Information security analyst jobs in Bakersfield, CA

Required Skills & Experience: Bachelor's degree in a related field preferred but not required. 5+ years of experience in a SOC or similar security environment. Expertise with SIEM, EDR, CSPM tools; strong skills in SQL/KQL/Cypher for data analysis. Proven ability to lead complex investigations and coordinate across technical and business stakeholders. Solid understanding of cybersecurity frameworks (MITRE ATT&CK, NIST CSF, NIST SP800-61r3). Experience with log aggregation technologies and SIEM tuning processes. Job Description: A large financial services customer based in Irvine, CA is seeking a Cyber Security Operations Analyst, focused on Incident Response. This individual will lead Incident Response, and act as a technical expert within the SOC. This team protects the organization from cyber threats. This role requires strong analytical skills, leadership in high-severity incidents, and deep knowledge of security tools and frameworks. Pay: 50-65/hr

Role Purpose The Director of Information and Data Security will establish and lead Eltropy's IT and cybersecurity function, responsible for developing foundational systems, processes, and governance across infrastructure, data protection, and compliance. This leader will drive security maturity across the organization by balancing hands-on execution with long-term strategic planning, and by partnering with external GRC consultants to build a scalable security and compliance framework aligned with industry standards such as SOC 2 and ISO 27001. Location: Santa Clara, CA (Hybrid) Department: IT, Cyber Security and Ops Employment Type: Full-Time Minimum Experience: Senior Manager/Supervisor Compensation: $200,000-$240,000 (Base + Bonus) Strong cybersecurity background, with experience leading threat detection, incident response, and proactive security risk management across cloud and enterprise environments. Key Responsibilities IT and Infrastructure Security Oversee endpoint management, asset inventory, and identity and access management (IAM). Establish standards for device hardening, patch management, and secure configuration. Define and manage the budget for all security and IT tools, services, and human capital, ensuring cost-effectiveness and alignment with the overall security roadmap. Implement centralized visibility and control across systems and SaaS applications. Cybersecurity and Data Protection Lead threat detection, vulnerability management, and incident response operations. Implement and maintain a Cloud Security Posture Management (CSPM) solution to monitor cloud infrastructure (AWS/Azure) for misconfigurations and compliance issues. Deploy and tune SIEM/XDR solutions to enhance visibility and threat detection across environments. Conduct regular penetration testing, track remediation, and drive security awareness programs. Define and enforce data protection policies covering classification, encryption, and retention. Governance, Risk, and Compliance (in partnership with GRC Consultant) Partner with external GRC consultants to design and operationalize Eltropy's information security and compliance framework. Translate consultant-driven recommendations into actionable internal controls, policies, and monitoring mechanisms. Manage the Third-Party Risk Management (TPRM) program, including vendor due diligence, security questionnaires, and ongoing risk monitoring. Maintain a centralized risk register and oversee remediation tracking. Own operational compliance for frameworks such as SOC 2, ISO 27001, and GDPR. Security Architecture and Product Collaboration Work closely with Engineering and Product teams to embed security-by-design principles in SaaS architecture and cloud deployments. Implement automated security testing (SAST/DAST) within the CI/CD pipeline to shift security left and reduce vulnerabilities early in the development lifecycle. Review architecture and third-party integrations to ensure alignment with data security and privacy standards. Incident Management and Business Continuity Establish and operationalize the company's Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BCP/DR) framework. Conduct tabletop exercises and post-incident reviews to enhance preparedness and learning. Security Awareness and Culture Develop and implement a company-wide security awareness program. Partner with HR and Operations to ensure onboarding/offboarding includes security compliance and periodic training. Foster a security-first culture emphasizing accountability and vigilance across teams. Leadership and Department Setup Build and lead a high-performing IT and Security team, including IT administrators and cybersecurity engineers. Define structure, roles, and hiring priorities aligned with the company's growth stage. Create a phased roadmap for security maturity, including technology adoption and process optimization. Key Performance Indicators (KPIs) Security Tool Coverage: Achieve at least X% deployment and agent coverage across all corporate and cloud assets within the first 6 months. Vulnerability Remediation: Maintain average time-to-remediate critical and high vulnerabilities below X days. Compliance Milestones: Achieve SOC 2 / ISO 27001 readiness within agreed timelines. Asset Visibility: 100% endpoint and asset inventory completeness. Incident Management: Reduction in mean time to detect (MTTD) and mean time to respond (MTTR) for incidents. Team Ramp; Process Setup: Completion of key hires and operational processes within the first year. Requirements Independent, self-starter with strong ownership and execution bias. Ability to prioritize and execute in a resource-constrained, fast-paced SaaS environment. Strategic thinker with operational depth; able to balance long-term maturity goals with immediate risk mitigation. Excellent communication skills with the ability to influence and align cross-functional stakeholders. Proven experience setting up IT or cybersecurity programs in a SaaS or technology environment. Strong understanding of endpoint protection, cloud infrastructure security (AWS/Azure), IAM, and network security. Experience with SIEM and/or XDR deployment and tuning for threat detection and monitoring. Familiarity with CSPM, SAST/DAST, and vulnerability management tools. Knowledge of GRC frameworks (SOC 2, ISO 27001) and translating them into practical, auditable controls. Reporting to: VP of Operations Level: Senior Leadership Direct Reports: IT Team Cybersecurity Engineer(s)

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.

Role: Cybersecurity Manager Duration: 6+ months Overview: The Cybersecurity Manager leads global cybersecurity operations, incident response, cloud security, and vulnerability management across IT, OT, and cloud environments. This role drives security maturity by overseeing Security Operations (SOC), continuous threat exposure management (CTES), and proactive risk reduction initiatives. The role ensures the organization's security posture aligns with enterprise risk, Zero Trust principles, and regulatory frameworks including ISO 27001, NIST, and ITAR. Key Responsibilities:Lead cybersecurity operations, including SOC oversight, threat detection, endpoint security, and continuous threat exposure monitoring across identity, endpoint, network, and cloud attack surfaces. Manage incident response for ransomware, APTs, insider threats, and major security events, leveraging threat intelligence, exposure context, and automation to prioritize response efforts. Oversee vulnerability, configuration, and exposure management programs using platforms such as Tenable, Automox, and CrowdStrike, ensuring remediation is risk-based and threat-informed. Strengthen cloud and identity security across Azure, Entra ID, and Microsoft 365, with a focus on reducing attack paths, misconfigurations, and identity-based exposures. Implement Zero Trust architecture, secure configuration baselines, and attack surface reduction strategies across enterprise environments. Support compliance efforts aligned with ISO 27001, NIST CSF / 800-53 / 800-171, ITAR, GDPR, HIPAA, and PCI, ensuring CTES practices support audit and risk requirements. Lead and mentor global cybersecurity teams, contractors, and MSSP partners, ensuring SOC, CTES, and IR functions operate as a unified security program. Provide executive-level reporting on risk posture, threat exposure trends, incidents, and security metrics, translating technical exposure into business risk. Requirements:10+ years of cybersecurity experience, including leadership of security operations, SOC, or enterprise security programs. Strong background in SOC operations, incident response, EDR/XDR, SIEM/SOAR, and continuous threat exposure or attack surface management. Hands-on experience with tools such as Microsoft Sentinel, XSOAR, CrowdStrike, Defender, and Tenable, with the ability to correlate exposure data, threat intelligence, and detection signals. Demonstrated experience implementing CTES / CTEM practices, including exposure prioritization, attack path analysis, and proactive risk reduction. Solid understanding of ISO 27001, NIST frameworks, ITAR, and enterprise regulatory environments. Strong communication skills with the ability to lead teams, influence stakeholders, and present exposure-driven risk insights to executives.

About the Company Atomus' mission is to provide world class cybersecurity for the world's most critical organizations. We build security compliance software delivered as managed services sold directly, with relevant professional services and support. Examples of our commercial customers include hypersonic aircraft companies, satellite and space mission systems companies, AI and software companies, among many other companies serving primarily the aerospace and defense industry. At Atomus we are hardworking, we move fast, and we put our customers first. About the Role As a Cybersecurity Engineer will work closely with customers to help them implement and fully leverage Atomus' cybersecurity products, maintain compliance with NIST 800-171 and CMMC cybersecurity standards, and solve technical challenges. Our customers depend on Atomus to manage and secure their Windows, MacOS, Ubuntu, iOS, Android devices, and Firewalls while ensuring compliance. We aim to provide the best possible support when they have questions. Our team's main goal is to simplify our customers' lives, for compliance and security. You will serve as the voice of the customer by sharing their feedback and insights with our product team and reporting any issues to our software engineers. We take pride in delivering amazing experiences for our customers. Responsibilities Manage and guide new customers through the onboarding process, ensuring proper setup, configuration, and alignment with their security programs and establishing baseline compliance requirements of NIST 800-171 and CMMC while performing technical tasks/project management required for onboardings. Serve as the first point of contact for technical inquiries, providing debugging, troubleshooting, and solutions for technical IT/security issues related to the Atomus platform. Work closely with internal teams (sales, product, engineering) along with partners/vendors for customer requirements to communicate customer feedback and advocate for customer needs in product development and rolling out 3rd party products. Assist customers in managing and maintaining NIST 800-171 and CMMC compliance requirements, ensuring IT documentation is updated and maintained. Required Skills Experience in a customer-facing technical role, IT administrator, solutions engineer, Technical Customer Success, or TAM role preferably in cybersecurity or compliance. Strong experience with cybersecurity frameworks and technologies (e.g., NIST, CMMC, firewalls, routers, encryption tools). Intermediate networking knowledge of WAN and LAN connectivity, routers, firewalls, switches, security, etc. Experience with Microsoft Intune, Active Directory, Windows, MacOS and ABM, as well as mobile platforms like Android and iOS. Advanced understanding of Microsoft products (Exchange, SharePoint, Windows, Windows Server, Active Directory, etc.). Familiarity with command-line tools (e.g., PowerShell, Terminal) for troubleshooting and deployment. Strong troubleshooting skills, particularly related to network security, software issues, and IT environments. Excellent verbal and written communication skills; ability to explain complex topics to both technical and non-technical audiences. Applicants must have strong emotional intelligence to intuit and match customer sentiment for effective communication. Preferred Skills Prior experience with NIST 800-171, CMMC, or other compliance standards. Ability to manage multiple customer accounts and onboarding projects simultaneously. Familiarity with CRM platforms (HubSpot), and compliance documentation tools while managing SLAs which include customer satisfaction, initial response, and issue resolution times.

We are seeking an Information Security Analyst to support enterprise security operations with a focus on vendor risk management, security control integration, and infrastructure security. This role is responsible for conducting security assessments, coordinating the implementation of core security services (including SSO, logging, IAM, and data protection), and supporting compliance activities aligned with frameworks such as NIST and ISO 27001. The ideal candidate has experience in cybersecurity risk management, cloud environments (AWS/Azure), and collaborating with technical teams to ensure the effective delivery of security controls. At least 2+ years of experience in the following: Security & Compliance Frameworks NIST CSF ISO 27001 CIS Controls ITIL SOC 2 PCI DSS FedRAMP GDPR / CCPA Vendor Risk & GRC Tools OneTrust SIG (Standardized Information Gathering) Other GRC/TPRM platforms Identity, SSO & Access Management SSO (PingFederate, SAML) Active Directory Azure AD AWS IAM

We are in need of a InfoSec Engineer to join our global client on a direct hire basis. In this role you will be responsible for leading and executing information security operations across multiple locations, with a primary focus on incident response, security technologies, change management, and continuous improvement. This role safeguards the organization's digital assets by designing, implementing, and maintaining key processes and technologies such as intrusion detection, malware protection, zero-day threat mitigation, firewalls, internet filtering, and SIEM tools. Location: San Francisco, CA (Hybrid - 3 days on-site) This job expects to pay about $125,000 - $155,000 per year plus benefits What You Will Do: Security Operations & Incident Response Assist with 24x7 security operations, ensuring continuous availability and performance of critical security systems. Support aspects of incident response, including detection, escalation, containment, service recovery, and root cause analysis. Tune and configure IDS/IPS, antivirus, firewall, vulnerability management, and application assessment tools to ensure optimal protection and performance. Implement and maintain automated monitoring and logging processes; conduct regular log reviews and threat detection. Manage escalations from the Security Operations Center (SOC) and drive timely resolution of critical issues. Identify, track, and communicate key risks and security concerns using a metrics-based approach. Continuously improve incident response processes, system documentation, monitoring tools, and recovery procedures. Security Technologies & Compliance Administer and support a range of security tools and technologies including SIEM, intrusion detection/prevention systems, malware protection, encryption, and content filtering. Ensure compliance with internal information security policies and external regulatory frameworks (e.g., NIST, ISO). Develop, maintain, and enforce security documentation, workflows, and access control procedures. Monitor compliance across systems; identify gaps and coordinate remediation with stakeholders. Governance, Metrics & Strategic Planning Develop and maintain security metrics to inform leadership and guide strategic decisions. Provide input into the organization's overall information security strategy to ensure alignment with business goals. Contribute to the continuous improvement of documentation, monitoring capabilities, automation, and recovery plans. Vendor & Partner Oversight Manage relationships with third-party security vendors and service providers, ensuring contractual obligations, service quality, and compliance are met. Oversee change management activities related to externally managed security platforms and services. Collaborate with managed service providers (MSPs) to drive operational improvements and automation. Additional Responsibilities Partner with cross-functional teams to support the deployment and maintenance of security tools and services. Oversee daily security operations and escalate critical issues as appropriate. Support additional information security projects or initiatives as assigned. What You Bring to The Table: Bachelor's Degree in relevant field or other relevant professional experience 4-5+ years of experience in enterprise information security operations, with hands-on expertise in IDS/IPS, SIEM, malware protection, firewalls, and incident response Strong understanding of compliance and risk frameworks: NIST, ISO 27001 Demonstrated experience with security monitoring, threat detection, and forensic analysis. Proven ability to develop, execute, and mature operational security processes and documentation Skilled in managing security vendors and third-party services, including contract and performance oversight Excellent written and verbal communication skills, with the ability to present technical concepts clearly to both technical and non-technical stakeholders Strong attention to detail Proficient in Microsoft Office, web-based collaboration tools, and security platforms CISSP, CISM, CISA, GCIH, CEH or other related information security certifications preferred Experience with Rapid7, Zscaler, and Fortinet firewalls is a plus Experience working in a Microsoft environment is a plus Irvine Technology Corporation (ITC) is a leading provider of technology and staffing solutions for IT, Security, Engineering, and Interactive Design disciplines servicing startups to enterprise clients, nationally. We pride ourselves in the ability to introduce you to our intimate network of business and technology leaders - bringing you opportunity coupled with personal growth, and professional development! Join us. Let us catapult your career! Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Help support the CISO at one of the world's largest venture capital firms, working at the intersection of cloud security, AI and cutting-edge technology. You'll be joining a lean and highly technical security team, where your impact will be immediate and visible. This role is balanced between seniority and technical depth. You'll be trusted to support and advise the CISO, contribute to strategic decisions and act a senior technical voice, while remaining deeply hands-on as a cloud security engineer. The environment is heavily cloud based, (primarily Azure, with some AWS) and increasingly focussed on AI platforms and MCP workloads. You'll work closely with AI development, data engineering and platform teams to ensure security is embedded. Ideally, you'll be coming from a similar role, operating in a senior position while remaining technical day-to-day, with coding in python, terraform or SQL. Whilst this role requires general security experience, you will need to have a background specifically in cloud security. This role is based in Menlo Park. Interested in finding out more? No up-to-date resume required.

Castelion is bringing a new approach to defense development and production: one that focuses on short, iterative design cycles, rapid testing in development, and modern commercial manufacturing strategies for production at scale. We're designing, building, and testing next generation long range strike weapons systems to give America and its Allies a definitive edge and deter future conflicts. Information Systems Security Manager (ISSM) *This position requires a TS/SCI Clearance and Special Access Program Experience* Castelion Corporation is looking for an experienced ISSM to manage and maintain the Classified Networks out of our Torrance location. The ideal candidate will be a dedicated security professional with a demonstrated ability to work independently and as a member of a team in a fast-paced, high-tech environment. The ISSM's primary function serves as a principal expert and manager on all matters, technical and otherwise, involving the security of information systems under his/her purview. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, NAVY, Army, DARPA, etc. The position will provide "day-to-day" support, oversight, and maintenance for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. As the site ISSM you will own the end-to-end Information Assurance Program for all classified and controlled information systems at our Torrance facility. You will partner with Program Management, Engineering, IT, Security, and the Cognizant Security Agency (DCSA/SAPCO) to obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. Responsibilities Lead RMF/JSIG/DAAPM execution architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. Own continuous monitoring vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. Shape early program decisions embed with PMO to define security requirements, supply secure-by-design input at PDR/CDR/TRR, and influence contract CDRLs. Develop people & process coach ISSOs/ISSEs, refine SOPs, track metrics, and present status to senior leadership and customers. Interface with external stakeholders act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. Develop Assured File Transfer (AFT) in accordance with JSIG Conduct all self-inspections and report findings to Cognizant Security Agency annually Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning Maintain a and/or applicable repository for all system authorization documentation and modifications Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed Assess changes in the system, its environment, and operational needs that could affect the authorization Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview Review AIS assessment plans Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization) Conduct periodic assessments of the security posture of the authorization boundaries Institute and implement a Configuration Control Board (CCB) charter Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented. Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs) Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination Ensure all authorization documentation is current and accessible to properly authorized individuals Ensure that system security requirements are addressed during all phases of the system life cycle Basic Qualifications A degree in Science, Technology, Engineering or Mathematics (STEM), information technology and a minimum of 5 years of prior relevant experience. 5 years in DoD/IC Cybersecurity as ISSM and must meet position and certification requirements outlined in DoD Directive 8570.01-M for IAM-III within 6 months of the date of hire (CISSP, CISM, GSLC). Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. Active and transferable U.S. government issued Top Secret SCI (TS/SCI) security clearance required prior to start date. Finalized CI polygraph, or willingness to submit to one U.S. citizenship is required Preferred Skills and Experience Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. Experience executing DISA STIG/SRG hardening across Linux and Windows. Background in network/systems security (architecture, topology, protocols, components, principles). Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. Masters in Cybersecurity, Computer Science, or related engineering field. CISSP-ISSEP / ISSMP or PMP. Existing U.S. government issued Top Secret SCI (TS/SCI) security clearance within the last 24 months. Additional Information This is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description. All employees are granted long-term stock incentives as part of their employment as Castelion. All employees receive access to comprehensive medical, vision, and dental insurance, and the company offers three weeks of paid time off per year. Leadership Qualities Bias to Action and Creative Problem Solving. Desire and experience questioning assumptions in ways that lead to break through ideas that are ultimately implemented. Successfully bring in applicable processes/concepts/materials from other industries to achieve efficiency gains. Ability to personally resolve minor issues in development without requiring significant support. High Commitment, High Initiative. A successful candidate will have a genuine passion for Castelion's mission and consistently look for ways to contribute to the company's technical goals and prevent hardware blockers. Ability to work in a fast paced, autonomously driven, and demanding atmosphere. Strong sense of accountability and integrity. Clear Communicator. Proactively communicates blockers. Trusted in previous roles to be voice of company with regulators, suppliers, gate keepers and customers. Capable of tactfully managing relationships with stakeholders to achieve company-desired outcomes without compromising relationships. Emails, IMs and verbal interactions are logical, drive clarity, and detailed enough to eliminate ambiguity. ITAR Requirements: · To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Employment with Castelion is governed on the basis of competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

1. Security, Compliance and Audit Readiness a. Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. b. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. c. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. d. Provide documentation and evidence for security audits and compliance reviews. 2. Implementation, Operations and Support a. Serve as the hands-on engineer for network deployment, upgrades, and incident response. b. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. c. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). 3. SME Leadership and Staff Development a. Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. b. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. c. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. d. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. e. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. 4. Any other activities reasonably related to the foregoing, as assigned by OCSD.

In this role, you will drive the evolution of our infrastructure and security posture. You will have substantial ownership over our technology choices and implementation for deployment, observability, storage, and security. You will identify, triage, and implement incremental improvements in all of these domains, working closely with backend engineers and internal and external auditors to develop appropriately scoped interventions. You will work with engineers to ensure that security considerations are baked into software development from the outset. You should have a broad understanding of modern best practices around cloud architecture, data governance and infrastructure as code. You should approach questions of infrastructure and security risk with a sense of nuance and good judgment. You should be able to build consensus around your threat models such that the necessary consequences seem natural to other stakeholders. In this role, you will need to be fluent in Python and Terraform (at least to start). Company & Funding We're building the world's largest long-term insurer, using digital money and AI to serve billions of people profitably. We want anyone, anywhere, to be able to save for their future, protect their family, and build wealth across generations. We face a once-in-a-century opportunity to build a vertically integrated life (re)insurer. Our product offerings are globally unique, making it possible for us to scale our balance sheet, build modern systems from scratch, and then directly compete to win a market that is 3% of global GDP. We've raised over $140M to date. Sam Altman and Lachy Groom led our initial raise, and they've since been joined by leading investors in AI, insurance, and Bitcoin, including Northwestern Mutual, Apollo, Bain Capital, Pantera, Haun, Framework, Fulgur Ventures, MS&AD, Mouro, Stillmark, and Wences Casares. Our Bermuda operating subsidiary holds the the world's only license to issue life insurance denominated entirely in Bitcoin. It's also the only company in the world with audited financials stated in Bitcoin. (If you join us, you can expect to do a lot of things no one's ever done before.) Engineering at Meanwhile With the advent of ubiquitous AI tooling, the dynamic range in individual engineering effectiveness is only widening. At Meanwhile, we're planning for a world in which small, tight-knit engineering teams (supported by a small, tight-knit platform team) own entire lines of business, and are compensated accordingly. We're attacking a huge market with the leanest, most effective team in insurance. Where incumbents employ a thousand people, we think we can make it work with a hundred or a dozen. We're looking for hungry ICs (and former managers who see the writing on the wall) interested in pushing the boundaries of engineering productivity in a vertically integrated, regulated organization. We're growing quickly. You will fix million-dollar bugs. On the business side, we hire for deep domain expertise, ambition, and the creativity to figure out the previously impossible. Because our engineers work closely with people from the business, they need curiosity, flexibility, an appetite for (and the ability to digest) complex context, and strong communication skills. Our view is that ownership is taken, not given. You will be successful here if your work progressively builds others' trust in your ability to identify, attack, and solve larger and larger problems, including those that no one else has anticipated. We believe that "code wins arguments," that prototyping is often the best first step in a design process, and that the impact of velocity is non-linear. You are excited by putting up multiple meaningful changes, or writing thousands of lines of code, in a day (even though you know that deleting lines of code is more exciting than writing them, and that, occasionally, deep reflection is required in order to ship anything). You aren't fazed by building systems that don't work out - sometimes, you have to throw code away. Intellectual honesty is non-negotiable. You love to learn and to teach, to ask questions and to answer them, and to be transparent about your uncertainty. You are eager to learn, with the rest of the team, how to work with AI tools, including agents, in order to move faster and ship better, more complete versions of your ideas. You will experiment with new ways of working, with the expectation that some of them will be unsuccessful, and you will teach others what works. This is the most exciting time in decades to be a competent, technically ambitious engineer. We want to offer you the opportunity to see what's really possible and how much better you can get at your craft.

100% On-site | Santa Ana, CA We are seeking a Senior Security Architect to lead enterprise security operations, compliance, and infrastructure within a mission-critical environment. This hands-on leadership role combines deep Cisco networking expertise, security architecture design, and staff mentorship to ensure audit readiness and operational excellence. Key Responsibilities: • Enforce and maintain network security controls aligned with CJIS, NIST, and internal policy frameworks. • Implement and manage firewall rules, NAC solutions (e.g., Cisco ISE), and endpoint access policies. • Support incident detection, forensics, and mitigation efforts alongside cybersecurity teams. • Lead network deployments, upgrades, and response initiatives across Cisco infrastructure. • Configure and manage switches, routers, firewalls, WLCs, and VPNs. • Design and optimize QoS, ACLs, and network monitoring (SolarWinds, NetFlow, SNMP). • Act as a Subject Matter Expert (SME), mentoring internal IT staff and guiding certification readiness (CCNA/CCNP). • Create and maintain SOPs, documentation, and training materials for ongoing operations. Top Skills Required: • Cisco networking (switches, routers, firewalls, WLCs, VPNs) • Security & compliance (CJIS, NIST, NAC, audit readiness) • Network monitoring (SolarWinds, NetFlow, SNMP, ACLs, QoS) • Leadership & mentoring (staff training, documentation, SME guidance) Nice-to-Have: • Advanced CJIS/NIST compliance experience • Public safety or government network background • Proven mentorship and SOP development experience #SecurityArchitect #NetworkSecurity #CiscoJobs #CJIS #NIST #Cybersecurity #SolarWinds #NetworkEngineer #OnsiteJobs #CaliforniaJobs #ITLeadership #InformationSecurity #InfrastructureSecurity

About Company, Droisys is an innovation technology company focused on helping companies accelerate their digital initiatives from strategy and planning through execution. We leverage deep technical expertise, Agile methodologies, and data-driven intelligence to modernize systems of engagement and simplify human/tech interaction. Amazing things happen when we work in environments where everyone feels a true sense of belonging and when candidates have the requisite skills and opportunities to succeed. At Droisys, we invest in our talent and support career growth, and we are always on the lookout for amazing talent who can contribute to our growth by delivering top results for our clients. Join us to challenge yourself and accomplish work that matters. We're hiring Senior Backend Engineer - Cloud Security in Sunnyvale, CA What You Will Do Build containerized microservices and related components for a multi-tenant, distributed system that ingests and processes real-time cloud events, system telemetry, and network data across major cloud platforms. Your work will enable customers to detect risks and strengthen their cloud security posture. Mentor junior engineers, interns, and new graduates, helping them develop strong technical skills and become effective contributors. Write production-quality software primarily in Java using Spring Boot, and work extensively with Kafka, SQL, and other data interfaces. Work within a Kubernetes-based service infrastructure, while learning new technologies as needed. Take ownership of major features and subsystems through the entire development lifecycle-requirements, design, implementation, deployment, and customer adoption. Participate in operational responsibilities, gaining firsthand experience with real-world performance, reliability, and support scenarios-informing how you design and build better systems. Prioritize quality at every stage, performing thorough developer testing, functional validation, integration checks, and performance testing to ensure highly resilient systems. Collaborate closely with Product Management to review, refine, and finalize requirements. Develop a deep understanding of customer needs by engaging with peers, stakeholders, and real-world use cases. What You Bring Bachelor's degree in computer science or similar (Master's preferred). 5+ years of experience building scalable, distributed systems. Passion for software engineering, continuous learning, and working in a collaborative environment. Hands-on experience with AWS, Azure, or GCP, with strong familiarity at the API/programming level. Experience with networking and/or security concepts is a plus. Experience developing containerized services on Kubernetes is strongly desired. Strong programming experience in Java/Spring Boot or Golang. Experience building or using REST APIs. Knowledge of infrastructure-as-code tools such as CloudFormation, Terraform, or Ansible is a plus. Understanding of TCP/IP networking fundamentals. Experience developing in Unix/Linux environments. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment

📍 Base: Client base is in LA and HQ is in La Verne, CA 💰 $130 to $140K + Bonus + Benefits We're seeking a System Engineer/ Consultative to join a growing Managed Services Provider (MSP). This role blends advanced technical expertise with consultative, client-facing responsibilities. You'll resolve high-level escalations, lead infrastructure projects, and identify opportunities to upsell solutions that truly add value for clients. What You'll Do: Own L3 escalations across server, cloud, and networking environments Design and implement solutions (Azure, M365, VMware, SonicWall, etc.) Act as a trusted advisor to clients, aligning IT with business goals Spot upsell opportunities and work with leadership to close deals Mentor junior engineers and help shape best practices What We're Looking For: 4+ years MSP experience (required) Advanced knowledge of Microsoft Server, Azure, M365, AD, VMware, and networking Strong client-facing, consultative approach Proven ability to upsell or expand client accounts through solutions Perks & Benefits: ✅ Competitive salary + bonus ✅ Medical, Dental, Vision, 401(k) + 5% match ✅ PTO + Holidays ✅ Clear upward mobility and leadership growth ✅ Paid parking

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.

About the Company Atomus' mission is to provide world class cybersecurity for the world's most critical organizations. We build security compliance software delivered as managed services sold directly, with relevant professional services and support. Examples of our commercial customers include hypersonic aircraft companies, satellite and space mission systems companies, AI and software companies, among many other companies serving primarily the aerospace and defense industry. At Atomus we are hardworking, we move fast, and we put our customers first. About the Role As a Cybersecurity Engineer will work closely with customers to help them implement and fully leverage Atomus' cybersecurity products, maintain compliance with NIST 800-171 and CMMC cybersecurity standards, and solve technical challenges. Our customers depend on Atomus to manage and secure their Windows, MacOS, Ubuntu, iOS, Android devices, and Firewalls while ensuring compliance. We aim to provide the best possible support when they have questions. Our team's main goal is to simplify our customers' lives, for compliance and security. You will serve as the voice of the customer by sharing their feedback and insights with our product team and reporting any issues to our software engineers. We take pride in delivering amazing experiences for our customers. Responsibilities Manage and guide new customers through the onboarding process, ensuring proper setup, configuration, and alignment with their security programs and establishing baseline compliance requirements of NIST 800-171 and CMMC while performing technical tasks/project management required for onboardings. Serve as the first point of contact for technical inquiries, providing debugging, troubleshooting, and solutions for technical IT/security issues related to the Atomus platform. Work closely with internal teams (sales, product, engineering) along with partners/vendors for customer requirements to communicate customer feedback and advocate for customer needs in product development and rolling out 3rd party products. Assist customers in managing and maintaining NIST 800-171 and CMMC compliance requirements, ensuring IT documentation is updated and maintained. Required Skills Experience in a customer-facing technical role, IT administrator, solutions engineer, Technical Customer Success, or TAM role preferably in cybersecurity or compliance. Strong experience with cybersecurity frameworks and technologies (e.g., NIST, CMMC, firewalls, routers, encryption tools). Intermediate networking knowledge of WAN and LAN connectivity, routers, firewalls, switches, security, etc. Experience with Microsoft Intune, Active Directory, Windows, MacOS and ABM, as well as mobile platforms like Android and iOS. Advanced understanding of Microsoft products (Exchange, SharePoint, Windows, Windows Server, Active Directory, etc.). Familiarity with command-line tools (e.g., PowerShell, Terminal) for troubleshooting and deployment. Strong troubleshooting skills, particularly related to network security, software issues, and IT environments. Excellent verbal and written communication skills; ability to explain complex topics to both technical and non-technical audiences. Applicants must have strong emotional intelligence to intuit and match customer sentiment for effective communication. Preferred Skills Prior experience with NIST 800-171, CMMC, or other compliance standards. Ability to manage multiple customer accounts and onboarding projects simultaneously. Familiarity with CRM platforms (HubSpot), and compliance documentation tools while managing SLAs which include customer satisfaction, initial response, and issue resolution times.

Security, Compliance and Audit Readiness: Enforce network security controls aligned with Criminal Justice Information Services (“CJIS”), National Institute of Standards and Technology (“NIST”), and department policy. Implement and maintain firewall rulesets, Network Access Control (“NAC”) solutions (e.g., Cisco Identity Service Engine (“ISE”)), and endpoint access policies. Support the cybersecurity team in incident detection, forensic analysis, and mitigation strategies. Provide documentation and evidence for security audits and compliance reviews. Implementation, Operations and Support: Serve as the hands-on engineer for network deployment, upgrades, and incident response. Configure and manage Cisco switches, routers, firewalls, WLCs, and wireless endpoints. Design and manage VPNs, QoS, ACLs, network monitoring, and logging systems (SolarWinds, NetFlow, SNMP). SME Leadership and Staff Development: Serve as the department's SME on enterprise security, guiding decisions across IT, public safety systems, and operations. Train, coach, and mentor internal IT staff, including junior and mid-level network technicians. Lead structured knowledge transfer sessions, hands-on training, and real-time coaching during support and implementation activities. Create SOPs, how-to guides, and step-by-step documentation tailored for ongoing use by internal staff. Support staff in preparation for certification paths (e.g., CCNA/CCNP) if desired. Any other activities reasonably related to the foregoing, as assigned by the Client

Our client is seeking a senior-level IT Audit & Compliance Analyst to play a hands-on role supporting IT audits, regulatory compliance, and risk management initiatives. This is a visible position that partners closely with auditors, IT leadership, and business stakeholders to ensure controls are operating effectively and compliance requirements are met. If you enjoy being in the details, working directly with the business, and driving accountability, this role offers meaningful ownership and impact. Location: Onsite in Santa Ana, CA Compensation: This job is expected to pay about $130,000-135,000 plus benefits No Visa Sponsorship Available for this role. No C2C What You'll Do: Execute IT audits to evaluate the design and effectiveness of internal controls, security measures, and operational processes Perform SOX controls testing within a publicly traded environment and partner with auditors through walkthroughs, evidence collection, and remediation Support PCI DSS 4.0 compliance, including controls tied to the cardholder data environment and scope reduction efforts Conduct IT and third-party risk assessments to identify control gaps across systems, processes, and vendors Track, document, and report audit findings while driving remediation to timely closure in collaboration with IT and the business What Gets You the Job: 7 to 10 years of experience in IT audit, IT compliance, or IT risk management roles Strong hands-on experience with SOX controls, ITGCs, and audit testing methodologies Direct experience supporting PCI compliance, including CDE environments and related controls Excellent communication skills with the ability to work effectively with auditors, technical teams, and business stakeholders Experience with DLP controls, SAP environments, or formal IT risk frameworks is a strong plus Please send your resume to Hannah Xu, Senior Technical Recruiter for immediate consideration. Irvine Technology Corporation (ITC) is a leading provider of technology and staffing solutions for IT, Security, Engineering, and Interactive Design disciplines servicing startups to enterprise clients, nationally. We pride ourselves in the ability to introduce you to our intimate network of business and technology leaders - bringing you opportunity coupled with personal growth, and professional development! Join us. Let us catapult your career! Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.