Senior Information Security Engineer jobs at Fisher Investments - 239 jobs

The Opportunity: The Senior Network Security Engineer works in the office and leads efforts involving the design, implementation, and maintenance of secure network solutions required to protect the integrity and confidentiality of our organization's data. We are looking for a strong technical background in networking and security technologies, a proactive approach to threat detection and mitigation, and a passion for staying ahead of the evolving cybersecurity landscape. The Day-to-Day: * Design, configure, and manage security tools such as Layer 7 firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAF), proxies, and endpoint protection systems * Lead efforts to implement secure access controls, identity management solutions, and segmentation policies * Lead efforts in developing, enforcing, and reviewing information security policies and procedures * Monitor network traffic for unusual activity using SIEM tools and respond to security alerts and incidents * Conduct vulnerability assessments and coordinate remediation efforts across relevant platforms * Help deploy network hardware and software with a security-first approach * Stay current on emerging threats, vulnerabilities, and industry trends; recommend improvements to enhance the organization's security posture * Lead work efforts with cross-functional teams to support secure application and system deployment * Maintain documentation of network and security configurations, procedures, and incident reports Your Qualifications: * Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience) * 7+ years' experience in a network security role within an enterprise environment * Next-Gen firewall design and architecture, reviewing/implementing application access requests, troubleshooting technical issues with application availability and performance, periodic review and audit of policies to ensure infrastructure is compliant with standard * Experience with IP routing/switching concepts * Advanced knowledge in troubleshooting TCP/IP protocol including PCAP analysis * Strong experience with network zoning concepts including ZTNA/micro-segmentation models * Experience with deploying policy and supporting VPN remote access solutions * Foundational knowledge in PKI and associated protocols (SSL/TLS) * Able to analyze risk associated with onboarding new applications/technology Compensation: * $130,000 - $180,000 base salary per year in the state of WA. New hires should expect to start at the lower end of the range depending on experience * Eligible for a discretionary bonus based on firm and individual performance Why Fisher Investments: We work for a bigger purpose: bettering the investment universe. We take great pride in our inclusive culture, our learning and development framework customized for every employee, and our Great Place to Work Certification. It's the people that make the Fisher purpose possible, and we invest in them by offering exceptional benefits like: * 100% paid medical, dental and vision premiums for you and your qualifying dependents * A 50% 401(k) match, up to the IRS maximum * 20 days of PTO, plus 10 paid holidays * Family Support programs including 8 week Paid Primary Caregiver Leave, $10,000 fertility, family forming, and hormonal health assistance, and back-up child, adult, and elder care * This is an in-office role. Based on your role, tenure, and performance eligibility you may have the opportunity to participate in our hybrid work from home program. This program is subject to change. FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER

A leading financial technology company based in Menlo Park, CA seeks an Offensive Security Engineer to enhance security and build resilience across their products. This role involves mentoring, conducting Red Team exercises, and collaborating on security findings with various teams. Ideal candidates have 5+ years of experience and strong communication skills. Attractive compensation includes health insurance and support for personal wellness. Join us to help democratize finance for all. #J-18808-Ljbffr

A leading financial technology company based in Menlo Park, CA seeks an Offensive Security Engineer to enhance security and build resilience across their products. This role involves mentoring, conducting Red Team exercises, and collaborating on security findings with various teams. Ideal candidates have 5+ years of experience and strong communication skills. Attractive compensation includes health insurance and support for personal wellness. Join us to help democratize finance for all. #J-18808-Ljbffr

A financial services company in San Francisco is seeking an experienced security professional to assess access controls and mentor peers in security best practices. The candidate should have over 6 years of experience in security operations and a Bachelor's degree. The role offers competitive compensation ranging from $157,000 to $200,000, along with a hybrid work model and comprehensive benefits. #J-18808-Ljbffr

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

A System Security Analyst analyzes and implements system(s) security measures to protect sensitive data and infrastructure. Implement and maintain security software like firewalls, encryption programs, and intrusion detection systems Identify vulnerabilities in systems and networks, conduct penetration testing, and recommend mitigation strategies Work closely with the systems team and Info Sec team to implement and enforce security policies and procedures, ensuring compliance with industry standards Stay informed about the latest IT security trends and threats, and research new security solutions Verify the security of third-party vendors and collaboration to meet security requirements Technical knowledge of enterprise-class technologies such as cloud (AWS and Azure), firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems Thorough understanding of Microsoft's enterprise technology platform, including Azure, Active Directory, SQL, Office 365, and the Windows server and desktop operating systems, patching and vulnerabilities analysis Hands-on experience with the following technology vendors and products: CyberArk, Okta, CyberReason, Splunk, Vulnerability Scanners Qualifications: Bachelor's degree or equivalent with certifications related to Information Security e.g. CISA, CISSP, 5-7 years of relevant experience Preferred: Technical knowledge of enterprise-class technologies such as cloud (AWS and Azure), firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems. Thorough understanding of Microsoft's enterprise technology platform, including Azure, Active Directory, SQL, Office 365, and the Windows server and desktop operating systems patching and vulnerabilities analysis Skills: CyberSecurity trends and latest threats and ethical hacker training Working knowledge of Microsoft Excel and MS Word; basic keyboarding and calculator skills, must be able to do simple math and carry out written instructions Travel to a variety of locations to perform work and/or attend meetings as required Work occasionally requires more than 40 hours per week to perform the essential functions of the position Lifting in an office setting may be required up to 30lbs. ANBTX strongly encourages candidates that are fluent in English and Spanish to apply. Jobs that specifically require candidates to be bilingual will be posted as a requirement. Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose - to uplift everyone, everywhere by being the best way to pay and be paid. Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa. Job Description: Cybersecurity is at the heart of our culture. Our diligence and expertise are what makes us the undisputed leader in electronic payments. We've made it our priority to create a top-tier Security Architecture team, poised to defend us against any potential cyber threats. As Enterprise Security Architect, you will be part of a team that supports the technology organization in embedding Cybersecurity into their products and services globally. Additionally, you will leverage AI to integrate business processes, identify opportunities for transformation, and implement AI-driven security solutions to enhance our security measures and optimize workflows. Essential Functions: Utilize AI to integrate business processes, enhancing security measures and optimizing workflows. Identify opportunities for transformation using AI, leveraging AI-driven insights to improve security architecture and business processes. Implement AI-driven security solutions, ensuring they are scalable, secure, and cost-effective. Develop and maintain the enterprise security architecture strategy, ensuring alignment with business goals and objectives. Design and implement enterprise security architecture frameworks and standards, ensuring the integration of security controls into business processes, data, and applications. Create and maintain technology roadmapsthat outline the future direction of Visa's security landscape and identify opportunities for innovation and efficiency improvements, including cloud and hybrid cloud environments. Establish and enforce governance processesto ensure adherence to enterprise security architecture standards and best practices, and conduct architecture reviews with recommendations for improvement. Evaluate emerging security technologies and industry trends, including cloud and hybrid cloud security, to determine their potential impact on Visa's security landscape, and make recommendations for adoption where appropriate. Identify and mitigate risks associated with security solutions, ensuring security and compliance requirements are integrated into the architecture design. Create and maintain comprehensive documentation of the enterprise security architecture, including diagrams, models, and guidelines, ensuring it is up-to-date and accessible to relevant stakeholders. Develop and maintain threat modelsto identify, assess, and prioritize potential security threats and vulnerabilities within Visa's systems, applications, and infrastructure. Contribute to the development and refinement of Technology Security Requirementsand Data Security Requirements, ensuring alignment with Visa's security policies and standards. This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager. Qualifications Basic Qualifications: * 8+ years of relevant work experience with a Bachelor's Degree or at least 5 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 2 years of work experience with a PhD, OR 11+ years of relevant work experience.. Preferred Qualifications: Experience in utilizing AI to integrate business processes, enhancing security measures and optimizing workflows. Proven track record of identifying opportunities for transformation using AI, leveraging AI-driven insights to improve security architecture and business processes. Minimum of 10 years of experience in IT, with at least 5 years in an enterprise security architecture role. Strong technical knowledge of cloud and hybrid cloud computing, data architecture, security, and integration patterns. Proficiency in relevant tools and technologies, including but not limited to firewalls, encryption, identity and access management (IAM), and security information and event management (SIEM). Strong analytical and problem-solving skills, with the ability to analyze complex business and technical requirements and develop effective security solutions. Excellent verbal and written communication skills, with the ability to communicate complex technical concepts to non-technical stakeholders. Additional Information Work Hours: Varies upon the needs of the department. Travel Requirements: This position requires travel5-10% of the time. Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers. Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law. Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code. U.S. APPLICANTS ONLY: The estimated salary range for this positionis $162,500.00 to $260,400.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.

People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities. Apply today! What our team members are saying: Video Clip 1 Video Clip 2 Video Clip 3 Learn more about us at cathaybank.com GENERAL SUMMARY This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus. Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k). Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy. Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law. Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster: Poster- English Poster- Spanish Poster- Chinese Traditional Poster- Chinese Simplified Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at or . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Senior Information Security Automation Engineer - Austin, TX or Denver, CO Are you Cybersecurity professional who thrives in securing hybrid environments in a global organization? Do you excel in automation? Are you interested in joining a globally diverse organization where our unique contributions are recognized and celebrated, allowing each of us to thrive? Then it's time to join Western Union as a Senior Information Security Automation Engineer! Applicants must be currently authorized to work in the United States on a full-time basis. Western Union will not sponsor applicants for work visas for this position. Applications will be assessed for Python coding skills and experience. Western Union powers your pursuit. In this role, you will lead the design, implementation, and continuous improvement of secure cloud-based systems and infrastructure. This role will be responsible for securing cloud platforms, managing identity and access solutions, and driving automation across a diverse set of environments. You will play a critical role in ensuring the integrity, confidentiality, and availability of our cloud infrastructure. Role Responsibilities * Develop and implement security automation using scripting and programming languages. * Identify opportunities to streamline and automate security operations. * Research emerging technologies and security trends to inform architecture and strategy. * Develop and maintain technical specifications for security tools and platforms. * Define and report on key performance indicators (KPIs) and security metrics. * Participate in incident response exercises and API security initiatives. * Engineer and transition security solutions to operational teams Role Requirements * Strong scripting and automation ability (e.g., Python, PowerShell, Bash) without the aid of AI. * Bachelor's degree in information technology or related field OR equivalent work experience. * Minimum of 6 years of experience in cybersecurity, with at least 5 years focused on Security Automation Engineering. * Strong understanding of security best practices and evolving threat landscapes. * Deep knowledge of networking, APIs, and enterprise technologies. * Experience with Windows and Linux operating systems. * Strong written and verbal communication skills. * Proven ability to work independently and solve complex problems. Preferred Qualifications * Expertise in secure coding and automation practices. * Familiarity with IT audit frameworks and lifecycles. * Experience with hardening techniques across multiple operating systems. * Knowledge of change control processes and test-driven development. * Advanced understanding of cloud-native security tools and DevSecOps practices. * Experience with container security, IAM protections, data protection, and API security. * Background in cybersecurity disciplines such as threat hunting, forensics, penetration testing, and data loss prevention. * Mastery in network security and cloud architecture Work Shift Western Union values in-person collaboration, problem solving, and ideation whenever possible. We believe this fosters common ways of working and supports how we execute initiatives for our customers. The expectation is to work from the office a minimum of three days a week. We make financial services accessible to humans everywhere. Join us for what's next. As part of the application process, all applicants are required to take assessments. Western Union has partnered with a 3rd party provider to administer these tests. Applicants will need to provide their name and email address in order to process the assessments. If you have any questions, you may reach out to ************************. We are passionate about honoring our employee's identity and fostering a feeling of belonging. Our commitment is to provide an inclusive culture that celebrates the unique backgrounds and perspectives of our global teams while reflecting the communities we serve. We do not discriminate based on race, color, national origin, religion, political affiliation, sex (including pregnancy), sexual orientation, gender identity, age, disability, marital status, or veteran status. The company will provide accommodation to applicants, including those with disabilities, during the recruitment process, following applicable laws. Salary Annual base salary range is $150,000 - 180,000 USD per year. Total on-target compensation includes a base salary and both short-term and long-term incentives that align with individual and company performance. Actual salaries will vary based on candidates' qualifications, skills, and competencies. Benefits You will also have access to short-term incentives, multiple health insurance options, accident and life insurance, and access to best-in-class development platforms, to name a few (*************************************************** Please see the location-specific benefits below and note that your Recruiter may share additional role-specific benefits during your interview process or in an offer of employment. Your United States - Specific Benefits Include * Paid Time Off * Medical, Dental and Life Insurance * Tuition Assistance Program * Student Loan Repayment (below manager level only) * Parental Leave * One day volunteer time off * $0 Money Transfer Fee Discount Code - Quarterly * Recognition Program "Game Changers" * Employee Discount Program * Global Adoption Assistance * Global Scholarship Awards Program * 401K plan Our Hybrid Work Model categorizes each role into one of three categories. Western Union has determined the category of this role to be Hybrid. This is defined as a flexible working arrangement that enables employees to divide their time between working from home and working from an office location. The expectation is to work from the office a minimum of three days a week. For residents of Colorado, California, Connecticut, Delaware, Minnesota, and Pennsylvania: Please do not respond to any questions on this initial application that may seek age-identifying information such as age, date of birth, or dates of school attendance or graduation. You may also redact this information from any materials you submit during the application process. You will not be penalized for redacting or removing this information." #LI-HD1 #LI-Hybrid Estimated Job Posting End Date: 01-30-2026 This application window is a good-faith estimate of the time that this posting will remain open. This posting will be promptly updated if the deadline is extended or the role is filled.

SWBC is seeking a talented individual to serve as a key Information Security Engineer empowered to leverage the industry's latest security principles, practices, and tools to improve the reliability, integrity, and security of on premise and cloud-hosted applications. Works by, with, and through internal and external DevOps stakeholders to incorporate security into all stages of the software development life cycle. Applies DevSecOps principles and applicable security standards to secure cloud services, cloud native applications, integrations, and supporting infrastructure through Continuous Integration (CI) and Continuous Delivery (CD) workflows, patterns, and tools. Analyzes cybersecurity, software development, infrastructure, software design, architecture and information technology best practices, threat intelligence, and emerging requirements to improve the security of the hosting environment and applications. Monitors cloud applications and services for indicators for compromise and compliance shortfalls and tracks issues for timely remediation. Implements administrative and technical controls to ensure security, privacy, and compliance of data stored, processed, or transmitted on Company owned or controlled cloud platforms. Monitors industry security updates, technologies, and best practices to ensure the Company's multi-cloud environment continues to provide adequate security and meet compliance requirements. Why you'll love this role: In this role, you will work with some of the top information security, technology, and business professionals in the financial services industry. As part of an agile and innovated security team, you will work closely with stakeholders at all levels and interact with the industry's top partners. You will employ advanced security technology and tactics to defend cutting-edge FINTECH and business technology. Beyond amazing career opportunities and singular experiences, our security team is diverse in all aspects; passionate about collaboration; leverages amazing technology and automation; laughs often; and celebrates our success as a team. Our leaders recognize that empowerment, autonomy, work-life balance, professional development, continuous improvement, and a commitment to shared values are key enablers of our success. We work hard, take care of each other, and deliver positive outcomes daily. This will be your best career decision. Essential duties include the following: Identifies, implements, maintains, and monitors risk-informed, standards-based, effective, and efficient security controls within a hybrid multi-cloud technology environment. Supports continuous integration and continuous development pipelines and processes that automatically build, test, and deploy infrastructure and containerized applications to ensure appropriate security checks are included automatically or manually. Reviews software releases and infrastructure changes for security vulnerabilities and risks prior to approval. Supports enterprise software development and cloud infrastructure projects and production applications that store, process, and transmit regulated data to ensure controls meet or exceed standards. Manages vulnerabilities and security testing for on premise and cloud-hosted applications and tracks issues to remediation. Supports audit and compliance efforts to ensure applications, infrastructure, and integrations meet applicable compliance and contractual standards. Identifies, recommends, and tests technical security standards and guidelines for software development, DevOps, and release management to ensure that all delivered solutions and architecture adhere to industry best-practices for availability, confidentiality, and integrity. Partners with internal and external development teams and other stakeholders to improve security and operational monitoring for cloud hosted workloads. Develops and tests incident response plans to prepare for, respond to, and recover from security incidents and operational issues as part of an incident response team. Supports efforts to provide for a secure integrated development environment for external and internal software and release management pipelines. Builds and tracks performance indicators and metrics to inform security control monitoring in cloud environments. Performs all other duties as assigned. Serious candidates will possess the minimum qualifications: Bachelor's Degree in Computer or Software Engineering, Information Security, Cybersecurity or related field from an accredited four year college or university required. Master's Degree preferred. AWS Certified Solutions Architect or DevOps Engineer Professional certification required. AWS Security Specialty certification highly desired. Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) highly desired. Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) desired. GIAC Cloud Security Automation (GCSA) certification highly desired. Must be able to obtain certification within 6 months of hire. Minimum eight (8) years of extensive security engineering experience, including architectural design using AWS best practices and industry standards. Experience implementing and managing tools for security, availability, and compliance monitoring in a cloud environment which includes collecting data, parsing log files, capturing network traffic, setting alert thresholds, and notifying stakeholders. Experience and understanding of the DevOps deployment pipeline and security considerations for each step of the CI/CD processes. Experience with serverless architectures, their features, advantages, security concerns, and tactics for deploying effective security in serverless implementations. Experience with vulnerability management and virtual patching in the cloud. Experience with Amazon Web Services (AWS) cloud architecture components, security, identity, & compliance services, and knowledge of how to secure the environment. Familiar with DevOps toolsets to track work items, code, test, build, and release, and knowledge of how each stage is secured and automated. Familiar with tools to perform vulnerability assessments, threat detection, compliance benchmarking, audit logging, log evaluation, and network collection for cloud hosted applications. Familiar with basic web development practices, i.e. HTML, CSS, JavaScript, JQuery, etc. Familiar with team development tools and source control, including Azure DevOps, GIT, etc. Familiar with the principles of software development life cycle (SDLC) and separation of duties. Understanding of micro service architecture and implementation of appropriate security controls used in various architectural designs and conditions. Understanding of “As Code” processes and attack surfaces presented by CI, CD, and CM tools and familiarity with techniques for how to harden these tools. Understanding of the Secure DevOps auditing controls and how to leverage automated scanners to automate policy requirements. Demonstrated knowledge of how to configure security services and tools such as Web Application Firewalls, Content Delivery Networks, and Intrusion Monitoring to protect against common website attacks. Demonstrated knowledge of encryption and encryption key management using managed services and a dedicated cloud hardware security module. Knowledge of container security issues, hardening containerized environments, container orchestration tools, and running production workloads in the cloud. Knowledge of IT Security Operations. Knowledge of UI, AI, and Machine Learning. Knowledge the Payment Card Industry (PCI) Data Security Standard (DSS). Able to understand and write basic JSON programming language policies. Demonstrated ability to work as an essential part of a highly motivated business, technology, development teams. Proficient Microsoft Office skills, including Word and Excel. Written and verbal communication skills and the ability to work with teams and external stakeholders are essential. Strong problem resolution and interpersonal skills. Strong multi-tasking skills. Able to use general office equipment including copy machine and phone system. SWBC offers*: Competitive overall compensation package Work/Life balance Employee engagement activities and recognition awards Years of Service awards Career enhancement and growth opportunities Leadership Academy and Mentor Program Continuing education and career certifications Variety of healthcare coverage options Traditional and Roth 401(k) retirement plans Lucrative Wellness Program *Based upon employee eligibility Additional Information: SWBC is a Substance-Free Workplace and requires pre-employment drug testing. Please note, SWBC does not hire tobacco users as allowed by law. To learn more about SWBC, visit our website at ************* If interested, please click the appropriate apply button.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Mobile application analysis * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Scenario Planning and Analysis * Test Engineering * Written Communications * Attention to Detail * Information Systems Management * Issue Management * Presentation Skills * Prioritization This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills * Mobile application analysis * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Executive Presence * Scenario Planning and Analysis * Test Engineering * Controls Management * Information Systems Management * Issue Management * Mentoring * Presentation Skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Charlotte, North Carolina; Jersey City, New Jersey; Boston, Massachusetts; Washington, District of Columbia; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (**************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing + Perform assessments of the security, effectiveness, and practicality of multiple technology systems + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications + Provide clear and practical advice regarding managed risks + Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: + **Minimum of 4 years of** **professional** **pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment** + Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services + SQL injection/XSS attack without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with SAST tools to identify vulnerabilities + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques + Solid programming/debugging skills + Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map + Threat Analysis + Innovative Thinking + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar + Strong programming/scripting skills + Mobile application analysis + Frida + Binary analysis (disassembly skills) **Skills:** + Advisory + Innovative Thinking + Technical Documentation + Technology System Assessment + Threat Analysis + Adaptability + Collaboration + Executive Presence + Scenario Planning and Analysis + Test Engineering + Controls Management + Information Systems Management + Issue Management + Mentoring + Presentation Skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Mobile application analysis * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Scenario Planning and Analysis * Test Engineering * Written Communications * Attention to Detail * Information Systems Management * Issue Management * Presentation Skills * Prioritization This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills * Mobile application analysis * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Executive Presence * Scenario Planning and Analysis * Test Engineering * Controls Management * Information Systems Management * Issue Management * Mentoring * Presentation Skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Charlotte, North Carolina; Jersey City, New Jersey; Boston, Massachusetts; Washington, District of Columbia; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (**************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing + Perform assessments of the security, effectiveness, and practicality of multiple technology systems + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications + Provide clear and practical advice regarding managed risks + Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: + **Minimum of 4 years of** **professional** **pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment** + Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services + SQL injection/XSS attack without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with SAST tools to identify vulnerabilities + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques + Solid programming/debugging skills + Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map + Threat Analysis + Innovative Thinking + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar + Strong programming/scripting skills + Mobile application analysis + Frida + Binary analysis (disassembly skills) **Skills:** + Advisory + Innovative Thinking + Technical Documentation + Technology System Assessment + Threat Analysis + Adaptability + Collaboration + Executive Presence + Scenario Planning and Analysis + Test Engineering + Controls Management + Information Systems Management + Issue Management + Mentoring + Presentation Skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Bank of America is one of the world's leading financial institutions, serving over 66 million consumers and small businesses. Company success is only possible with a strong cyber defense, which enables Bank of America to safely conduct global operations across the United States and in approximately 35 countries. Our primary goal is to safeguard not only the company, but our clients and their trust. The Malware Defense Team is looking for top talent who would like to join one of the most advanced cybersecurity teams in the world. Responsibilities include, but are not limited to: • In-depth analysis of malware, including authoring analysis reports. • Tracking malware campaigns, malicious actors, and related infrastructure. • Creation of tools and scripts to assist in the analysis of malware analysis. • Field escalations of potentially malicious files and websites from teams within Malware Defense. Required Qualifications: • Strong direct experience of analyzing malware. • Intermediate to advanced malware analysis skills. • Experience creating innovative ways to track progression of malware families, infrastructure, and campaigns conducted by e-crime, and cyber espionage actors. • Experience creating tools and scripts to accelerate malware and threat analysis. • Background in network traffic analysis - WireShark, Fiddler, proxy logs, etc. • Experience analyzing malicious web content such as ClickFix, ClearFake, SocGholish, etc. • Experience authoring YARA, Suricata, and EKFiddle detection rules. • Experience with penetration testing and/or adversary emulation is a plus. • Able to work independently on tasks, but also work well within a team environment Desired Qualifications: • Experience analyzing malware targeting Linux, Android, and IOT platforms. Skills: Cyber Security Data Privacy and Protection Problem Solving Process Management Threat Analysis Business Acumen Data and Trend Analysis Interpret Relevant Laws, Rules, and Regulations Risk Analytics Stakeholder Management Access and Identity Management Data Governance Encryption Information Systems Management Technology System Assessment Shift: 1st shift (United States of America) Hours Per Week: 40 Pay Transparency details US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540) Pay and benefits information Pay range$95,700.00 - $144,900.00 annualized salary, offers to be determined based on experience, education and skill set.Discretionary incentive eligible This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.BenefitsThis role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.