Information security analyst jobs in Calabasas, CA - 353 jobs

RELOCATION ASSISTANCE: No relocation assistance available CLEARANCE TYPE: SecretTRAVEL: Yes, 10% of the TimeDescriptionAt Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Northrop Grumman Aeronautics Systems sector is seeking an Industrial Security Analyst to join our team of qualified, diverse individuals. This position will be in El Segundo, CA. Roles and Responsibilities: The CSSO administers all requisite national security directives with specific emphasis on NISPOM, Intelligence Community Directives (ICDs), Special Access Program (SAP) directives and other governing directives, as applicable. Exhibits the dedication and expectation of excellence required of a seasoned security professional. The CSSO works as a team player, exhibits flexibility and responds to customer expectations in a sometimes fast-paced environment. The CSSO interacts with internal and external customers or Government security officials in performance of security duties. Administers security programs and procedures for classified or proprietary materials, documents, and equipment. Obtains rulings, interpretations, and acceptable deviations for compliance with regulations from government agencies. Administers procedures and regulations for handling, storing, and keeping records, and for granting personnel and visitors access to restricted areas and data. Conducts security education classes and security audits. Investigates security violations and prepares reports specifying preventive action to be taken. Basic Qualifications: 2 years Industrial Security experience with a Bachelor's degree; OR 0 years with a Master's degree OR additional 4 years of security experience may be considered in lieu of degree. Candidate must have an active U.S. Government DoD Secret security clearance current within 6 years Ability to obtain and maintain a Top Secret clearance and Special Access Program (SAP) approval within a reasonable period of time, as determined by the company to meet its business needs Must have excellent oral and written communication skills and a self-starter attitude Preferred Qualifications: Active Top Secret clearance CDSE Professional Certification Experience working in an SAP environment Working knowledge of the NISPOM and DoD SAP Manuals Ability to prioritize and multi-task with minimal supervision Ability to work in a fast-paced environment Ability to maintain flexibility to deal with changing priorities and deadlines Strong working knowledge of basic office automation tools such as MS Office (Word, Excel, PowerPoint) Primary Level Salary Range: $75,800.00 - $113,800.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

at The Azoff Music Company LLC Information Security Analyst About the RoleWe are looking for an Information Security Ånalyst to operate and maintain our information security systems. As a mid-size entertainment company with global reach, we manage sensitive intellectual property and digital assets that demand the highest level of security. This role will be responsible for helping to design, implement, and maintain a robust information security program that aligns with business objectives and compliance requirements. Key Responsibilities Governance, Risk Management, and Compliance Establish and maintain security policies, standards, and procedures that comply with applicable regulations (e.g., GDPR, CCPA, SOC 2, ISO 27001, PCI-DSS). Oversee risk assessments and audits, ensuring remediation plans are executed effectively. Manage vendor security evaluations and third-party risk management programs. Operational Security Oversee incident detection, response, and recovery processes to ensure rapid containment and resolution of security events. Implement and monitor security controls across endpoints, networks, and cloud infrastructure. This may include selecting, implementing, and monitoring security software, reviewing network settings like firewall rules and access policies, inspecting hardware and software for vulnerabilities. Lead vulnerability management, penetration testing, and threat intelligence initiatives. Awareness and Culture Develop and deliver ongoing security training and awareness programs for all employees. Champion a culture of security across departments, ensuring staff understand their role in protecting company assets. Mentor junior technical staff on information security best practices, operations, and technology. Technology and Innovation Partner with IT and digital teams to integrate security into technology architecture and workflows. Evaluate and implement advanced security tools, automation, and analytics for proactive threat management. Stay current with emerging threats, trends, and technologies in cybersecurity and the entertainment industry. Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. 5+ years of progressive experience in information security. Proven experience supporting enterprise security programs, preferably in media, entertainment, or technology environments. Strong knowledge of cloud security, identity and access management, and data loss prevention. Strong knowledge of Conditional Access Policies and Device Compliance in Microsoft Entra ID. Experience implementing and managing SSO and SCIM configurations. Familiarity managing PAM solutions like Microsoft Privileged Identity Management. Strong programming (Python) and/or scripting skills (PowerShell/Bash) Familiarity with common device management tools like Intune, Jamf, Mosyle, Addigy, etc. Professional certifications such as Security +, Network +, CISSP, CCSP or CASP, or similar highly desired. Excellent communication and stakeholder management skills - able to translate complex technical risks into clear business implications. We will not be able to support sponsorship or visas for this position at this time. The base salary range for this role is $120,000 - $150,000 depending upon experience.Our offices are located in Westwood Village, Los Angeles, CA. Employees work in the office Monday through Thursday and from home on Fridays. We offer a very competitive benefits package, annual bonus, and a creative and dynamic working environment. This position is based in California and is subject to California employment laws and workplace safety requirements, including the Company's Covid vaccination policy. Reasonable accommodations will be considered in accordance with applicable law. Successful candidates will be required to show proof of being vaccinated against COVID-19. This requires having a two-dose series and a booster, or a single dose series and a booster. Reasonable accommodations will be considered on a case-by-case basis for exemptions to this requirement in accordance with applicable law. Disclaimer: This job description only provides an overview of job responsibilities that are subject to change. We are an Equal Opportunity Employer

Job Description Forhyre is seeking a talented individual that will be able to provide security architecture support and interface across the program as needed. This support includes, but is not limited to, cybersecurity solutions, providing technical strategy for solutions, guidance, policy, and implementations. The successful candidate for this position is a highly motivated individual, with a strong IT security background who excels integrating, operating, and deploying security technology and solutions and interacts well with both internal teams and clients. Note: U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time. Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information Develop and implement security policies and controls to support the Cyber Security framework Manage the existing cyber security training program across global, multilingual business Assists in ensuring global Information security program meets all industry regulations, standards, and compliance requirements Drive adoption of infrastructure security best practices and work with Information Technology teams to ensure security standards are maintained Implement technology to proactively scan Information Technology environment for security breaches and suspicious activity Continuous improvement in the areas of Information Security technologies, techniques and processes Develops and maintains an effective system for the distribution of regular key performance indicator reports and dashboard Ability to interpret penetration test results and describe issues and fixes to non-security expert Responsible for leading an accurate & comprehensive status reporting to the executive steering committee Create and implement SOP/ process improvement initiatives to achieve outcomes that align or exceed the expectations of strategic roadmap Skills & Experience Bachelor's degree and 12+ years of experience; additional years of directly applicable experience may be accepted in lieu of a degree. Certified Information Systems Security Professional (CISSP) 8+ years hands-on experience designing or implementing security solutions, including all related documentation and artifacts Analytical ability, problem-solving skills, and ability to break down complex problems into actionable steps Extensive experience in design and development of enterprise security architectures. Experience must include a wide range of work in creating diagrams and documentation with all components that comprise IT systems including network topology. Strong knowledge and experience in secure enterprise architecture design, especially with regard to IAM, NDR, EDR, SIEM, AI/ML, and other cybersecurity tools and resultant applications Experience selecting effective methods, techniques, and evaluation criteria to achieve desired outcomes Previous experience developing architectures, strategies, strategic plans, roadmaps, and technical standards for the federal IT enterprise environment. Vulnerability Assessment testing and/or Penetration Testing (preferred) Robotic Process Automation/Intelligent Automation (preferred) Business case development supporting security technology solutions (preferred) Additional certifications demonstrating cybersecurity/technical mastery (preferred)

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. Team Description: As a member of the Cyber Remediation Operations team, you will work closely with the Disney Entertainment business teams in protecting Disney's highly respected Disney Entertainment portfolio, including ESPN, Disney+, Hulu, and ABC. Responsibilities of Role: Review reports, assessments, and findings to develop and prioritize appropriate remediation or corrective action plans. Collaborate with IT, security teams, business partners, and operational teams to drive remediation of security deficiencies. Regularly communicate portfolio health results to stakeholders, including technical and non-technical audiences. Develop and document risk mitigation strategies when compliance cannot be achieved. Analyze business areas and develop improvement plans to strengthen security posture. Drive improvement to security baselines, policies and standards. Verify implemented remediation and corrective action activity achieves compliance with TWDC policies and standards. Stay updated on evolving cybersecurity threats, vulnerabilities, trends, technologies, and best practices and incorporate them into IT and business practices. Consolidate data from multiple sources into clear, concise, actionable presentations for senior management, communicating data-driven insights. Support the on-time delivery of security and compliance initiatives. Must Haves: Minimum of 5+ Years of related cybersecurity experience Demonstrated experience facilitating cyber remediation and vulnerability management. Ability to handle confidential information with integrity. Ability to work well with individuals and teams with varying technical and business backgrounds. Understanding of security frameworks and standards. Strong analytical, problem-solving, and critical-thinking skills with attention to detail. Established problem-solving skills with an ability to develop creative alternatives to complex problems, as well as continuous process improvement skills. Experience working in a security program for a large and complex organization. Nice to Haves: Working knowledge of industry compliance programs such as PCI, SOX, etc. One or more general security certifications including Security+, CySA+, AWS, GSEC, GICSP, CISSP, or other relevant certifications One or more vulnerability assessment or auditing certification including CISA, CISM, GCCC, GSNA or other relevant certifications Education: Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience #DISNEYTECH The hiring range for this position in Glendale, CA is $117,500 to $157,500 per year and in Seattle, WA is $123,000 to $165,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. Job Posting Segment: Enterprise Technology Job Posting Primary Business: Corporate Global Information Security Primary Job Posting Category: Security Governance Employment Type: Full time Primary City, State, Region, Postal Code: Glendale, CA, USA Alternate City, State, Region, Postal Code: USA - WA - 925 4th Ave Date Posted: 2025-10-27

Job Description Mount Indie is seeking a highly skilled and experienced Cyber Accreditation Specialist with 5+ years of experience for Department of Defense (DoD) programs at the Naval Base Point Mugu located near Camarillo, CA. The Cyber Accreditation Specialist will be responsible for the development, coordination, and maintenance of cyber accreditation packages, primarily focusing on Risk Management Framework (RMF) artifacts, inheritance mapping, and Plan of Action & Milestones (POA&M) management supporting the Navy's Authority To Operate initiatives. This role ensures compliance with relevant DoD and federal cybersecurity guidelines and contributes to our organization's mission support objectives by securing critical Navy information systems. Responsibilities Cyber Accreditation Package Development: Develop and maintain RMF artifacts, including System Security Plans (SSP), generate & control implementation evidence, inheritance maps, and POA&Ms Coordination and Compliance: Coordinate with Authorizing Officials (AO) and Information System Security Managers (ISSM) to define an Authority to Operate (ATO) plan, develop an interim risk acceptance strategy, and manage control inheritance from enterprise services and range systems Reference Compliance: Ensure that all activities and documentation are compliant with the latest DoD and federal cybersecurity standards, such as: DoDI 8510.01 Risk Management Framework (RMF) NIST SP 800-53 Rev. 5 NIST SP 800-171 (CUI) DoD Zero Trust Reference Architecture DoD Cloud Security Requirements Guide (SRG) / FedRAMP baselines (aligned to IL5 unless otherwise directed) Qualifications 5+ years of experience in cybersecurity, specifically in the development and coordination of cyber accreditation packages BS or BA degree in Cybersecurity, Information Technology, or a related field. An additional 6 years of relevant work experience may be substituted for a bachelor's degree, or 4 additional years of work experience with a relevant associate degree. Active Secret Clearance Demonstrated experience with RMF, SSP development, and POA&M management Familiarity with DoD and federal cybersecurity guidelines, including DoDI 8510.01, NIST SP 800-53 Rev. 5, NIST SP 800-171, DoD Zero Trust Reference Architecture, and DoD Cloud SRG/FedRAMP baselines Strong analytical and problem-solving skills Ability to effectively coordinate and communicate with various stakeholders, including AO, ISSM, and other cybersecurity professionals Current Security+ Certificate IAM Level 2 as per DoD Directive 8570.01; and experience working with the DIACAP/Risk Management Framework processes Excellent communication and interpersonal skills-verbal, non-verbal, written, and listening-for staff, customer and organizational level communications, both formal and informal Ability to work independently, self-starter Working knowledge and use of Microsoft Office suite programs, MS Word, Excel, Access, and PowerPoint Preferred Qualifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification Experience with cloud security and FedRAMP compliance

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: + Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. + Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. + Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. + Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. + Monitor, analyze, and report on production security posture and key control performance metrics for each production. + Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. + Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. + Support the development of production-specific metrics and KPIs to measure control effectiveness. + With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. + Ensure consistent implementation of approved security tools, policies, and workflows within productions. + Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. + Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. + Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. + Gather feedback from productions to help refine information security for productions training and awareness efforts. + Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. + Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications + 5+ Years of experience in Information Security, Information Technology or a related field + 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. + Bachelor's degree preferred + Strong understanding of the technologies, tools and processes used in production of movies and/or television. + Knowledge of Information Security frameworks, standards and best practices and their relevance to business success + Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. + Ability to develop and maintain meaningful metrics to track program and process effectiveness. + Strong planning and analytical skills + Strong communications skills Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. The opportunity As application senior security specialist for the Security Certification Team, candidate will be resposible to conduct application vulnerability assessment and penetration testing of EY applications before they move into production and support the team to meet overall security certification goals and client requirements. Your key responsibilities Capable of conducting application & network penetration testing and vulnerability assessments Preparing detailed security review reports and remediation guidances Researching new application security vulnerabilities and attack vectors Leading strategic initiatives and mentoring new team members Support the team in updating their skill and knowledge Skills and attributes for success Hands on experience of Web, thick client, Mobile, VOIP, Wireless application security testing. Proficient in automated and manual application testing methodologies. Expert in using manual testing tools such as Burp Professional, Nmap, Wireshark, Nessus, echomirage. Expert in using automated application scan tool Webinspect / Qualys WAS, CheckMarx, WhiteSource etc.. Basic Knowledge of programming language like C/C++, C#, JAVA, ASP.NET and familiar with PERL/Python Scripting. Familiar with OWASP and Secure SDLC standards Knowledge of common security requirements within ASP.NET & Java application Good Knowledge of TCP/IP, Network Security. Knowledge / experience on code review Good Technical aptitude, problem solving and ability to quickly learn and master new topics and domains. Excellent communication skills; written and verbal. Supervision Responsibilities:None Other Requirements:Flexible work environment Education: Bachelor's degree in a technical discipline such as Engineering or Computer Science or equivalent work experience in IT and Information Security. Experience: 4 - 6 yrs. experience in application security assessment Hands on experience of Web, thick client, Mobile Application security reviews. Exposure and good understanding of the various manual testing methodologies. Certification Requirements: Desirable: IT security Certifications (CEH. ECSA, OSCP etc..). What we offer you At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more. We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $76,400 to $138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $91,700 to $157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at **************************.

At Vast, our mission is to contribute to a future where billions of people are living and thriving in space. We are building artificial gravity space stations, allowing long-term stays in space without the adverse effects of zero-gravity. Our initial crewed space habitat will be Haven-1, scheduled to be the world's first commercial space station when it launches into low-Earth orbit in 2026. It is part of our stepping stone approach to continuous human presence in LEO. Our team is all-in, committed to executing our mission safely and on time. If you want to work with the most talented people on Earth furthering space exploration for humanity, come join us. Vast is looking for a(n) Senior Information Security Engineer reporting to the Information Security Manager, to support the development of the systems that will be required for the design and build of artificial-gravity human-rated space stations. This will be a full-time, exempt position located in our (Long Beach) location. Responsibilities: Design, deploy, and manage enterprise security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and security information and event management (SIEM) platforms. Implement/maintain solutions and configurations to achieve compliance with government regulations like NIST 800-171, CMMC 2.0, and ITAR/EAR. Work cross-functionally with other teams to ensure the security of the systems they use or build. Automate our security infrastructure to the maximum extent possible. Collaborate with SOC analysts and other teams to enhance detection and response capabilities. Support monitoring of security systems, networks, and applications for suspicious activities. Minimum Qualifications: 2+ years of hands-on experience. Experience securing Windows, MacOS, and Linux endpoints. Proficiency in configuring, deploying, and maintaining security tools such as SIEM, IDS/IPS, antivirus, and vulnerability scanning. Proficient understanding of cloud technologies such as AWS, Google, and Azure. Proficient in using automation scripts (i.e. Powershell, Bash, Python). Knowledge of network protocols, firewalls, and intrusion detection/prevention systems. Preferred Skills & Experience: Technical certifications such as OSCP, eCPPT, or platform specific certifications. Familiarity with Kali Linux. Understanding of cyber deception. Experience conducting social engineering campaigns. Experience supporting audits and assessments. Understanding of compliance requirements and certifications like NIST 800-171, CMMC 2.0, DFARS ************, ITAR/EAR. Familiarity with security SaaS solutions and relevant integrations. Prior experience working in a fast-paced startup environment. Additional Requirements: Ability to travel up to 10% of the time. Willingness to work overtime, or weekends to support critical mission milestones. Pay Range: Senior Information Security Engineer: $143,500 - $203,700 Staff Information Security Engineer: $158,100 - $226,900 Pay Range: California$143,000-$226,900 USDCOMPENSATION AND BENEFITS Base salary will vary depending on job-related knowledge, education, skills, experience, business needs, and market demand. Salary is just one component of our comprehensive compensation package. Full-time employees also receive company equity, as well as access to a full suite of compelling benefits and perks, including: 100% medical, dental, and vision coverage for employees and dependents, flexible paid time off for exempt staff and up to 10 days of vacation for non-exempt staff, paid parental leave, short and long-term disability insurance, life insurance, access to a 401(k) retirement plan, One Medical membership, ClassPass credits, personalized mental healthcare through Spring Health, and other discounts and perks. We also take pride in offering exceptional food perks, with snacks, drip coffee, cold drinks, and dinner meals remaining free of charge, and lunch subsidized as part of Vast's ongoing commitment to providing high-quality meals for employees. U.S. EXPORT CONTROL COMPLIANCE STATUS The person hired will have access to information and items subject to U.S. export controls, and therefore, must either be a “U.S. person” as defined by 22 C.F.R. § 120.62 or otherwise eligible for deemed export licensing. This status includes U.S. citizens, U.S. nationals, lawful permanent residents (green card holders), and asylees and refugees with such status granted, not pending. EQUAL OPPORTUNITY Vast is an Equal Opportunity Employer; employment with Vast is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

We are looking for a skilled Data Security Analyst to lead and enhance our enterprise compliance and data privacy systems. This role involves serving as the technical owner of our self-hosted OneTrust platform and supporting associated technologies to ensure optimal functionality and scalability. Collaborating closely with cross-functional teams, the ideal candidate will ensure alignment across compliance, IT operations, and governance standards. This is a Long-term Contract position based in Southern California. Responsibilities: - Oversee the administration and technical management of the self-hosted OneTrust platform, ensuring stability and scalability. - Partner with compliance, marketing, and data privacy teams to translate business requirements into technical solutions. - Manage integrations between OneTrust and internal APIs, downstream systems, and other technologies. - Maintain the platform lifecycle, including updates, patches, major releases, and environment planning. - Drive roadmap prioritization by tracking platform enhancements and managing the backlog. - Support compliance technologies beyond OneTrust, including JavaScript-based customer management and Python audit automation systems. - Collaborate with vendor teams and OneTrust support to resolve escalations and implement platform changes. - Ensure alignment with enterprise IT architecture, operations, and security standards. - Lead release planning, operational readiness, and incident management processes. - Promote best practices in data privacy compliance and platform governance. Requirements - Proven experience administering or developing within the OneTrust platform, with comprehensive ownership preferred. - Strong technical expertise in application and platform administration, including system integrations. - Proficiency in JavaScript and Python for custom development and automation projects. - Familiarity with compliance technologies, including cookie configuration, data inventory, and privacy impact assessments. - Ability to manage multiple integrations and ensure seamless communication between systems. - Excellent collaboration and leadership skills to coordinate across legal, IT, and vendor teams. - Knowledge of IT operations, security standards, and platform lifecycle management. - Strong problem-solving and prioritization skills to drive platform enhancements and resolve issues effectively. Technology Doesn't Change the World, People Do. Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles. Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app (https://www.roberthalf.com/us/en/mobile-app) and get 1-tap apply, notifications of AI-matched jobs, and much more. All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information. © 2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use (https://www.roberthalf.com/us/en/terms) and Privacy Notice (https://www.roberthalf.com/us/en/privacy) .

Millennium Space Systems, A Boeing Company delivers affordable, high-performance space systems for exacting customers. At Millennium, you will be part of a close-knit team working on exciting technological problems. We work in an open environment where ideas are shared across all disciplines, and there are ample opportunities for advancement based on excellence. Superstars are welcome. At Millennium, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company committed to fostering an environment for every teammate that's welcoming, respectful and innovative, with great opportunities for professional growth. Find your future with us. Job Summary The Industrial Security Specialist is responsible for creating a secure environment to facilitate the successful development and execution of classified programs at the assigned organization where classified information is stored, accessed, or where accessed personnel are assigned. The Industrial Security Specialist will enforce strict adherence to applicable laws as well as national DoD, and other security policies and requirements. Coordination of classified matters with the respective government representatives will be at the forefront of the Senior Industrial Security Specialist's responsibilities. The Industrial Security Specialist will be charged with supporting Construction Security, the establishment to document annual compliance inspections, develop Construction Security Plans (CSPs), Security Standard Operating Procedures (SOPs) and submittal of checklists among other roles. This is an in-person role - remote work is currently not available. This position's internal job code is Industrial Security Specialist. Our team is currently hiring for levels 4-5. Responsibilities Coordinate with the security team on the management of maintenance records for DoD collateral, SCIF and SAPF facilities Develop and execute projects and process plans, implement and assist in the execution of policies while enforcing the policies within Utilize knowledge of all construction disciplines, including civil, architectural, mechanical, electrical, and electronic engineering principles Participate in facility design reviews to ensure security requirements are incorporated. Apply knowledge of security requirements, TEMPEST standards and COMSEC requirements to provide input in the design solution process. Develop and maintain Standard Operating Procedures (SOP), providing written correspondence for government signature recommending approval or addressing comments requiring further clarification from the submitter. Maintain accountability of container contents, combination locks, lock date changes for containers and rooms alike while assisting with material accountability and audit support Control and modify access to corporate offices, laboratories, DoD Open Storage rooms, SCIFs and SAPFs as required Develop and assist with physical security inspections, audits, surveys, risk analysis, emergency and guard response drills and conduct random hand carry checks Assist with management of all current facility accreditations and development of all future accreditation considerations Collaborate with Contractor Special Security Officer (CSSO), COMSEC Responsible Officer (CRO) and Facility Security Officer (FSO) for program directed guidance and requirements within current and new facilities Keep business partners, management, and others informed by communicating project status, conducting and participating in team meetings, and providing presentations Support the development of authorization packages needed to obtain and maintain Authority to Operate (ATO), such as the implementation of security controls, planning, writing security procedures and conducting continuous monitoring activities. Review Contract Data Requirements List (CDRL) deliverables for security. This includes but is not limited to IS & Physical Security Plans, Management and Test Plans. Provide comments and recommendations as required. Coordinate with Security management to provide comments for Statements of Work, contracts, RFPs and Security Plans. Plan, develop, process and maintain DD147 & Fixed Facility Checklists for current and new facilities. Interpret and implement Construction Security Plans (CSPs) during all phases of the construction effort. Periodically review proposed industry interfaces, Operations Security (OPSEC) procedures, and legends for continued applicability and communicate with the Accrediting Official throughout the life of the projects Support with staff assistance visits, security reviews and inspections as well as conducting initial, recurring and refresher security education training Investigate and document security violations/incidents, providing full summaries to the government security official for adjudication Support security investigations using CCTV, Access Control System, Alarm System and creating concise reports for the security threat team Perform miscellaneous and administrative support functions as directed by the Contractor site lead Minimum Qualifications Minimum of (5) years in Industrial Security specific experience Experience with development and implementation of SOP, Work Instructions, OPSEC Plans. Experience with drafting and implementing CSPs for Special Access Programs (SAPs), Sensitive Compartmented Information (SCI) & DoD Open Storage facilities Knowledgeable of 32 CFR Part 117, Updated DoDM 5205.07 SAP Security Manual and ICD/ICS 705 Must be able to relate to a diversified customer base and be knowledgeable of DoD operations Experience with Microsoft Office Suite (Word, Excel, PowerPoint, etc.) Excellent skills in customer service, verbal, and written communication This position requires an active U.S. Top Secret Security Clearance with SCI Eligibility (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active) Preferred Qualifications Site Security Manager Training. Certificate recommended Experience creating local Risk Assessments using government resources Experience drafting and maintaining DD 147, FFCs and TEMPEST Checklist Experience working with external/internal customers, General Contractors and Facility managers to execute construction projects Summary Pay-Range Please note that the salary information shown below is a general guideline only of what is reasonably expected to be paid for the position. Salaries are based upon candidate experience and qualifications, as well as market and business considerations. Level 4: $103,700 - $152,500 Level 5: $131,750 - $193,750 Before applying, please note: Millennium is DDTC-registered, ITAR-compliant Company. This position is located at a facility that requires special access. Applicants MUST be U.S. citizens and eligible for a security clearance. Additionally, applicants must be willing to apply for and maintain a security clearance. We encourage all interested candidates to apply for any open position for which they feel they are qualified. Applicant Privacy Policy Mandatory Security Clearance and Access Process Disqualifying Criteria

ISSO Employment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success: * Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. * Maintain responsibility for managing cybersecurity risk from an organizational perspective. * Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership. * Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies. * Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO). * Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes. * Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF. * Provide subject matter expertise for cyber security and trusted system technology. * Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems. * Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. * Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring. * Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications: * Bachelor's Degree. * A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc. * eMASS experience. * Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher. * Strong desktop publishing skills using Microsoft Word and Excel. * Experience with industry writing styles such as grammar, sentence form, and structure. * Ability to multi-task in a deadline-oriented environment. Ideally, you will also have: * CISSP, CASP, or a similar certificate is preferred. * Master's Degree in Cybersecurity or related field. * Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking. * Demonstrated ability to work well independently and as a part of a team. * Excellent work ethic and a high commitment to quality. Our Commitment: Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package. Health, Dental, and Vision Life Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation! Explore additional job opportunities with CGS on our Job Board: ************************************* For more information about CGS please visit: ************************** or contact: Email: [email protected] #CJ $92,213.33 - $125,146.66 a year We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

At Arete, we are on the forefront of utilizing innovative solutions, with great minds from all backgrounds, to help solve the nation's most complex security challenges. We strive for an inclusive, collaborative team environment that approaches differences as opportunities for innovation and excellence. As an employee-owned company, we foster an atmosphere that propels diverse career opportunities and professional growth. Discover your future with us. Arete is seeking an experienced Principal Industrial Security Analyst/CPSO. This is a multidisciplinary security position requiring an experienced and knowledgeable security professional to support Special Programs. The Contractor Program Security Officer (CPSO) is responsible for the execution and sustainment of comprehensive security programs for assigned efforts with contractually mandated security requirements that exceed standard NISPOM (32 CFR Part 117) compliance. The CPSO serves as a liaison to government security representatives, ensuring full alignment with DoD policy and directives while maintaining a proactive and audit-ready security posture across all assigned programs. This position is based at our Northridge, CA office and is an exempt, non-supervisory, full-time position. Key Responsibilities: Serve as the Contractor Program Security Officer (CPSO) ensuring full compliance with DoD security requirements as outlined in DoDM 5205.07 Volumes. Interpret and apply policy guidance and security classification guides (SCGs) to ensure continued DoD compliance-driven security practices across all program elements. As a member of the Security team, you will support all aspects of program security administration, including Personnel Security (PERSEC), Security Education, Training, and Awareness (SETA), Operations Security (OPSEC), document control/inventories, visitor control, supporting hosted program meetings, etc. in coordination with internal and external stakeholders. Ensure timely submission and management of program access requests (PARs), nomination packages, and eligibility actions within DISS and other applicable systems as directed by Program Management. Conduct indoctrinations, debriefings, and security training for program personnel in accordance with government directives. Accomplish and retain Lead Trainer status. In coordination with the Contractor Program Security Manager (CPSM) and other security team members review program-specific documentation as required, (e.g., Standard Operating Procedures (SOP), Fixed Facility Checklists (FFC), Emergency Action Plan (EAP), Concept of Operations (ConOps), Media Control Plan, etc. Prepare for and support government security reviews, inspections, audits, and self-inspections. Implement corrective actions and maintain a state of readiness. Support secure facility operations in accordance with ICD 705 requirements, including alarm monitoring, guard testing, UL2050 inspections, TEMPEST compliance, etc. Track and report security incidents, conduct preliminary inquiries, and support investigations in conjunction with the Security Manager and government sponsors. Assist with the review and approval of technical documents, ensuring proper classification markings and adherence to security classification guidance. Demonstrate proficiency with/utilize specific databases to determine personnel eligibility to access classified information - DISS, JADE, Enterprise Security Systems (SIMS), and other databases and record-keeping repositories. Interface with government customers, contractors, employees, and all levels of management. Responsible for the daily handling of Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), and clearance-related data in compliance with the Privacy Act and DoD policies; must demonstrate discretion and sound judgment in the protection and management of sensitive information. Maintain proficiency and currency in security policy and operational practices through continuous training and engagement with the security community. Additional Responsibilities: Support after-hours and emergency response activities related to alarms or ICD705 construction. Assist with enforcement of prohibited electronic device (PED) policies and perform entry/exit inspections as required. Support additional security tasks or projects as assigned by the CPSM. We have an impressive range of benefits, programs, and perks that we offer: Health & Wellness: Medical, Dental & Vision Insurance Life and Long-Term Disability (LTD) Vision Reimbursement Fitness Reimbursement Financial: Company-funded 5% contribution to your 401(k) retirement plan Company-funded 5% contribution to your Employee Stock Ownership Plan Continuing Education Assistance Work-Life Balance: Flexible Scheduling Paid Time Off (PTO) Paid Parental and Bereavement Leave What We Value: Creativity and innovation in solving challenges Integrity and responsibility in all actions Collaboration across teams and specialties Responsiveness in fast-paced environments Passion for national security and excellence Experiences and Background We Look For: U.S. Citizenship and active Top-Secret clearance required; must be eligible to obtain and maintain a TS/SCI with polygraph. Minimum of 10 years of progressively responsible experience in Program Security, Physical Security, and direct support as a CPSO/CSSO, including extensive experience managing Special Access Programs (SAPs) in compliance with DoD, NISPOM, and ICD requirements. Individual must be reliable, dependable and trustworthy. Excellent verbal and written communication skills are critical. Must be able to prioritize assignments, manage multiple tasks simultaneously, and work well under deadlines with minimal supervision, often in fast-paced environments requiring quick turnaround. Proficient in Windows 10 and Microsoft Office Suite, to include: Microsoft Word, PowerPoint, Excel and Outlook. Strong interpersonal and communication skills, with a collaborative mindset is essential. Must be able to walk, stand, and sit for extended periods as part of routine facility inspections and escort duties. Comfortable working at elevated heights or in construction areas with PPE (e.g., hard hats, gloves, safety glasses). 6-month probationary period may apply. Must be willing and able to travel (10-15%) as needed for assessments or inspections at other Arete sites. Nice to have: FSO training certificate COMSEC Custodian certificate or experience required. Complete IAEC-2112 COMSEC Training Course six months after being appointed as Alternate COMSEC Account Manager Courier preparation procedures Experience developing and implementing OPSEC plans Knowledge of Access Control and Intrusion Detection Systems Experience conducting Security incident inquiries Resourceful in solving problems and capitalizing on opportunities Professional Certifications/Affiliations The salary range for this role is $90,000/yr to $140,000/yr; however, Arete considers several factors when extending an offer of employment, including but not limited to: the position and associated responsibilities, a candidate's work experience, education/training, and key skills. Other Considerations Areté is committed to the principles of equal employment opportunity and nondiscrimination, and we believe every person has the right to be treated with fairness, dignity, and equal consideration. Areté is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, marital status, national origin, age, veteran status, disability, or any other characteristic protected by applicable federal, state, or local law. U.S. citizenship is required to meet position eligibility. Successful passage of a criminal background screen is required to meet position eligibility. Selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Areté will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring. Successful passage of a Department of Transportation (DOT) drug test is required to meet position eligibility. If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our website because of your disability. To request an accommodation, please contact Areté Human Resources at ************ for assistance.

Project Description: This project entails providing cybersecurity staff augmentation services to Metro's Information Security Department for two years. The assigned resource will support various core functions within the department, focusing on enhancing security strategy, governance, risk assessments, and security operations. Flexibility in work schedules and locations is required. The project aims to bolster Metro's cybersecurity posture and adherence to industry best practices in the transportation sector. Key qualifications: Proficiency in Windows and Linux operating systems and their security aspects. Expertise in a wide range of security products, including modern solutions like cloud security, Zero Trust architectures, advanced threat protection, and AI-Driven security analytics. Deep understanding of Incident Response, Disaster Recovery, Business Continuity, and Breach Management. Knowledge of information systems engineering, secure software development, networks security, and security operations. Familiarity with security standards and framework suck as PCI DSS, ISO Standards, ITIL, NIST Cybersecurity Framework, CCPA, CPRA, and GDPR. Ability to review and create security procedures and requirements. In-depth knowledge of industry frameworks like ISO 27000, NIST 800-53, ITIL Foundation, and NIST Cybersecurity. Strong grasp of regulatory compliance requirements, including PCI DSS, HIPAA, GDPR, etc. Comprehensive knowledge of security risk and countermeasures for Windows and Linux platforms. Project Management skills and coordination capabilities. Experience in Public Transportation or Transit Industries preferred. Skills & Qualifications: Required CISSP Preferred Certifications: Microsoft Certification Azure Solutions Architect Expert, SANS GIAC, CEH-CCNA. Minimum ten (10) years of experience in cybersecurity, primarily focused on technical and Security Operations Center (SOC) functions. Expertise in User Behavior Analytics, Cybersecurity AI tools, SIEM, Endpoint Security, NextGen Firewalls, etc. Advanced knowledge of security applications, infrastructure, technologies, and methodologies. Up-to-Date understanding of the latest security advisories, alerts, and vulnerabilities relevant to Metro. Initiative and independent judgement within established guidelines. Ability to prioritize work processes and project effectively. Timely response to cybersecurity issues and incidents. Hybrid position: 30% home & 70% On Site Salary Range: $156,000 to $238,000 /Year

Company: Millennium Space Systems Millennium Space Systems (MSS), a part of Boeing Defense, Space and Security (BDS) is seeking a Senior Industrial Security Specialist - Physical Security is responsible for creating a secure environment to facilitate the successful development and execution of classified programs at the assigned organization where classified information is stored, accessed, or where accessed personnel are assigned. The Industrial Security Specialist will enforce strict adherence to applicable laws as well as national DoD, and other security policies and requirements. Coordination of classified matters with the respective government representatives will be at the forefront of the Senior Industrial Security Specialist's responsibilities. The Industrial Security Specialist will be charged with supporting Construction Security, the establishment to document annual compliance inspections, develop Construction Security Plans (CSPs), Security Standard Operating Procedures (SOPs) and submittal of checklists among other roles. This is an onsite role in El Segundo, California. Position Responsibilities: Coordinate with the security team on the management of maintenance records for DoD collateral, SCIF and SAPF facilities Develop and execute projects and process plans, implement and assist in the execution of policies while enforcing the policies within Utilize knowledge of all construction disciplines, including civil, architectural, mechanical, electrical, and electronic engineering principles Participate in facility design reviews to ensure security requirements are incorporated. Apply knowledge of security requirements, TEMPEST standards and COMSEC requirements to provide input in the design solution process. Develop and maintain Standard Operating Procedures (SOP), providing written correspondence for government signature recommending approval or addressing comments requiring further clarification from the submitter. Maintain accountability of container contents, combination locks, lock date changes for containers and rooms alike while assisting with material accountability and audit support Control and modify access to corporate offices, laboratories, DoD Open Storage rooms, SCIFs and SAPFs as required Develop and assist with physical security inspections, audits, surveys, risk analysis, emergency and guard response drills and conduct random hand carry checks Assist with management of all current facility accreditations and development of all future accreditation considerations Collaborate with Contractor Special Security Officer (CSSO), COMSEC Responsible Officer (CRO) and Facility Security Officer (FSO) for program directed guidance and requirements within current and new facilities Keep business partners, management, and others informed by communicating project status, conducting and participating in team meetings, and providing presentations Support the development of authorization packages needed to obtain and maintain Authority to Operate (ATO), such as the implementation of security controls, planning, writing security procedures and conducting continuous monitoring activities. Review Contract Data Requirements List (CDRL) deliverables for security. This includes but is not limited to IS & Physical Security Plans, Management and Test Plans. Provide comments and recommendations as required. Coordinate with Security management to provide comments for Statements of Work, contracts, RFPs and Security Plans. Plan, develop, process and maintain DD147 & Fixed Facility Checklists for current and new facilities. Interpret and implement Construction Security Plans (CSPs) during all phases of the construction effort. Periodically review proposed industry interfaces, Operations Security (OPSEC) procedures, and legends for continued applicability and communicate with the Accrediting Official throughout the life of the projects Support with staff assistance visits, security reviews and inspections as well as conducting initial, recurring and refresher security education training Investigate and document security violations/incidents, providing full summaries to the government security official for adjudication Support security investigations using CCTV, Access Control System, Alarm System and creating concise reports for the security threat team Perform miscellaneous and administrative support functions as directed by the Contractor site lead Basic Qualifications (Required Skills/Experience): Minimum of (5) years in Industrial Security specific experience Experience with development and implementation of SOP, Work Instructions, OPSEC Plans. Experience with drafting and implementing CSPs for Special Access Programs (SAPs), Sensitive Compartmented Information (SCI) & DoD Open Storage facilities Knowledgeable of 32 CFR Part 117, Updated DoDM 5205.07 SAP Security Manual and ICD/ICS 705 Must be able to relate to a diversified customer base and be knowledgeable of DoD operations Experience with Microsoft Office Suite (Word, Excel, PowerPoint, etc.) Excellent skills in customer service, verbal, and written communication This position requires an active U.S. Top Secret Security Clearance with SCI Eligibility (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active) Preferred Qualifications (Desired Skills/Experience): Site Security Manager Training. Certificate recommended Experience creating local Risk Assessments using government resources Experience drafting and maintaining DD 147, FFCs and TEMPEST Checklist Experience working with external/internal customers, General Contractors and Facility managers to execute construction projects Conflict of Interest: Successful candidates for this job must satisfy the Company's Conflict of Interest (COI) assessment process. Drug Free Workplace: Millennium Space Systems, A Boeing Company is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies. Pay & Benefits: Millennium Space Systems, A Boeing Company offers a very competitive benefits package to include medical, dental, vision, and 401k plan. Level 4: $$103,700 - $152,500 Level 5: $131,750 - $193,750 Language Requirements: Not Applicable Education: Not Applicable Relocation: Relocation assistance is not a negotiable benefit for this position. Export Control Requirement: This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee. Safety Sensitive: This is not a Safety Sensitive Position. Security Clearance: This position requires an active U.S. Top Secret/SCI Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active) Visa Sponsorship: Employer will not sponsor applicants for employment visa status. Contingent Upon Award Program This position is not contingent upon program award Shift: Shift 1 (United States of America) Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law. EEO is the law Boeing EEO Policy Request an Accommodation Applicant Privacy Boeing Participates in E - Verify E-Verify (English) E-Verify (Spanish) Right to Work Statement Right to Work (English) Right to Work (Spanish)

Job Description Exciting Threat Intelligence Analyst / Security Analyst Tier II, 6 months, contract opportunity in Los Angeles, CA. Requirements 2 plus years of experience in tactical intelligence or intelligence analysis, or a related area. 3 plus years of experience in cyber security or related discipline. Understands the following concepts: confidence intervals, MITRE, kill chain, C2, passive DNS, traffic light protocol, and collections bias. Cyber Threat Intelligence Analyst will focus on technical analysis of threats in order to drive the collection, creation, and dissemination of indicators of compromise and indicators of attack. Ability to conduct open-source intelligence collection and analysis. Ability to produce intelligence products at the tactical, operational, and strategic levels. Familiarity with multiple threat intelligence types, sources, and methods of gathering/ obtaining information and data. Basic knowledge of open-source tools, such as Shodan, Maltego, PassiveTotal, and Virus Total. Good understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Triaging tactical reporting to focus on serious threats and/or those likely to be perceived as such Nice to have: GCTI: Cyber Threat Intelligence, CCTA: Certified Cyber Threat Analyst, CCIP: Certified Cyber Intelligence Professional

Exciting Threat Intelligence Analyst / Security Analyst Tier II, 6 months, contract opportunity in Los Angeles, CA. Requirements 2 plus years of experience in tactical intelligence or intelligence analysis, or a related area. 3 plus years of experience in cyber security or related discipline. Understands the following concepts: confidence intervals, MITRE, kill chain, C2, passive DNS, traffic light protocol, and collections bias. Cyber Threat Intelligence Analyst will focus on technical analysis of threats in order to drive the collection, creation, and dissemination of indicators of compromise and indicators of attack. Ability to conduct open-source intelligence collection and analysis. Ability to produce intelligence products at the tactical, operational, and strategic levels. Familiarity with multiple threat intelligence types, sources, and methods of gathering/ obtaining information and data. Basic knowledge of open-source tools, such as Shodan, Maltego, PassiveTotal, and Virus Total. Good understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Triaging tactical reporting to focus on serious threats and/or those likely to be perceived as such Nice to have: GCTI: Cyber Threat Intelligence, CCTA: Certified Cyber Threat Analyst, CCIP: Certified Cyber Intelligence Professional

The Director of Information Security reports to the Chief Information Officer (CIO) and is responsible for information security policy assessments, enforcing compliance with firm security policies and applicable law, vendor management and security incident management. Working with the firm's Information Technology teams, including Network Operations, Customer Experience, Practice Services and Research, the Director of Information Security will help develop, manage, audit and enforce security related policies and procedures throughout the firm's enterprise on premise and cloud systems. REQUIRED KNOWLEDGE, SKILLS AND ABILITIES: Admin-level knowledge of Windows system administration and Active Directory. Knowledge of network security principals, best practices and industry standards. Knowledge of security models that maintain and enforce security policies. Expert understanding of cloud controls and environments, a strong foundation in IT solutions deployment and practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment are critical. Experience with IT security, compliance, risk and privacy frameworks such as ISO 27001, NIST 800-53, HIPAA, GDPR, CCPA. Knowledge of security tools and concepts including: IDS/IPS; SIEM; Web Proxy; Encryption; Patch management; Vulnerability Scanning & Remediation; Forensics; Penetration Testing; DLP; Email Gateways; Anti-spam Services; MDM; Privileged Account Management; Log Analytics; Two Factor Authentication; Single Sign On. Individual must possess excellent communication and interpersonal skills with a high degree of empathy and emotional intelligence, be self-motivated with the ability to manage and prioritize multiple deliverables to meet deadlines and demonstrate proven success delivering results individually and as part of a team in a fast-paced, demanding, growth environment. JOB COMPETENCIES / SUCCESS FACTORS: Client-service orientation Pro-active problem solving Strong communication skills Work ethic and teamwork Leadership skills Interpersonal skills QUALIFICATIONS: 4+ years of experience working in an Information Security management role. CISSP certification Project management experience preferred Previous law firm experience highly desired

At a glance Another Source is partnering with Cal State LA- a mission-driven, highly diverse public university in the heart of Los Angeles- to recruit a Chief Information Security Officer (CISO). This is a high-visibility leadership role responsible for shaping and advancing the university's enterprise information security, risk management, and privacy program. The CISO will work closely with executive leadership, IT, and campus stakeholders to protect institutional data while enabling teaching, learning, research, and student success. Why this role stands out:• Enterprise ownership of information security, risk, and compliance across a complex university environment• Direct partnership with senior leadership and governance bodies• Opportunity to build a shared, campus-wide culture of security and risk awareness• Meaningful work in support of equity, access, and public impact Description: What you'll be doing Another Source's client, California State University Los Angeles, is recruiting for a Chief Information Security Officer to join their team in Los Angeles. Did you know? California State University system is the largest public four-year university system in the world, with more than 486,000 students, and 56,000 faculty and staff. ******************************************* California State University, Los Angeles (Cal State LA) is one of 23 campuses within the California State University system. The University is the premier comprehensive public university in the heart of Los Angeles. We offer nationally recognized programs and our faculty have a strong commitment to scholarship, research, creative pursuits, and service. As a federally recognized Hispanic-serving (HSI) and Asian-American, Native American, and Pacific Islander-serving institution (AANAPISI), Cal State LA recognizes the transformative power of education and embraces its duty to identify and serve the needs of all of its students. The University is committed to creating a community in which a diverse population of students, faculty, and staff can thrive. About the role: Reporting directly to the Vice President, this pivotal role entails exercising enterprise-wide authority to ensure compliance with university information security policies and IT risk management practices, consistent with industry standards and governmental regulations. The Chief Information Security Officer (CISO) also serves as a strategic advisor to the university's executive leadership on information security matters. As an advocate for Cal State LA's overall information security needs and awareness planning, the CISO provides vision and leadership for developing and supporting security and compliance initiatives. The CISO serves as the campus security and compliance liaison on various committees including the CSU Information Security Advisory Committee (ISAC) and CSU system-wide information security initiatives. Learn more about the Information Technology Services department and Information Security Resources: ************************************************************* The anticipated annual hiring range is up to $180,000 depending on experience. Key Responsibilities: In collaboration with the university's executive leadership, the CISO plays a pivotal role in defining acceptable levels of information security risk, aligning cybersecurity strategies with institutional objectives, and ensuring the university's overall resilience against cyber threats and regulatory compliance requirements. Key responsibilities encompass: Identify risks and IT security and compliance requirements and priorities: Collaborate with executive management to establish acceptable risk profiles, balance security measures with operational needs and business objectives, identify and remediate security-related compliance gaps, establish security and compliance governance processes to ensure security and compliance solutions are appropriate, and resources are allocated based on the priorities of the university business objectives. Protect the information assets and reputation of the university from cyberattacks: Design, implement, and maintain a comprehensive campus-wide information security management program, encompassing policies, procedures, practices, and capabilities to safeguard sensitive data and critical infrastructure. Conduct security awareness program to educate Cal State LA user community to protect themselves from phishing and/or cyberattacks. Detect cyber threats, attacks, system vulnerabilities, and security-related non-compliance issues: Enhance technical capabilities to improve cyber threat detection effectiveness. Develop IT security talents to identify symptoms of cyberattacks. Establish security threat detection processes to monitor cyber risks and vulnerabilities. Lead the assessments and security health check efforts on regulatory compliance mandates including FERPA, PII, GLBA, GDPR, PCI DSS, and HIPAA. Respond to security incidents and cyberattacks: Maintain up-to-date Incident Response Management Plans and improve the university's incident response readiness via CSIRT training and tabletop exercises. Lead the incident response efforts, perform investigation, coordinate remediation activities, and ensure effective communication with stakeholders during and after security breaches or cyberattacks. Collect evidence for the cyber incidents to enable post incident activities. Restore disrupted systems and business capabilities after cyber incidents: Coordinate with Infrastructure Team to back up critical systems and sensitive data to enable quick and comprehensive restoration of systems after cyber-attacks or system disruption. Strategic Planning and Prioritization: Actively participate in IT strategic planning initiatives, projects, and resource allocation decisions, prioritizing security investments and aligning cybersecurity strategies with the university's evolving needs. IT Audit Oversight: Oversee IT-related audit responses, ensuring adherence to internal controls, regulatory compliance requirements, and industry best practices. Required Qualifications: Bachelor's degree in information security, computer science, or a related field. Minimum of 8-10 years of progressive experience in information security, cybersecurity, or a related field. Proven experience in a leadership role, overseeing comprehensive information security programs, and managing security initiatives in a complex organizational environment, preferably in higher education. Strong communication skills with the ability to effectively convey complex security concepts to both technical and non-technical stakeholders. Experience collaborating with executive management and presenting to governing boards. In-depth knowledge of information security principles, cybersecurity technologies, and risk management frameworks. Experience with the implementation and management of security operations centers (SOCs) and security monitoring systems. Familiarity with industry-accepted information security standards, frameworks, and best practices. Expertise in developing, implementing, and maintaining information security policies, procedures, and standards. Experience with information security governance and ensuring compliance with applicable industry standards and governmental regulations. Strong background in conducting risk assessments and implementing risk management strategies. Experience managing relationships with security-related vendors and overseeing security services. Knowledge of vetting and reviewing security practices and controls of third-party service providers. Experience with overseeing compliance efforts, including audits and assessments related to FERPA, GLBA, HIPAA, and other relevant regulations. Ability to align information security initiatives with organizational goals. Demonstrated commitment to staying abreast of the latest trends, emerging threats, and best practices in information security. Participation in professional organizations, conferences, and networking events in the cybersecurity field. Experience in leading and developing a diverse team of information security professionals. Ability to foster a collaborative and inclusive team culture. Understanding of legal and regulatory requirements related to information security, particularly in the context of higher education. Why a career with CSU is for You: The CSU system offers a comprehensive benefits package designed to meet you where you're at in life and typically adds 30-35% to your total compensation package. For more information on programs available, take a closer look in the Employee Benefits Summary: ******************************************************************************************** Emphasis on maintaining a healthy work-life balance with ample PTO and flexibility, which includes up to 24 vacation days per year (based on employee group/or services). Enjoy the vibrant campus life with access to athletic and gym facilities, renowned sporting events, artist events, and world-renowned speakers. Numerous professional development opportunities to advance your career including tuition waivers for yourself, a spouse, registered domestic partner or an eligible dependent child across any of the 23 CSU campuses. Two different retirement plans catered to fit your personal saving goals: CalPERS Retirement Plan or 403(b) Supplemental Retirement Plan (Similar to a 401k plan) Medical benefits tailored to support various life stages We recognize that transportation to and from work can be expensive and we are here to help support you with pre-tax commuter benefits. Equal Employment Statement The California State University is an Equal Opportunity/Affirmative Action employer committed to nondiscrimination on the basis of age, ancestry, citizenship status, color, creed, disability, ethnicity, gender, genetic information, marital status, medical condition, national origin, race, religion or lack thereof, sex, sexual orientation, transgender, or protected veteran status consistent with applicable federal and state laws. This policy applies to all CSU students, faculty and staff programs and activities. Title IX of the Education Amendments of 1972, and certain other federal and state laws, prohibit discrimination on the basis of sex in all education programs and activities operated by the university (both on and off campus). Another Source works with their clients, on a retained project basis. We are committed to building inclusive candidate pools as we partner with hiring teams. As you read through the job posting and review the list of qualifications (required and/or preferred), please do not self-select out if you feel you do not meet every qualification. No one is 100% qualified. We encourage you to apply and share your story with us. #AS1 #LI-JK1