Information security analyst jobs in Antioch, CA

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.

NO SPONSORSHIP - NO OPT Cybersecurity Engineer / Architect BILL RATE: Open - C2C or W2 DURATION: 1 YEAR OR LONGER The manager is looking for someone out of a large enterprise environment and is a true architect with engineering skills. Highly technical and applications and infrastructure focused is key platform applications storage network virtualization cloud azure and mobile security The Cyber Security Engineer will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This role requires the solution of complex enterprise-scale information security problems. The role will design and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Skills/Experience: Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices. Mandatory Technical Skills: Experience with healthcare data systems or claims management platforms Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Additional Technical Skills: Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks

Job Title :: Information Security Analyst Duration :: 12+ Months and 5 days onsite Must Have :: KQL - Kusto Query Language SPL that Splunk uses General incident response Actual incident tickets - resolve actual security incident tickets Qualifications: Bachelor's degree in Cyber Security, Information Security, Computer Science, or 3+ years of experience in Information Security or Cyber Security *Splunk experience *SQL *Microsoft Office *Cyber kill chain/incident response *SOC experience *programming experience-python Responsibilities: • Knowledge of SPL and use of Splunk • Coding experience or knowledge, preferably in Python and/or R • Knowledge of SQL and database experience • Proficiency in Microsoft Office applications, especially Excel and PowerPoint • Knowledge of Level 1 & 2 SOC operations • Public speaking skills

We are seeking an experienced Product Security Architect to join our Security Center of Excellence team and lead security initiatives across our cloud-based SaaS product portfolio. This role requires a unique blend of deep technical expertise, architectural vision, and collaborative leadership to ensure our products are built with security at their core. The ideal candidate will work at the intersection of security, development, and product design to create robust, secure solutions that protect our customers and their data. Key Responsibilities Security Architecture & Design Design and implement comprehensive security architectures for cloud-based SaaS products, ensuring security is embedded throughout the product lifecycle Conduct thorough threat modeling exercises for new and existing product features, identifying potential vulnerabilities and attack vectors Define security requirements, patterns, and best practices for product development teams Review and approve architectural designs from a security perspective, providing actionable guidance and recommendations Product Security Assessment Perform in-depth security assessments of products at the code, configuration, and architectural levels Identify security vulnerabilities, weaknesses, and gaps in existing and proposed product implementations Conduct code reviews with a focus on security, analyzing Java, Python, and React codebases for security flaws Evaluate third-party integrations, APIs, and dependencies for security risks Collaboration & Enablement Partner closely with development teams to integrate security controls and best practices into the software development lifecycle Work with QE teams to develop security test strategies, including penetration testing, vulnerability scanning, and security automation Provide security guidance and mentorship to engineering teams, fostering a security-first culture Translate complex security concepts into clear, actionable recommendations for technical and non-technicaål stakeholders Cloud & Infrastructure Security Design and implement security controls for cloud infrastructure and services (AWS, Azure, GCP) Architect and implement IAM strategies including role-based access control (RBAC), attribute-based access control (ABAC), least privilege principles, and identity federation Design secure network architectures including VPCs, security groups, network ACLs, microsegmentation, and zero-trust network access Establish cloud configuration security standards and guardrails to prevent misconfigurations and ensure secure-by-default deployments Ensure proper implementation of cloud security best practices including data encryption (at rest and in transit), secrets management, and compliance Monitor and respond to emerging cloud security threats and vulnerabilities Security Standards & Compliance Establish and maintain security standards, policies, and procedures aligned with industry frameworks Support compliance efforts including SOC 2, ISO 27001, GDPR, and other relevant standards Stay current with evolving security threats, vulnerabilities, and industry best practices Required Qualifications Experience 8+ years of experience in information security, with at least 5 years specifically in product security architecture Proven track record as a Product Security Architect in a SaaS or cloud-based company Extensive experience with threat modeling methodologies (STRIDE, PASTA, or similar) Hands-on experience identifying and remediating security vulnerabilities in production environments Strong background working collaboratively with development and QE teams in agile environments Technical Expertise Deep understanding of secure coding practices and common vulnerability patterns (OWASP Top 10, CWE/SANS Top 25) Proficiency in code-level security analysis across multiple languages, particularly Java, Python, and React/JavaScript Strong knowledge of cloud security architectures and services (AWS, Azure, or GCP) Expert-level knowledge of IAM principles and implementation including multi-factor authentication, single sign-on, privileged access management, service accounts, and identity lifecycle management Deep understanding of network security including firewalls, IDS/IPS, VPN, TLS/SSL, DDoS protection, API gateways, and secure network segmentation Extensive experience with cloud configuration security including infrastructure-as-code security, cloud security posture management, configuration drift detection, and automated compliance checking Experience with authentication and authorization frameworks (OAuth 2.0, OpenID Connect, SAML, JWT, RBAC, ABAC) Understanding of containerization and orchestration security (Docker, Kubernetes) Knowledge of API security, microservices architecture, and distributed systems security Familiarity with DevSecOps practices and security automation tools (SAST, DAST, SCA) Certifications CISSP (Certified Information Systems Security Professional) required Additional relevant certifications valued: Cloud security: CCSP, AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Professional Security Engineer Security architecture: CSSLP, SABSA Penetration testing: CEH, OSCP, GPEN Network security: CCNP Security, GIAC certifications Preferred Qualifications Experience with Infrastructure as Code (Terraform, CloudFormation) and security policy as code Knowledge of zero-trust architecture principles and implementation Experience with security incident response and vulnerability management programs Background in software development or engineering Experience with regulatory compliance frameworks and security audits Published security research, conference presentations, or contributions to open-source security projects Master's degree in Computer Science, Cybersecurity, or related field Technical Skills Programming & Scripting: Java (enterprise application security) Python (security automation, scripting) JavaScript/React (frontend security) Additional languages a plus (Go, Rust, C/C++) Security Tools & Platforms: SAST/DAST tools (Checkmarx, Fortify, Veracode, etc.) Vulnerability scanners and penetration testing tools Security information and event management (SIEM) platforms Cloud security posture management (CSPM) tools Cloud Platforms & Configuration: AWS, Azure, or Google Cloud Platform IAM services (AWS IAM, Azure AD, GCP IAM, identity federation) Network security services (VPC, Security Groups, Network ACLs, WAF, Cloud Firewall) Cloud configuration management and security scanning tools Cloud-native security services and controls (GuardDuty, Security Hub, Azure Defender, Security Command Center) Secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault) Serverless architecture security Development & DevOps: CI/CD pipelines and security integration Version control systems (Git) Containerization and orchestration Agile/Scrum methodologies Personal Attributes Strong analytical and problem-solving skills with attention to detail Excellent communication skills with the ability to influence and educate diverse audiences Self-motivated with the ability to work independently and as part of a team Passionate about security and staying ahead of emerging threats Pragmatic approach to balancing security with business needs and user experience What We Offer Opportunity to shape security architecture for cutting-edge Cybersecurity SaaS products Collaborative environment with highly talented engineering teams Professional development and growth opportunities Competitive compensation and benefits package We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

At least 9 years of experience with Information Technology Domain experience in supply chain, order management, shipping, inventory management Understanding of Oracle PL/SQL, SQL, ERP (OM, Inventory, Shipping, Receiving), Java and various integration technologies and approaches, to be able to comprehend existing as well as design new solutions Sound data analysis skills Expertise in grasping the complexity of current state application design, analyze new requirements to design new solution options and develop functional specification & author technical user story for developers and QA team members Experienced in test case preparation/reviews, supporting QA exercise and issue resolutions Perform validations of the capabilities once developed to ensure compliance with the business requirements Perform demos to stakeholders Ability to work in teams within a diverse/multi-stakeholder environment Ability to interact effectively across cross-functional teams to iron out integration needs Experience and desire to work in a Global delivery environment Strong analytical abilities Good communication skills

Create the product vision, customer persona identification, product framework for IT's compliance practices including the scopes of SOX and GxP Our client is a public biopharmaceutical company that is regulated by different governmental agencies. It is important that IT operates in a manner that is consistent, accurate, and high quality so that they stay in compliance with GxP and SOX procedures, protocols and audits. This role collaborates with IT members, QA leadership, Finance/SOX leadership, to align plans and activities to achieve successful results for GxP and SOX. ESSENTIAL DUTIES/RESPONSIBILITIES: Manage our IT systems' SOX related Governance, Risk and Compliance (SAP-GRC) component, framework and operations to maintain high quality and transparent results. Collaborate and work closely with Finance teams to set expectation and align activities. Oversee the cyclical SOX evidence sample selection, collection, data analysis, corrective actions and actively participate with the internal and external audit processes Drive the SOX Segregation of Duty analysis and related actions Ensure that IT Product Owners and product teams operate their SOX procedures with exceptions Coordinate and collaborate with business partners (e.g. Finance SOX Operations, Corporate Quality Assurance) to set priorities and directions to achieve reliable and optimal results for accurate and quality operations with successful compliance results. Represent IT's philosophy and operational requirements to our business partners Experience: Minimum of 5 years of experience with SOX compliance. Minimum of 3 years of experience managing SAP-GRC, ITGC, and SOX Experience leading IT GxP compliance practices Experience with operating and testing SOX controls a plus (in accordance with Governance Risk Compliance framework). Knowledge, Skills and Abilities: General knowledge of the Sarbanes-Oxley Act and the application to IT General knowledge of SOX IT controls and the operations and execution of SOX IT Controls Advance skills and abilities managing consultants and Managed Service Providers Comprehensive experience with IT development lifecycle and support methodologies Comprehensive experience with project management The salary range provided for this contract role represents our good faith estimate for this position. Within the range, individual offers will vary based on the selected candidate's experience, industry knowledge, technical and communication skills, location and other factors that may prove relevant during the interview process (W2 or C2C). In addition to compensation, the company provides eligible W2 employees with a comprehensive and highly competitive benefits package. I.T. Solutions, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Team Intro The Access Assurance vertical within USDS Data Identity and Access Management (DIAM) Team is responsible for designing and maintaining an access management program with a mission to enforce the principle of least privilege. We strive to establish secure and compliant processes around provisioning, deprovisioning and governance of access to USDS data and infrastructure proactively identifying and reducing risks. Job Overview: As an Access Assurance Analyst, you will be part of the team responsible for Access Assurance within TikTok USDS. You will be responsible for supporting the team along with a team of cross-functional cyber, privacy, engineering, and data protection analysts to define, implement, manage, and measure controls to protect data in accordance with USDS policies and standards relevant to geographical regulations, contractual commitments, and confidentiality requirements. The Access Assurance Analyst will play a pivotal role in operationalization of access management programs in USDS. In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time. Responsibilities: * Design access management program that addresses data residency and fine-grained role-based access requirements and controls as necessitated by business need and regulations * Assist in the development and implementation of Access governance frameworks, policies, and procedures. * Build and review technical and functional requirements for in-house or external technologies to support access management and assurance needs, including applying appropriate security measures * Operationalize access management workflows to improve efficiency * Support periodic reviews of access to USDS data and systems * Drive remediation of non-compliant access in a timely fashion * Implement and enforce mechanisms to proactively monitor, respond and report on inappropriate data access events * Work with other information security teams to classify and categorize data based on sensitivity and compliance requirements * Support interactions with Risk and Compliance to understand control requirements and provide information to support findings for non-compliance with internal security policies * Responsible for designing and reporting key metrics and visualizations for weekly, monthly and bimonthly cadences across multiple audiences * Participate in security reviews to ensure compliance with access governance policies. * Foster a principle of least privilege for access management * Collaborate with key stakeholders to ensure alignment of access governance initiatives with organizational goals.Minimum Qualifications: * Bachelor's degree in a related field (e.g., Information Management, Computer Science, Business Analytics, Cyber Security) * 5+ years of experience in identity and access management or access governance & 5+ years of experience working with IAM tools and strong knowledge of Access management concepts (RBAC, PAM, Access Reviews, SOD, LCM, provisioning and deprovisioning of Access) * Experience in designing/deploying Access management solutions, Experience analyzing large data sets across multiple database types (e.g., MySQL, Hive, Redis etc) leveraging SQL etc., Experience with industry frameworks, standards and regulations (e.g. ISO, NIST) * Ability to write scripts, develop automations, configure tools, work with APIs and databases while being Proficient in at least one software programming language (Python,Java,Ruby etc) along with Familiarity with Cloud-based technology deployments * Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge * Strong analytical and problem-solving skills with the Ability to communicate technical concepts to a broad range of technical and non-technical staff * Comfortable working in a fast-paced, dynamic environment Preferred Qualifications: * Strong understanding of technology environments and various databases * Experience working with technology partners to validate data-related problems * Experience working with Microservices architecture * Experience in automating access management workflows to reduce operational overhead * Experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000 etc.)

Hello Heart is on a mission to change the way people care for their hearts. The company provides the first app and connected heart monitor to help people track and manage their heart health. With Hello Heart, users take steps to control their risk of heart attacks and stroke - the leading cause of death in the United States. Peer-reviewed studies have shown that high-risk users of Hello Heart have seen meaningful drops in blood pressure, cholesterol and even weight. Recognized as the digital leader in preventive heart health, Hello Heart is trusted by more than 130 leading Fortune 500 and government employers, national health plans, and labor organizations. Founded in 2013, Hello Heart has raised more than $138 million from top venture firms and is a best-in-class solution on the American Heart Association's Innovators' Network and CVS Health Point Solutions Management platform. Visit ****************** for more information. About the Role We are seeking a Cyber Security Analyst to strengthen our security operations and compliance posture. Reporting into our Information Security Officer, you will play a key role in protecting sensitive data, ensuring regulatory compliance, and supporting the secure adoption of new technologies such as AI. You will work cross-functionally with IT, Engineering, Compliance, and HR to build and maintain secure, resilient processes across the organization. Responsibilities Support secure access lifecycle processes, including provisioning, deprovisioning, role-based access, and MFA/SSO management Conduct periodic access reviews and ensure identity data quality Perform vulnerability scans across systems and applications, track remediation progress, and partner with teams to prioritize risk-based fixes Assist with security assessments of cloud systems and applications, aligning with HIPAA, HITECH, NIST, and HITRUST frameworks Support internal and external audit preparation and execution Enforce encryption, access controls, and data loss prevention strategies for sensitive data Conduct third-party vendor risk assessments and oversee remediation efforts Support secure adoption of AI tools by monitoring for risks such as data leakage and prompt injection, establishing governance guardrails, and delivering awareness training Participate in endpoint security monitoring, disaster recovery exercises, tabletop simulations, and awareness training initiatives Contribute to ongoing security operations, risk management efforts, and special security projects Qualifications 3+ years of experience in IAM, IAM operations, or security analyst roles (healthcare technology or other regulated environments preferred) Hands-on experience with identity platforms such as Okta, Azure AD, or Google IdP, plus SCIM, SAML/OIDC/OAuth, directory services, group policy, and conditional access Experience with vulnerability management platforms (Tenable, Qualys, Rapid7, AWS Inspect, Kandji) and patch orchestration workflows Working knowledge of HIPAA, HITECH, NIST CSF/800-66, and CIS Controls (familiarity with HITRUST CSF is a plus) Knowledge of cloud security basics (AWS, Azure, GCP), least-privilege IAM, and networking fundamentals (TCP/IP, DNS, HTTP, VPN, segmentation) Familiarity with endpoint security solutions (CrowdStrike Falcon, Cynet, SentinelOne) and DLP tools Familiarity with GenAI, keeping up to date with innovative security programs and artificial intelligence systems Proactive communication and documentation skills, with the ability to collaborate across technical and non-technical teams globally The US base salary range for this full-time position is $130,000.00 to $145,000.00. Salary ranges are determined by role and level. Compensation is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the salary only, and do not include equity or benefits. #LI-DNP Hello Heart has a positive, diverse, and supportive culture - we look for people who are collaborative, creative, and courageous. Oh, and if you want to see some recent evidence of the fun things we do at Hello Heart, check out our Instagram page.

Job Description Forhyre is seeking a talented individual that will be able to provide security architecture support and interface across the program as needed. This support includes, but is not limited to, cybersecurity solutions, providing technical strategy for solutions, guidance, policy, and implementations. The successful candidate for this position is a highly motivated individual, with a strong IT security background who excels integrating, operating, and deploying security technology and solutions and interacts well with both internal teams and clients. Note: U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time. Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information Develop and implement security policies and controls to support the Cyber Security framework Manage the existing cyber security training program across global, multilingual business Assists in ensuring global Information security program meets all industry regulations, standards, and compliance requirements Drive adoption of infrastructure security best practices and work with Information Technology teams to ensure security standards are maintained Implement technology to proactively scan Information Technology environment for security breaches and suspicious activity Continuous improvement in the areas of Information Security technologies, techniques and processes Develops and maintains an effective system for the distribution of regular key performance indicator reports and dashboard Ability to interpret penetration test results and describe issues and fixes to non-security expert Responsible for leading an accurate & comprehensive status reporting to the executive steering committee Create and implement SOP/ process improvement initiatives to achieve outcomes that align or exceed the expectations of strategic roadmap Skills & Experience Bachelor's degree and 12+ years of experience; additional years of directly applicable experience may be accepted in lieu of a degree. Certified Information Systems Security Professional (CISSP) 8+ years hands-on experience designing or implementing security solutions, including all related documentation and artifacts Analytical ability, problem-solving skills, and ability to break down complex problems into actionable steps Extensive experience in design and development of enterprise security architectures. Experience must include a wide range of work in creating diagrams and documentation with all components that comprise IT systems including network topology. Strong knowledge and experience in secure enterprise architecture design, especially with regard to IAM, NDR, EDR, SIEM, AI/ML, and other cybersecurity tools and resultant applications Experience selecting effective methods, techniques, and evaluation criteria to achieve desired outcomes Previous experience developing architectures, strategies, strategic plans, roadmaps, and technical standards for the federal IT enterprise environment. Vulnerability Assessment testing and/or Penetration Testing (preferred) Robotic Process Automation/Intelligent Automation (preferred) Business case development supporting security technology solutions (preferred) Additional certifications demonstrating cybersecurity/technical mastery (preferred)

blue Stone Recruiting is a national search firm with a focus of placing top Cyber Security talent from the Analyst level to CISO with prestigious organizations nationwide Job Description Our client seeking a Cyber Security Operations Analyst to support an operations team that supports a large government customer. The candidate will be relied upon to assist teammates and perform troubleshooting as needed. The candidate should excel in a fast-paced work environment and be willing to face new challenges. Qualifications • Proficiency with vulnerability scanning, remediation and reporting • Knowledge in web application scanning using various tools • Demonstrated proficiency with Windows, UNIX, & LINUX operating systems • Experience working in a customer service information technology environment • Network security and system security experience • Ability to discuss real world troubleshooting; problems and solutions encountered • Knowledge of IT security best practices, US federal government standards, regulations and policy (FedRamp, TIC, NIST 800-37rev1 & 800-53rev3) • Must be motivated and able to work independently • Proven project leadership (PowerPoint presenting, MS Project Planning) • Experience working with change implementation in a controlled environment • Excellent verbal, written communication and technical writing skills Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience. 2-5 years of related experience in data security administration. Experience using some of the following tools: o Nessus o Tenable Security Center o Netsparker o WebInspect o BurpSite Additional InformationWork with blue Stone recruiting to find your next Cyber Security role. You can find us at ******************************* We look forward to speaking with you.

Opportunity Type CLASSIFIED EMPLOYMENT OPPORTUNITY Position Title INFORMATION SECURITY ANALYST Posting Number S2549 Close/First Review Date 11/16/2025 Department ITSS (Information Technology Support Services) Work Location District Office Position Status Full Time Salary Range $141,330 - $172,437 Annual Salary (Range 150: Classified Salary Schedule Fiscal Year 2025-2026). Starting placement is generally at Step 1. Benefits Summary In addition to the salary, this position qualifies for the choice of one of the District's excellent Health Benefits and Welfare plans, which the premium cost is 100% paid by the District for the employee and their eligible dependents, and one health plan costing an estimated $60,000 for the District for fiscal year 2025-2026. We offer two medical plans (Anthem Blue Cross [PPO] and Kaiser Permanente (HMO]); dental (Delta Dental PPO); vision (VSP Choice); life insurance for the employee (The Hartford); life insurance for eligible dependents (The Hartford); a long term disability/income protection plan (The Hartford); and an employee assistance plan (Anthem EAP). In addition, the District contributes an additional 26.81% of the employee's salary towards an eligible employee's pension (CalPERS). Employees may also elect to participate in optional plans including purchasing additional life insurance for themselves and their eligible dependent(s); enroll in a medical, transportation, and/or dependent care Flexible Spending Account(s) (with the $4 monthly administrative fee paid by the District); and set pre-taxed dollars aside to supplement their pension in a 403b (tax shelter annuity) and/or a 457 (deferred compensation) plan(s). Classified employees also earn 10 to 22 days per year of vacation (based on years of service), and up to 12 sick leave days (pro-rated for less than full-time positions). There are currently 20 paid holidays. Position Description POSITION SUMMARY The Information Security Analyst reports to Executive Director of ITSS (Information Technology Support Services) at the District Office. The work schedule is 12 months per year; 40 hours per week; Monday - Friday; 8:00 a.m. - 5:00 p.m. This position is represented by CSEA (California School Employees Association), Chapter 363. POSITION PURPOSE Reporting to Executive Director, ITSS or an assigned administrator, the Information Security Analyst performs complex work related to the District's information security program including testing, analysis and evaluation of the integrity and confidentiality of enterprise systems, network, assets and communication technology throughout the District. The position monitors security systems and conducts periodic risk assessments to identify, troubleshoot, diagnose, resolve and report security problems and breaches; assists in coordinating and conducting investigations involving District technology resources, and assists with security awareness training. DISTINGUISHING CHARACTERISTICS This position focuses on threat and vulnerability management with exposure and support on all aspects of the cybersecurity practice. Incumbent in this position should have advanced knowledge on risk identification, protection and compliance, threat detection, incident response plan development and annual review, and recovery services to achieve business resilience. KEY DUTIES AND RESPONSIBILITIES 1. Analyze, evaluate and implement security applications, policies, standards and procedures intended to prevent the unauthorized use, disclosure, modification, loss or destruction of data; work with the campus community and other staff to ensure the integrity and security of the information technology infrastructure. 2. Lead the development, testing and implementation of information security products and control techniques in all locations throughout the District. 3. Work with campus and district technology teams to ensure the security of all applications and assets. 4. Monitor and review security systems and logs. Identify, troubleshoot, diagnose, resolve, document and report security problems and incidents; help coordinate and conduct investigations of suspected breaches; respond to emergency information security situations. 5. Collaborate with application programming team and other IT staff to ensure production applications meet established security policies and standards. 6. Assist with training and education on information security and privacy awareness topics for District administrators, faculty and staff; assist in the development of appropriate security-incident notification procedures for District management. 7. Work with vendors to conduct vulnerability assessments to identify existing or potential electronic data and assets compromises and their sources; participate in investigative matters with appropriate law enforcement agencies. 8. Perform audits and periodic inspections of District information systems to ensure security measures are functioning and effectively utilized and recommend appropriate remedial measures to eliminate or mitigate future system compromises. 9. Review, evaluate, and recommend software products related to IT systems security, such as virus scanning and repair, encryption, firewalls, internet filtering and monitoring, intrusion detection, etc. 10. Monitor and maintain the District's security event information system (SEIM) and data loss prevention software. 11. Manage security systems and policies including but not limited to servers, firewalls, email security, and Microsoft 365 environment. 12. Recommend and implement security policies, protocols, practices and lead in creation of security training and guidance to staff. 13. Assist in the secure management and maintenance of the District's network authentication systems for wired and wireless network access. 14. Review security practices and controls of third-party service providers that handle District sensitive data, and review security controls and features of third-party software systems. 15. Ensure that maintenance, configuration, repair and patching of systems occurs on a scheduled and timely basis utilizing best practices in change management and consistent with policies and procedures. 16. Keep current with latest emerging security issues and threats through list servers, blogs, newsletters, conferences, user groups, and networking and collaboration with peers in other institutions. 17. Perform other duties reasonably related to the job classification. EMPLOYMENT STANDARD Knowledge of: 1. Compliance and industry cybersecurity standards frameworks such as NIST 800 and ISO standards. 2. Emerging technologies and the possible impact on existing information systems, instructional processes and business operations. 3. Incident response best practices and software license compliance laws. 4. Troubleshooting tools for computing hardware, servers and network equipment including but not limited to switches, routers, and firewalls. 5. Enterprise resource planning systems, Microsoft 365 and Active Directory and Azure Active Directory. 6. Principles of program design, coding, testing and implementation. 7. Advanced knowledge of desktop and server operating systems including Windows and Linux. 8. Disaster recovery and backup including business continuity planning. 9. Principles of training, support, and services to end-users. 10. General research techniques and data driven analytics. 11. Modern office administrative practices and use of tools including computers, websites and other applications related to this job. Skills and Ability to: 1. Apply current NIST and ISO standards to current operations. 2. Respond to incidents and events in a timely manner. 3. Prepare clear and concise system documentation and reports. 4. Prioritize assigned tasks and projects. 5. Communicate complicated technical issues and the risks they pose to stakeholders and management. 6. Establish and maintain effective and cooperative working relationships with others. 7. Analyze situations accurately and adopt effective course of action. 8. Coordinate, develop, and implement projects. 9. Work with attention to detail and independently with minimum supervision. Required Qualifications EDUCATION AND EXPERIENCE 1. A Bachelor's degree from an accredited institution with major course work in computer information systems, computer science, business administration, or related field. 2. Two years of experience performing information security duties, which may include implementing, overseeing, and/or managing information security technologies, process, or programs, including identification, protection, detection, response, and recovery activities. Certification: 1. Professional security or privacy certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials. District's Diversity * Demonstrated sensitivity, knowledge and understanding of the diverse academic, socioeconomic, gender identity, sexual orientation, cultural, disability, and ethnic background of groups historically underrepresented, and groups who may have experienced discrimination. * Success integrating diversity as appropriate into the major duties outlined in the job description and in the duties listed in the District's hiring policy; or demonstrated equivalent transferable skills to do so. Desired Qualifications 1. Bilingual abilities, desirable. Foreign Degree For positions that require a degree or coursework: Degree(s) must have been awarded by a college or university accredited by an accrediting body recognized by the U.S. Council on Post-Secondary Accreditation and/or the U.S. Department of Education. All degrees and credits earned outside of the United States must have a U.S. evaluation (course by course) of the transcripts and must be submitted with the application. Degrees earned outside of the U.S. without a U.S. credential evaluation attached, will not be considered. Working Environment Physical Demands: 1. Must sit for long periods of time, use hands and fingers to operate an electronic keyboard, reach with hands and arms, and speak clearly and distinctly to ask questions and provide information, hear and understand voices over telephone and in person. 2. The physical demands described here are representative of those that must be met by an individual to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. About San Jose/Evergreen Community College District The District is represented by dedicated and talented employees who are passionate about providing our student population with the best educational experience possible. The District recognizes that cultural diversity in the academic environment promotes academic excellence; fosters cultural, racial and human understanding; provides positive roles models for all students, and creates an inclusive and supportive educational and work environment for its employees, students, and the community it serves. As of Spring 2024, with enrollment of approximately 15,655 students per semester, and an extremely diverse student population (Hispanic/Latino 45.20%, Black/African-American 3.45%, Asian/Pacific Islander 31.70%, American Indian/Native American 0.36%, White/Caucasian 12.76%) attaining educational goals reflecting 56% - Transfer to a 4-Year College/ University, the District's emphasis on student success makes it a recognized educational leader in the State. The District encourages a diverse pool of applicants to serve as colleagues to an existing diverse classified staff consisting of 43.9% Latinx, 25.3% Asian/Pacific Islander, 4.2% Black/African American, 0.3% American Indian/Native American, 17.9% White/Caucasian, and as well as encouraging applications from all qualified, outstanding applicants. Important Information EQUAL OPPORTUNITY EMPLOYER STATEMENT: San José-Evergreen Community College District is an Equal Opportunity Employer committed to nondiscrimination on the basis of ethnic group identification, race, color, language, accent, immigration status, ancestry, national origin, age, gender, gender identity, religion, sexual orientation, transgender, marital status, veteran status, medical condition, and physical or mental disability consistent with applicable federal and state laws. CONTACT: Employment Services, Human Resources, SJECCD 40 S. Market Street, San Jose, CA 95113 Phone: ************** Email: ******************************* Employment Website: ****************************** District Website: ************** APPLICATION PROCEDURES: Interested applicants MUST SUBMIT ONLINE ALL of the following materials by the First Review Date/Closing Date as listed on the job announcement. Applications received after the First Review Date will only be forwarded to the hiring committee at their request. 1. A completed online San José-Evergreen Community College District APPLICATION. 2. A COVER LETTER (Stating how you feel you meet the qualifications as outline in the job announcement). 3. A current RESUME/CURRICULUM VITAE 4. TRANSCRIPT - (If Required) If a degree is listed as a requirement, transcripts (Not Diplomas) MUST INCLUDE confer or award date of stated degree. Unofficial transcripts will be accepted; however if the position is offered, official transcripts will be required prior to employment. If the transcripts or degrees are from outside of the United States, an official certification of equivalency to U.S. degrees by a certified U.S. credential review service (course by course of the transcripts) MUST also be submitted. (See below for a list of suggested services that provide foreign degree equivalency evaluation to U.S. degrees). Note: Some positions may require additional documents and/or certificates, in addition to the items listed above. Please refer to the job announcement. OTHER APPLICANT INFORMATION: 1. Only complete application materials will be considered. No exceptions. 2. Letters of Recommendation are NOT required and will not be forwarded to the hiring committee. 3. Upon hire the successful candidate must provide the required documents of identity and authorization to work and attest he/she is authorized to work in the United States. 4. Application materials become the property of the District and will not be returned or duplicated. 5. Travel expenses to attend the interview are the responsibility of the candidate. 6. Meeting the minimum qualifications does NOT assure an interview. 7. The District may re-advertise, delay, choose not to fill the position, or choose to fill more than one position. Suggested services that provide foreign degree equivalency evaluation to U.S. degrees: Academic Credentials Evaluation Institute, Inc. Website: *************************** Education Records Evaluation Services Website: ************ International Education Research Foundation Website: ******************** World Education Services Website: ***********

Details: Stefanini Group is hiring! Stefanini is looking for an Information Security Analyst for San Francisco, CA/Salt Lake City, UT/Los Angeles, CA (Onsite Role). For quick Apply, please reach out to Rahul Kumar: ************/ ************************* W2 candidates only! Responsibilities: Knowledge of SPL and use of Splunk; experience with KQL(Kusto Query Language) Coding experience or knowledge, preferably in Python and/or R Knowledge of SQL and database experience Proficiency in Microsoft Office applications, especially Excel and PowerPoint Knowledge of Level 1 & 2 SOC operations Public speaking skills #LI-RK1#LI-HYBRID Details: Qualifications: Peraton high BG check or secret clearance Bachelor's degree in Cyber Security, Information Security, Computer Science, or 3+ years of experience in Information Security or Cyber Security Preference is local to SF, open to remote Splunk experience, SQL Microsoft Office Cyber kill chain/incident response SOC experience programming experience-python Listed salary ranges may vary based on experience, qualifications, and local market. Also, some positions may include bonuses or other incentives. Stefanini takes pride in hiring top talent and developing relationships with our future employees. Our talent acquisition teams will never make an offer of employment without having a phone conversation with you. Those face-to-face conversations will involve a description of the job for which you have applied. We also speak with you about the process including interviews and job offers. About Stefanini Group: The Stefanini Group is a global provider of offshore, onshore and near shore outsourcing, IT digital consulting, systems integration, application, and strategic staffing services to Fortune 1000 enterprises around the world. Our presence is in countries like the Americas, Europe, Africa, and Asia, and more than four hundred clients across a broad spectrum of markets, including financial services, manufacturing, telecommunications, chemical services, technology, public sector, and utilities. Stefanini is a CMM level 5, IT consulting company with a global presence. We are CMM Level 5 company.

Our Company Changing the world through digital experiences is what Adobe's all about. We give everyone-from emerging artists to global brands-everything they need to design and deliver exceptional digital experiences! We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen. We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours! The Opportunity The Adobe Security organization seeks a proactive force multiplier with experience skillfully leading multiple technical programs, running a healthy portfolio, working directly with leadership, and delighting stakeholders. Our ideal candidate has superb communication and relationship-building skills and a solid track record of driving business outcomes through managing large programs. In addition, familiarity with fundamentals in key security operations and related security compliance frameworks could help this candidate have an immediate impact. If you excel at navigating complexity with multiple internal customers, are a master planner who helps teams foresee challenges and risks and guides them through them, and are equipped with a diverse technical program management toolbox, we can't wait for you to join our Security PMO team! What you'll Do * Partner directly with security leadership to build a portfolio of key programs. Lead and monitor the health and execution of several key initiatives with insights into status, risks, dependencies, roadblocks, and budget across the organization's program portfolio. * Ensure a healthy program portfolio in Adobe's Technology GRC (Governance, Risk, and Compliance) organization with a clearly defined roadmap. * Bring together cross-functional teams to deliver business outcomes for high-priority programs through clear planning, execution, partnership, and communication. * Make things easier for all collaborators of your program portfolio by driving simplicity, clarity, and efficiency in all aspects of your work. * Reduce program risk by proactively identifying, communicating, and removing roadblocks. * Build trust through visibility. Provide accurate and timely data-driven status reports for a broad audience and lead executive governance meetings. * Effectively handle program financials, including driving accurate budget forecasts. What you need to succeed * Exceptional communication skills for effective engagement with both engineers and executives in meetings, presentations, and writing. Excel at building strong and trusted partner relationships. * 7+ years as a program manager in the security domain with portfolio-level oversight experience. Demonstrate strong knowledge in the compliance field and have worked closely with the compliance teams on projects. * Experience leading programs involving AI systems and workflows (e.g., MCP servers, RAG capabilities, LLM integrations, or related AI infrastructure). * Established history of effectively managing programs from inception, prioritizing, and strategizing to implementation, reporting, and successful delivery of intricate projects with many significant internal customers. * Demonstrated Agile practice experience in software projects and familiarity with Jira (including query and dashboarding), O365 Suite, MS Teams, SharePoint, MS Project, Excel, and Miro or equivalent experience * Familiarity with compliance frameworks such as ISO 42001, SOC2, HIPAA, PCI DSS, ISO27001, ISO27017/18, ISO22301, and Geo-compliance programs. * Preferred Certifications: CISSP, CISM, PMP, or equivalent credentials demonstrating expertise in cybersecurity and program leadership. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $124,300 -- $228,400 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process. At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP). In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award. State-Specific Notices: California: Fair Chance Ordinances Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances. Colorado: Application Window Notice If this role is open to hiring in Colorado (as listed on the job posting), the application window will remain open until at least the date and time stated above in Pacific Time, in compliance with Colorado pay transparency regulations. If this role does not have Colorado listed as a hiring location, no specific application window applies, and the posting may close at any time based on hiring needs. Massachusetts: Massachusetts Legal Notice It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more. Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call **************.

Lambda, The Superintelligence Cloud, builds Gigawatt-scale AI Factories for Training and Inference. Lambda's mission is to make compute as ubiquitous as electricity and give every person access to artificial intelligence. One person, one GPU. If you'd like to build the world's best deep learning cloud, join us. *Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda's designated work from home day is currently Tuesday. What You'll Do Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives Manage IT Risk Register including risk identification, tracking, and prioritization. Assist with and drive remediation of control deficiencies and gaps Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires Assist control owners with root cause analysis and track risk management action plan progress. Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements You Have a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements Have experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations Possess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives Nice to Have Experience in the machine learning or computer hardware industry Experience with Security by Design and/or Privacy by Design principles Experience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks. Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems Familiarity with using third-party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third-party risk management Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Experience in the AI infrastructure, machine learning and/or computer hardware industry Salary Range Information The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description. About Lambda Founded in 2012, ~400 employees (2025) and growing fast We offer generous cash & equity compensation Our investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove. We are experiencing extremely high demand for our systems, with quarter over quarter, year over year profitability Our research papers have been accepted into top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG Health, dental, and vision coverage for you and your dependents Wellness and Commuter stipends for select roles 401k Plan with 2% company match (USA employees) Flexible Paid Time Off Plan that we all actually use A Final Note: You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills. Equal Opportunity Employer Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.

**Be visionary** Teledyne Technologies Incorporated provides enabling technologies for industrial growth markets that require advanced technology and high reliability. These markets include aerospace and defense, factory automation, air and water quality environmental monitoring, electronics design and development, oceanographic research, deepwater oil and gas exploration and production, medical imaging and pharmaceutical research. We are looking for individuals who thrive on making an impact and want the excitement of being on a team that wins. **Job Description** **Make an impact where security meets innovation.** At Teledyne RF & Microwave, we design and deliver advanced technologies that power aerospace, defense, and communications worldwide. Our team thrives on precision, collaboration, and a commitment to protecting critical systems. If you're passionate about cybersecurity and want to work for a trusted leader in high-tech solutions, this role is for you. **What you'll do** + Maintain the security posture of classified systems in line with approved policies + Verify implementation of security controls and keep documentation current + Manage system accounts and ensure proper authorization procedures + Conduct regular system assessments and report findings to the ISSM + Monitor audit logs and analyze user activity for compliance + Respond to security incidents and oversee recovery processes + Notify ISSM of system changes that impact authorization + Support hardware maintenance, backups, and virus updates + Train employees on internal security policies and assist with spill containment + Participate in configuration control activities when designated **What you need** + Strong problem-solving and organizational skills (required) + Ability to analyze security data and enforce compliance (required) + Excellent communication and teamwork skills (required) + U.S. citizenship and eligibility for security clearance (required) + Bachelor's degree in Information Systems or Security+ certification (required) + Experience with classified systems and security audits (advantage) + Familiarity with DAAPM and ITPSO policies (advantage) + Hands-on technical competence with system administration (advantage) **What we offer** + Competitive pay and comprehensive health benefits + 401(k) with company match and retirement plans + Paid time off and flexible work arrangements + Professional development and training opportunities + Employee wellness programs and assistance resources + A collaborative environment working on mission-critical technology **What happens next** Apply online through Teledyne's careers page. If your qualifications align, our team will contact you for interviews and guide you through the clearance process. _Teledyne is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status._ **Salary Range:** $61,600.00-$82,100.000 **Pay Transparency** The anticipated salary range listed for this role is only an estimate. Actual compensation for successful candidates is carefully determined based on several factors including, but not limited to, location, education/training, work experience, key skills, and type of position. Teledyne and all of our employees are committed to conducting business with the highest ethical standards. We require all employees to comply with all applicable laws, regulations, rules and regulatory orders. Our reputation for honesty, integrity and high ethics is as important to us as our reputation for making innovative sensing solutions. Teledyne is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other characteristic or non-merit based factor made unlawful by federal, state, or local laws. You may not realize it, but Teledyne enables many of the products and services you use every day **.** Teledyne provides enabling technologies to sense, transmit and analyze information for industrial growth markets, including aerospace and defense, factory automation, air and water quality environmental monitoring, electronics design and development, oceanographic research, energy, medical imaging and pharmaceutical research.

ABOUT THE ROLE You'll be our first dedicated security leader, owning the technical execution of our security and compliance program. You'll drive SOC 2 and PCI DSS compliance, manage our vulnerability program, and build security capabilities that enable our engineering teams to move fast while staying secure. This is a hands-on role-you'll design controls, write policies, respond to incidents, and work directly with auditors. This is initially an individual contributor role with high impact and visibility. As our security program matures, you'll have the opportunity to build and lead a security team. IN THIS ROLE, YOU WILL Own Compliance Lead SOC 2 Type II and PCI DSS programs through successful audit Design and implement security controls without blocking velocity Serve as primary technical contact for external auditors and assessors Manage third-party vendor security assessments and ongoing monitoring Build automated evidence collection and continuous compliance monitoring Report security metrics and program status to executive leadership Manage Security Operations Establish vulnerability management program with defined SLAs and remediation workflows Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking Perform internal penetration testing and security assessments of applications, APIs, and infrastructure Build SIEM detection rules, security dashboards, and alert triage processes Develop and test incident response runbooks Conduct threat modeling for critical systems and architectural changes Lead security assessments of new technologies and third-party integrations Enable & Collaborate Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing Enforce enterprise security controls (SSO, secrets management, RBAC) Build and deliver security awareness training program for all employees Develop and maintain security policies, standards, and procedures Translate compliance requirements into actionable engineering tasks and drive completion YOU HAVE Security & Compliance: 5+ years in information security, with 2+ years in fintech or highly regulated industry CISSP certification (or actively pursuing - must obtain within 12 months of hire) Hands-on experience leading SOC 2 and PCI DSS audits from start to finish Strong incident response background-you've led real security incidents Experience with vulnerability management platforms (Wiz, Snyk, Tenable) Technical Skills: Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS Experience with SIEM platforms (Splunk, Datadog, Elastic)-you can write detection rules and build dashboards Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar) Ability to read code (Ruby, JavaScript, Python) and assess security implications Knowledge of web application security, API security, and OWASP Top 10 Understanding of access control patterns (PAM, SSO, RBAC, least privilege) Core Competencies: Strong communication-you can explain risks to engineers and executives alike Pragmatic risk management in fast-paced environments Self-starter who builds programs from scratch Collaborative mindset-security as enabler, not blocker Ability to drive remediation to completion across teams NICE TO HAVE Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC) Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF) Infrastructure-as-code experience (Pulumi, Terraform) Kubernetes security knowledge SOAR platform experience DevSecOps or security automation background Scripting skills (Python, Bash) for security tooling and automation Kikoff: A FinTech Unicorn Powering Financial Progress with AI At Kikoff, our mission is to provide radically affordable financial tools to help consumers achieve financial security. We're a profitable, high growth FinTech unicorn serving millions of people, many of whom are building credit or navigating life paycheck to paycheck. With innovative technology and AI, we simplify credit building, reduce debt, and expand access to financial opportunities to those who need them the most. Founded in 2019, Kikoff is headquartered in San Francisco and backed by top-tier VC investors and NBA star Stephen Curry. Why Kikoff: This is a consumer fintech startup, and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and work relationships. Yes, you can build an exciting business AND have real-life real-customer impact. 🏥 Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee! 📈 Meaningful equity in the form of RSU's 🏝 Flexible vacation policy to help you recharge 💰 Competitive pay based on experience consisting of base + equity + benefits Location: Hybrid, 3 days onsite in San Francisco, CA. Visa sponsorship available: Kikoff is willing to provide sponsorship for H1-B visas and U.S. green cards for exceptional talent. Equal Employment Opportunity Statement Kikoff Inc. is an equal opportunity employer. We are committed to complying with all federal, state, and local laws providing equal employment opportunities and considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. Please reference the following for more information. If you need reasonable accommodation for a job opening please connect with us at ***************** and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, Kikoff will consider for employment qualified applicants with arrest and conviction records.

Job Description About us: Lucence is a pioneering precision oncology company with a bold vision: a world where cancer is defeated through early detection and timely treatment. Our cutting-edge liquid biopsy tests use advanced molecular profiling to guide personalized cancer therapies, transforming how cancer is diagnosed and treated. At Lucence, we are shaping the future of precision medicine by capturing both genetic and cellular data from a single blood draw, bringing us closer to our mission of overcoming cancer. We are looking for an Information Security & Compliance Manager to lead Lucence's SOC 2 compliance programmes. You will own our internal controls, audits, and security governance frameworks, ensuring the company meets the standards required for global diagnostics operations. Key Responsibilities Compliance Ownership Own SOC 2 Type I/II, and build on HIPAA and cybersecurity certification roadmaps. Maintain documentation, evidence repositories, and ongoing readiness. Internal Controls & Policies Build, refine, and enforce security policies, risk registers, and access-control processes. Audit Management Partner with external auditors, coordinate internal contributors, drive remediation plans, and ensure timely closure of findings. Vendor & Data Protection Reviews Conduct security due diligence for vendors, manage DPAs, and ensure data-flow compliance for global partners. Security Governance Implement quarterly control testing, internal audits, DR/BCP drills, and continuous monitoring of compliance gaps. Cross-Functional Partnering Work closely with external vendors, Informatics, IT, Lab Ops, and Commercial teams to embed security into product and operational workflows. Preferred Qualifications Experience owning SOC 2 or ISO audit cycles end-to-end. Familiarity with cloud environments (AWS/Azure/GCP) and modern security tooling. Attention to detail to improve policies, controls, and audit documentation. Certifications: ISO Lead Auditor, CISA, CISSP, or equivalent.

LinkedIn is the world's largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We're also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that's built on trust, care, inclusion, and fun - where everyone can succeed. Join us to transform the way the world works. At LinkedIn, our approach to flexible work is centered on trust and optimized for culture, connection, clarity, and the evolving needs of our business. This role may be remote or hybrid. At LinkedIn, hybrid roles are performed both from home and from a LinkedIn office on select days, as determined by the business needs of the team. Remote roles are performed from the designated home work location upon time of hire, and any changes to this home work location requires a review of remote status and approval. LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Engineering Manager to lead the Detection Engineering team in the US and to be an integral part of our Information Security organization. The Detection Engineering team is responsible for developing and maintaining threat detection capabilities, security monitoring systems, and detection rules to protect our infrastructure, applications, and, most importantly, our members. This is a key role in supporting and growing our security detection and monitoring capabilities. Responsibilities: Leadership and Team Management + Lead and manage the detection engineering team, including hiring, training, and mentoring team members. + Develop and maintain detection engineering policies, procedures, infrastructure, and guidelines. + Coordinate and oversee all activities of the detection engineering team during threat detection development and implementation. Detection Development and Management + Serve as the primary point of contact for all threat detection development and enhancement initiatives. + Ensure timely development, testing, and deployment of detection rules and monitoring capabilities. + Conduct post-deployment analysis and create detailed reports on detection effectiveness with KPIs, including tuning recommendations and optimization strategies. Communication and Coordination + Communicate detection development status, updates, metrics and reporting, and capabilities to senior management, stakeholders, and security teams regularly. + Coordinate with internal and external teams, including security operations, defense infrastructure, incident response, and product engineering teams to develop and maintain effective detection capabilities. + Develop and maintain an effective detection engineering communication plan. Continuous Improvement + Continuously evaluate and improve detection engineering processes, tools, and capabilities. + Conduct and report on regular detection testing and validation exercises to test and refine detection rules and monitoring systems. + Stay current with emerging threats, attack techniques, and detection technologies to enhance the detection engineering program. Reporting and Documentation + Maintain comprehensive documentation of all detection rules, including development rationale, testing results, and performance metrics. + Prepare and present detection engineering reports and metrics to senior leadership and stakeholders. + Ensure compliance with regulatory requirements and industry standards related to threat detection and monitoring. Training and Awareness + Develop and deliver detection engineering training programs for team members and other relevant personnel. + Promote security detection awareness and best practices across the organization. + Ensure the detection engineering team is up-to-date with the latest tools, techniques, and procedures. Budget and Resource Management + Manage the detection engineering budget and allocate resources effectively. + Evaluate and recommend tools, technologies, and services to enhance the detection engineering program. + Ensure the team has the necessary resources and support to perform their duties effectively. Basic Qualifications: + Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related technical discipline, or equivalent practical experience. + 1+ year(s) of management experience or 1+ year(s) of staff level engineering experience with management training. + 7+ years of experience in cybersecurity, with a focus on detection engineering, security monitoring, threat intelligence, incident response, or related security roles. + Experience leading or managing a cybersecurity, incident response, or detection engineering team. + Experience in cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK, OCSF). + Experience in detection engineering tools and technologies (e.g., Query Languages, CI/CD, YARA, Sigma rules, threat intelligence platforms). + Experience with threat analysis, detection rule development, automation engineering, and security monitoring optimization. + Project management experience with managing budgets and resources. Preferred Qualifications: + Master's degree in Cybersecurity, Information Assurance, or a related field. + 10+ years of experience in cybersecurity, with significant experience in detection engineering, threat intelligence, or incident response. + 3+ years of management experience in building small to medium-sized teams, demonstrating growth and a track record of successful deliveries. + Ability to work under pressure and manage multiple detection development projects simultaneously as well as managing an oncall team. + Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, SANS). + Experience in developing and delivering detection engineering training and awareness programs. + Strong proficiency in Kusto Query Language (KQL) and SQL. + Proficiency in programming or scripting languages (e.g., Python, Go, etc.) for automating detection development and testing processes. + Experience with cloud security and detection engineering in cloud environments especially Azure. + Knowledge of advanced threat detection techniques, including threat hunting and behavioral analysis as well as applied threat intelligence. + Familiarity with detection engineering frameworks and best practices (e.g., Sigma, YARA, STIX/TAXII, OCSF). + Strong communication skills, both written and verbal, with the ability to convey complex technical information to non-technical stakeholders. Suggested Skills : + Security Information and Event Management (SIEM) + Query languages (KQL, SPL, SQL, Elastic, etc.) + Detection Rule Development (YARA, Sigma) + Scripting and Automation (e.g., Python, PowerShell, SQL) + Threat Intelligence Integration + Cloud Security (e.g., Azure, GCP) You will Benefit from our Culture We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levels. LinkedIn is committed to fair and equitable compensation practices. The pay range for this role is $152,000 - $248,000. Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For additional information, visit: ************************************** **Equal Opportunity Statement** We seek candidates with a wide range of perspectives and backgrounds and we are proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful. If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at accommodations@linkedin.com and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to: + Documents in alternate formats or read aloud to you + Having interviews in an accessible location + Being accompanied by a service dog + Having a sign language interpreter present for the interview A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response. LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information. **San Francisco Fair Chance Ordinance ** Pursuant to the San Francisco Fair Chance Ordinance, LinkedIn will consider for employment qualified applicants with arrest and conviction records. **Pay Transparency Policy Statement ** As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: ******************************** **Global Data Privacy Notice for Job Candidates ** Please follow this link to access the document that provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: ********************************************

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.