy a culture where your voice is valued and start contributing to our team of passionate professionals providing real-life solutions to our world's biggest challenges. We take pride in creating purposeful work and allowing our employees to grow and achieve their goals every day by Defining Possible. With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today. Northrop Grumman Defense Systems is seeking a Systems Security Engineer, (Level 2), that will support the Sentinel (GBSD) program performing Hardware Assurance. This position will be located in Roy, UT and will support the Ground Based Strategic Deterrent (GBSD) program. The Mission Defense Team (MDT) is seeking a highly motivated and qualified system engineer to serve as a Hardware Assurance Engineer, Level 2. You will be responsible for assessing and prioritizing a broad spectrum of hardware security threats. Key protection activities will involve vendor research, hardware assurance, program protection, counterfeit prevention, and supply chain security. Additional Responsibilities include: Assessment and analysis of threats, vulnerabilities, and risk for identified mission-critical functions and critical components Support courses of action based on knowledge and experience, initiative, guidance, and established regulations and policies Research, analyze data, and derive facts per identified vulnerabilities Participate in a variety of working groups and customer meetings; ensure communication of risk environment with stakeholders Contributes to program plans, goals, objectives, and milestones to for Hardware Assurance Review technical security assessments of SSE environments to identify points of vulnerability, non-compliance with established standards and regulations and recommended mitigation strategies Execute completion Statement of Work requirements, Program Milestone Exit Criteria, and program maturity commitments Ensure the architecture and design of systems are functional and secure; support the design, development, implementation, and integration of security systems and system components Self-starters compelled to take action in the workplace without requiring prompting from supervisors Support MDT with other duties as assigned In addition to technical skills, you will be a self-starter with strong time management skills. Your organizational skills and ability to anticipate future challenges will serve you well Basic Qualifications Must be a US Citizen with an active DoD Secret Clearance, at time of application, current and within scope, with an investigation date within the last 6 years Must have the ability to obtain and maintain Special Access Program (SAP) approval within a reasonable period of time, as determined by the company to meet its business need Requires a bachelor's degree in a STEM (Science, Technology, Engineering or Mathematics) discipline from an accredited university and 2 years of related experience; or a master's degree with 1 year Minimum 2 years of applying and understanding Systems Security Engineering principles applicable to US Government Defense Programs Minimum 2 years in showing the ability to communicate effectively and clearly present technical approaches and findings Experience in any of the full product life cycles of: ASIC Design, FPGA Design Experience in HDL (VHDL/Verilog), implementing designs using RTL Ability to show self as team player, able to multi-task, able to generate quality work products independently, able to make excellent judgement and show interpersonal skills Preferred Qualifications Degree in Aerospace Engineering, Systems Engineering, Mechanical Engineering, Software Engineering, or similar ICBM Experience Experience developing Systems Security Engineering requirements for hardware and software assurance Evaluating program processes and compliance strategies for large, complex multi-site programs Demonstrated experience and familiarity with vulnerability management Experience with Model-based Systems Engineering (MBSE) concepts and tools A solid understanding of Program Protection applicable to US Government Defense Programs and applied knowledge in the application of SSE principles across a broad spectrum of security measures (Cybersecurity, Counterfeit Awareness, Anti-Tamper, HW/SW Assurance, OPSEC, etc.) to protect critical program information (CPI) Top Secret clearance Position Benefits As a full-time employee of Northrop Grumman, you are eligible for our robust benefits package including: Medical, Dental & Vision coverage 401k Educational Assistance Life Insurance Employee Assistance Programs & Work/Life Solutions Paid Time Off Health & Wellness Resources Employee Discounts ****************************************************************** This position's standard work schedule is a 9/80. The 9/80 schedule allows employees who work a nine-hour day Monday through Thursday to take every other Friday off. This role may offer a competitive relocation assistance package. #Sentinelsystems Primary Level Salary Range: $77,200.00 - $115,800.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

T-Rex Solutions is seeking a qualified Cyber Security Engineer to support of a secure DOD customer located in Ogden, UT. The overall program that this role supports aims to modernize legacy network infrastructure and migrate services into a new AWS Cloud Environment. For any candidates not already local to the Ogden, UT area, T-Rex is offering a relocation support package to assist with moving costs. Responsibilities: Implement and manage Secure Cloud Computing Architecture (SCCA) controls, including Virtual Data Center Security Stack (VDSS) and Boundary Cloud Access Point (BCAP). Work with DoD teams to ensure cloud environments are compliant with DoD security frameworks, including NIST, STIGs, and FedRAMP+. Manage and enforce Trusted Cloud Credential Management (TCCM) practices for secure identity access and cloud credential management. Configure and maintain cloud security services for monitoring, alerting, and logging using tools like SolarWinds, ELK, and native CSP security features. Support cloud onboarding and migration, ensuring security best practices are adhered to during the transition. Collaborate with cross-functional teams to ensure Zero Trust principles are implemented effectively in the cloud environment. Assist in preparing and maintaining documentation for ATO processes, including mapping inherited controls and contributing to eMASS submissions. Provide guidance on cloud security best practices and mentor junior team members in cloud security management. Requirements: Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience). CompTIA Security+ 7+ years of experience in cloud security with hands-on experience in at least one CSP (OCI, Azure, or AWS). Experience in implementing and managing security controls in cloud environments, including identity and access management (IAM), logging, and monitoring. Experience with security incident management, vulnerability assessments, and cloud compliance processes. Strong troubleshooting and problem-solving skills in cloud environments. Solid understanding of DoD cloud security requirements, including NIST 800-53, STIGs, and FedRAMP+. Proficiency with automation tools such as Terraform, Ansible, and PowerShell for managing cloud configuration. Ability to obtain a DOD Secret clearance Desired: Secret Clearance or higher desired. DoD-approved cloud security certifications (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer) preferred. T-Rex Overview Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering. T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits. T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. In compliance with pay transparency guidelines, the annual base salary range for this position is $125,000 - $145,000. Please note that the salary information is a general guideline only. T-Rex considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. T-Rex offers a diverse and collaborative work environment, exciting opportunities for professional growth, and generous benefits, including: PTO available to use immediately upon joining (prorated based on start date), paid parental leave, individual and family health, vision, and dental benefits, annual budget for training, professional development and tuition reimbursement, and a 401(k) plan with company match fully vested after 60 days of employment among other benefits.

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide. Position Overview By Light is seeking a Cyber Countermeasures Engineer who's primary duty location is DISA Global Field Command (DGFC),Hill AFB, Utah. Responsibilities * Provide mission support, as necessary for a new cyber capability * Serve as the cyber countermeasure Subject Matter Expert for a new cyber capability. * Work directly with commercial vendor cyber fusion/threat analyst teams to develop effective countermeasures addressing a wide range of priority and/or emerging cyber threats. * Ensure countermeasures are effective in supporting desired mission outcomes. * Provide critical integration for commercial vendors teams * Analyze signatures (ex. YARA, Snort) in Cyber Threat Intelligence or DoD orders and assess new capability coverage for these threats Required Experience/Qualifications * 2+ years of experience in cyber analyst role * Experience conducting malware analysis * Experience developing behavioral threat signatures, such as YARA rules * Experience with cyber operations and cyber operation planning processes * Understands malicious cyber actor TTPs to include initial access and command-and-control * Understands how to use cyber security tools and data to conduct defensive cyber operations * Understands cyber threats and cyber threat frameworks such as Cyber Kill Chain and MITRE ATT&CK framework * Understands Cyber Threat Intelligence (CTI) and how to integrate CTI into defensive cyber operations Preferred Experience/Qualifications * Hands on SIEM experience, preferably with Splunk, to include configuration, query development, log review/analysis, and correlation of event data * 5+ years of experience in cyber analyst role, preferably supporting DGFC or JFHQ * Experience with regex and signature development * Experience with coding/scripting * Cybersecurity certifications such as CISSP and/or GIAC certifications * Splunk certifications Special Requirements/Security Clearance * Active TS/SCI clearance required

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

We are looking for a Data Security Analyst for our long-term multiyear project out of Salt Lake City, Utah. Build software libraries and services to provide secure-by-default services to software engineering teams, including authentication systems, secure service architectures, endpoint control solutions, and cloud controls · Partner with colleagues from across engineering and risk to ensure an outstanding developer experience that satisfies the firm's security needs · Collaborate on feature design and problem solving · Help to provide frictionless integration with the firm's runtime, deployment and SDLC technologies · Manage the full lifecycle of software components, from requirements through design, testing, development, release and demise · Help to communicate and promote best practices for security engineering across the firm · Engage in production troubleshooting Basic Qualifications · A strong grounding in security concepts, including secure coding practices, trusted computing and principles of authentication and authorization · A good understanding of public key and symmetric key cryptography · The ability to reason about performance, security, and process interactions in complex distributed systems · Proficiency in designing, developing and testing cross-platform software in one or more of Java, Golang or C#; open to using multiple languages · Experience developing, deploying and supporting software across the full Continuous Delivery life-cycle · The ability to understand and effectively debug both new and existing software · Experience meeting demands for high availability, low latency and scale · The ability to communicate technical concepts effectively, both in writing and orally, as well as the interpersonal skills required to collaborate effectively with colleagues across diverse engineering teams Preferred Qualifications · An understanding of regulated environments, e.g. financial services · Experience building services using public cloud providers such as AWS, Azure or GCP · Experience with threat modeling and risk assessment · Experience of practical security engineering in a Linux and/or Windows environment · Familiarity with service mesh concepts and service-oriented architectures · Familiarity with data protection principles and solutions · Experience with deploying software to containerized environments - Kubernetes/Docker · Experience monitoring, measuring, auditing and supporting software · Scripting skills using Python, PowerShell or bash · Experience with Terraform or similar infrastructure-as-code platforms, as a user and/or as a service provider

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Computer Security, Information Assurance, Information System Security Certifications: None Experience: 10 + years of related experience US Citizenship Required: Yes Job Description: The Information System Security Engineer (ISSE) is primarily responsible for conducting information system security engineering activities with a focus on lifecycle of current systems and future requirement scoping. The position will collect and process the captured information security requirements and ensures that the requirements are effectively integrated into information systems through purposeful security architecting, design, development, and configuration. The position is an integral part of the development team designing and developing organizational information systems or upgrading legacy systems. The ISSE employs best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. This position's main function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Performance shall include: Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures Perform analysis of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process Provides expert support, research and analysis of exceptionally complex problems, and processes relating to them Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation and alternatives to complex problems Thinks independently and demonstrates exceptional written and oral communications skills. Applies advanced technical principles, theories, and concepts Contributes to the development of new principles, concepts, and methodologies. Works on unusually complex technical problems and provides highly innovative and ingenious solutions Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria to include the development of product specific STIGs from applicable DISA SRGs Leads technical teams in implementation of predetermined long- range goals and objectives Support customer and SAP community IA working groups, participate in SSE IPT reviews Provides expert level consultation and technical services on all aspects of Information Security Review ISSE related designs and provides security compliance recommendations Develop and provide IA risk management recommendations to the customer Assist with development and maintenance of the Program Protection Plan Assist with site activation activities and design reviews Interface and support the System Engineer (SE) on system security design, interoperability, and basic engineering endeavors implementing cybersecurity policy, system security engineering processes, and basic system engineering (SE) processes Represent the customer in various ISSE related working groups, advisory groups, and advisory council meetings Assist team to design, integrate, and implement JSIG/RMF Continuous Monitoring tools and processes Perform security assessments of servers/network devices/security appliances Develop improvements to security assessments with regard to accuracy and efficiency Integrate ancillary monitoring tools/capabilities with the enterprise security information and event management (SIEM) and create/tailor complex event alarms/rules and summary reports Write and execute cybersecurity test procedures for validation of control compliance Monitor/analyze output of cybersecurity related tools for reportable security incidents and residual risk Analyze technical risk of emerging cybersecurity tools and processes Work as part of a security incident response team as needed Build operational Operations and Maintenance (O&M) checklists to maintain the service (daily, weekly, monthly, yearly O&M checklists); build Tactics, Techniques and Processes (TTPs) and Standard Operating Processes (SOPs) associated with service checklists Integrate/Develop new techniques to improve Confidentiality, Integrity, and Availability for networks/systems operating at various classification levels Maintain relationship with System Engineer (SE). Experience: 10+ years related experience SAP experience desired Education: Bachelor's degree in related discipline OR Associate's degree in a related area + 2 years' experience OR equivalent experience (4 years) Certifications: IAM Level III or IAAE I - within 6 months of hire Clearance Required to Start: TS/SCI required Must be able to Attain - TS/SCI with CI Polygraph #AirforceSAPOpportunities The likely salary range for this position is $141,355 - $191,245. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Onsite Work Location: USA UT Ogden Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Bookmark this Posting Print Preview | Apply for this Job Please see Special Instructions for more details. About UIT: University Information Technology (UIT), the central IT service provider for the University of Utah, reports to the U's Chief Information Officer and is responsible for many of the U's shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services. About the University of Utah: Located in Salt Lake City, the U is the flagship institution of the State of Utah's system of higher education, home to arts and museum venues and a member of the BIG-12 Conference. Skiing and snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities. The University of Utah offers a comprehensive benefits package for eligible employees including: * Excellent health, dental, and wellness coverage at affordable rates * 14.2% retirement contributions * Generous paid leave time * 11 paid holidays per year * 50% tuition reduction for employees after completing probationary period, and spouse, and dependent children after three years * Flex spending accounts * Free transit on most UTA services * Employee discounts on a variety of products and services including cell phones & plans, entertainment, health and fitness, restaurants, retail, and travel * Professional development opportunities * A wellness program to promote health and quality of life * Learn more about the great benefits of working for University of Utah: benefits.utah.edu For more information regarding how our salary and benefit offerings impact the overall compensation here at the University of Utah, please see our Total Compensation Calculator: ****************************************** Announcement Details Open Date 12/15/2025 Requisition Number PRN43780B Job Title Information Security Analysts Working Title Information Security Analysts Career Progression Track P00 Track Level P5 - Expert, P4 - Advanced, P3 - Career FLSA Code Computer Employee Patient Sensitive Job Code? No Standard Hours per Week 40 Full Time or Part Time? Full Time Shift Day Work Schedule Summary Monday - Friday, 8:00 AM - 5:00 PM. Some nights or weekends are possible based on a rotating on call shift. This is a hybrid position. VP Area President Department 00954 - UIT Systems & Security Location Campus City Salt Lake City, UT Type of Recruitment External Posting Pay Rate Range $88,000 - $131,300 Close Date 02/28/2026 Priority Review Date (Note - Posting may close at any time) Job Summary Information Security Analysts The incumbent will play a critical role in safeguarding regulated data across the enterprise by monitoring and analyzing the organization's data security posture. This position focuses on configuring Data Security Posture Management (DSPM) settings and policies, interpreting results, creating reports, identifying risks, and ensuring compliance. The analyst will take a risk-based approach to assess and remediate issues related to unauthorized storage or transmission of regulated data across cloud and on-premise environments. Learn more about the great benefits of working for University of Utah: benefits.utah.edu The department may choose to hire at any of the below job levels and associated pay rates based on their business need and budget. Responsibilities Data Security Monitoring * Review and analyze DSPM tool outputs to identify misconfigurations, unauthorized data flows, and storage of regulated data in non-approved locations. * Monitor the movement of sensitive data across cloud and on-prem systems, ensuring compliance with internal policies and regulatory requirements. Risk Assessment & Governance * Apply a risk-based methodology to prioritize remediation efforts. * Maintain applicable risk register entries and document findings for governance reporting. Collaboration * Partner with the Enterprise Security team to validate technical controls. * Work closely with the Chief Data Officer and Privacy Office to align DSPM findings with data governance and privacy requirements. Compliance & Policy Alignment * Ensure adherence to frameworks such as NIST CSF, CIS 18, and other applicable regulations (e.g., HIPAA, FERPA, etc. etc.). * Support audits and compliance reviews by providing DSPM-related evidence. Reporting & Communication * Prepare dashboards and reports for leadership summarizing DSPM findings, trends, and risk posture. * Communicate actionable insights to stakeholders in clear, business-focused language. Minimum Qualifications EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor's degree = 4 years of directly related work experience). Department may hire employee at one of the following job levels: Information Security Analyst, III: Requires a bachelor's (or equivalency) + 6 years or a master's (or equivalency) + 4 years of directly related work experience. Information Security Analyst, IV: Requires a bachelor's (or equivalency) + 8 years or a master's (or equivalency) + 6 years of directly related work experience. Information Security Analyst, V: Requires a bachelor's (or equivalency) + 10 years or a master's (or equivalency) + 8 years of directly related work experience. Preferences Certifications such as CISSP, CRISC, or equivalent. Master's degree in information security or another relevant field. Experience with a DSPM tool. 3+ years that are specifically tied to GRC experience. Type Benefited Staff Special Instructions Summary About UIT: University Information Technology (UIT), the central IT service provider for the University of Utah, reports to the U's Chief Information Officer and is responsible for many of the U's shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services. About the University of Utah: Located in Salt Lake City, the U is the flagship institution of the State of Utah's system of higher education, home to arts and museum venues and a member of the BIG-12 Conference. Skiing and snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities. The University of Utah offers a comprehensive benefits package for eligible employees including: * Excellent health, dental, and wellness coverage at affordable rates * 14.2% retirement contributions * Generous paid leave time * 11 paid holidays per year * 50% tuition reduction for employees after completing probationary period, and spouse, and dependent children after three years * Flex spending accounts * Free transit on most UTA services * Employee discounts on a variety of products and services including cell phones & plans, entertainment, health and fitness, restaurants, retail, and travel * Professional development opportunities * A wellness program to promote health and quality of life * Learn more about the great benefits of working for University of Utah: benefits.utah.edu For more information regarding how our salary and benefit offerings impact the overall compensation here at the University of Utah, please see our Total Compensation Calculator: ****************************************** Additional Information The University of Utah values candidates who have experience working in settings with students from diverse backgrounds and possess a strong commitment to improving access to higher education for historically underrepresented students. Individuals from historically underrepresented groups, such as minorities, women, qualified persons with disabilities and protected veterans are encouraged to apply. Veterans' preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities. The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran's status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both. To request a reasonable accommodation for a disability or if you or someone you know has experienced discrimination or sexual misconduct including sexual harassment, you may contact the Director/Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action: Director/ Title IX Coordinator Office of Equal Opportunity and Affirmative Action (OEO/AA) 383 University Street, Level 1 OEO Suite Salt Lake City, UT 84112 ************ ************ Online reports may be submitted at oeo.utah.edu For more information: *************************************** To inquire about this posting, email: ******************* or call ************. The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at ************** for information. Individuals who previously retired and are receiving monthly retirement benefits from URS are subject to URS' post-retirement rules and restrictions. Please contact Utah Retirement Systems at ************** or ************** or University Human Resource Management at ************** if you have questions regarding the post-retirement rules. This position may require the successful completion of a criminal background check and/or drug screen. ************************************ This report includes statistics about criminal offenses, hate crimes, arrests and referrals for disciplinary action, and Violence Against Women Act offenses. They also provide information about safety and security-related services offered by the University of Utah. A paper copy can be obtained by request at the Department of Public Safety located at 1658 East 500 South. Posting Specific Questions Required fields are indicated with an asterisk (*). * * What is your highest level of completed education? * None * High School Diploma or Equivalent * Associate Degree * Bachelor's Degree * Master's Degree * Doctorate Degree * * How many years of related work experience do you have? * Less than 6 years * 6 years or more, but less than 9 years * 9 years or more, but less than 12 years * 12 years or more, but less than 15 years * 15 years or more Applicant Documents Required Documents * Resume * Cover Letter * List of References Optional Documents

Job Description Lightspeed is a leading provider of cloud-based software for dealerships and Original Equipment Manufacturers (OEMs), serving the Powersport, Marine, RV, Trailer, Outdoor Power Equipment, and Golf Cart industries. Lightspeed's Dealer Management Solution (DMS) enables dealerships to optimize their end-to-end business operations, including sales, parts, service, rentals, accounting, and Customer Relationship Management (CRM). When implemented into their daily operations, Lightspeed helps dealers increase their profitability by selling more units, service, and parts, all while creating a more streamlined experience for customers. For nearly 40 years, Lightspeed has been empowering 4,500+ dealers across North America with the tools and technology they need to manage their dealerships. The Jr. Information Security Analyst I supports Lightspeed's cybersecurity operations by assisting with monitoring, analysis, and remediation of security incidents across enterprise systems and cloud environments. Working under the direction of senior analysts, this role helps ensure the confidentiality, integrity, and availability of company data while gaining experience in security tools, processes, and governance activities. The ideal candidate is detail-oriented, eager to learn, and passionate about developing technical and compliance skills in a collaborative environment. What you'll do: Monitor and investigate security alerts and events across SIEM, EDR, and network systems. Assist in the investigation of potential security incidents under senior analyst guidance. Help maintain documentation of incidents, findings, and remediation steps. Perform vulnerability scanning and tracking remediation efforts. Support maintenance of security tools and platforms (endpoint protection, SIEM, firewalls). Assist with compliance tasks related to SOC 2, internal audits, and risk assessments. Assist with gathering security metrics and reports on a monthly basis. Contribute to updating security policies, standards, and procedures. Perform third-party vendor security reviews and due diligence processes. Assist in security awareness initiatives and internal training activities. Collaborate with IT and engineering teams to ensure secure configurations and patch compliance. Assist in the creation of automation scripts and the integration of AI with security workflows. What you should have: Qualifications: Bachelor's degree in Cybersecurity, Information Technology, or a related field, or equivalent experience. 0-3 years of experience in information security, IT operations, or related technical roles. Foundational knowledge of networking, operating systems, and cloud environments (AWS, Azure). Strong experience securing and monitoring cloud environments (AWS, Azure). Exposure to SIEM or EDR tools such as Splunk, Sentinel, or Defender. Understanding of basic security concepts (vulnerabilities, exploits, least privilege, encryption). Excellent analytical, problem-solving, and communication skills. Knowledge of security frameworks such as NIST CSF and SOC 2. Ability to work collaboratively in a team-oriented environment. Preferred Qualifications: CompTIA Security+, CySA+, or equivalent entry-level certification. Experience with vulnerability scanners (Qualys, Nessus, or Rapid7). Exposure to GRC or vendor risk management tools. Exposure to SIEM platforms, Elastic, Splunk, Security Onion. Familiarity with scripting or automation (PowerShell, Python). Demonstrated interest in pursuing a long-term career in cybersecurity operations or compliance. Inclusion and Diversity at Lightspeed: At Lightspeed, we celebrate the uniqueness of every individual and encourage diverse perspectives. We believe that inclusion drives innovation and fosters meaningful connections. We are committed to building an environment where everyone feels valued and empowered to make an impact. Equal Employment Opportunity Statement: Lightspeed is an Equal Opportunity Employer and is dedicated to building a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, religion, age, disability, veteran status, or any other protected category. Important Note: Applicants must be authorized to work in the U.S. Ready to apply? Take the next step in your career-apply today and join a team where your skills will make an impact!

Zachary Piper Solutions is seeking a Cloud Security Engineer to support a secure client at Hill AFB in Utah for a fully onsite role. The Cloud Security Engineer will directly contribute towards modernizing legacy USAF network infrastructure and migrating services into a new AWS Cloud Environment. Responsibilities of the Cloud Security Engineer: * Implement and manage Secure Cloud Computing Architecture (SCCA) controls, including VDSS and BCAP. * Ensure DoD cloud compliance with frameworks like NIST, STIGs, and FedRAMP+; support ATO documentation and eMASS submissions. * Manage Trusted Cloud Credential Management (TCCM) for secure identity access; configure and maintain cloud security services (SolarWinds, ELK, CSP tools). * Support cloud onboarding/migration with security best practices; collaborate to enforce Zero Trust principles. * Provide cloud security guidance, mentor junior staff, and maintain documentation for inherited controls. Qualifications for the Cloud Security Engineer: * 7+ years cloud security experience with hands-on work in OCI, Azure, or AWS; strong troubleshooting/problem-solving skills. * Bachelor's degree in CS, Cybersecurity, Info Systems, or equivalent experience * Expertise in IAM, logging, monitoring, incident management, vulnerability assessments, and compliance processes. * Solid understanding of DoD security standards (NIST 800-53, STIGs, FedRAMP+); proficiency with Terraform, Ansible, PowerShell. * CompTIA Security+ certification. * Active DoD Secret clearance or the ability to obtain one. Compensation for the Cloud Security Engineer: * Salary Range: $128,000 - $138,000 *depending on experience* * Comprehensive Benefits: Cigna Medical, Dental, Vision, 401k Plan, PTO, Holidays, Sick Leave if required by law This job opens for applications on12/18. Applications for this job will be accepted for at least 30 days from the posting date. #LI-MS1 #LI-ONSITE Keywords: Secure Cloud Computing Architecture, SCCA, Virtual Data Center Security Stack, VDSS, Boundary Cloud Access Point, BCAP, Trusted Cloud Credential Management, TCCM, Zero Trust, cloud security, DoD compliance, NIST 800-53, STIGs, FedRAMP+, ATO, eMASS, inherited controls, cloud onboarding, cloud migration, identity and access management, IAM, credential management, security monitoring, alerting, logging, SolarWinds, ELK stack, CSP security tools, AWS, Azure, OCI, cloud service providers, cloud configuration, automation, Terraform, Ansible, PowerShell, vulnerability assessments, incident management, troubleshooting, problem-solving, security frameworks, security best practices, cloud compliance, cloud architecture, cloud security services, security documentation, mentoring, cybersecurity, information systems, CompTIA Security+, DoD Secret clearance, cloud credential security, security controls, security stack, security principles, security governance, security operations, cloud infrastructure, cloud security posture, security auditing, security risk management, cloud security engineering, cloud security architecture

is responsible for implementing and maintaining security systems and practices that protect the organization's cloud-native infrastructure, applications, and data. DUTIES AND RESPONSIBILITIES Implement and manage security solutions including cloud security controls, SIEM, endpoint protection, and traditional security solutions (e.g., firewalls, IDS/IPS) to support our hybrid environment. Monitor networks and systems for security breaches, analyze security alerts, and respond to incidents in a timely manner. Collaborate with Engineering teams to integrate security into the software development lifecycle (DevSecOps). Review and enhance identity and access management (IAM) strategies, including zero trust and least-privilege models. Support compliance efforts with standards such as SOC 2. Provide guidance during secure architecture reviews. Stay current with emerging threats, vulnerabilities, and technologies and provide recommendations for improvement. REQUIRED QUALIFICATIONS Bachelor's degree in Computer Science, Information Security, or equivalent practical experience. 5+ years of dedicated experience in a cloud-first or equivalent environment, focusing on securing cloud platforms (e.g., AWS, GCP, Azure). Strong understanding of security architecture, networking, system hardening, and encryption. Experience with security models of containerized systems (ECS or Kubernetes).. Familiarity with AWS security tools and services (IAM, VPCs, GuardDuty, etc.). Knowledge of scripting or automation languages (e.g., Python, Bash, PowerShell). Excellent problem-solving and communication skills. PREFERRED QUALIFICATIONS AWS Security Specialty, Azure Security Engineer Associate, or equivalent cloud security certification, alongside professional certifications such as CEH or CompTIA Security+. Experience in a regulated environment or with audit preparation (e.g., SOC 2, FedRAMP, FCRA, GLBA, or PCI-DSS). Familiarity with infrastructure as code (IaC) tools.. Experience with container security practices.

Are you an experienced Security Data and Risk Analyst that wants to develop and create awareness around security-relevant key performance and key risk indicators? At Ivanti, we work passionately and authentically, striving to win together and make a real impact for our customers and each other. Join us to elevate your career and help deliver innovative solutions in a dynamic, empowering environment. Why this role matters As the Security Data and Risk Analyst, you will generate enterprise visibility, awareness and understanding of major risk and security issues in a comprehensive and easily consumed manner to support the corporate objectives and especially the reduction of risk. You will be a leader in our Information Security Group which is a global team of experienced professionals dedicated to ensuring the security of Ivanti's products, corporate and production networks, environments, and of course, its data What you'll do: Lead the execution of multiple functions: Taking ownership of and creating awareness around security-relevant key performance and key risk indicators Develop automation for data gathering, analysis and presentation using Python and Go Educate as well as inform audiences of a wide variety of security and risk expertise, including building libraries of material to support understanding of benefits and costs of security management. Generating insights and supporting information for decisions to be made including wrangling data from complex data sets and data sources Create dynamic dashboards and presentations Articulate risk and risk management as realistic, measurable harm; Create dynamic dashboards and presentations Support the Security Governance and executive workstreams, including analysis and presentations materials. Coordinate, chair and present data to management, leadership and C-suite stakeholders in their languages. What you will bring: Minimum of a bachelor's degree, preferably in information systems or data analytics. 4+ years' experience with Python or Go automation and scripting 2+ experience with Risk Management 1 years' experience with Risk Modeling 4+ years Data Analytics experience Familiarity with information security and security terms Experience conducting reporting operations such as presentations, metrics, dashboards, KPIs, KRIs, OKRs. 1 year experience executing/leading project management efforts in a technology-related arena. Can show evidence has created effective KPIs, KRIs and OKRs and a means to measure and report each. Experience with cloud, onprem, corporate, remote, solutions/products dev and transformative environments. Ability to articulate themes from: NIST, ISO, SOC 2, FedRAMP, GDPR and DORA, and Security, Privacy principles. Preferred knowledge or certification in 1 or more of the following: CISSP, CISA/CISM, or CRISC or PMP Why Ivanti? Friendly flexible working model: Empower excellence whether you're at home or in the office and support work-life balance. Competitive compensation & total rewards: Including health, wellness, and financial plans tailored for you and your family. Global, diverse teams: Collaborate with talented people from 23+ countries. Learning & development: Grow your skills with access to best-in-class learning tools and programs. Equity & belonging: We value every voice. Your story helps inform our solutions for a changing world. What drives us Ivanti's mission is to elevate human potential within organizations by managing, protecting and automating technology for continuous innovation. It is through diverse and inclusive hiring, decision-making, and commitment to our employees and partners that we will continue to build and deliver world-class solutions for our customers. To learn more about Ivanti's Mission and Core Values. Inclusion at Ivanti Ivanti is proud to be an Equal Opportunity Employer. We're committed to building a diverse team and fostering an inclusive environment where everyone belongs. We welcome applicants from all backgrounds and walks of life. Need adjustments during the process? Reach out to ***************** we're happy to help. #LI-Remote

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Job Description T-Rex Solutions is seeking a qualified Cyber Security Engineer to support of a secure DOD customer located in Ogden, UT. The overall program that this role supports aims to modernize legacy network infrastructure and migrate services into a new AWS Cloud Environment. For any candidates not already local to the Ogden, UT area, T-Rex is offering a relocation support package to assist with moving costs. Responsibilities: Implement and manage Secure Cloud Computing Architecture (SCCA) controls, including Virtual Data Center Security Stack (VDSS) and Boundary Cloud Access Point (BCAP). Work with DoD teams to ensure cloud environments are compliant with DoD security frameworks, including NIST, STIGs, and FedRAMP+. Manage and enforce Trusted Cloud Credential Management (TCCM) practices for secure identity access and cloud credential management. Configure and maintain cloud security services for monitoring, alerting, and logging using tools like SolarWinds, ELK, and native CSP security features. Support cloud onboarding and migration, ensuring security best practices are adhered to during the transition. Collaborate with cross-functional teams to ensure Zero Trust principles are implemented effectively in the cloud environment. Assist in preparing and maintaining documentation for ATO processes, including mapping inherited controls and contributing to eMASS submissions. Provide guidance on cloud security best practices and mentor junior team members in cloud security management. Requirements: Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience). CompTIA Security+ 7+ years of experience in cloud security with hands-on experience in at least one CSP (OCI, Azure, or AWS). Experience in implementing and managing security controls in cloud environments, including identity and access management (IAM), logging, and monitoring. Experience with security incident management, vulnerability assessments, and cloud compliance processes. Strong troubleshooting and problem-solving skills in cloud environments. Solid understanding of DoD cloud security requirements, including NIST 800-53, STIGs, and FedRAMP+. Proficiency with automation tools such as Terraform, Ansible, and PowerShell for managing cloud configuration. Ability to obtain a DOD Secret clearance Desired: Secret Clearance or higher desired. DoD-approved cloud security certifications (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer) preferred. T-Rex Overview Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering. T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits. T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. In compliance with pay transparency guidelines, the annual base salary range for this position is $125,000 - $145,000. Please note that the salary information is a general guideline only. T-Rex considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. T-Rex offers a diverse and collaborative work environment, exciting opportunities for professional growth, and generous benefits, including: PTO available to use immediately upon joining (prorated based on start date), paid parental leave, individual and family health, vision, and dental benefits, annual budget for training, professional development and tuition reimbursement, and a 401(k) plan with company match fully vested after 60 days of employment among other benefits.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Lightspeed is a leading provider of cloud-based software for dealerships and Original Equipment Manufacturers (OEMs), serving the Powersport, Marine, RV, Trailer, Outdoor Power Equipment, and Golf Cart industries. Lightspeed's Dealer Management Solution (DMS) enables dealerships to optimize their end-to-end business operations, including sales, parts, service, rentals, accounting, and Customer Relationship Management (CRM). When implemented into their daily operations, Lightspeed helps dealers increase their profitability by selling more units, service, and parts, all while creating a more streamlined experience for customers. For nearly 40 years, Lightspeed has been empowering 4,500+ dealers across North America with the tools and technology they need to manage their dealerships. The Jr. Information Security Analyst I supports Lightspeed's cybersecurity operations by assisting with monitoring, analysis, and remediation of security incidents across enterprise systems and cloud environments. Working under the direction of senior analysts, this role helps ensure the confidentiality, integrity, and availability of company data while gaining experience in security tools, processes, and governance activities. The ideal candidate is detail-oriented, eager to learn, and passionate about developing technical and compliance skills in a collaborative environment. What you'll do: Monitor and investigate security alerts and events across SIEM, EDR, and network systems. Assist in the investigation of potential security incidents under senior analyst guidance. Help maintain documentation of incidents, findings, and remediation steps. Perform vulnerability scanning and tracking remediation efforts. Support maintenance of security tools and platforms (endpoint protection, SIEM, firewalls). Assist with compliance tasks related to SOC 2, internal audits, and risk assessments. Assist with gathering security metrics and reports on a monthly basis. Contribute to updating security policies, standards, and procedures. Perform third-party vendor security reviews and due diligence processes. Assist in security awareness initiatives and internal training activities. Collaborate with IT and engineering teams to ensure secure configurations and patch compliance. Assist in the creation of automation scripts and the integration of AI with security workflows. What you should have: Qualifications: Bachelor's degree in Cybersecurity, Information Technology, or a related field, or equivalent experience. 0-3 years of experience in information security, IT operations, or related technical roles. Foundational knowledge of networking, operating systems, and cloud environments (AWS, Azure). Strong experience securing and monitoring cloud environments (AWS, Azure). Exposure to SIEM or EDR tools such as Splunk, Sentinel, or Defender. Understanding of basic security concepts (vulnerabilities, exploits, least privilege, encryption). Excellent analytical, problem-solving, and communication skills. Knowledge of security frameworks such as NIST CSF and SOC 2. Ability to work collaboratively in a team-oriented environment. Preferred Qualifications: CompTIA Security+, CySA+, or equivalent entry-level certification. Experience with vulnerability scanners (Qualys, Nessus, or Rapid7). Exposure to GRC or vendor risk management tools. Exposure to SIEM platforms, Elastic, Splunk, Security Onion. Familiarity with scripting or automation (PowerShell, Python). Demonstrated interest in pursuing a long-term career in cybersecurity operations or compliance. Inclusion and Diversity at Lightspeed: At Lightspeed, we celebrate the uniqueness of every individual and encourage diverse perspectives. We believe that inclusion drives innovation and fosters meaningful connections. We are committed to building an environment where everyone feels valued and empowered to make an impact. Equal Employment Opportunity Statement: Lightspeed is an Equal Opportunity Employer and is dedicated to building a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, religion, age, disability, veteran status, or any other protected category. Important Note: Applicants must be authorized to work in the U.S. Ready to apply? Take the next step in your career-apply today and join a team where your skills will make an impact!

Information Security Analysts The incumbent will play a critical role in safeguarding regulated data across the enterprise by monitoring and analyzing the organization's data security posture. This position focuses on configuring Data Security Posture Management ( DSPM ) settings and policies, interpreting results, creating reports, identifying risks, and ensuring compliance. The analyst will take a risk-based approach to assess and remediate issues related to unauthorized storage or transmission of regulated data across cloud and on-premise environments. Learn more about the great benefits of working for University of Utah: benefits.utah.edu The department may choose to hire at any of the below job levels and associated pay rates based on their business need and budget. Responsibilities Data Security Monitoring -Review and analyze DSPM tool outputs to identify misconfigurations, unauthorized data flows, and storage of regulated data in non-approved locations. -Monitor the movement of sensitive data across cloud and on-prem systems, ensuring compliance with internal policies and regulatory requirements. Risk Assessment & Governance -Apply a risk-based methodology to prioritize remediation efforts. -Maintain applicable risk register entries and document findings for governance reporting. Collaboration -Partner with the Enterprise Security team to validate technical controls. -Work closely with the Chief Data Officer and Privacy Office to align DSPM findings with data governance and privacy requirements. Compliance & Policy Alignment -Ensure adherence to frameworks such as NIST CSF , CIS 18, and other applicable regulations (e.g., HIPAA , FERPA , etc. etc.). -Support audits and compliance reviews by providing DSPM -related evidence. Reporting & Communication -Prepare dashboards and reports for leadership summarizing DSPM findings, trends, and risk posture. -Communicate actionable insights to stakeholders in clear, business-focused language. Minimum Qualifications EQUIVALENCY STATEMENT : 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor's degree = 4 years of directly related work experience). Department may hire employee at one of the following job levels: Information Security Analyst, III : Requires a bachelor's (or equivalency) + 6 years or a master's (or equivalency) + 4 years of directly related work experience. Information Security Analyst, IV: Requires a bachelor's (or equivalency) + 8 years or a master's (or equivalency) + 6 years of directly related work experience. Information Security Analyst, V: Requires a bachelor's (or equivalency) + 10 years or a master's (or equivalency) + 8 years of directly related work experience.