Post Job

Information Security Analyst Jobs in Carnot-Moon, PA

- 86 Jobs
All
Information Security Analyst
Cyber Security Analyst
Information Security Manager
Security Engineer
Information Technology Analyst
Information Systems Security Manager
Information Assurance Engineer
Senior Cyber Security Analyst
Senior Security Specialist
Securities Analyst
Information Security Consultant
Senior Information Security Analyst
  • Cyber Security Analyst

    Intepros

    Information Security Analyst Job In Pittsburgh, PA

    We are seeking a Cybersecurity Analyst III to join our dynamic team and contribute to the development and execution of strategic cybersecurity initiatives. This role focuses on identifying, managing, and mitigating cyber threats using industry-recognized frameworks and quantitative risk analysis tools. The position is based in Pittsburgh, PA and follows a hybrid schedule with 3 days onsite weekly. Key Responsibilities: Drive cybersecurity strategy by managing internal cyber assessments and expanding cyber risk quantification efforts using tools such as ISF's IRAM2 and FAIR. Develop and enforce governance policies, standards, and controls for continuous cyber hygiene and operational risk management. Collaborate with cross-functional teams to identify operational roadblocks and develop remediation strategies. Utilize industry-standard frameworks, including CRI Cyber Profile, NIST CSF, and ISO 27001, to ensure compliance and control effectiveness. Support business intelligence efforts by analyzing data and creating actionable insights through tools like Power BI, Tableau, and SQL. Provide professional support for the company's information security infrastructure and consult with stakeholders to address risk and control issues. Qualifications: Education: Bachelor's degree in Computer Science, Information Security, or a related discipline (advanced degree preferred). Experience: 3+ years in GRC, cybersecurity, or a related field. Familiarity with the financial services industry is a plus. Technical Skills: Proficiency in MS Office, ServiceNow, and tools for quantitative risk analysis such as IRAM2. Experience with SQL, Power BI, Tableau, and other data analysis tools. Soft Skills: Strong analytical, troubleshooting, and communication skills. Ability to manage time effectively and work both independently and collaboratively. What We Offer: An opportunity to work with cutting-edge cybersecurity frameworks and tools. A collaborative environment where innovation and proactive problem-solving are encouraged. Competitive salary and potential for long-term growth within the organization.
    $73k-99k yearly est. 3d ago
  • Information Security Analyst (Local Applicants ONLY)

    A.C.Coy Company 3.9company rating

    Information Security Analyst Job In Canonsburg, PA

    Applicants MUST currently live locally to the Canonsburg, PA region No 3rd Parties/Sub Vendors Work Authorization: U.S. Citizen or Green Card Overview: The A.C. Coy Company is currently seeking candidates for an Information Security Analyst role. This individual will serve as a main contact for compliance and security initiatives within the company. Our ideal candidate will have 5+ years of experience working in information security and specific experience in GRC and cybersecurity. CISSP is strongly preferred. Occasional travel to other office locations is required, but very rarely overnight. Our client is offering an excellent salary and benefits package and strong career growth opportunities. Responsibilities: Lead and manage security initiatives, compliance enforcement, and incident response in accordance with corporate policies and standards Maintain and improve our ISMP /Process Documents, create and update process documentation, controls, and SOPs Maintain security policy and procedure documentation, such as ISMP, according to changes in the business and security framework. Develop and design necessary systems to maintain and improve the organization's security posture Conduct log reviews and investigations and monitor/report on security systems such as the SIEM, IPS, and VM Manage third-party risk management and security awareness program Provide guidance on development and technology security strategy for the IT team Mentor and grow our high-performing security team Works closely with Incident Response Team to gather requirements and support their needs Help maintain Security Operations Center (SOC) to improve incident response time with Network Technician(s) Support in achieving organizational Objectives and Key Results (OKRs) Track, analyze, and report threats, risks, vulnerabilities, and incident data as part of our data-driven security operation Track and improve corporate security Key Performance Indicators (KPIs) Brief associates and executives at annual reviews, lunch & learns, and training events on security awareness Develop and sustain long-standing relationships with 3rd party vendors Assist with RFP and other client requests for security and compliance confirmation documentation Assist our stakeholders with aligning standard operating procedures, controls, monitoring, and reporting Qualifications: Bachelor's degree in Computer Science, Information Systems, Information Security or a related field 5+ years of experience in the working in information security and technology Willingness to certify in Security+ and Network+ within first year of role placement is required Preferred: CISSP certification Some experience working in networking and server infrastructure Experience in the commercial print industry preferred Experience with C# development Experience with SQL
    $77k-107k yearly est. 7d ago
  • Information Systems Security Manager

    Block MB

    Information Security Analyst Job In Pittsburgh, PA

    The Information Systems Security Manager (ISSM) functionally manages the process to protect classified information. The ISSM's primary function is implementation of all classified security policy, procedures and government security requirements as required by the United States Government. The ISSM outlines classified security policies and procedures and assures staff compliance with all applicable government regulations. The ISSM serves as the subject matter expert for classified systems security questions and problem solving within the classified security team. The ISSM reports directly to the Manager, Security Operations. Performs the Information Systems Security Manager (ISSM) responsibilities and role for classified network, TS/SCI, and SAP/SAR activities; performs oversight administration of classified systems activities. Supports the FSO as related to classified processing for maintaining secure facility accreditations and joint and co-use agreements with applicable government agencies. Writes, coordinates, and conducts classified systems security education briefings (SAP, SCI and CLAN) and the User Acknowledgment statement as required. Supports the Corporate Information System Security Manager, in maintaining detailed records of Security & Classified Operations department functions and activities for monthly reports Management regarding classified systems; conducts classified security investigations as required by the Corporate Information Systems Security Manager. Performs computer systems security activities, implementing security controls for systems processing classified information including initial approval, re-approval, decertification and audits. Coordinates with the Defense Intelligence Agency and other elements of the U.S. intelligence community on inspections, reviews, investigations, and other reportable issues; coordinates with the Defense Counterintelligence and Security Service (DCSA) and Department of Defense sponsors on inspections, reviews, investigations, and other reportable issues. Responsible for the classified computing protection program at the collateral, TS/SCI, and SAP/SAR levels, as well as the classified computing hardware/software and voice/data communication audits. Other duties and special projects as assigned.
    $104k-142k yearly est. 7d ago
  • Information Technology Security Analyst

    Engine 4.8company rating

    Information Security Analyst Job In Pittsburgh, PA

    eNGINE builds Technical Teams. We are a Solutions and Placement firm shaped by decades of interaction with Technical professionals. Our inspiration is continuous learning and engagement with the markets we serve, the talent we represent, and the teams we build. Our Consulting Workforce is encouraged to enjoy career fulfillment in the form of challenging projects, schedule flexibility, and paid training/certifications. Successful outcomes start and finish with eNGINE. eNGINE is hiring a Junior IT Security Analyst to support our Pittsburgh based customer in the healthcare space. This position is ideal for individuals eager to kickstart their careers in cybersecurity and contribute to the protection of our organization's information assets. Qualifications/Experience: Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience Preferred: 1-3 years in a hands-on security role. Knowledge of security-related tasks, vulnerability management, and security monitoring. Hands-on experience with Azure cloud services is a big plus. Familiarity with operating systems (Windows), networking concepts, and common security tools (firewalls, antivirus, Azure Sentinel, and Defender). Responsibilities: Monitor security alerts and events using SIEM tools to identify and remediate potential threats. Coordinate with our outsourced 24/7 Security Operations Center to monitor Azure Sentinel for emerging threats. Use tools like Qualys to assess, prioritize, and mitigate security vulnerabilities across the organization. Create and maintain accurate documentation of security processes, incidents, and findings to support audits and compliance efforts. Support the team in investigating security incidents, performing initial analysis, and documenting findings. Handle various patch management tasks No C2C is available for this opportunity. Apply today to see how eNGINE can make a difference in your career!
    $83k-114k yearly est. 2d ago
  • Cyber Security Analyst

    Gem Technologies, Inc.

    Information Security Analyst Job In West Mifflin, PA

    **Compensation** * $110K - $195K *This range represents the typical compensation for this role, but is subject to adjustment based on further evaluation of the candidate and the market which can include factors such as required qualifications, education, experience, and location.* *Please also note that the range is based on multiple, client-set levels and that GEM applies reasonable factors that can adjust the wage rate differential.* ****ABOUT THE ROLE**** We are seeking a **Cyber Security Analyst** to join our team supporting the Naval Nuclear Laboratory (NNL) at their **Kesselring and Bettis sites**! This position is full-time and will be based out of West Mifflin, PA or Schenectady, NY with hybrid flexibility (25% remote). **Responsibilities** * The Naval Nuclear Laboratory develops advanced naval nuclear propulsion technology for the safety and reliability of our Navy's submarine and aircraft fleet. * The Analyst will be responsible for execution of all aspects of the National Institute of Standards and Technology (NIST) directives to support the Risk Management Framework (RMF). * This includes assisting information system owners with development of System Security Plans (SSPs) and Security Assessment Reports (SARs) using the existing RSA Archer application on the Naval Nuclear Propulsion Network (NNPP Net) to support information system authorization. * Additionally, the Analyst will assist in the development of Plans of Action and Milestone (POA&Ms) and Risk Based Decisions (RBDs) for deficiencies found during the information system authorization process. **Requirements** * *Education & Years of Experience* - Bachelor's Degree in a relevant field and 5-10+ years of relevant experience * *Citizenship* - To be considered, you must be a United States (U.S.) citizen due to the federal nature of the work * *Clearance* - To be considered, you must have an active or very recently active DOE “Q” Clearance or DoD “Top Secret” Clearance *(If you do not obtain a current clearance you may still be selected but the start date would be after the clearance came through, possibly 6 months)* * At least four years of combined experience in the following roles; security control validator, security control assessor, Information System Security Officer (ISSO), or Information System Security Manager (ISSM) * At least two years of experience supporting development of information system security authorization packages in accordance with Risk Management Framework (NIST 800-37, 800-53, 800-53a) * At least two years of experience working with Federal Risk and Authorization Management Program (FedRAMP) * Security+ Certification **Desired Skills** * Experience with the RSA Archer application * At least two years of experience working on IT security project teams * At least one year of experience managing IT projects * Knowledge of IT infrastructure and services (Data Centers, physical and virtual servers, local and wide area networking components, cloud Infrastructure/Platform/Software as a Service, etc.) * Knowledge of security policies such as NIST Special Publications, Security Technical Implementation Guides (STIGs), DOD Cloud Computing Security Resource Guide (SRG) * Knowledge of infrastructure security, endpoint protection, vulnerability management tools * Previous work authorizing information systems within a classified DoE or DoD environment * Familiarity with NIST 800-171 * Certified Information Systems Security Professional (CISSP) certification * Certificate of Cloud Security Knowledge (CCSK) certification **About the Site** The Naval Nuclear Laboratory is comprised of the *Bettis Atomic Power Laboratory*, located in West Mifflin, Pennsylvania, the *Knolls Atomic Power Laboratory* located in Niskayuna, New York, the *Kesselring Site*, located in West Milton, New York, and the *Naval Reactor Facility* located in Idaho Falls, Idaho. Together, they develop advanced technology for the United States Naval Nuclear Propulsion Program, ensure the safety and reliability of naval nuclear reactors, and train Sailors who operate reactors in submarines and aircraft carrier fleets (). ****ABOUT GEM**** GEM Technologies, Inc. (GEM) is an award-winning federal contractor with more than 30 years of experience providing environmental, construction, facility management, and technical services to federal agencies, state and local governments, and commercial organizations. Founded in 1994 as a nuclear engineering firm to support federal operations in East Tennessee, GEM has since expanded into a nationwide, multi-disciplinary provider with over 270 employees and a diverse portfolio of contracts in the environmental, nuclear, and defense sectors. Some reasons to join GEM are: * *Our philosophy* - We believe in the power of effective collaboration and recognize that good partnerships are the building blocks to success. * *Our relationships* - Partnering with federal clients, we solve complex problems, exceed expectations, and advance critical missions. * *Our team* - We are committed to managing a cohesive workforce and cultivating a supportive workplace for our employees on contracts and in-office. * *Our community involvement* - Supporting our communities, we invest time and money in local schools and non-profit organizations. ****COMPENSATION AND BENEFITS**** GEM's offered compensation is dependent on **candidates' education**, **qualifications**, and **relevant years of experience**. To recruit and retain our exceptional staff, we offer the opportunity to elect benefit packages that best suit our employee's needs; this includes, but is not limited to, a competitive Salary, Medical, Dental and Vision Insurance (including HSA & PPO options), Paid Time Off (PTO), Paid Holidays, Life Insurance, and a matching 401(k) Retirement Plan. *Please Note*: With the exception of mandated state requirements, GEM does not publish salary information on external job boards; as such, most ranges listed are estimates made by vendors and not actual salary ranges. ****EQUAL OPPORTUNITY EMPLOYER**** GEM Technologies, Inc. is an Equal Opportunity/Affirmative Action Employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. Compensation Range: $110K - $195K
    27d ago
  • Information Security Risk Analyst

    Wabtec 4.5company rating

    Information Security Analyst Job In Pittsburgh, PA

    Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company's new website at: ************************** It's not just about your career… or your job title…it's about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven't been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry. Who will you be working with? Our best-in-class Enterprise Information Security team combines knowledge of security services to areas within Information Technology and provide in-depth and highly technical information security consulting and services focused on the enterprise services IT provides to ensure confidentiality, integrity and availability of these systems. How will you make a difference? As a member of the Information Security Assurance team, you will be responsible for staying abreast of developments within the field and contribute to directional strategy by considering all present risks internally and externally. You'll work with partners to drive thoughtful remediation and enhancements to the organization's risk posture. This role requires advanced understanding of challenges and common threats. This person will be responsible for developing, implementing, and operating a strategic, risk-based program for the Enterprise Information Security Team. What do we want to know about you? You must have: Bachelor's degree in Business, Technology, Cyber Security, Technology Risk Management or min. 4 years of equivalent experience. 4+ years experience within IT operations, IT Audit, Security or Risk management. Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly. Strong interpersonal skills. Knowledge of industry Risk management frameworks, common mitigation practices, and\ Organizational control management. Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls. Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together. Demonstrate proficiency in process formulation and improvement. Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response. Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management. ISO 27001 standard knowledge is highly desirable. Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP) What will your typical day look like? The ideal candidate will have experience building, operating, and maturing effective programs to manage Information Security Risks and their remediations. Comprehensive Risk Identification, Assessment & Analysis: Lead and conduct comprehensive risk assessment to identify, prioritize and quantify potential and existing security threats and vulnerabilities across the organization's systems, network, and applications. Utilize risk analysis methodologies and tools to assess the effectiveness of existing security controls and identify areas for improvement. Provide expert guidance on risk mitigation strategies and control implementation to minimize exposure to security risks. Develop risk management methodologies tailored to the organization's specific risk profile and business priorities. Collaborate with stakeholders to establish risk tolerance levels and develop risk mitigation plans. Risk Remediation Planning & Execution: Develop remediation plans based on the findings of risk assessments, prioritizing actions to address critical vulnerabilities and mitigate high-risk threats. Work closely with relevant stakeholders to implement security controls and measures to remediate identified risks effectively. Monitor the progress of remediation efforts and provide regular updates to management on the status of risk mitigation initiatives. Conduct post-remediation reviews and analysis to validate the effectiveness of remediation activities and identify any residual risks. Risk-Awareness Culture: Drive clear, concise, pragmatic outcomes with senior business and technology leaders that balance risk with business objectives. Develop and implement security awareness programs and initiatives to educate employees on security risks, best practices, and their role in maintaining a secure environment. Foster a culture of accountability and responsibility for information security by encouraging active participation in risk identification, reporting, and mitigation efforts. Promote open communication channels for reporting concerns and potential risks, and ensure timely resolution and escalation as needed. Business Awareness & Continual Improvement: Anticipate the needs of leadership and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives. Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. to ensure our strategy and priorities stay appropriately aligned. Present balanced viewpoints of options and recommendations based on strong front-to-back understanding of existing capabilities and frameworks combined with a strong understanding of emerging technologies and best practices. Be curious about our business and seek to understand. Create an environment of continual improvement both inside and outside of direct team. Bring new ideas, methods, and approaches to this role. Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology Physical Demands: • Employee is required to work on a computer for up to 8 hours per day • Employee may be in a sitting position for several hours per day • Employee must be able to read small text on computer screens/monitors • Employee is regularly required to talk and hear Work Environment: The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions, fumes or airborne particles, toxic or caustic chemicals, and loud noise. Wabtec Corporation is committed to taking on the world's toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.
    $89k-114k yearly est. 7d ago
  • AI and Information Security Analyst

    Towards Ai, Inc.

    Information Security Analyst Job In Pittsburgh, PA

    **RAND Corporation** Published 09 Nov 2024 **Role Highlights** **Languages used** Python Java C++ CUDA **Key skills** AI Machine Learning Computer Science International Relations Electrical Engineering Information Technology Security Engineer Information Security Applied Mathematics Reverse Engineering Research Infrastructure Quantitative Deployment Operations Data Physics **Tools, Libraries and Frameworks** FirmWare GPUs PyTorch Tensorflow Ray **Description** The role involves addressing critical challenges at the intersection of AI, information security, and national security. The position focuses on developing AI-specific threat models, building software tools for evaluating AI cyber capabilities, and analyzing policy implications regarding AI systems. The work will be integrated with multidisciplinary teams to shape recommendations for government and industry. This position offers an opportunity to influence key policy decisions ensuring the responsible development of powerful AI technologies. **Required Qualifications and Skills** A master's degree in relevant fields such as Computer Science or Cybersecurity is required, or a bachelor's degree alongside at least 10 years of professional experience. Candidates need to demonstrate strong analytical skills and provide evidence of technical abilities in quantitative or qualitative research methodologies. Effective communication skills, both verbal and written, are essential, as well as the ability to work in multidisciplinary teams. A background in security engineering or software development is crucial for executing the responsibilities of the role. **Disclaimer** Disclaimer: Job and company description information and some of the data fields may have been generated via GPT-4 summarisation and could contain inaccuracies. The full external job listing link should always be relied on for authoritative information. **Description** RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND researchers and analysts continue to be on the cutting edge of their fields, working with decisionmakers in both the public and private sectors to find solutions to today's difficult, sensitive, and important problems. The high caliber of our researchers is well-known, as evidenced by the many Nobel Laureates who have been affiliated with RAND, either as employees, consultants, or in an advisory capacity. RAND provides an exciting intellectual environment and opportunities for career growth. We hire highly qualified applicants and provide challenging assignments. Diversity is an essential operating principle at RAND. We look for unique backgrounds, original views and diversity in academic training, work experience and ideological outlook. We are committed to Equal Opportunity and Affirmative Action. To view current job openings visit *****************************
    28d ago
  • Information Security Risk & Compliance Analyst - Computing Services

    Carnegie Mellon University 4.5company rating

    Information Security Analyst Job In Pittsburgh, PA

    The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth. CMU's Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security. Your core responsibilities will include: Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders. Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders. Familiarity with risk assessments and common control sets: Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC/ NIST 800-171), and Payment Card Industry - Data Security Standard (PCI-DSS). Lead compliance projects involving multiple stakeholders within established deadlines. Manage the documentation and development of policies, guidance and procedures related to information security for the University's Information Security Office (ISO). This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices. Managing requests for information related to privacy regulations and risk management: General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details. Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM). Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.). Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders. Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand. Other duties as assigned. Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work. Qualifications: Bachelor's Degree 3-5 years of relevant work experience Certifications: Certified Information Systems Auditor (CISA) Certified Information Systems Security Practitioner (CISSP) Requirements: Successful background check This position involves access to items or technical data controlled under the U.S. International Traffic in Arms Regulations (“ITAR”). Under U.S. export control laws, restrictions apply to the release or disclosure within the United States of ITAR-controlled technical data to individuals who are NOT “U.S. Persons.” U.S. Persons include U.S. citizens, U.S. nationals, persons lawfully admitted for U.S. permanent residence (“green card” holders), persons granted U.S. asylum status and persons granted U.S. refugee status. Carnegie Mellon's Computing Services can rely on ITAR authorizations to provide access to ITAR-controlled items for certain eligible applicants who are not U.S. Persons. However, for Computing Services to ensure compliance with the ITAR, applicants who are NOT U.S. Persons are not eligible for this position if they are current or former permanent residents, nationals, or citizens of the following arms-embargoed or ITAR-restricted countries: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China, Cuba, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iran, Iraq, Lebanon, Libya, Nicaragua, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe. Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees. Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs. Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance. For a comprehensive overview of the benefits awaiting you, explore: ********************************************** At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role & responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique key skills and the diverse perspectives you bring. Our commitment to fostering an inclusive work environment means we also account for geographic differentials. Your journey with us is about more than just a job; it is about finding the perfect fit for your professional growth and personal aspirations. Are you interested in this exciting opportunity?! Apply today! Joining the CMU team opens the door to an array of exceptional benefits available to eligible employees. Those employees who are benefits eligible have the opportunity to experience the full spectrum of advantages from comprehensive medical, prescription, dental, and vision insurance to an enticing retirement savings program offering a generous employer contribution. You can also unlock your potential with tuition benefits and take well-deserved breaks with ample paid time off and observed holidays. Finally, rest easy knowing you are covered by life and accidental death and disability insurance. Other perks include a free Pittsburgh Regional Transit bus pass, our Family Concierge Team to help navigate childcare needs, fitness center access, and so much more! For a comprehensive overview of the benefits that may be awaiting you, explore our Benefits page. At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role and responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique skills and the diverse perspective you bring. Your journey with us is about more than just a job; it's about finding the perfect fit for your professional growth and personal aspirations. Are you interested in an exciting opportunity with an exceptional organization?! Apply today! Location Pittsburgh, PA Job Function Security Position Type Staff - Regular Full Time/Part time Full time Pay Basis Salary More Information: Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world. Click here to view a listing of employee benefits Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. Statement of Assurance
    $67k-93k yearly est. 60d+ ago
  • Privacy/AI Specialist, Privacy and Legal Information Security

    Comcast 4.5company rating

    Information Security Analyst Job In Kennedy, PA

    Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast. Job Summary We are looking for a passionate, collaborative, and experienced project manager to join our dynamic team in the Legal Department's Privacy Office. This role will report to the Privacy Manager on the Privacy and Legal Information Security team and will support Comcast Cable's global privacy and AI programs by providing excellent analysis, support for the Privacy Office, and process improvement recommendations. Strong familiarity with project management required, and familiarity with Privacy Impact Assessments, AI assessments, U.S. and international privacy and AI laws is preferred. IAPP certification preferred. This is an exciting opportunity to join a growing team in a dynamic, international company. Job Description Core Responsibilities Completes assessments of existing and new business processes involving personal information and Artificial Intelligence (AI) that span multiple areas of the organization, including Advertising, Digital Media, Business Intelligence, Retail, Business products and services, Entertainment and Home products, Mobile, Customer Operations, Corporate, and Workforce. Interacts closely with cross-functional business teams and across the legal team to ensure accurate and risk-based assessment of Privacy and AI Initiatives within the Privacy Impact Assessment (PIA) and AI assessment processes. Assists in improving the company's AI and PIA assessment processes by identifying issues and developing gap analyses and solution recommendations. Provides hands on support of the AI and PIA assessment processes and questionnaires in One Trust, including AI Intake triage and first level review of PIAs. Helps to define success metrics for the AI and PIA assessment processes. Supports the Privacy and Legal Information Security team with some administrative duties such as coordination of agendas, projects, and hands on support in relevant technology; and manages the AI mailbox including providing coordinated responses to businesses' questions consistent with Comcast's AI governance program. Consistent exercise of independent judgment and discretion in matters of significance. Regular, consistent and punctual attendance; must be able to work nights and weekends, and overtime as necessary. Other duties and responsibilities as assigned. Skills and Experience Awareness of legal, regulatory and technical issues related to Privacy and AI. Experience with risk assessment or compliance processes. Strong understanding of technology, its applications and cybersecurity a plus. Ability to work effectively with colleagues across varying business lines, management, and operations personnel. Ability to manage multiple projects and meet deadlines with consistently high-quality results. Self-motivated and independent, but able to discern when matters should be escalated and when further guidance is needed. Ability to translate requirements into practical guidance and formulate creative solutions to accomplish the company's objectives. Experience coordinating work for a team, providing support for projects, and with technology such as SharePoint. Sound judgment, strong work ethic, excellent problem solving and organization skills, practicality, a focus on business outcomes and flexibility to manage multiple matters simultaneously. Education - Bachelor's Degree While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Certifications (if applicable) - IAPP certifications preferred but not required Relative Work Experience - 2-5 Years Employees at all levels are expected to: Understand our Operating Principles; make them the guidelines for how you do your job. Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services. Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences. Win as a team - make big things happen by working together and being open to new ideas. Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers. Drive results and growth. Respect and promote inclusion & diversity. Do what's right for each other, our customers, investors and our communities. This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is an EOE/Veterans/Disabled/LGBT employer. Skills AI Concepts, AI Systems, Privacy Impact Assessments, Process Improvements We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality-to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the benefits summary on our careers site for more details. Education Bachelor's DegreeWhile possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Certifications (if applicable) Relative Work Experience 2-5 YearsComcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.
    $73k-102k yearly est. 15d ago
  • Information Assurance Professional (IAP)

    General Dynamics Mission Systems 4.9company rating

    Information Security Analyst Job In Canonsburg, PA

    Basic Qualifications Requires a Bachelor's degree in Engineering, or a related Science or Mathematics field. Also requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position General Dynamics Mission Systems has an immediate opening for an Information Assurance Security Professional. This position provides an opportunity to further advance the cutting-edge technology that supports some of our nation's core defense/intelligence services and systems. General Dynamics Mission Systems employees work closely with esteemed customers to develop solutions that allow them to carry out high-stakes national security missions. The candidate will be designated as an Information Assurance Professional (IAP) supporting multiple Special Access Programs administering the Information Assurance (IA) Cyber duties for government customers. Components of the IA program include Assessment and Authorization (A&A) activities (i.e., documentation preparation, system configuration/validation, certification testing), security sustainment activities (i.e., hardware change management, software change management, account management, media protection, user interface, file transfers), conducting self-inspections, audit trail review, and delivering information systems security education and awareness. The candidate must be a self-starter capable of multitasking and efficiently managing their time in a dynamic environment while requiring minimal levels of supervision. Additionally, the candidate will possess effective written, speaking, analytical, organizational, and customer service skills that will assist them in identifying solutions to complex compliance and security problems. The IAP will coordinate duties with the System Administrators and/or Information Technology (IT) staff to ensure all configuration requirements are implemented and functional. The IAP will conduct technical and nontechnical reviews and audits as prescribed by the Information Assurance Manager. REPRESENTATIVE DUTIES AND TASKS: As a member of the Information Assurance Security team the IAP supports system security categorization efforts, security requirements selection/analysis, security control assessments and performs continuous monitoring. Executes or supports the execution of A&A activities, including development of required security documentation, including items such as System Security Plans, Security Assessment Reports, SCTM's and POA&Ms in compliance with IA policy Perform weekly system audit reviews, media reviews, hardware/software configuration management Executes security testing and evaluation to ensure correct implementation of security controls Supports the assessment and mitigation of vulnerabilities throughout a systems life cycle Conduct IA security education training for all system users on appropriate risk mitigation strategies Perform incident response and cleanup actions, when necessary, per company or customer directions Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures outlined in the System Security Plan (SSP). Assume ISSM responsibilities as assigned by the Region Manager and/or in the absence of the ISSM KNOWLEDGE SKILLS AND ABILITIES: Proficient understanding of cyber security specifications such as Risk Management Framework (RMF), JSIG (Joint SAP Implementation Guide), ICD-503, NIST SP 800-53. This role requires a technical background creating POA&Ms, developing corrective action plans, and writing security plans, policies, and procedural documentation (not just reviewing or performing documentation review) Experience implementing government security requirements to include technical computer/network system auditing Trained and proficient in Assured File Transfer (AFT) processes and tools Experience with various security assessment/hardening tools - STIGs, SCAP, ACAS, Nessus, etc. Systems administration experience is highly desirable Very strong writing, speaking, analytical, and customer service skills Ability to participate in or lead security work groups Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision Maintains contact with external customer security professionals PREFERRED DEGREE TYPES AND EXPERIENCE:
    $67k-90k yearly est. 7d ago
  • Cyber Security Analyst (2728)

    Navarro Inc. 4.0company rating

    Information Security Analyst Job In West Mifflin, PA

    **On-site** Engineering and Technical Services Full time West Mifflin, Pennsylvania, United States **Description** Navarro Research and Engineering is recruiting for a Cyber Security Analyst in West Mifflin, Pennsylvania. Navarro is a premier contractor providing high-quality technical services to DOE, NASA, and DOD. Navarro's success is based on our customer service focus and our well-known responsiveness and innovation. In all we do, either in corporate management or in our services to our clients, we seek for the most effective and efficient approaches to provide best value to our clients. The Naval Nuclear Laboratory develops advanced naval nuclear propulsion technology for the safety and reliability of our Navy's submarine and aircraft fleet. Our company is looking for a Cybersecurity subcontractor professional to join our team. The subcontractor will be responsible for execution of all aspects of the National Institute of Standards and Technology (NIST) directives to support the Risk Management Framework (RMF). This includes assisting information system owners with development of System Security Plans (SSPs) and Security Assessment Reports (SARs) using the existing RSA Archer application on the Naval Nuclear Propulsion Network (NNPP Net) to support information system authorization. Additionally, the subcontractor will assist in the development of Plans of Action and Milestone (POA&Ms) and Risk Based Decisions (RBDs) for deficiencies found during the information system authorization process. **Requirements** * **An active DOE Q or DoD Top Secret clearance.** * At least four years of combined experience in the following roles; security control validator, security control assessor, Information System Security Officer (ISSO), or Information System Security Manager (ISSM) * At least two years of experience supporting development of information system security authorization packages in accordance with Risk Management Framework (NIST 800-37, 800-53, 800-53a) * At least two years of experience working with Federal Risk and Authorization Management Program (FedRAMP) * Security+ Certification * Experience with the RSA Archer application\ * At least two years of experience working on IT security project teams. * At least one year of experience managing IT projects. * Knowledge of IT infrastructure and services (Data Centers, physical and virtual servers, local and wide area networking components, cloud Infrastructure/Platform/Software as a Service, etc.) * Knowledge of security policies such as NIST Special Publications, Security Technical Implementation Guides (STIGs), DOD Cloud Computing Security Resource Guide (SRG) * Knowledge of infrastructure security, endpoint protection, vulnerability management tools * Previous work authorizing information systems within a classified DoE or DoD environment. * Familiarity with NIST 800-171 * Certified Information Systems Security Professional (CISSP) certification• Certificate of Cloud Security Knowledge (CCSK) certification **Benefits** * Health Care Plan (Medical, Dental & Vision) * Retirement Plan (401k, IRA) * Life Insurance (Basic, Voluntary & AD&D) * Paid Time Off (Vacation, Sick & Public Holidays) * Short Term & Long-Term Disability Annual Salary Range (based on full-time 40 hours per week) Salary Range: $85,000 - $160,000 depending on education and years of experience. In accordance with the Navarro Research and Engineering, Inc (Navarro) salary determination process, Navarro takes into consideration the level of assigned job duties and responsibilities and the candidate's education, training, and/or experience relative to internal peers and the external labor market. A candidate's salary history will not be used in compensation decisions.
    27d ago
  • Senior Cyber Security Analyst - 1766997

    Aro Talent 3.7company rating

    Information Security Analyst Job In Pittsburgh, PA

    Responsibilities of Senior Cyber Security Analyst: Review and update the Detailed Architecture Diagram, Detailed Hardware/Software Inventory, and other system artifacts to determine the DoD IT type. Develop the baseline set of impact values for medical devices. Identify and document common controls in the Security Plan, obtaining supporting documentation for inherited controls. Initiate the tailoring process in eMASS to modify the control set based on specific system conditions. Add relevant supplemental security controls and mark irrelevant controls as "Not Applicable." Identify security controls for ongoing monitoring. Review site/organization change control policies and document the application of policies to specific controls. Coordinate with the IV&V Team to clarify information required for SAP. Lead the execution of self-assessment activities, assess NIST SP 800-53 Revision 4 controls, and document results in eMASS. Provide support for remediation and mitigation efforts. Create the Risk Assessment Report (RAR) and upload it into eMASS, along with all self-assessment results and artifacts documentation. Coordinate with the ISSM to confirm the completion of the Security Authorization Package before eMASS submission. Assist the program with status reports, white papers, weekly activity reports, and other ad hoc requirements. Perform other job-related duties as assigned. Qualifications for the Position: Bachelor's Degree. Minimum of seven (7) years of relevant experience in cyber logistics. Technical Training in Cyber Security, Information Assurance, Network Design, or Information Technology, coupled with 15 years of hands-on experience supporting network operations centers, Cyber Security Service Providers, or Cyber Red Teams within the DoD or Federal government. This should include expertise in three (3) of the following five (5) areas: Systems Requirements, Operational Requirements, Data Analysis, Test & Evaluation, and Training. Certification in IAT Level I / IAM Level I, II, III is required. Knowledge of the DHA mission and environment. Familiarity with DoD Networks and the orders process. Proficiency in briefing Senior Leadership and General Officer / Flag Officer (GO/FO) leadership. Strong knowledge of computer security principles and best practices. Skillful with eMASS and the Risk Management Framework. Proficient in developing briefing materials, administrative, and logistic support. Advanced communication and presentation skills (verbal and written) enabling precise conveyance of information across all customer sections with proper enunciation of the English language. Strong interpersonal, organizational, and critical thinking/problem-solving skills. Flexibility, dependability, and ability to multitask with priorities. Demonstrated skills in providing excellent customer service. Proficiency in using Microsoft Office Suite. Working knowledge of Combatant Command operations. Skillful in building extended cyber security analytics. Active DoD Secret clearance.
    $79k-105k yearly est. 60d+ ago
  • Security Analyst

    Artech Infosystems

    Information Security Analyst Job In Frazer, PA

    Artech Information Systems is the #1 Largest Women-Owned IT Staffing Company in the U.S. and an employer of choice for over 7,200 consultants. We recruit world-class talent for IT, engineering, and other professional jobs at 70+ Fortune and Global 500 companies coast-to-coast across the U.S., India, and China. We are one of the fastest-growing companies in the US and we welcome you to search the thousands of jobs in our cutting-edge GEM system for employment opportunities that fit your qualifications. Job Title: Security Analyst Location: Pittsburgh, PA/ Lake Mary, FL / Nashville, TN Duration: 12 months contract with possible extension/ conversion FTE Job Description: Client is looking for a talented and self-motivated individual with strong technical skills and the ability to rapidly learn new technologies. We are looking for an exceptional candidate that shares our passion for delivering solutions to complex security problems, while maximizing productivity and minimizing employee friction. The candidate will contribute to IAMO Transformation program by aiding in the configuration and implementation of the new SailPoint LCM product. The candidate will perform business critical analysis to help with the implementation of application access requests and workflows across IAM. This role will support access provisioning, remediation for audit findings, workflow creation and modifications, and ensuring revocations and certifications are completed within the guidelines established by Corporate Policy. This position is critical to ensure Service Level Objectives and Internal project deadlines are met. The candidate will require increased technical and analytical skillsets and provide Sailpoint Product Support with a focus on: • Experience with designing, developing, testing, implementing, and integrating IGA solutions involving SailPoint Identity Now (IIQ). • Experience in SailPoint Identity IQ implementation and configuration for application on-boarding for access request and approval and access certifications o Configuration of simple and advanced LCM workflows within SailPoint o Creating and managing workgroups in SailPoint o Configuration and management of most common direct connectors (i.e. Active Directory, LDAP, Mainframe, etc.) o Creation of preventative and detective Segregation of Duty rules o Experience with role-based access controls and configuring automate provisioning and deprovisioning. • Train and mentor other team members on the use of the SailPoint Identity Now platform. • Experience with identity lifecycle flows including leaver, joiner, and mover. • Experience with consultative and complex technical deployment projects, managing various stakeholder relationships. • Strong knowledge and experience with incident/problem management processes. • Possess critical thinking skills. • Strong functional knowledge of MS Office Suite software products, Jira, and Confluence. • Strong communications skills, oral and written. • Ability to collaborate and interact productively with team members and key stakeholders. • Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner. • Ability to effectively influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization. • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. • Ensures integration end state protects information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss. • Design and code rules, applications, workflows, custom tasks, custom connectors, UI pages and custom reports in SailPoint Identity Now. • Develop working relationship with IT engineering resources to drive solution features adoption. • Develop control adoption templates for IT resources to understand and implement connections required for the SailPoint Identity Now service. • Review SailPoint IGA to ensure the solution is optimized for the highest level of service and establish an ongoing practice to perform periodic reviews. • Interpret policies and standards with InfoSec, Risk and Compliance teams, ensuring policies and standards are properly followed by IAM control solutions. • Design and maintain flowchart diagrams, process workflows and standard documentation required to sustain the SailPoint platform. • Promote security policies, standards, and best practices across the organization. • Supports and resolves system incidents, problems, and changes. Qualifications 5 years of Sailpoint experience -Will consider experience over degree -Locations: Pittsburgh, Lake Mary or Nashville -2000+ applications to be migrated into sailpoint -Configure workflows -Create/manage work groups -Create duty rules -Invisio, Confluence, Jira, Excel Additional Information All your information will be kept confidential according to EEO guidelines.
    $68k-97k yearly est. 60d+ ago
  • Sr. Information Security Manager

    Philips Healthcare 4.7company rating

    Information Security Analyst Job In Murrysville, PA

    Job TitleSr. Information Security ManagerJob Description Sr. Information Security Manager - Murrysville, PA The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across the US. Your role: Develop, maintain and improve upon security controls and policies to protect Philips business from security breaches/ incidents, while ensuring operational performance to deliver security controls at optimum cost.. Provide direction for Enterprise IT Security and Cybersecurity protection, and oversee Technology governance and policies. Evaluates potential security breaches, coordinates response, and recommend corrective actions. Provides Security Project Management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution. Is responsible for the security schedules of major global contracts and the supplier integration and delivery of secure services as contracted. This includes managing all service delivery components and coordination of supplier teams delivering services. You're the right fit if: You have +10 years experience on developing and implementing cybersecurity strategies on manufacturing/ supply chain/ logistics environment. Bachelor's in Computer Science, Information Technology and/or an equivalent academic field. Master's degree in a similar academic field is preferred. You have a Cybers Security Certification such as CISSP, CISM, CISA, CIPP etc. preferred. Knowledge on MITRE Framework, IEC 62443/NIST 800:23 is preferred. Your skills a thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset. You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position. How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company's facilities. Field roles are most effectively done outside of the company's main facilities, generally at the customers' or suppliers' locations. This is an in office role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help improve the lives of others. Learn more about our business. Discover our rich and exciting history. Learn more about our purpose. Learn more about our commitment to diversity and inclusion. Philips Transparency Details The pay range for this position in Murrysville, PA is from $ 107,000. 00 to $154,000.00 The actual base pay offered may vary within the posted ranges depending on multiple factors including job-related knowledge/skills, experience, business needs, geographical location, and internal equity. In addition, other compensation, such as an annual incentive bonus, sales commission or long-term incentives may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes a generous PTO, 401k (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement and much more. Details about our benefits can be found here. At Philips, it is not typical for an individual to be hired at or near the top end of the range for their role and compensation decisions are dependent upon the facts and circumstances of each case. Additional Information US work authorization is a precondition of employment. The company will not consider candidates who require sponsorship for a work-authorized visa, now or in the future. Company relocation benefits will not be provided for this position. For this position, you must reside in or within commuting distance to Murrysville, PA. #LI-PH1 #LI-OFFICE This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration. Philips is an Equal Employment and Opportunity Employer/Disabled/Veteran and maintains a drug-free workplace.
    $107k-154k yearly 7d ago
  • Sr. Information Security Analyst

    Proofpoint, Inc. 4.7company rating

    Information Security Analyst Job In Pittsburgh, PA

    Sr. Information Security Analyst page is loaded **Sr. Information Security Analyst** **Sr. Information Security Analyst** locations PennsylvaniaPittsburgh, PAMassachusetts time type Full time posted on Posted 16 Days Ago job requisition id R11538 It's fun to work in a company where people truly BELIEVE in what they're doing! *We're committed to bringing passion and customer focus to the business.* Corporate Overview Proofpoint is a leading cybersecurity company protecting organizations' greatest assets and biggest risks: vulnerabilities in people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions mitigating their most critical risks across email, the cloud, social media, and the web. We are singularly devoted to helping our customers protect their greatest assets and biggest security risk: their people. That's why we're a leader in next-generation cybersecurity. Protection Starts with People. The Role and the Team As a key member of our InfoSec Sales Support team at Proofpoint, you will play a critical role in our sales process every single day. As a Senior Information Security Analyst, you will be a valued business partner to our Account Managers, Sales Engineers, and customers, providing expertise in compliance and Information Security programs. You will help our customers understand the security controls we have in place to protect our Human-Centric solutions that guard against today's cyber threats. This role will support the global Sales, RFP, Sales Engineering, and Legal organizations within Proofpoint, making it an exciting time to join our team! Job Requirements * Act as a compliance and Information Security program subject matter expert for Proofpoint's Human-Centric solutions that protect against today's cyber threats. * Respond to compliance-oriented requests from customers as part of the bid process, including customer RFP requests, security questionnaires and security assessments. * Provide technical details regarding our internal security controls that meet customer requirements by understanding nuances in compliance requests. * Work cross-functionally with sales, security, legal, and technical teams to ensure compliance with industry standards and regulations. * Serve as the coordinator and point of contact for external customer-run assessments of our internal security controls. * Lead the remediation efforts for any identified areas for improvement in our security controls resulting from customer-run assessments, working closely with cross-functional teams, and providing regular updates to customers regarding the status of the remediation efforts. * Maintain technical and product information for RFP responses and customer compliance requests, based on frequently asked questions. Must be able to provide enough understanding of how each customer inquiry may be different/unique. * Educate sales teams on the process for responding to compliance requests, including providing guidance on best practices and legal requirements. Job Requirements * Strong understanding of the sales process and ability to work closely with sales teams to respond to compliance requests. * Knowledge of Information Security requirements and regulations to review within the customer contract process. * A minimum of 5 years of experience providing technical responses to customers in a sales engineering role or in responding to RFPs, questionnaires and assessments. * A minimum of 2 years of experience with Information Security, Cybersecurity and Cloud SaaS controls. * Familiarity with NIST 800-53 or ISO 27002 standards is preferred. • Bachelor's degree in a relevant field, or equivalent experience. * CISSP, CISA or other relevant cyber-security and/or cloud security certifications are highly valued. * Strong technical presentation, organizational, and communication skills, both verbal and written. * Ability to work independently, adapt quickly, and maintain a positive attitude. * Proficiency in RFP automation tools like Responsive and Loopio is preferred for streamlined coordination and increased efficiency in managing the RFP process. * Experience working in a fast-paced environment with cross-functional teams, including security, legal and technical teams. Why Proofpoint Protecting people is at the heart of our award-winning lineup of cybersecurity solutions, and the people who work here are the key to our success. We're a customer-focused and a driven-to-win organization with leading-edge products. We are an inclusive, diverse, multinational company that believes in culture fit, but more importantly ‘culture-add', and we strongly encourage people from all walks of life to apply. We believe in hiring the best and the brightest to help cultivate our culture of collaboration and appreciation. Apply today and explore your future at Proofpoint! #LifeAtProofpoint *If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!* Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable pay and/or equity. We offer a competitive benefits package that includes flexible time off, a robust well-being program that provides for 4 global wellbeing days per year, and a 3-week work from anywhere option. **Base Pay Ranges:** SF Bay Area, New York City Metro Area: Base Pay Range: 128,940.00 - 202,620.00 USDCalifornia (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska: Base Pay Range: 106,750.00 - 167,750.00 USDAll other cities and states excluding those listed above: Base Pay Range: 96,320.00 - 151,360.00 USD
    27d ago
  • Sr. Information Security Manager

    Philips 4.7company rating

    Information Security Analyst Job In Murrysville, PA

    Sr. Information Security Manager - Murrysville, PA The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across the US. Your role: * Develop, maintain and improve upon security controls and policies to protect Philips business from security breaches/ incidents, while ensuring operational performance to deliver security controls at optimum cost.. * Provide direction for Enterprise IT Security and Cybersecurity protection, and oversee Technology governance and policies. * Evaluates potential security breaches, coordinates response, and recommend corrective actions. * Provides Security Project Management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution. * Is responsible for the security schedules of major global contracts and the supplier integration and delivery of secure services as contracted. This includes managing all service delivery components and coordination of supplier teams delivering services. You're the right fit if: * You have +10 years experience on developing and implementing cybersecurity strategies on manufacturing/ supply chain/ logistics environment. * Bachelor's in Computer Science, Information Technology and/or an equivalent academic field. Master's degree in a similar academic field is preferred. * You have a Cybers Security Certification such as CISSP, CISM, CISA, CIPP etc. preferred. Knowledge on MITRE Framework, IEC 62443/NIST 800:23 is preferred. * Your skills a thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset. * You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position. How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company's facilities. Field roles are most effectively done outside of the company's main facilities, generally at the customers' or suppliers' locations. This is an in office role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help improve the lives of others. * Learn more about our business. * Discover our rich and exciting history. * Learn more about our purpose. * Learn more about our commitment to diversity and inclusion. Philips Transparency Details The pay range for this position in Murrysville, PA is from $ 107,000. 00 to $154,000.00 The actual base pay offered may vary within the posted ranges depending on multiple factors including job-related knowledge/skills, experience, business needs, geographical location, and internal equity. In addition, other compensation, such as an annual incentive bonus, sales commission or long-term incentives may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes a generous PTO, 401k (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement and much more. Details about our benefits can be found here. At Philips, it is not typical for an individual to be hired at or near the top end of the range for their role and compensation decisions are dependent upon the facts and circumstances of each case. Additional Information US work authorization is a precondition of employment. The company will not consider candidates who require sponsorship for a work-authorized visa, now or in the future. Company relocation benefits will not be provided for this position. For this position, you must reside in or within commuting distance to Murrysville, PA. #LI-PH1 #LI-OFFICE This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration. Philips is an Equal Employment and Opportunity Employer/Disabled/Veteran and maintains a drug-free workplace.
    $107k-154k yearly 51d ago
  • Cloud Security Engineer Company Hidden Pittsburgh, PA Contract-to-Hire DevOps 2 Openings Posted today $2,000 reward per hire

    Agility Partners LLC 4.6company rating

    Information Security Analyst Job In Pittsburgh, PA

    **Cloud Security Engineer** Company Hidden Other Pittsburgh, PA Base pay $12,345 - $678,910 or to view salary and company information DevOps Contract 2 Openings $2,000 reward per hire **About this Role** Agility Partners is seeking a qualified Cloud Security Engineer to fill an open position with one of our banking clients. This is an exciting opportunity to join a security engineering team dedicated to mitigating risks, fraud, and security operations within the technology industry. Key Responsibilities: * Deploy Amazon Cloud tools and integrate them into Splunk Cloud * Deploy Splunk Cloud * Design and develop components of application and technical architecture * Execute tests for application or technical architecture components * Assist in selecting appropriate platforms and integrating and configuring solutions * Develop software components and hardware for new and emerging technology projects * Provide consultation on common issues and best practices for junior staff * Ensure quality of project deliverables and maintain compliance with relevant standards and processes **Benefits and Perks** This is a great opportunity to work for a coast-to-coast financial services firm, with tremendous opportunity to grow, develop and move internally to pursue your passions. An organization that develops tools and technologies that incorporate some of the most modern and cutting-edge approaches, working collaboratively and continuously developing as experts in their respective fields. * Amazing opportunity for growth, healthy work/life balance and a community focused environment * Working for an organization that focuses on company culture, inclusion and diversity * 50% medical coverage for you and your entire family, short/long term disability and life insurance options * 401(k) * Life Insurance * Disability coverage **The Ideal Candidate** Qualifications: * Technical Skills: AWS (Kinesis Firehose) Onboarding Mechanism, Cloud Architecture, Splunk Cloud * Flex Skills: AWS Security, Security Hub, Security Lake, Cloud Trail, Ansible * Soft Skills: Good documentation skills (Confluence), work tracking (JIRA), good communication * Education: Bachelor's degree in computer science, software engineering, or relevant field preferred; AWS Certifications preferred * Experience: 5-7 years of experience in a similar role; experience with security tools onboarding into AWS, integration with Kinesis Firehose, and engineering with Splunk Cloud Share this job. Make $2,000. When a friend applies to this position and gets hired, you'll get credited with a referral reward!* *Reward paid upon hire of your candidate according to our Recruiting Agreement Policy (see right).
    $97k-130k yearly est. 29d ago
  • Mainframe Security Engineer

    0310435-Fund Accounting Brooklyn

    Information Security Analyst Job In Pittsburgh, PA

    At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere. We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what #LifeAtBNY is all about. We're seeking a future team member for the role of Mainframe DB2 Systems Engineer to join our Technology Services Group (TSG) - Mainframe team. This role is preferred to be located in Lake Mary, FL or Pittsburgh, PA - HYBRID. In this role, you'll make an impact in the following ways: Support mainframe security environment (Focusing on RACF but also ACF2 and TopSecret) Improving security setup for existing products and engineering security solutions/setup for new products. Support of third party vendor software utilities and packages as well as in-house developed solutions that are used to manage the security environments. Capability to evaluate existing security provisioning/setup, identify possible gaps, recommend solutions and effectively communicate with technical, operational and business teams. Identify security and system vulnerabilities and work with groups to resolve them. Interact with auditors and provide information required to complete auditing tasks. To be successful in this role, we're seeking the following: College/Technical Degree with 8-10 years' technical experience with increasing responsibilities and knowledge and expertise. Knowing mainframe Db2 operational and processing perspectives with distributed WEB access, SQL performance and tuning, and Db2 operational problem determination skills. At BNY, our culture speaks for itself. Here's a few of our awards: America's Most Innovative Companies, Fortune, 2024 World's Most Admired Companies, Fortune 2024 Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024 Best Places to Work for Disability Inclusion, Disability: IN - 100% score, 2023-2024 “Most Just Companies”, Just Capital and CNBC, 2024 Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024 Bloomberg's Gender Equality Index (GEI), 2023 Our Benefits and Rewards: BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter. BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.
    $79k-110k yearly est. 60d+ ago
  • Information Risk Consultant

    Highmarkhealth

    Information Security Analyst Job In Washington, PA

    * Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment. * Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate. * Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc. * Understand and contribute to inventory of risk register tracking, scoring and associated risk statements. * Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities. * Communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation to appropriate groups. * Partner with multiple projects and initiatives to apply security architecture requirements, develop architecture solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation. * Assist HM Health Solutions teams in developing and maintaining appropriate procedural documentation which meets relevant compliance standards, such as Payment Card Industry - Data Security Standards (PCI-DSS), Health Information Trust Alliance (HITRUST), and International Organization for Standardization (ISO) 27001. * Prepare and present solution decks to different levels of management and varying technical experience. * Begin to take lead role in assuring compliance to required standards, procedures, guidelines and processes. * Other duties as assigned or requested. * 3 - 5 years' experience in Information Security and/or Information Risk Management and/or Information Technology * 1 - 3 years' experience within Information Security Governance, Risk and/or Compliance functions and activities * 1 - 3 years' experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences * Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms * 5 - 7 years' experience in Information Security and/or Information Risk Management and/or Information Technology * Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-53 cyber security framework * Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits * IT/information security risk advisory experience * Governance Risk and Compliance (GRC) tool experience such as ARCHER * In-depth understanding of network security architecture, network and networking protocols * Security industry organization participation / leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.) * Knowledge of HITRUST CSF, NIST 800-53 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3 * Knowledge of NIST Risk Assessment methodology * Familiarity with secure SDLC best practices * Knowledge of OCTAVE or OCTAVE Allegro risk methodology * Ability to work within high performance, multi-discipline teams * Strong teamwork and interpersonal skills Highmark Health is a national, blended health organization that includes one of America's largest Blue Cross Blue Shield insurers and a growing regional hospital and physician network. Based in Pittsburgh, Pa., Highmark Health's 35,000 employees serve millions of customers nationwide through the nonprofit organization's affiliated businesses, which include Highmark Inc., Allegheny Health Network, HM Insurance Group, United Concordia Dental, HM Health Solutions and HM Home & Community Services. Highmark Health's businesses proudly serve a broad spectrum of health-related needs including health insurance, health care delivery, population health management, dental solutions, reinsurance solutions, and innovative, technology solutions.
    28d ago
  • Cyber Security Analyst

    Gem Technologies

    Information Security Analyst Job In West Mifflin, PA

    ABOUT THE ROLE We are seeking a Cyber Security Analyst to join our team supporting the Naval Nuclear Laboratory (NNL) at their Kesselring and Bettis sites! This position is full-time and will be based out of West Mifflin, PA or Schenectady, NY with hybrid flexibility (25% remote). Responsibilities The Naval Nuclear Laboratory develops advanced naval nuclear propulsion technology for the safety and reliability of our Navy's submarine and aircraft fleet. The Analyst will be responsible for execution of all aspects of the National Institute of Standards and Technology (NIST) directives to support the Risk Management Framework (RMF). This includes assisting information system owners with development of System Security Plans (SSPs) and Security Assessment Reports (SARs) using the existing RSA Archer application on the Naval Nuclear Propulsion Network (NNPP Net) to support information system authorization. Additionally, the Analyst will assist in the development of Plans of Action and Milestone (POA&Ms) and Risk Based Decisions (RBDs) for deficiencies found during the information system authorization process. Requirements Education & Years of Experience - Bachelor's Degree in a relevant field and 5-10+ years of relevant experience Citizenship - To be considered, you must be a United States (U.S.) citizen due to the federal nature of the work Clearance - To be considered, you must have an active or very recently active DOE “Q” Clearance or DoD “Top Secret” Clearance (If you do not obtain a current clearance you may still be selected but the start date would be after the clearance came through, possibly 6 months) At least four years of combined experience in the following roles; security control validator, security control assessor, Information System Security Officer (ISSO), or Information System Security Manager (ISSM) At least two years of experience supporting development of information system security authorization packages in accordance with Risk Management Framework (NIST 800-37, 800-53, 800-53a) At least two years of experience working with Federal Risk and Authorization Management Program (FedRAMP) Security+ Certification Desired Skills Experience with the RSA Archer application At least two years of experience working on IT security project teams At least one year of experience managing IT projects Knowledge of IT infrastructure and services (Data Centers, physical and virtual servers, local and wide area networking components, cloud Infrastructure/Platform/Software as a Service, etc.) Knowledge of security policies such as NIST Special Publications, Security Technical Implementation Guides (STIGs), DOD Cloud Computing Security Resource Guide (SRG) Knowledge of infrastructure security, endpoint protection, vulnerability management tools Previous work authorizing information systems within a classified DoE or DoD environment Familiarity with NIST 800-171 Certified Information Systems Security Professional (CISSP) certification Certificate of Cloud Security Knowledge (CCSK) certification About the Site The Naval Nuclear Laboratory is comprised of the Bettis Atomic Power Laboratory , located in West Mifflin, Pennsylvania, the Knolls Atomic Power Laboratory located in Niskayuna, New York, the Kesselring Site , located in West Milton, New York, and the Naval Reactor Facility located in Idaho Falls, Idaho. Together, they develop advanced technology for the United States Naval Nuclear Propulsion Program, ensure the safety and reliability of naval nuclear reactors, and train Sailors who operate reactors in submarines and aircraft carrier fleets ( energy.gov ). ABOUT GEM GEM Technologies, Inc. (GEM) is an award-winning federal contractor with more than 30 years of experience providing environmental, construction, facility management, and technical services to federal agencies, state and local governments, and commercial organizations. Founded in 1994 as a nuclear engineering firm to support federal operations in East Tennessee, GEM has since expanded into a nationwide, multi-disciplinary provider with over 270 employees and a diverse portfolio of contracts in the environmental, nuclear, and defense sectors. Some reasons to join GEM are: Our philosophy - We believe in the power of effective collaboration and recognize that good partnerships are the building blocks to success. Our relationships - Partnering with federal clients, we solve complex problems, exceed expectations, and advance critical missions. Our team - We are committed to managing a cohesive workforce and cultivating a supportive workplace for our employees on contracts and in-office. Our community involvement - Supporting our communities, we invest time and money in local schools and non-profit organizations. COMPENSATION AND BENEFITS GEM's offered compensation is dependent on candidates' education, qualifications, and relevant years of experience. To recruit and retain our exceptional staff, we offer the opportunity to elect benefit packages that best suit our employee's needs; this includes, but is not limited to, a competitive Salary, Medical, Dental and Vision Insurance (including HSA & PPO options), Paid Time Off (PTO), Paid Holidays, Life Insurance, and a matching 401(k) Retirement Plan. Please Note : With the exception of mandated state requirements, GEM does not publish salary information on external job boards; as such, most ranges listed are estimates made by vendors and not actual salary ranges. EQUAL OPPORTUNITY EMPLOYER GEM Technologies, Inc. is an Equal Opportunity/Affirmative Action Employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.
    $73k-99k yearly est. 37d ago

Learn More About Information Security Analyst Jobs

How much does an Information Security Analyst earn in Carnot-Moon, PA?

The average information security analyst in Carnot-Moon, PA earns between $67,000 and $130,000 annually. This compares to the national average information security analyst range of $71,000 to $135,000.

Average Information Security Analyst Salary In Carnot-Moon, PA

$94,000

What are the biggest employers of Information Security Analysts in Carnot-Moon, PA?

The biggest employers of Information Security Analysts in Carnot-Moon, PA are:
  1. Comcast
Job type you want
Full Time
Part Time
Internship
Temporary