Information Security Engineer jobs at Harris & Harris Solicitors

US Base Salary Range: $75,000 - $100,000 About Us Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com. About the Role The Bonterra Information Security Risk and Compliance department is looking to hire a Compliance Specialist to our team. If you enjoy problem solving, are enthusiastic working in a team format and want to thrive in the ever-changing risk & compliance field while learning new concepts and principles as part of your continuing education, look no further! Job Responsibilities: Perform as the primary in the executing our annual Service Organization Controls (SOC) reporting initiatives, which includes several Bonterra products. Works closely with other members of the Information Security Risk team. Works closely with control owners across the company and internal and external auditors to ensure requests are completed in a timely manner as part of the overall project management process. Performs technical risk assessments of third party suppliers' security and privacy controls. Maintains register of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities. Will be responsible the play book for reporting of high risk events that involve compliance, risk and information security. Assists in maintaining our overall security awareness, role based security trainings and phishing simulation programs across the enterprise. Assists in conducting user activity audits where required. Requirements 6+ years' experience performing risk and compliance activities or open to less with a relevant degree Project management experience. Experience managing multiple priorities independently and in a team environment to achieve goals. Excellent organizational, planning and time management skills. Excellent research and analytical skills. Excellent verbal and written communication skills. Ability to exercise good judgement and tact in dealing with Bonterra senior management. Proficient with technology and ability to learn our software systems, including GRC, ticketing and project management software and workflows. Proven track record of proactively identifying needs and implementing solutions. Information systems security professional certifications preferred (CRISC, CISA, CISSP, CISM, GSEC, GCFA, GCTI, CCSP, or other relevant Information Security certifications). At Bonterra, we're building AI-powered tools to solve real human challenges-and we want teammates who share that enthusiasm. We value people who will champion AI and bring diverse perspectives from different industries, backgrounds, and cultures. Together, we create AI that breaks down barriers, empowers communities, and delivers better outcomes. At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization. ____________________________________________________________________________________ Our Culture At Bonterra, we're innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. At Bonterra, we foster an inclusive, equitable culture where every team member belongs and contributes to meaningful impact. Read more about our values and culture here. Compensation & Benefits We offer a comprehensive benefits package that supports your health, well-being and growth - explore full details here. Compensation and benefits for this role apply to full-time employees in the United States and may vary based on local standards, laws and norms. Pay is determined by location, skills, experience, and education, and is one part of Bonterra's total rewards package, which may also include bonuses, incentives, equity, and a comprehensive benefits program. ____________________________________________________________________________________ Equal Opportunity & Accommodations At Bonterra, we are proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We provide equal employment opportunities without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, veteran status, or any other characteristic protected by law. If you require a reasonable accommodation during the application process, please submit a request.

About the Role: United Community is seeking an experienced Information Security Controls Analyst to serve as a subject matter expert in evaluating and strengthening our cybersecurity and technology controls. This role plays a critical part in assessing risk exposure, recommending control improvements, and ensuring alignment with regulatory standards and business risk tolerance. You'll collaborate with enterprise risk, compliance, and legal teams to provide visibility into our risk posture and drive meaningful change across the organization. What You'll Do: Review and document the adequacy of security and technology controls across business and IT environments. Evaluate control posture through interviews, documentation reviews, and workflow analysis. Recommend and support implementation of risk reduction strategies via policies, procedures, and technical controls. Partner with risk management and security leadership to align controls with organizational risk tolerance. Identify control strengths and weaknesses related to privacy, security, resiliency, and compliance. Document and advocate for control improvements that balance risk with operational efficiency. Support control development across testing, QA, and production environments. Present control effectiveness reports to senior risk leadership. Stay current on regulatory requirements, internal policies, and industry best practices. Participate in required compliance training and support internal/external audit activities. What We're Looking For: • Experience: 3+ years in cybersecurity or IT practitioner roles. 2+ years in IT risk or controls analysis. Practical experience with risk management and IT control frameworks. • Education: Bachelor's degree preferred in Information Assurance, Computer Science, Engineering, or a related technical field. • Required Skills: Strong understanding of risk frameworks (CRI, COSO, RMF, COBIT, NIST). Familiarity with regulatory standards (PCI, FFIEC, SOX, HIPAA, GDPR, CCPA, GLBA). Experience with CIS CSC, ISO 2700, or NIST CSF. Excellent written and verbal communication across all organizational levels. Strong organizational skills and ability to meet SLAs. Sound judgment and decision-making in complex scenarios. High integrity, trustworthiness, and adaptability. • Preferred Skills: Certifications such as CISSP, CISA, CRISC, or CISM. Technical experience with enterprise networks, applications, and directory services. Familiarity with enterprise GRC platforms. Travel: Up to 5% travel required. Supervisory Responsibility: This position does not have direct supervisory responsibilities. Conditions of Employment: Must be able to pass a criminal background & credit check This is a full-time, non-remote position FLSA Status: Non-Exempt We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state, or local protected class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

United Community is seeking an experienced Information Security Controls Analyst to serve as a subject matter expert in evaluating and strengthening our cybersecurity and technology controls. This role plays a critical part in assessing risk exposure, recommending control improvements, and ensuring alignment with regulatory standards and business risk tolerance. You'll collaborate with enterprise risk, compliance, and legal teams to provide visibility into our risk posture and drive meaningful change across the organization. What You'll Do * Review and document the adequacy of security and technology controls across business and IT environments. * Evaluate control posture through interviews, documentation reviews, and workflow analysis. * Recommend and support implementation of risk reduction strategies via policies, procedures, and technical controls. * Partner with risk management and security leadership to align controls with organizational risk tolerance. * Identify control strengths and weaknesses related to privacy, security, resiliency, and compliance. * Document and advocate for control improvements that balance risk with operational efficiency. * Support control development across testing, QA, and production environments. * Present control effectiveness reports to senior risk leadership. * Stay current on regulatory requirements, internal policies, and industry best practices. Requirements For Success Experience: * 3+ years in cybersecurity or IT practitioner roles. * 2+ years in IT risk or controls analysis. * Practical experience with risk management and IT control frameworks. Education: Bachelor's degree preferred in Information Assurance, Computer Science, Engineering, or a related technical field. Required Skills: * Strong understanding of risk frameworks (CRI, COSO, RMF, COBIT, NIST). * Familiarity with regulatory standards (PCI, FFIEC, SOX, HIPAA, GDPR, CCPA, GLBA). * Experience with CIS CSC, ISO 2700, or NIST CSF. * Excellent written and verbal communication across all organizational levels. * Strong organizational skills and ability to meet SLAs. * Sound judgment and decision-making in complex scenarios. * High integrity, trustworthiness, and adaptability. Preferred Skills: * Certifications such as CISSP, CISA, CRISC, or CISM. * Technical experience with enterprise networks, applications, and directory services. * Familiarity with enterprise GRC platforms. Conditions of Employment * Must be able to pass a criminal background & credit check * This is a full-time, non-remote position FLSA Status: * Exempt We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state, or local protected class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Pay Range USD $49,972.00 - USD $76,958.00 /Yr.

CTC is a cutting-edge proprietary trading firm with a long-term vision and a clear focus on helping the world price and manage risk. Our fun and trusting culture inspires us to solve the industry's most challenging problems and take calculated risks in a collaborative environment. We strive to be the most innovative firm in the industry today, tomorrow, and long into the future while upholding ethical excellence. We believe that CTC makes a positive impact on the markets, the lives of our employees, and all the communities to which we belong. Started in 1995 by a team of forward-thinking Traders, we are proud to call ourselves an industry leader that keeps making markets and each other better. The Role Ready to make an immediate impact at the heart of cybersecurity? Join CTC as an Information Security Operations Engineer, where every day puts you front and center in defending our systems. This isn't just monitoring screens. It's live fire, quick thinking, and creative problem solving. You'll be using powerful tools, investigating real threats, and teaming up with passionate pros who will help you develop top-tier security skills. You'll get a backstage pass to how attacks unfold, sharpen your instincts, and design smarter, faster responses. Our Security Operations team is growing quickly, making a real impact, and leading the charge to keep our business safe. This is your chance to launch your cybersecurity career with immediate responsibility, plenty of variety, and a team that is genuinely invested in your growth. In this role, you will get an inside look at how security works at a trading firm, master core tools and playbooks, and collaborate with people who enjoy solving tough problems together. Every day is different, and every win matters. What You'll Do * Monitor and triage alerts across security platforms such as SIEM, EDR, email, and identity, cutting through noise to kick off investigations as needed * Execute and improve incident response playbooks by gathering evidence, containing low-severity events, escalating thoughtfully, and communicating clearly * Perform daily security checks to ensure healthy systems, track issues through to closure, and keep runbooks updated * Support phishing investigations and user-reported security events, sharing findings to keep our teams protected * Assist with vulnerability and patch reviews alongside engineering, confirming that risks are remediated * Create detailed case documentation including timelines, artifacts, observables, and post-incident summaries to support learning and improvement * Suggest and build improvements for processes and playbooks, tuning detections and developing smart automations * Collaborate with technology partners across the firm, sharing context and building trust through fast, reliable service * Help teammates thrive, reduce repetitive work, improve signal over noise, and deliver consistent results What We're Looking For * Genuine interest in cybersecurity operations and a drive to build a career in SOC or incident response. Internships, school projects, or labs are welcome * Basic understanding of networking, Windows and Linux systems, and enterprise technology. Able to dig into logs and troubleshoot issues * Familiarity with at least one core security tool or domain, such as SIEM, EDR, email security gateways, or identity and MFA, and ready to learn more * Strong instincts for structured troubleshooting, evidence gathering, and writing clear documentation for tickets and incident handoffs * Basic scripting or automation skills in Python or PowerShell, or a willingness to learn and automate repetitive tasks * Curiosity, clear communication, and a collaborative mindset * Detail-oriented and service-driven with a disciplined approach to procedures, meeting SLAs, and seeking ways to improve outcomes * Willingness to join on-call or after-hours rotations as needed Nice to Haves * Hands-on experience with security platforms such as SIEM queries, endpoint detections, phishing analysis, or sandboxing * Familiarity with ticketing tools, incident tracking, or on-call workflows, and exposure to SOAR or automation tools * Coursework, certifications, or labs in security operations, such as Security+, Splunk fundamentals, or networking basics * Understanding of vulnerability management and experience working with engineering teams on remediation Compensation The salary range for this role is listed below. This role is also eligible for an annual discretionary bonus. The discretionary bonus will be dependent upon the individual's skills, experience, qualifications, and firm performance. Salary Range $150,000-$175,000 USD Most teams at CTC, with the exception of Trading, follow a hybrid workplace model, subject to change based on business need. Our Benefits We strongly believe in the well-being of our employees and their families so we offer outstanding benefits to support you both professionally and personally. These benefits include generous medical coverage, paid parental leave, free breakfast and lunch (plus healthy snacks, of course), wellness reimbursement, quarterly recharge days, and a variety of other benefits focused on providing the best employee experience. (Disclaimer: interns and contractors are not eligible for benefits at CTC) Our Commitment to Diversity, Equity and Inclusion At CTC, we aim to cultivate a workplace that celebrates diversity and each person feels included, engaged and empowered. Where each of us feels we belong. We are committed to having a diverse workforce and are proud to be an equal opportunity employer. CTC does not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or to apply for a position, please contact us at ***********************. Note that emails sent to this email account for non-disability related issues, such as following up on an application, will not receive a response. Use of Artificial Intelligence (AI) Information submitted by job applicants may be subject to review and analysis by automated systems, including Artificial Intelligence (AI), as part of the recruitment process. Such systems are utilized to enhance the efficiency and effectiveness of our hiring procedures. Applicants are advised that any information provided may be evaluated by AI tools to ensure an equitable and thorough assessment.

City: Dallas State/Province: Texas Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients' most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at ************** : Job Description Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information ͏ Do * Ensuring customer centricity by providing apt cybersecurity * Monitoring and safeguarding the log sources and security access * Planning for disaster recovery in the event of any security breaches * Monitor for attacks, intrusions and unusual, unauthorized or illegal activity * Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems * Conduct security assessments, risk analysis and root cause analysis of security incidents * Handling incidents escalated by the L1 team in 24x7 rotational shifts * Use advanced analytics tools to determine emerging threat patterns and vulnerabilities * Completing all tactical security operations tasks associated with this engagement. * Analyses all the attacks and come up with remedial attack analysis * Conduct detailed analysis of incidents and create reports and dashboards * Stakeholder coordination & audit assistance * Liaise with stakeholders in relation to cyber security issues and provide future recommendations * Maintain an information security risk register and assist with internal and external audits relating to information security * Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues * Advice and guidance to employees on issues such as spam and unwanted or malicious emails ͏ Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA's (90-95%), response time and resolution time TAT ͏ ͏ Mandatory Skills: Security Information Event Management . Experience: 3-5 Years . The expected compensation for this role ranges from $45,000 to $110,000 . Final compensation will depend on various factors, including your geographical location, minimum wage obligations, skills, and relevant experience. Based on the position, the role is also eligible for Wipro's standard benefits including a full range of medical and dental benefits options, disability insurance, paid time off (inclusive of sick leave), other paid and unpaid leave options. Applicants are advised that employment in some roles may be conditioned on successful completion of a post-offer drug screening, subject to applicable state law. Wipro provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Applications from veterans and people with disabilities are explicitly welcome. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.

Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity As a dedicated Manager Senior, Information Security (Application Security), you will lead our Application Security Engineering (ASE) Team. ASE team is responsible for supporting the business in the protection and secure development of USAA application by ensuring security throughout the Software Development Process (SDLC). This leader will also be responsible for identifying emerging risks, documenting, and building business cases to address them. This team is a part of our Cyber Threat Operation Center (CTOC), which protects, detects and responds to cyber security events. The CTOC is comprised of several teams that partner as needed to provide centralized and coordinated response and mitigation activities. Leads one or more analytical, business or technical support functions and is responsible for the implementation and management of enterprise information security policies, standards, processes and solutions that ensure USAA establishes, deepens and retains a best-in-class security posture. Develops, designs and implements security governance and assurance processes within security domains. This role has a direct impact on protecting USAA's brand and reputation within assigned Information Security domains. Plans and organizes activities of professional and administrative staff engaged in providing information security/cyber security services associated with existing and emerging security risks in a complex and highly regulated environment. Partners with the lines-of-business, Enterprise Risk and Compliance, Audit Services, and Legal, to support enterprise information security risk and compliance initiatives. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Phoenix, AZ, Colorado Springs, CO. Relocation assistance is not available for this position. What you'll do: Responsible for ownership and execution of one or more critical security domains or capabilities. Implements senior leadership's strategic vision and leads their team in the compliant day-to-day completion of their assigned information security domain. Chips in to the organization's short and long-term vision, strategies, goals and metrics. Leads effective operation of assigned information security domain's day-to-day operations including capacity, resilience and dependability capabilities and how changes in conditions, operations, or the environment will affect the system's operation. Develops, reviews, and communicates information security risk management policies and procedures to ensure appropriateness and adequacy versus industry standard methodologies and regulatory requirements. Responsible for developing performance indicators and reporting the status of information security activities and alerting management to potential risks, compliance issues, and operational inefficiencies. Develops, designs, and delivers a sustainable governance and assurance model within multiple domains. Identifies, monitors and evaluates operational solutions to reduce information security risk, meet compliance requirements and increase enterprise workforce efficiency, business agility and workforce scalability. Promotes information security awareness within their teams and across Enterprise Security Group. Serves as financial steward for the organization and handles workforce and budgets to ensure they cost-effectively meet the needs of the organization. Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities. Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures. What you have: Bachelor's degree in Information Security, Information Technology, Computer Science, Business Administration, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree. 6 years of related information security experience in one or more domains, e.g.: Cybersecurity, Identity and Access Management, Information Assurance and Governance, Operational Risk Management and/or Information Technology to include considerable accountability for projects, programs, processes or policies. 2 years of direct team lead, supervisory, or management experience in an Information Security or Information Technology domain. 2 years of researching, designing, or implementing technology, information security or cybersecurity solutions in a large financial institution or large enterprise information security program with a consistent track record of delivering results in compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines. Working knowledge of relevant regulations and standards related to risk management and information security, e.g.: FFIEC, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and the Payment Card Industry Data Security Standard. Strong written and verbal communication skills, including the ability to communicate technical analyses to a non-technical audience. Strong knowledge of security technologies to include cryptography, authentication, authorization, and controls. Strong Knowledge of IT risks and experience implementing security solutions. Knowledge of threats, vulnerabilities, attack methods and countermeasures for web-based applications, networks, and cyber security solutions. Expertise in risk management processes and principles. Familiarity with budgets, forecasting, and executing on the budgets for the applicable information security, cybersecurity, or technology support function. What sets you apart: Robust understanding of Application Security Standard and Frameworks (OWASP Top 10, OWASP SAMM, BSIMM, NIST SSDF, etc.) Familiarity with application security testing tools (SAST/DAST/SCA/Containers) and Web Application Firewall (WAF) Familiarity with Agile Workflows and Software Development Process (SDLC) Strong relationship management skills and ability to engage business partners across the enterprise. Compensation range: The salary range for this position is: $138,230.00 - $264,200.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on USAAjobs.com. Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Join the Global Information Security (GIS) department at CME Group as a Sr. Cyber Security Engineer - Threat Simulation. You will be an integral part of our Offensive Security organization, directly contributing to improving CME Group's security posture. This high-impact role is responsible for the execution of Red Team adversary emulations against our complex hybrid environment, proactively testing and strengthening our internal and internet-facing systems. You'll also be a key participant in Purple Team activities to continuously improve the organization's cyber detection and response capabilities. This is a perfect opportunity for a sharp, action-oriented engineer to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure. What You'll Get * Elevate your expertise in a supportive environment fostering continuous learning, rapid career progression, and an inclusive, global team culture. * Gain broad exposure to CME Group's diverse products, asset classes, and cross-functional teams, expanding your impact across critical financial infrastructure. * Receive a competitive salary and comprehensive benefits package. What You'll Do As a key member of our offensive security team, you will: * Execute high-impact Red Team exercises against our complex hybrid cloud environments, driven by real-world threat intelligence and the MITRE ATT&CK Framework. * Engineer and maintain robust Red and Purple Team infrastructure, continuously automating processes for efficiency and scale. * Co-design and lead joint Purple Team exercises, directly partnering with cyber defense to improve detection and response capabilities. * Innovate through continuous research into new offensive security TTPs (Tactics, Techniques, and Procedures) and drive knowledge transfer across the security organization. * Conduct specialized, ad-hoc offensive security tests utilizing industry-leading and internally developed tooling to uncover subtle security gaps. * Author comprehensive post-exercise reports, including detailed technical findings, compromise narratives, and strategic, risk-rated recommendations for remediation. * Mentor cyber defense teams during incident investigations, providing critical subject matter expertise on attacker tradecraft and mindset. * Champion security awareness and technical knowledge-sharing by collaborating with information security, technology, and business stakeholders. What You'll Bring We're looking for an engineer with a robust offensive mindset and a proven track record of breaking and building in complex enterprise environments. Technical Mastery * 5+ years' experience wielding industry-standard penetration testing and adversary emulation tools (e.g., Cobalt Strike, Sliver, Mythic, Bloodhound, Burp Suite). * Expert understanding of the MITRE ATT&CK Framework and advanced evasion techniques used to bypass modern security controls. * Strong comprehension of the cyber kill chain and the full lifecycle of an Advanced Persistent Threat (APT) targeting financial institutions. * Proficiency in at least one scripting language (e.g., Python, PowerShell) and experience with a compiled language (e.g., Go, C#) for tool development. * Deep experience attacking and securing complex cloud, on-prem, and hybrid environments, from initial access through actions on objective. * Solid knowledge of Windows and Linux system hardening concepts, Purple Team automation strategies, and vulnerability rating methodologies. * Proven experience with security within at least one major cloud provider (e.g., AWS, Azure, GCP). Nice to Haves: * Previous hands-on experience performing sophisticated adversary emulations/simulations specifically within the financial services sector. * A recognized offensive security industry certification (e.g., OSCP, GPEN, GXPN, OSWE, eCPTX) demonstrating specialized, high-impact skills. * Familiarity with modern enterprise security standards and frameworks (e.g., TIBER-EU, CBEST, NIST CSF). * Experience conducting offensive security exercises against emerging technologies, such as AI/ML systems or mac OS. #LI-DD1 #LI-Hybrid CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The pay range for this role is $116,600-$194,300. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active pension plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic benefits package for our team and their dependents. CME Group: Where Futures are Made CME Group is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it - all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more. At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone's perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic. Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.

A System Security Analyst analyzes and implements system(s) security measures to protect sensitive data and infrastructure. * Implement and maintain security software like firewalls, encryption programs, and intrusion detection systems * Identify vulnerabilities in systems and networks, conduct penetration testing, and recommend mitigation strategies * Work closely with the systems team and Info Sec team to implement and enforce security policies and procedures, ensuring compliance with industry standards * Stay informed about the latest IT security trends and threats, and research new security solutions * Verify the security of third-party vendors and collaboration to meet security requirements * Technical knowledge of enterprise-class technologies such as cloud (AWS and Azure), firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems * Thorough understanding of Microsoft's enterprise technology platform, including Azure, Active Directory, SQL, Office 365, and the Windows server and desktop operating systems, patching and vulnerabilities analysis * Hands-on experience with the following technology vendors and products: CyberArk, Okta, CyberReason, Splunk, Vulnerability Scanners Qualifications: * Bachelor's degree or equivalent with certifications related to Information Security e.g. CISA, CISSP, * 5-7 years of relevant experience * Preferred: Technical knowledge of enterprise-class technologies such as cloud (AWS and Azure), firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems. Thorough understanding of Microsoft's enterprise technology platform, including Azure, Active Directory, SQL, Office 365, and the Windows server and desktop operating systems patching and vulnerabilities analysis Skills: * CyberSecurity trends and latest threats and ethical hacker training * Working knowledge of Microsoft Excel and MS Word; basic keyboarding and calculator skills, must be able to do simple math and carry out written instructions * Travel to a variety of locations to perform work and/or attend meetings as required * Work occasionally requires more than 40 hours per week to perform the essential functions of the position * Lifting in an office setting may be required up to 30lbs. ANBTX strongly encourages candidates that are fluent in English and Spanish to apply. Jobs that specifically require candidates to be bilingual will be posted as a requirement.

Job Details Deer Park - Deer Park, TX Full TimeDescription Shift Hours: M-W & F 8:30 AM - 5:15 PM TH 8:30 AM - 5:45 PM and On-Call The Information Security Analyst is responsible for working with and providing support to the ISM and IS&T Team in maintaining security best practices and regulatory requirements. Essential Job Duties and Responsibilities Consistently meet all Shell FCU Service Commitments; Shell FCU Employee Creed and Shell FCU Service Distinctions Accountable to maintain knowledge of and comply with all applicable rules and regulations required within the scope of duties, including, but not limited to, the Bank Secrecy Act Required to attend annual training sessions as instructed or scheduled. Perform job duties and responsibilities in compliance with Shell FCU policies, procedures, philosophy, and standards of performance. Assist security team in identifying current security and compliance requirements and recommend security solutions or actions. Assess network threats such as computer viruses and malware, perform vulnerability assessment in support of penetration analysis, operate host and network intrusion/prevention programs, administer access/ monitoring of critical systems, review critical system logs, identify, and document unique local threats/vulnerabilities and recommend remedial action. Work with ISM/Network Team security standards and practices to install, design, configure and maintain security applications that protect against malware, encrypt information, and ward off hackers and other bad actors. Maintain the security and health of the network from misuse through neglect, lack of training, or malevolence from internal and external sources. Monitor programs and processes that keep outsiders from gaining access to Shell FCU private networks and data. Prepare for and provide rapid response to security threats such as virus, worms, or other malicious attacks. Assist in the preservation, identification, extraction, and documentation of evidence stored in computers. Perform log reviews on a predefined basis, to detect anomalous activity. Perform network vulnerability scans and make recommendations based on findings. Conduct forensic analyses when necessary. Utilize cybersecurity tools to periodically test the corporate environment and verify end user best practices to maintain strong security practices. Work with IS&T staff to continually review and maintain security hardening standards within newly deployed systems, codes, updates, upgrades, or patches. Assist in patch management and firmware updates to maintain optimal levels of security. Support anomaly detection and trending tools to provide in-depth analysis of events detected by these applications. Included in this position will be the overall maintenance of the environments, configuration upgrades and tuning, incident response escalations, and 1st level NOC support for all alerts detected. Respond to network security incidents through remediation efforts including implementation of a secure infrastructure, the secure repair of technology components and assist in the development of incident response and recovery processes. Support IS&T staff on security-related projects including design, configuration, deployment and maintenance of policy enforcement tools, techniques, and reporting. Participate in business continuity / disaster recovery planning and Change Management / Change Configuration processes and reviews. Effectively communicate security information gathered from security tools, logs, evolving risks, and reported incidents by employees, to management or security teams. Perform additional duties, as assigned. Shell Federal Credit Union is an equal opportunity and an affirmative action employer and committed to providing equal opportunity for all employees and applicants for employment, without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, age, citizenship status, marital status, protected veteran status, mental and/or physical disability, pregnancy, or any basis prohibited by State or Federal law. Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Knowledge and Skills Experience: Three or more years' strong Windows and Windows Network administration, database systems and network connectivity skills. Three or more years' experience performing security related tasks for a medium to large enterprise. Education / Training: Two-year degree; Cybersecurity degree and/or equivalent related experience or certification. Two or more years' systems development, information security, PC support and network/systems administration experience. Current, Industry standard recognized certification in information security (ex: Security+, CEH certification) Good knowledge/experience working with following products a plus: Windows Server Technologies, Cisco Routers/Switches/Firewalls, Websense, Symantec Endpoint Protection, IDS/IPS, Cisco CSA, Windows Active Directory Infrastructure, Linux based systems, Kali Linux, Threat Hunting, Honeypots, Wireshark, NESSUS, Penetration Testing Tools, Dell KACE, working knowledge of Python. Job Requirements: Knowledge of credit union products and services Positive, welcoming, and helpful demeanor Must be able to communicate information technology and security procedures and requirements to users and key Management. Must possess functional knowledge regarding regulatory issues pertaining to security in a financial institution. Must have strong analytical and problem-solving skills with the ability to clearly present and communicate technical and management concepts. Advanced computer skills Must possess professional verbal communication skills. Position requires participation in on-call rotations as needed or assigned. Position will at times require participation in after-hours or weekend work. Must be prepared to participate in Disaster Recovery, Business Continuity, or Incident Response scenarios. Ability to multitask in a fast-paced environment. Ability to handle workloads during emergencies or stressful time sensitive situations. Ability to work in open-concept workspace/environment. Physical Demands: While performing the duties of this job, the employee is regularly required to bend and stand. May at times be able to lift, carry and/or move up to 15 pounds. Working Conditions Exposure to potential hazardous conditions-robbery. Employees are to receive detailed instructions and procedures to be followed to minimize risk. In accordance with the American with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization. This is not a complete statement of all duties and responsibilities comprising this position. Job descriptions are not intended and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law. This organization uses E-Verify in its hiring practices to achieve a lawful workforce.

Why GMF Technology? Innovation isn't just a talking point at GM Financial, it's how we operate. From generative AI and cloud-native technologies to peer-led learning and hackathons, our tech teams are building real solutions that make a difference. We're committed to AI-powered transformation, using advanced machine learning and automation to help us reimagine customer interactions and modernize operations, positioning GM Financial as a leader in digital innovation within a dynamic industry. Join us and discover a workplace where your ideas matter, your development is prioritized, and you can truly make a global impact. What Makes You A Dream Candidate? Proven experience in IAM, cybersecurity, or IT risk management Strong understanding of IAM technologies and patterns (e.g., Okta, SailPoint, AD, CyberArk) Experience with dashboard creation and data visualization tools Familiarity with compliance frameworks and exception handling Proven experience with: IAM provisioning and governance (e.g., AD, Okta, SailPoint, CyberArk) IAM architecture and role design in multi-account environments (e.g., AWS IAM roles via Account Vending Machine) SOX compliance and risk mitigation related to access controls Leading cross-functional IAM initiatives and managing backlogs through platforms like ServiceNow Familiarity with: SSO and MFA implementations Machine-to-machine access patterns IAM rules of engagement and onboarding protocols Advanced understanding of IT Service Management (ITSM) best practices and processes High-level understanding of technology infrastructure, security concepts and platforms Demonstrated success in project management Knowledge and stay abreast on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities Knowledge of ServiceNow platform Exposure to CI/CD (Continuous improvement/continuous delivery (Agile/Scrum/ITIL) Exposure to cloud applications Strategic thinker with strong analytical, problem-solving, and decision-making abilities; resourceful in recognizing opportunities and identifying alternatives Effective communicator-quick, clear, concise, and impactful in both verbal and written formats; fosters open communication, listens actively, and writes effectively Innovative and creative, approaching challenges with an open mind and generating new ideas and methods; maximizes potential to improve processes Proficient in technical writing and documentation tools, including Visio and Microsoft Office Suite Highly detail-oriented, fast learner, and self-starter with strong data reconciliation capabilities Education and Experience: 4-6 years of experience in IT Security, information systems, audit or risk and compliance role required Experience in data analytics preferred High School Diploma or equivalent required Bachelor's Degree in related field or equivalent experience preferred Professional certifications such as CISA, CIPT, CGEIT, Six Sigma preferred What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays. Our Culture: Our team members define and shape our culture - an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work - we thrive. Compensation: Competitive pay and bonus eligibility Work Life Balance: Flexible hybrid work environment, 2 days a week in office #LI-Hybrid #LI-KC1 #GMFjobs About The Role: The IAM Assurance & Enablement Analyst III role is responsible for supporting enterprise-wide identity and access management (IAM) standards through proactive enablement, exception oversight, and operational alignment. This position contributes to the delivery of scalable IAM solutions by ensuring visibility into identity lifecycle processes, managing exceptions, and collaborating across teams to drive consistent implementation of IAM practices. This role reports to the IAM Assurance & Enablement Manager. Continuous Monitoring & Dashboards Support efforts to monitor Joiner, Mover, Leaver (JML) processes and develop dashboards that provide visibility into IAM posture and risk indicators Define and evolve IAM standards in alignment with cyber and enterprise policies Enforce compliance for non-compliant applications and ensure consistent application of IAM patterns (e.g., AD, CyberArk, Okta, SailPoint) Assist with risk exceptions ensuring proper documentation, tracking, and resolution Support the IAM Delegate Program, fostering cross-team alignment and enabling effective delegation of IAM responsibilities Access Review Oversight Partner with IAM Product, Engineering, Operations, Support, and Integration teams to ensure seamless onboarding, enablement, and delivery of IAM services Effectively communicate current status of all projects, problems and issues to the department manager and AVP Assist in the support of activities in the areas of oversight, quality control and continuous monitoring of information to resolve issues preventing the optimal delivery of IAM Assist in compliance assessments and initiate corrective action(s) as needed

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: Freddie Mac is seeking an experienced Manager to join our Third Party Risk Governance (TPRG) Information Security (Cyber) team. Your role will be vital in identifying potential risks and ensuring that effective mitigation strategies are in place. If you have a strong foundation in risk management and cybersecurity, and are committed to protecting organizations from threats, we invite you to apply for this critical role at Freddie Mac. Our Impact: The Seller/Servicer Information Security Oversight Team, within Third-Party Risk Management, is responsible for monitoring the information security standards of seller/servicers to ensure the safeguarding of Freddie Mac's data in alignment with the Freddie Mac Guide. Our team of cyber risk specialists is actively involved in monitoring, identifying, detecting, and responding to cyber threats. Through regular vulnerability scans, they work diligently to mitigate information security risks to Freddie Mac. Your Impact: * As a Manager, you will play a key role in enhancing our oversight of third-party risk management. Your responsibilities will include: * Leading initiatives to conduct thorough cybersecurity risk assessments. * Applying the Cybersecurity Framework (CSF) to structure and improve our risk management processes. * Collaborating with various stakeholders to identify and assess potential information security risks. * Developing and implementing strategic plans to effectively mitigate identified risks. * Ensuring the continuous improvement of our cybersecurity posture through proactive risk management and oversight. * Conducting comprehensive Information Security risk reviews and interviews with seller/servicers as part of the annual Consolidated Origination and Risk Evaluation (CORE) review. * Analyzing findings from these reviews and developing a detailed risk assessment, backed by supporting evidence. Qualifications: * 8+ years of experience in risk management, internal controls, audit, or compliance, preferably within financial services or mortgage operations * 8 to 10 years of experience in cybersecurity or cyber risk management, with a focus on highly regulated industries. * Bachelor's degree in computer science, engineering, or a related field, or equivalent work experience, preferred. * Proficiency in performing risk analyses, vulnerability assessments, and threat modeling. * Proven track record of leading risk assessment and controls initiatives across business functions * Proven experience engaging with senior leadership to understand and align with strategic goals. * Experience in IT governance, risk, and controls, including familiarity with frameworks such as COBIT, FFIEC, ISO 2700x, and NIST. * Strong analytical and problem-solving skills. * Excellent communication skills for articulating technical risks to non-technical audiences. * In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001. * Industry certifications such as Sec+, SSCP, GSEC or C|EH, preferred Keys to Success: * Significant understanding of the Third-Party Risk Governance process * Ability to perform additional duties as assigned to support the organization's evolving needs. * Strong analytical and problem-solving skills. * Excellent communication skills for articulating technical risks to non-technical audiences. * In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001 * Possess a deep understanding of NIST standards and evaluate seller/servicers' compliance with the Freddie Mac Guide. * Identify and assess potential risks and vulnerabilities to our systems and data posed by third parties, utilizing approved monitoring tools. * Conduct thorough risk assessments, analyze potential threats, and evaluate third-party information security processes and procedures. * Identify associated risks and provide a comprehensive risk assessment with supporting evidence. Current Freddie Mac employees please apply through the internal career site. We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. A safe and secure environment is critical to Freddie Mac's business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs. CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit ****************** and register with our referral code: MAC. Time-type:Full time FLSA Status:Exempt Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site. This position has an annualized market-based salary range of $142,000 - $214,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.

Job Description Support the Information security governance, risk management and compliance program, focusing on compliance and assurance. Facilitate the compliance and assurance program, by performing assurance assessments to ensure Alliant Credit Union (ACU) is compliant with regulatory and legal obligations. Help maintain the technical control library ensure assessments align securing ACU. Facilitate IT issue management by working with employees on scheduling calls and going over the issue and resolution. Essential Responsibilities Responsible to facilitate the compliance and assurance assessments and issue management via a GRC tool Conduct assurance assessment, including control test of design (ToD) and test of operating effectiveness (TOE) activities Provide recommendations on improving compliance-related processes and/or procedures and identify opportunities for ITGC/security compliance control automation Facilitate group and individual meetings, ensure that each meeting is organized and aligned and schedule walkthrough agenda addressing any issue that arise and and guiding towards actionable outcomes Assist internal and external audit teams to address inquiries Participate in InfoSec projects as assigned by management such as the review of documents Education Minimum- 4 Year Bachelors Degree in Computer Science, Information Security or Related Years of Experience Minimum - 2 Years Governance, Risk Management, Compliance within a financial institution or Security Compliance or Related In Lieu of Education 5 Years Governance, Risk Management, Compliance within a financial institution License/Certifications/Training Preferred: Compliance, Risk Management, or Governance certifications: CRISC, CISM or CISA Compensation & Benefits: Typical hiring range: $57,500 - $89,500 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. Additional Compensation: Annual performance bonus Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match. Additional Benefits: Work from home up to 3 days a week Paid parental leave Employee discount programs Time off including paid personal and sick days 11 paid holidays Education reimbursement *Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives. The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

**You are the brains behind our work ...** At Citi, we do not just adapt to change - we drive it. Our Full Time Technology Analyst Program is where forward-thinking talents meet unparalleled opportunities. This is your chance to innovate, influence, and make an impact in the most global financial institution! Citi Technology partners to ensure that Citi's platforms can "Be the Best" for clients globally, with a diverse and ethical workforce that applies innovation and automation to deliver a world class client experience and strengthen our reputation. We have over 30,000 technologists globally who are dedicated to serving our clients' needs across the firm. By utilizing a broad range of technologies, we are at the forefront of innovation. We seek to drive our systems and processes towards scalable, low-latency, high frequency enterprise systems to support Citi's strategic priorities. **We provide you with the knowledge and skills you need to succeed...** We're committed to teaching you the ropes. The 2-year Analyst Program starts in July and begins with a robust training program. Here at Citi, rotational programs are intended to help you build a broad skillset and accelerate your career growth by gaining exposure to more than one team in Cyber Security. Our rotational program will help you discover the best fit for your skills and long-term career goals at Citi. **Your time here will look something like this...** Our technological solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Chief Information Security Office (CISO) works together to ensure the safety of Citi's and our clients' assets and information. You will make tangible contributions to high-impact, real-world projects that directly influence the evolution of banking. Your work could involve anything from developing next-generation digital banking solutions and fortifying our cybersecurity defenses to driving data-powered innovations and transforming customer experiences. Be a part of impactful initiatives that shape the future of finance. **As a member in our program, you can expect:** + **Global Exposure:** Work in globally scoped projects with cross-functional teams and gain insights into how technology drives the financial sector worldwide. + **Continuous Learning:** Benefit from structured learning, networking, mentoring, and development programs that are designed to sharpen your technical prowess, enhance your business insight, and cultivate your leadership skills. + **Real Impact:** Contribute to real-world projects that shape the future of banking, from developing next-gen digital banking solutions to enhancing our cybersecurity defenses and driving data-powered innovations. **We want to hear from you if...** We are in a hunt for trailblazers with a passion for technology and drive to make a difference. To join this elite program, you should: + Be graduating between December 2025 and May 2026. + Pursuing bachelor's degree in Cyber Security, Computer Science, Computer Engineering, Information Technology, Management Information Systems, or other tech related degree. + GPA of 3.0 or better is preferred. + You will not require sponsorship for U.S. work authorization now or anytime in the future. + You have an interest working in a high-tech global technology environment and have a fundamental understanding of technologies, including by not limited to programing languages (C++, Java, etc.), application development, or basic concepts of relational databases. + Be a problem solver who thrives on innovation and enjoys tackling challenges head-on. + Possess a global outlook and a willingness to collaborate across cultures and time zones. + Have excellent communication skills, project management, leadership, attention to detail, and the ability to work well within diverse teams. + Ability to pass technical interviews consisting of basic algorithmic programming exercises. + Must be collaborative and adaptable, with excellent communication skills. Prior experience working on agile teams is desirable. **Who we think will be a great fit...** A dedication to learning and a true passion for business are vital. As industries all over the globe continue to restructure and grow, we are hiring professionals who have a global perspective on the future of banking and want to make an impact. We value diversity and so do you. We will also be looking for the following: + Are ambitious, with relentless drive to succeed in a fast-paced, dynamic environment. + Are curious about how technology can revolutionize finance and are eager to be at the forefront of this transformation. + Want to grow into a future tech leader, with a passion for both technology and its application in the global financial industry. Annual Salary = $90,000USD ------------------------------------------------------ **Job Family Group:** Management Development Programs ------------------------------------------------------ **Job Family:** Training ------------------------------------------------------ **Time Type:** Full time ------------------------------------------------------ **Primary Location:** Irving Texas United States ------------------------------------------------------ **Primary Location Full Time Salary Range:** $80,000.00 - $115,000.00 In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire. ------------------------------------------------------ **Most Relevant Skills** Please see the requirements listed above. ------------------------------------------------------ **Other Relevant Skills** For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ **Anticipated Posting Close Date:** Nov 21, 2025 ------------------------------------------------------ _Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law._ _If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi (*************************************************************************** ._ _View Citi's EEO Policy Statement (*********************************************** and the Know Your Rights (*********************************************************************************************** poster._ Citi is an equal opportunity and affirmative action employer. Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity As a dedicated Manager Senior, Information Security (Application Security), you will lead our Application Security Engineering (ASE) Team. ASE team is responsible for supporting the business in the protection and secure development of USAA application by ensuring security throughout the Software Development Process (SDLC). This leader will also be responsible for identifying emerging risks, documenting, and building business cases to address them. This team is a part of our Cyber Threat Operation Center (CTOC), which protects, detects and responds to cyber security events. The CTOC is comprised of several teams that partner as needed to provide centralized and coordinated response and mitigation activities. Leads one or more analytical, business or technical support functions and is responsible for the implementation and management of enterprise information security policies, standards, processes and solutions that ensure USAA establishes, deepens and retains a best-in-class security posture. Develops, designs and implements security governance and assurance processes within security domains. This role has a direct impact on protecting USAA's brand and reputation within assigned Information Security domains. Plans and organizes activities of professional and administrative staff engaged in providing information security/cyber security services associated with existing and emerging security risks in a complex and highly regulated environment. Partners with the lines-of-business, Enterprise Risk and Compliance, Audit Services, and Legal, to support enterprise information security risk and compliance initiatives. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Phoenix, AZ, Colorado Springs, CO. Relocation assistance is not available for this position. What you'll do: * Responsible for ownership and execution of one or more critical security domains or capabilities. * Implements senior leadership's strategic vision and leads their team in the compliant day-to-day completion of their assigned information security domain. Chips in to the organization's short and long-term vision, strategies, goals and metrics. * Leads effective operation of assigned information security domain's day-to-day operations including capacity, resilience and dependability capabilities and how changes in conditions, operations, or the environment will affect the system's operation. * Develops, reviews, and communicates information security risk management policies and procedures to ensure appropriateness and adequacy versus industry standard methodologies and regulatory requirements. * Responsible for developing performance indicators and reporting the status of information security activities and alerting management to potential risks, compliance issues, and operational inefficiencies. * Develops, designs, and delivers a sustainable governance and assurance model within multiple domains. * Identifies, monitors and evaluates operational solutions to reduce information security risk, meet compliance requirements and increase enterprise workforce efficiency, business agility and workforce scalability. * Promotes information security awareness within their teams and across Enterprise Security Group. * Serves as financial steward for the organization and handles workforce and budgets to ensure they cost-effectively meet the needs of the organization. * Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities. * Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures. What you have: * Bachelor's degree in Information Security, Information Technology, Computer Science, Business Administration, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree. * 6 years of related information security experience in one or more domains, e.g.: Cybersecurity, Identity and Access Management, Information Assurance and Governance, Operational Risk Management and/or Information Technology to include considerable accountability for projects, programs, processes or policies. * 2 years of direct team lead, supervisory, or management experience in an Information Security or Information Technology domain. * 2 years of researching, designing, or implementing technology, information security or cybersecurity solutions in a large financial institution or large enterprise information security program with a consistent track record of delivering results in compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines. * Working knowledge of relevant regulations and standards related to risk management and information security, e.g.: FFIEC, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and the Payment Card Industry Data Security Standard. * Strong written and verbal communication skills, including the ability to communicate technical analyses to a non-technical audience. * Strong knowledge of security technologies to include cryptography, authentication, authorization, and controls. * Strong Knowledge of IT risks and experience implementing security solutions. * Knowledge of threats, vulnerabilities, attack methods and countermeasures for web-based applications, networks, and cyber security solutions. * Expertise in risk management processes and principles. * Familiarity with budgets, forecasting, and executing on the budgets for the applicable information security, cybersecurity, or technology support function. What sets you apart: * Robust understanding of Application Security Standard and Frameworks (OWASP Top 10, OWASP SAMM, BSIMM, NIST SSDF, etc.) * Familiarity with application security testing tools (SAST/DAST/SCA/Containers) and Web Application Firewall (WAF) * Familiarity with Agile Workflows and Software Development Process (SDLC) * Strong relationship management skills and ability to engage business partners across the enterprise. Compensation range: The salary range for this position is: $138,230.00 - $264,200.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on USAAjobs.com. Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity As a dedicated Manager Senior, Information Security (Application Security), you will lead our Application Security Engineering (ASE) Team. ASE team is responsible for supporting the business in the protection and secure development of USAA application by ensuring security throughout the Software Development Process (SDLC). This leader will also be responsible for identifying emerging risks, documenting, and building business cases to address them. This team is a part of our Cyber Threat Operation Center (CTOC), which protects, detects and responds to cyber security events. The CTOC is comprised of several teams that partner as needed to provide centralized and coordinated response and mitigation activities. Leads one or more analytical, business or technical support functions and is responsible for the implementation and management of enterprise information security policies, standards, processes and solutions that ensure USAA establishes, deepens and retains a best-in-class security posture. Develops, designs and implements security governance and assurance processes within security domains. This role has a direct impact on protecting USAA's brand and reputation within assigned Information Security domains. Plans and organizes activities of professional and administrative staff engaged in providing information security/cyber security services associated with existing and emerging security risks in a complex and highly regulated environment. Partners with the lines-of-business, Enterprise Risk and Compliance, Audit Services, and Legal, to support enterprise information security risk and compliance initiatives. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Phoenix, AZ, Colorado Springs, CO. Relocation assistance is not available for this position. What you'll do: Responsible for ownership and execution of one or more critical security domains or capabilities. Implements senior leadership's strategic vision and leads their team in the compliant day-to-day completion of their assigned information security domain. Chips in to the organization's short and long-term vision, strategies, goals and metrics. Leads effective operation of assigned information security domain's day-to-day operations including capacity, resilience and dependability capabilities and how changes in conditions, operations, or the environment will affect the system's operation. Develops, reviews, and communicates information security risk management policies and procedures to ensure appropriateness and adequacy versus industry standard methodologies and regulatory requirements. Responsible for developing performance indicators and reporting the status of information security activities and alerting management to potential risks, compliance issues, and operational inefficiencies. Develops, designs, and delivers a sustainable governance and assurance model within multiple domains. Identifies, monitors and evaluates operational solutions to reduce information security risk, meet compliance requirements and increase enterprise workforce efficiency, business agility and workforce scalability. Promotes information security awareness within their teams and across Enterprise Security Group. Serves as financial steward for the organization and handles workforce and budgets to ensure they cost-effectively meet the needs of the organization. Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities. Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures. What you have: Bachelor's degree in Information Security, Information Technology, Computer Science, Business Administration, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree. 6 years of related information security experience in one or more domains, e.g.: Cybersecurity, Identity and Access Management, Information Assurance and Governance, Operational Risk Management and/or Information Technology to include considerable accountability for projects, programs, processes or policies. 2 years of direct team lead, supervisory, or management experience in an Information Security or Information Technology domain. 2 years of researching, designing, or implementing technology, information security or cybersecurity solutions in a large financial institution or large enterprise information security program with a consistent track record of delivering results in compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines. Working knowledge of relevant regulations and standards related to risk management and information security, e.g.: FFIEC, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and the Payment Card Industry Data Security Standard. Strong written and verbal communication skills, including the ability to communicate technical analyses to a non-technical audience. Strong knowledge of security technologies to include cryptography, authentication, authorization, and controls. Strong Knowledge of IT risks and experience implementing security solutions. Knowledge of threats, vulnerabilities, attack methods and countermeasures for web-based applications, networks, and cyber security solutions. Expertise in risk management processes and principles. Familiarity with budgets, forecasting, and executing on the budgets for the applicable information security, cybersecurity, or technology support function. What sets you apart: Robust understanding of Application Security Standard and Frameworks (OWASP Top 10, OWASP SAMM, BSIMM, NIST SSDF, etc.) Familiarity with application security testing tools (SAST/DAST/SCA/Containers) and Web Application Firewall (WAF) Familiarity with Agile Workflows and Software Development Process (SDLC) Strong relationship management skills and ability to engage business partners across the enterprise. Compensation range: The salary range for this position is: $138,230.00 - $264,200.00. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on USAAjobs.com. Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

**Why USAA?** At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. **The Opportunity** As a dedicated Manager Senior, Information Security (Application Security), you will lead our Application Security Engineering (ASE) Team. ASE team is responsible for supporting the business in the protection and secure development of USAA application by ensuring security throughout the Software Development Process (SDLC). This leader will also be responsible for identifying emerging risks, documenting, and building business cases to address them. This team is a part of our Cyber Threat Operation Center (CTOC), which protects, detects and responds to cyber security events. The CTOC is comprised of several teams that partner as needed to provide centralized and coordinated response and mitigation activities. Leads one or more analytical, business or technical support functions and is responsible for the implementation and management of enterprise information security policies, standards, processes and solutions that ensure USAA establishes, deepens and retains a best-in-class security posture. Develops, designs and implements security governance and assurance processes within security domains. This role has a direct impact on protecting USAA's brand and reputation within assigned Information Security domains. Plans and organizes activities of professional and administrative staff engaged in providing information security/cyber security services associated with existing and emerging security risks in a complex and highly regulated environment. Partners with the lines-of-business, Enterprise Risk and Compliance, Audit Services, and Legal, to support enterprise information security risk and compliance initiatives. We offer a flexible work environment that requires an individual to be **in the office 4 days per week.** This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Phoenix, AZ, Colorado Springs, CO. Relocation assistance is **not** available for this position. **What you'll do:** + Responsible for ownership and execution of one or more critical security domains or capabilities. + Implements senior leadership's strategic vision and leads their team in the compliant day-to-day completion of their assigned information security domain. Chips in to the organization's short and long-term vision, strategies, goals and metrics. + Leads effective operation of assigned information security domain's day-to-day operations including capacity, resilience and dependability capabilities and how changes in conditions, operations, or the environment will affect the system's operation. + Develops, reviews, and communicates information security risk management policies and procedures to ensure appropriateness and adequacy versus industry standard methodologies and regulatory requirements. + Responsible for developing performance indicators and reporting the status of information security activities and alerting management to potential risks, compliance issues, and operational inefficiencies. + Develops, designs, and delivers a sustainable governance and assurance model within multiple domains. + Identifies, monitors and evaluates operational solutions to reduce information security risk, meet compliance requirements and increase enterprise workforce efficiency, business agility and workforce scalability. + Promotes information security awareness within their teams and across Enterprise Security Group. + Serves as financial steward for the organization and handles workforce and budgets to ensure they cost-effectively meet the needs of the organization. + Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities. + Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures. **What you have:** + Bachelor's degree in Information Security, Information Technology, Computer Science, Business Administration, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree. + 6 years of related information security experience in one or more domains, e.g.: Cybersecurity, Identity and Access Management, Information Assurance and Governance, Operational Risk Management and/or Information Technology to include considerable accountability for projects, programs, processes or policies. + 2 years of direct team lead, supervisory, or management experience in an Information Security or Information Technology domain. + 2 years of researching, designing, or implementing technology, information security or cybersecurity solutions in a large financial institution or large enterprise information security program with a consistent track record of delivering results in compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines. + Working knowledge of relevant regulations and standards related to risk management and information security, e.g.: FFIEC, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and the Payment Card Industry Data Security Standard. + Strong written and verbal communication skills, including the ability to communicate technical analyses to a non-technical audience. + Strong knowledge of security technologies to include cryptography, authentication, authorization, and controls. + Strong Knowledge of IT risks and experience implementing security solutions. + Knowledge of threats, vulnerabilities, attack methods and countermeasures for web-based applications, networks, and cyber security solutions. + Expertise in risk management processes and principles. + Familiarity with budgets, forecasting, and executing on the budgets for the applicable information security, cybersecurity, or technology support function. **What sets you apart:** + Robust understanding of Application Security Standard and Frameworks (OWASP Top 10, OWASP SAMM, BSIMM, NIST SSDF, etc.) + Familiarity with application security testing tools (SAST/DAST/SCA/Containers) and Web Application Firewall (WAF) + Familiarity with Agile Workflows and Software Development Process (SDLC) + Strong relationship management skills and ability to engage business partners across the enterprise. **Compensation range:** The salary range for this position is: $138,230.00 - $264,200.00 **.** **USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.).** **Compensation:** USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. **Benefits:** At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on USAAjobs.com. _Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting._ _USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran._ **If you are an existing USAA employee, please use the internal career site in OneSource to apply.** **Please do not type your first and last name in all caps.** **_Find your purpose. Join our mission._** USAA is unlike any other financial services organization. The mission of the association is to facilitate the financial security of its members, associates and their families through provision of a full range of highly competitive financial products and services; in so doing, USAA seeks to be the provider of choice for the military community. We do this by upholding the highest standards and ensuring that our corporate business activities and individual employee conduct reflect good judgment and common sense, and are consistent with our core values of service, loyalty, honesty and integrity. USAA attributes its long-standing success to its most valuable resource: our 35,000 employees. They are the heart and soul of our member-service culture. When you join us, you'll become part of a thriving community committed to going above for those who have gone beyond: the men and women of the U.S. military, their associates and their families. In order to play a role on our team, you don't have to be connected to the military yourself - you just need to share our passion for serving our more than 13 million members. USAA is an EEO/AA Employer - applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, sexual orientation, gender identity or expression, pregnancy, protected veteran status or other status protected by law. California applicants, please review our HR CCPA - Notice at Collection (********************************************************************************************************** here. USAA is an EEO/AA Employer - applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, sexual orientation, gender identity or expression, pregnancy, protected veteran status or other status protected by law.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

not eligible for sponsorship Locations: Onsite in Memphis, TN; Maryville, TN; Birmingham, AL; Lafayette, LA; New Orleans, LA; Charlotte, NC; Raleigh, NC; or Dallas, TX. The Cyber Security Engineer - Threat Management is a mid-level Cyber Security Engineer responsible for second level security event/incident response along with the collection, analysis, and dissemination of cyber threat intelligence. These capabilities will include timely collection of advanced warning of impeding IT vulnerabilities or threats, a thorough correlation, analysis, and storage of threat intelligence information, and operational support of the incident response process. The candidate They will deliver and sustain the enterprise management strategy and solutions from a governance, process, discipline and technology standpoint, to support enterprise environments and our presence in various cloud instances and on-premises data centers covering threats / FIM / configuration management / incident response / vulnerability management. Secondary roles include IPS, EDR, TIP tools, and other information security solutions. Essential Functions of the Job: * Responding to SOC alerts performing an analysis, and containment of security events. * Provide tier II support for escalated security incidents. * Support the Cyber Incident Response Team (CIRT) in the effective detection, analysis, and containment of attacks. * Operate the configuration management program to track configuration drift over time, working with asset custodians to correct any configuration deviation from baseline. * Operate the File Integrity Management program to track changes to file systems on critical systems. * Operate the processes necessary to collect threat intelligence, analyze the data for patterns and actionable information, and create intelligence products for other teams to consume using MITRE ATT&CK Framework. * Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents. * Integrate appropriate systems and logs into the global threat management platform or Security Event and Incident Management system to properly protect critical assets. * Design, test and develop specific content and alerting to identify threats against critical assets. * Document incident response playbooks for new threat content and alerts. * Maintain an understanding of attacks, vectors and emergent threats. * Obtain and share cyber security intelligence with security partners, vendors and law enforcement as necessary. * Produce weekly and monthly operational metrics. * Work with vendors and internal customers to respond to escalations. * Recommends Preventative Security Actions. * Recommends Corrective Security Actions. * Comprehension of basic banking systems. Job Requirements: * High School Graduate or Equivalent. * Bachelor's Degree Preferred but not required in Computer Engineering/Computer Science or related field. * CISSP, GSEC, GCIH, CEH or other security certifications preferred, but not required. * Three year minimum working in cyber threat or information security. Knowledge and Skills Requirements: * Familiar with compliance regulations such as SOX, PCI-DSS, GLBA, and Federal Banking regulations. * Proficient with cloud security and monitoring capabilities in Azure * Proficient with Incident Response in Azure * Proficient with configuration management scanning tools. * Knowledgeable with Tripwire or other file integrity management tools. * Excellent team skills and integrity in a professional environment. * Ability to Map threats and vulnerabilities to MITRE. About Us First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. More information is available at ********************* Benefit Highlights * Medical with wellness incentives, dental, and vision * HSA with company match * Maternity and parental leave * Tuition reimbursement * Mentor program * 401(k) with 6% match * More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits Follow Us Facebook X formerly Twitter LinkedIn Instagram YouTube